leading a secured digital life……. information security ... · a tech driven world . cyber...
TRANSCRIPT
keeping yourself and
your family safe in a tech driven world
Information Security Education & Awareness Team
C-DAC Hyderabad
Toll Free No: 1800 425 6235
Leading a Secured Digital Life…….
INFORMATIONSECURITY AWARENESS
Ministry of Electronics & Information Technology
Government of India Tuesday, December 5, 2017
INFORMATION SECURITY
AWARENESSInformation Security
Education & Awareness
Team
C-DAC Hyderabad keeping yourself and your family safe in a tech driven world
www.infosecawareness.in
Cyber society
In today’s world, we depend on Internet at home, in school and at work placeTuesday, December 5, 2017
How and for what purpose do you use the Internet ??
Education
Fun/Entertainment
Online Banking
Online ShoppingCommunication
Social Networking
Tuesday, December 5, 2017
While using the Internet what are the primary online risks you face
Tuesday, December 5, 2017
Malware
Yes, the answer is
Tuesday, December 5, 2017
What is a malware ??
Malware in short known for malicious
software. It is software designed to infiltrate a computer system without the owner's informed
consent.
Tuesday, December 5, 2017
Types of Malwares ?
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Ransomware
Tuesday, December 5, 2017
Ransomware
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
These type of malware alter the normal operation of your machine, thus barring
you to use it properly. Thereafter, these programs display warning messages
asking for money to get your device back to normal working condition.
After reading this, you might be thinking why people create Malware.
Here are some reasons which may compel a coder to write malware
codes:
• Take control of a person’s computer for personal or professional
reasons.
• To get financial benefits.
• To steal confidential data.
• To prove their point regarding a security breach that can be done on
a system.
• To take down an individual computer or a complete network.
Tuesday, December 5, 2017
Let’s Discuss about recent ransomware attack happened ?
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
WannaCry/WannaCrypt Ransomware ?
The WannaCry ransomware attack is an ongoing worldwide
cyberattack by the WannaCry ransomware cryptoworm,
which targets computers running the Microsoft Windows
operating system by encrypting data and demanding ransom
payments in the Bitcoin cryptocurrency.
Tuesday, December 5, 2017
How the WannaCry attack Spread the Countries
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Tuesday, December 5, 2017
Cont..• On Friday morning Spanish mobile operator Telefonica was among the first
large organizations to report infection by WannaCry.
• By late morning, hospitals and clinics across the UK began reporting
problems to the national cyber incident response Centre.
• In Europe, French carmaker Renault was hit, in Germany, Deutsche Bahn
became another high-profile victim.
• In Russia, the ministry of the interior, mobile phone provider Megafon and
Sberbank became infected.
• Although WannaCry's spread had already been checked, the US was not
entirely spared, with FedEx being the highest-profile victim.
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Wannacry encrypts the files on infected Windows systems.This ransomware spreads by using a vulnerability inimplementations of Server Message Block (SMB) in Windowssystems. This exploit is named as ETERNALBLUE.
• The ransomware called WannaCrypt or WannaCry encryptsthe computer's hard disk drive and then spreads laterallybetween computers on the same LAN. The ransomware alsospreads through malicious attachments to emails.
• In order to prevent infection, users and organizations areadvised to apply patches to Windows systems as mentioned inMicrosoft Security Bulletin MS17-010.
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
The file extensions that the malware is targeting contain certain
clusters of formats including:
• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
• Less common and nation-specific office formats (.sxw, .odt, .hwp).
• Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
• Emails and email databases (.eml, .msg, .ost, .pst, .edb).
• Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
• Developers' sourcecode and project files (.php, .java, .cpp, .pas,
.asm).
• Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg,
.aes).
• Graphic designers, artists and photographers files (.vsd, .odg, .raw,
.nef, .svg, .psd).
• Virtual machine files (.vmx, .vmdk, .vdi).
Tuesday, December 5, 2017
Best practices to prevent ransomware attacks:
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Maintain updated Antivirus software on all systems.
• Check regularly for the integrity of the information stored in the databases.
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Regularly check the contents ofbackup files of databases for anyunauthorized encrypted contentsof data records or externalelements, (backdoors /maliciousscripts.)
• Ensure integrity of the codes/scripts being used in database,authentication and sensitivesystems
Cont..
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
• Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.
Cont..
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Don't open attachments in unsolicitede-mails, even if they come from people inyour contact list, and never click on a URLcontained in an unsolicited e-mail, even ifthe link seems benign. In cases of genuineURLs close out the e-mail and go to theorganization's website directly throughbrowser
•Follow safe practices when browsing theweb. Ensure the web browsers are securedenough with appropriate content controls.
Cont..
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Cont..
•Network segmentation and segregationinto security zones - help protect sensitiveinformation and critical services. Separateadministrative network from businessprocesses with physical controls andVirtual Local Area Networks.
•Disable ActiveX content in MicrosoftOffice applications such as Word, Excel,etc.
•Disable remote Desktop Connections,employ least-privileged accounts.
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
•If not required consider disabling, PowerShell /windows script hosting.
•Restrict users' abilities (permissions) to install and run unwanted software applications.
Cont..
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Enable personal firewalls on workstations.
• Implement strict External Device (USB drive) usage policy.
• Employ data-at-rest and data-in-transit encryption.
• Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
Cont..
Tuesday, December 5, 2017
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
• Block the attachments of file types like exe|pif|tmp|url|scr|reg|cer|cmd|pst|com|bat|dll|dat|hlp|hta|js|wsf.
• Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits regularly.
Cont..
Tuesday, December 5, 2017
Generic Prevention Tools:
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software including computer viruses, worms, Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.
Sophos: Hitman.Pro
https://www.hitmanpro.com/en-us/surfright/alert.aspx4
Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued)
https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/
Malwarebytes Anti-Ransomware(formally Crypto Monitor)
https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/
Trendmicro Ransomware Screen Unlocker tool
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx
Microsoft Enhanced mitigation and experience toolkit(EMET)
https://www.microsoft.com/en-us/download/details.aspx?id=50766
Tuesday, December 5, 2017
Follow uswww.infosecawareness.in
https://www.facebook.com/infosecawareness
TOLL FREE No. 1800 425 6235
https://www.youtube.com/channel/UCWPBKQryyVvydUy4rYsbBfA
https://plus.google.com/u/0/106937869860139709031/posts
Tuesday, December 5, 2017