1 / 26

Cyber Analytics Project MIS 510

Cyber Analytics Project MIS 510. Prathamesh Bhurke Prasad Kodre Kiran Viswanathan

orsen
Download Presentation

Cyber Analytics Project MIS 510

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Analytics Project MIS 510 • Prathamesh Bhurke • Prasad Kodre • Kiran Viswanathan • Vanitha Venkatnarayanan February 27, 2014

  2. Prasad K • Prathamesh B • VanithaV • KiranV

  3. Agenda

  4. Introduction • With the increase in reliance on technology many aspects of our lives depend on the Internet and computers, including communications, transportation, government, finance and education. • As more and more critical information is stored and handled online the need for providing a secure way to store all this information rises. • The increasing volume and sophistication of cyber security threats such as malware attacks, phishing scams, data theft, and other online vulnerabilities, demand that we remain vigilant about securing our systems and information.

  5. Literature Review • To understand the impact of cybersecurity we studied the existing documentations and recent news about cybersecurity. There is tremendous amount of growth in the area of cybersecurity. Some of the major research papers/blogs we studied are: • Banking Trojans: Understanding their impact and how to defend your institution against Trojan- aided fraud. • Trojan.Zbot: Trojan.Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. • Carberp: Code Leak Stokes Copycat Fears

  6. Which is the most targeted Social media platform? Mark Zuckerberg’s account hacked

  7. Evolution – The story line • Mark Zuckerberg’s account hacked by Khalil Shreatehon August 2013. • Hacking of Facebook a rising threat. • Millions of Accounts data at risk. • More than 600,000 Facebook accounts are being compromised every day • Hacked using “Keylogger”

  8. Graphical Analysis • Increase in the number of posts and threads regarding hacking of Facebook. • Increase in number of views of posts and threads which includes the topic of hacking Facebook

  9. Graphical Analysis • Provides information about authors talking about hacking Facebook • Y axis is the aggregation of different metrics like reputations score, number of views etc.

  10. Graphical Analysis • Facebook is the most talked social media website in different forums

  11. Pseudo Algorithm • THE ALGORITHM: • Create an Empty log file for storing keylogs. • Intercept keys pressed by user using GetAsyncKeyState() function. • Store these intercepted values in file. • Hide the Running Window Dialog to make it undetectable. • Use while loop to make it running in all conditions. • Add Sleep() function to reduce the CPU usage to 0%.

  12. How secure are the large number of Cisco routers which are currently connected to the internet? • Many of the Cisco routers which are currently connected to the internet have a web interface to configure the devices. To gain access to these devices, a username and password might be needed. • Unauthorized access to these devices may lead to unwanted consequences. Data collected from Shodan for Cisco devices around the world shows that there are at least 1,616,911 Cisco routers connected to the internet. • Among these potentially more than 11,419 devices do not require authentication. This information can be found out by spotting differences in the banner information of the device.

  13. Percentage of unprotected Cisco routers of total Cisco routers for each country

  14. Countries with maximum Cisco routers under .edu network without authentication

  15. Countries with max Cisco routers under .eduNetwork which do not require authentication

  16. Are there any Industrial Control Systems connectedto internet? How secure are SCADA/ICS equipment which are behind the organizational firewall? • Wikipedia defines Industrial Control Systems as ‘a general term that encompasses several types of control systems used in industrial production including: • Supervisory control and data acquisition (SCADA) systems • Distributed control systems (DCS) and • Other smaller control system configurations such as Programmable Logic Controllers (PLC)

  17. Major Attacks • Stuxnet: • Stuxnet (W32.Stuxnet) is a computer virus targeted SCADA systems manufactured by Siemens. • The intent of Stuxnet was to sabotage the operations of facilities such as power plants, gas pipelines, etc. • Flame: Flame is large scale cyber espionage attack which mainly targeted insecure SCADA/ICS devices and industry computers. The objective was to steal operation critical information from these devices in form of screenshots, audio recording, etc. • Kaspersky in May 2012 estimated 1000 machines to be infected by Flame, with victims including industries, governmental organizations and private individuals.

  18. Country wise distribution of Siemens SCADA/ICS devices

  19. Shodan statistics for some SCADA products

  20. Which are the top 3 Banking Trojans are spoken about on Hacker web? • Banks need to remain vigilant to the threats posed by criminals. New dangers are emerging all the time, particularly in areas such as online banking, where transaction volumes are increasing. • It’s no wonder that threats are on the rise. More people are using electronic payments, mobile banking and other new technologies, which makes them more appealing to the criminals – more transactions mean more money. • Banking malware, specifically banking Trojans, are reaching alarming new levels of sophistication.

  21. Statistics of the most spoken about Trojans in Hacker web forums

  22. Major Attacks • Zeus:The Trojan.Zbot files allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers. • Citadel:This Trojan is a variation of Zeus. It emerged, along with a number of other one-off Trojans, after the Zeus Trojan’s source code leaked in 2011. • Carberp:Win32/Carberp is a family of Trojans that may be delivered via malicious code, for instance by variants ofExploit: JS/Blacole.The Trojan downloads other Win32/Carberp components to execute payload code such as stealing online banking credentials

  23. Impact of Cyber Security Hacks • Cybercriminals are no longer isolated amateurs • Increasingly leveraging malware, bots and other forms of sophisticated threats to attack organizations • Denial of Service, Botnets, Advanced Persistent Threats, Viruses, Worms, Trojans, Social Engineering • Too little is done in many countries to prevent cybercrime

  24. References • http://www.shodanhq.com/ • https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf • http://en.wikipedia.org/wiki/Cisco_IOS • http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-technologies/index.html • http://en.wikipedia.org/wiki/Industrial_control_system • http://en.wikipedia.org/wiki/SCADA • http://www.digitalbond.com/blog/2010/11/02/what-you-should-know-about-shodan-and-scada/ • http://en.wikipedia.org/wiki/Flame_(malware) • http://en.wikipedia.org/wiki/Stuxnet • https://www.owasp.org • https://www4.symantec.com/mktginfo/whitepaper/user_authentication/21195180_WP_GA_BankingTrojansImpactandDefendAgainstTrojanFraud_062611.pdf

  25. Appendix – Shodan Code

  26. Appendix – Queries used in Shodan

More Related