180 likes | 362 Views
INTERNET SECURITY THREAT REPORT 2013. is 376. November 12 , 2013. WATERING HOLE ATTACKS. With increased vigilance against malware attacks, some attackers have resorted to indirect watering hole attacks .
E N D
INTERNET SECURITY THREAT REPORT 2013 is 376 November 12, 2013
WATERING HOLE ATTACKS With increased vigilance against malware attacks, some attackers have resorted to indirect watering hole attacks. • The attackers inject an “exploit” containing malware onto a trusted site that their intended target often visits. • When the target visits the site, the exploit drops its malware onto the victim’s system. • The attackers can then launch their malicious attack via their launched malware. Is 376 November 12, 2013 Page 2
ZERO DAY VULNERABILITIES When attackers discover a vulnerability in a software system before the system developers do (or at least before they fix it), the attackers try to develop “exploits” (i.e., strategies for taking advantage of that vulnerability) on “Day Zero” of awareness of the vulnerability. After some software developers took over four years to address known vulnerabilities, Hewlett-Packard’s Zero Day Initiative was set up to reward researchers who reported vulnerabilities to ZDI, which would try to work with the vendor to develop a patch for the problem. In any case, the developer would have no more than 180 days to fix the vulnerability before ZDI would release the information to the press. Is 376 November 12, 2013 Page 3
RANSOMWARE Is 376 November 12, 2013 Page 4
UNSOLICITED COMMERCIAL E-MAIL (SPAM) E-mail is sent to a vast number of users, with the hopes that some small percentage of them will respond to an “irresistible” offer and purchase what turns out to be a bogus product at a “bargain” price. Is 376 November 12, 2013 Page 5
SPAM STATISTICS 2012 Global Spam Volume Per Day Global Spam Rate – 2012 Vs. 2011 Pharmaceutical Spam – 2012 Vs. 2011 Adult/Sex/Dating – 2012 Vs. 2011 Is 376 November 12, 2013 Page 6
ZOMBIE ARMIES (BOTNETS) Zombie computers, virus-infected computers that perform malicious tasks under remote direction, are the major delivery method of spam. Is 376 November 12, 2013 Page 7
BIG MAC ATTACK: FLASHBACK! While Windows-based machines have been most targeted by attackers, the popularity of Apple machines has made them the target in many new types of attack. The Flashback attack started as a fake message to install Flash Player on an Apple machine. It was actually a Trojan Horse that ultimately created a botnet of over 600K unsuspecting Mac users. Is 376 November 12, 2013 Page 8
SPAM RED FLAGS Among the telltale signs that an e-mail message could be spam: • Frequent use of characters that are neither numbers nor letters. • Transmission time in the wee hours of the night. • Use of HUSTLE PHRASES, like “Double Your Income” or “Lose Weight Fast”. Is 376 November 12, 2013 Page 9
Bayesian Algorithms The 18th Century mathematician Thomas Bayes developed a statistical theory, briefly summarized as: “The probability of a particular event occurring in the future is proportional to how often it happened in the past under the same circumstances.” Several spam filters have been designed using Bayesian algorithms, which assume that if a new message contains text that appeared often in spam in the past but rarely in legitimate messages, the new message is likely to be spam. Is 376 November 12, 2013 Page 10
STATISTICAL SPAM FILTERS Reasonably effective software to filter out spam uses a simple statistical technique, such as: • Users discard all of their spam in a separate trash can. • Periodically, the software examines the user's e-mail and, for each word, calculates the ratio of spam occurrences to total occurrences. For example, if the word “mortgage" occurs in 200 of 1000 spams and 3 of 500 non-spam e-mails, its spam probability is: • When a new e-mail arrives, extract all of the words and find the 15 with spam probabilities p1,...,p15 furthest (in either direction) from 0.5. • The probability that the message is spam is: Is 376 November 12, 2013 Page 11
BLACKLISTS One very effective technique for blocking spam is to maintain a blacklist of spam sources, and to refuse all e-mail from those sources. The problem: Aggressive blacklist policies might list sources that send legitimate e-mail as well as spam. Less aggressive policies are so conservative that they block almost nothing at all. Is 376 November 12, 2013 Page 12
WHITELISTS In an attempt to catch all of the spam while ensuring that every piece of legitimate e-mail gets through, a new approach, known as whitelisting, has been developed. Instead of trying to block spam while allowing everything else, whitelist software blocks everything except messages from already known, accepted senders, thus changing e-mail from an open system to a closed one. Whitelists typically allow e-mail from everyone in a user's existing address book. Other, unknown senders receive an automated reply, asking them to take further action, such as explain who they are. Or senders may be asked to identify a partially obscured image of a word. A person can make out the word, but automated spammer software can't. Is 376 November 12, 2013 Page 13
FEDERAL LAW: CAN-SPAM 2003 The Controlling the Assault of Non-Solicited Pornography and Marketing Act • Requires UCE messages to be labeled, to include opt-out instructions, and to contain the sender's physical address. • Prohibits the use of deceptive subject lines and false headers in UCE messages. • Authorizes the FTC to establish a "do-not-email" registry. No standard method for doing these things is specified. Pre-empts state laws that might have stronger provisions. FTC has refused to do this since e-mail is usually not authenticated, making such a list useless. Is 376 November 12, 2013 Page 14
IDENTITY THEFT The Identity Theft & Assumption Deterrence Act • 1998 federal law • Federal crime when someone “…transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity..." • “Means of identification”: name, SSN, credit card number, cellular telephone electronic serial number, etc. • Maximum penalty: 15 years imprisonment, a fine, and forfeiture of any personal property used or intended to be used to commit the crime. Is 376 November 12, 2013 Page 15
PHISHING EXPEDITION Phishing is a high-tech scam that uses spam or pop-up messages to deceive Web users into disclosing credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Is 376 November 12, 2013 Page 16
NIGERIAN SCAM • LAGOS, NIGERIA. • ATTENTION: THE PRESIDENT/CEO • DEAR SIR, • CONFIDENTIAL BUSINESS PROPOSAL • HAVING CONSULTED WITH MY COLLEAGUES AND BASED ON THE INFORMATION GATHERED FROM THE NIGERIAN CHAMBERS OF COMMERCE AND INDUSTRY, I HAVE THE PRIVILEGE TO REQUEST FOR YOUR ASSISTANCE TO TRANSFER THE SUM OF $47,500,000.00 (FORTY SEVEN MILLION, FIVE HUNDRED THOUSAND UNITED STATES DOLLARS) INTO YOUR ACCOUNTS. THE ABOVE SUM RESULTED FROM AN OVER-INVOICED CONTRACT, EXECUTED COMMISSIONED AND PAID FOR ABOUT FIVE YEARS (5) AGO BY A FOREIGN CONTRACTOR. THIS ACTION WAS HOWEVER INTENTIONAL AND SINCE THEN THE FUND HAS BEEN IN A SUSPENSE ACCOUNT AT THE CENTRAL BANK OF NIGERIA APEX BANK. • WE ARE NOW READY TO TRANSFER THE FUND OVERSEAS AND THAT IS WHERE YOU COME IN. IT IS IMPORTANT TO INFORM YOU THAT AS CIVIL SERVANTS, WE ARE FORBIDDEN TO OPERATE A FOREIGN ACCOUNT; THAT IS WHY WE REQUIRE YOUR ASSISTANCE. THE TOTAL SUM WILL BE SHARED AS FOLLOWS: 70% FOR US, 25% FOR YOU AND 5% FOR LOCAL AND INTERNATIONAL EXPENSES INCIDENT TO THE TRANSFER. • THE TRANSFER IS RISK FREE ON BOTH SIDES. I AM AN ACCOUNTANT WITH THE NIGERIAN NATIONAL PETROLEUM CORPORATION (NNPC). IF YOU FIND THIS PROPOSAL ACCEPTABLE, WE SHALL REQUIRE THE FOLLOWING DOCUMENTS: • YOUR BANKER'S NAME, TELEPHONE, ACCOUNT AND FAX NUMBERS. • YOUR PRIVATE TELEPHONE AND FAX NUMBERS -- FOR CONFIDENTIALITY AND EASY COMMUNICATION. • YOUR LETTER-HEADED PAPER STAMPED AND SIGNED. • ALTERNATIVELY WE WILL FURNISH YOU WITH THE TEXT OF WHAT TO TYPE INTO YOUR LETTER-HEADED PAPER, ALONG WITH A BREAKDOWN EXPLAINING, COMPREHENSIVELY WHAT WE REQUIRE OF YOU. THE BUSINESS WILL TAKE US THIRTY (30) WORKING DAYS TO ACCOMPLISH. • PLEASE REPLY URGENTLY. • BEST REGARDS Claiming to be Nigerian officials, businesspeople, or the surviving spouses of former government honchos, con artists offer to transfer millions of dollars to your bank account for a small fee… Other Recent Scams: Hitman Scam Economic Stimulus Scam Is 376 November 12, 2013 Page 17
2012 IDENTITY THEFT VICTIMS BY STATE Is 376 November 12, 2013 Page 18