THINK BEFORE YOU CLICK!

Cyber Security is everybody’s responsibility

Don WinakerNetwork Security Managerdwinake1@jhu.edu

We know what those thieves are after. But Johns Hopkins isn’t a store or a bank. What would people want to steal from us?

Johns Hopkins has technology in place that deflects many attacks

84.2% of all incoming email messages are dropped due to SPAM, viruses, phishing, etc.

Inbound network connections blockeddue to malware*

Per Day: 4,000,068Per Hour: 166,669Per Second: 46

Per Day: 88,405Per Hour: 3,684Per Second: 1

Unauthorized attemptsto access our internal networks blocked

Per Day: 75,545,460 Per Hour: 3,147,727Per Second: 874

Outbound network connections blockeddue to malware*

Per Day: 882,310 Per Hour: 36,763Per Second: 10

Technology is great and has made our lives and jobs easier, but …

Technical Tools

Can’t reason or exercise judgment

Can only detect broad trends

Must quickly sort through more than 2 billion daily events

Have to be configured, monitored, and maintained by … people!

Technology can provide prevention and detection

Is this enough ?

What is Johns Hopkins Network Security doing today ?

Extensive Deployment of Cisco Firewalls Automated Blacklisting Nessus Vulnerability scanning Sourcefire Intrusion Detection and Prevention

systems installed JWatch – Intel Security incident and Event

Management LanCope – network traffic flow monitoring

People are the first and most important line of cyber defense

Humans Can make connections between different pieces of

information that don’t seem related but indicate a trend

Can recognize when seemingly normal behavior just doesn’t look or sound quite right

Can adapt quickly to new information and emerging attacks and threats

Provide a principal preventive control

Technology can’t do it all

People hold the keys to the kingdom

What are the most common types of attack?

Social EngineeringPhishingMalware

If you know where to look and have the right level of access, vast amounts of information are available with just one click

How do cyber criminals try to get information from us?

SOCIAL ENGINEERING Type of confidence trick or con job

Uses psychological manipulation to trick people to bypass normal security procedures

Often relies on natural helpfulness of people

One step in a more complex fraud scheme

From 2009-2011, 48% of large businesses suffered attacks costing between $25,000-$100,000 per incident

How do cyber criminals try to get our login credentials?

PHISHING SPEAR PHISHING Often sent in an email

Pretends to be from an official source

Directs users to enter credentials into a fake web site

Warn or threaten of consequences for failure to act

Targeted phishing attack

Attacker has specific target in mind

Uses details about the target to sound more legitimate

May present a problem and try to elicit sympathy and get a helpful response

Be skeptical when you read email

How can you tell if it’s phishing? Asks you to reply to an email or go to a web site and enter

in personally identifiable information

Asks you to click a link to install software (malware)

Directs you to a URL that is not a Johns Hopkins address (but might look like one) or starts with an IP address

Creates a sense of urgency by warning or threatening that something bad will happen if you don’t comply

Is badly written, including misspelled words or poor grammar

Phishing email examples

If you never fall for a phishing attack then you are safe, right?

MALicious SoftWAREGets installed on your system and performs

unwanted tasksDesigned to disrupt, damage, steal

information, take control, create botsMany different types:

◦ Virus and worm (infectious)◦ Rootkit, Trojan Horse, Backdoor (RAT – remote

access tool)◦ Keylogger, Spyware (steal information)◦ Ransomeware (extortion)◦ Dialer, Adware (generate funds)◦ Hybrids and variations

You could usually avoid malware if you were careful with your email

But not anymore

90% of malware comes from web browsing today – only 6% comes from email

The biggest threat to corporate networks is employees clicking on infected web pages

A 'drive-by-download' attack is a malware delivery technique that is triggered just because you visited a website. You don’t need to click or accept any software, and the malicious code can download in the background to your device.

Anatomy of the NBC.com Infection

Drive-by download attackOne of the top 600 most popular web sites on

the Internet – Law of Large NumbersUsed the RedKit exploit kit to look for vulnerable

versions of Adobe Reader, Acrobat, JavaVulnerable computers were infected with

malware:◦ Citadel (spyware) targets financial account details◦ ZeroAccess (adware) generates fake pay-per-view

revenues for botnet controllers or their clientsThis version of Citadel was at the time only

recognized by 3 out of the 46 antivirus programs on virustotal.com

McAfee Labs catalogs 100,000 new malware samples every day -

69 new pieces of malware a minute!

But I’m safe since I only visitlegitimate web sites!

Number of unsafe websites detected by GoogleGoogle blocks 10,000 per day, and 42,000 new malware sites are detected each week

Mainstream Websites More Likely to Harbor Malware

1.   Blogs 19.8%2.   Web hosting 15.6%3.   Business and economy 10%4.   Shopping 7.7%5.   Education and reference 6.9%6.   Technology, computer, Internet 6.9%7.   Entertainment and music 3.8% 8.   Automotive 3.8%9.   Health and medicine 2.7%10.  Porn 2.4%

Top 10 Infected Web Site Types

80% are legitimate sites

2013 Cisco Annual Security Report

Malware Bottom Line

• Keep application and operating system patches up-to-date

• Don’t click on unknown links or attachments

• Don’t trust sites that ask for your cell phone number or require you to create a login account

• Keep anti-virus/anti-spyware up to date

The internet is overwhelmingly a

power for good It provides cheap and easy access every moment of every day to vast amounts of information and entertainment, and it is transforming the nature of government and commerce.

However …

You hold the keys to the kingdom

THINK BEFORE YOU CLICK!

Cyber Security is everybody’s responsibility

Questions?

Don WinakerNetwork Security Managerdwinake1@jhu.edu