keeping yourself and

your family safe in a tech driven world

Information Security Education & Awareness Team

C-DAC Hyderabad

Toll Free No: 1800 425 6235

Leading a Secured Digital Life…….

INFORMATIONSECURITY AWARENESS

Ministry of Electronics & Information Technology

Government of India Tuesday, December 5, 2017

INFORMATION SECURITY

AWARENESSInformation Security

Education & Awareness

Team

C-DAC Hyderabad keeping yourself and your family safe in a tech driven world

www.infosecawareness.in

Cyber society

In today’s world, we depend on Internet at home, in school and at work placeTuesday, December 5, 2017

How and for what purpose do you use the Internet ??

Education

Fun/Entertainment

Online Banking

Online ShoppingCommunication

E-mail

Social Networking

Tuesday, December 5, 2017

While using the Internet what are the primary online risks you face

Tuesday, December 5, 2017

Malware

Yes, the answer is

Tuesday, December 5, 2017

What is a malware ??

Malware in short known for malicious

software. It is software designed to infiltrate a computer system without the owner's informed

consent.

Tuesday, December 5, 2017

Types of Malwares ?

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

Ransomware

Tuesday, December 5, 2017

Ransomware

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

These type of malware alter the normal operation of your machine, thus barring

you to use it properly. Thereafter, these programs display warning messages

asking for money to get your device back to normal working condition.

After reading this, you might be thinking why people create Malware.

Here are some reasons which may compel a coder to write malware

codes:

• Take control of a person’s computer for personal or professional

reasons.

• To get financial benefits.

• To steal confidential data.

• To prove their point regarding a security breach that can be done on

a system.

• To take down an individual computer or a complete network.

Tuesday, December 5, 2017

Let’s Discuss about recent ransomware attack happened ?

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

WannaCry/WannaCrypt Ransomware ?

The WannaCry ransomware attack is an ongoing worldwide

cyberattack by the WannaCry ransomware cryptoworm,

which targets computers running the Microsoft Windows

operating system by encrypting data and demanding ransom

payments in the Bitcoin cryptocurrency.

Tuesday, December 5, 2017

How the WannaCry attack Spread the Countries

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

Tuesday, December 5, 2017

Cont..• On Friday morning Spanish mobile operator Telefonica was among the first

large organizations to report infection by WannaCry.

• By late morning, hospitals and clinics across the UK began reporting

problems to the national cyber incident response Centre.

• In Europe, French carmaker Renault was hit, in Germany, Deutsche Bahn

became another high-profile victim.

• In Russia, the ministry of the interior, mobile phone provider Megafon and

Sberbank became infected.

• Although WannaCry's spread had already been checked, the US was not

entirely spared, with FedEx being the highest-profile victim.

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Wannacry encrypts the files on infected Windows systems.This ransomware spreads by using a vulnerability inimplementations of Server Message Block (SMB) in Windowssystems. This exploit is named as ETERNALBLUE.

• The ransomware called WannaCrypt or WannaCry encryptsthe computer's hard disk drive and then spreads laterallybetween computers on the same LAN. The ransomware alsospreads through malicious attachments to emails.

• In order to prevent infection, users and organizations areadvised to apply patches to Windows systems as mentioned inMicrosoft Security Bulletin MS17-010.

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

The file extensions that the malware is targeting contain certain

clusters of formats including:

• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).

• Less common and nation-specific office formats (.sxw, .odt, .hwp).

• Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)

• Emails and email databases (.eml, .msg, .ost, .pst, .edb).

• Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).

• Developers' sourcecode and project files (.php, .java, .cpp, .pas,

.asm).

• Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg,

.aes).

• Graphic designers, artists and photographers files (.vsd, .odg, .raw,

.nef, .svg, .psd).

• Virtual machine files (.vmx, .vmdk, .vdi).

Tuesday, December 5, 2017

Best practices to prevent ransomware attacks:

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Maintain updated Antivirus software on all systems.

• Check regularly for the integrity of the information stored in the databases.

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Regularly check the contents ofbackup files of databases for anyunauthorized encrypted contentsof data records or externalelements, (backdoors /maliciousscripts.)

• Ensure integrity of the codes/scripts being used in database,authentication and sensitivesystems

Cont..

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

• Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.

Cont..

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Don't open attachments in unsolicitede-mails, even if they come from people inyour contact list, and never click on a URLcontained in an unsolicited e-mail, even ifthe link seems benign. In cases of genuineURLs close out the e-mail and go to theorganization's website directly throughbrowser

•Follow safe practices when browsing theweb. Ensure the web browsers are securedenough with appropriate content controls.

Cont..

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

Cont..

•Network segmentation and segregationinto security zones - help protect sensitiveinformation and critical services. Separateadministrative network from businessprocesses with physical controls andVirtual Local Area Networks.

•Disable ActiveX content in MicrosoftOffice applications such as Word, Excel,etc.

•Disable remote Desktop Connections,employ least-privileged accounts.

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

•If not required consider disabling, PowerShell /windows script hosting.

•Restrict users' abilities (permissions) to install and run unwanted software applications.

Cont..

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Enable personal firewalls on workstations.

• Implement strict External Device (USB drive) usage policy.

• Employ data-at-rest and data-in-transit encryption.

• Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.

Cont..

Tuesday, December 5, 2017

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

• Block the attachments of file types like exe|pif|tmp|url|scr|reg|cer|cmd|pst|com|bat|dll|dat|hlp|hta|js|wsf.

• Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits regularly.

Cont..

Tuesday, December 5, 2017

Generic Prevention Tools:

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive

software including computer viruses, worms, Trojan horses, ransomware, spyware,

adware, scareware, and other malicious programs.

Sophos: Hitman.Pro

https://www.hitmanpro.com/en-us/surfright/alert.aspx4

Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued)

https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

Malwarebytes Anti-Ransomware(formally Crypto Monitor)

https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

Trendmicro Ransomware Screen Unlocker tool

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx

Microsoft Enhanced mitigation and experience toolkit(EMET)

https://www.microsoft.com/en-us/download/details.aspx?id=50766

Tuesday, December 5, 2017

Follow uswww.infosecawareness.in

https://www.facebook.com/infosecawareness

TOLL FREE No. 1800 425 6235

https://www.youtube.com/channel/UCWPBKQryyVvydUy4rYsbBfA

https://plus.google.com/u/0/106937869860139709031/posts

isea@cdac.inEmail id:

Tuesday, December 5, 2017