Cybersecurity Awareness Training be vigilant but unafraid! Leo F. - PowerPoint PPT Presentation

Cybersecurity Awareness Training be vigilant but unafraid! Leo F. Howell Chief Information S ecurity Officer lfhowell@uoregon.edu

Why YOU should care University University YOU YOU COMPLIANCE increases business COMPLIANCE Research at risk Research 1. 1. 1. 1. opportunities; required by: Bank Account Bank Account may be emptied 2. 2. DFAR, FAR, Data Use Agreements (research) a) Medical Records Medical Records subject to theft 3. 3. HIPAA, FERPA,GLBA (financial aid) b) or exposure GDPR (EU persons) c) State Laws (OR, CA, CT, …) d) Embarrassment via exposure of Embarrassment 4. 4. DATA BREACHES DATA BREACHES cause financial & 2. 2. private social media interactions reputational losses Computers Computers Locked Locked for ransom 5. 5. DENIAL OF SERVICE DENIAL OF SERVICE disrupts operations 3. 3. Indictment Indictment without guilt 6. 6. SOCIAL RESPONSIBILITY extends to Data SOCIAL RESPONSIBILITY 4. 4. Protection

Meet the adversary... Script Kiddies Hacktivists? Hacktivist? Insiders Organized Crimes Nation States

Common attack methods • Email - Phishing • Password theft • Ransomware • Phone - Vishing • Backdoors • Key loggers • Text - Smishing • Website exploits • Spyware Phishing Hacking Malware

Can you spot the phish? 1. Fake D0mains uoregon.edu uoregon.edu d 2. Urgency 3. Impersonated / Unknown S ender 4. Unexpected / Unusual Request / Tone 5. Flattery 6. Letter S ub5titution5 7. Bad Gramm r a

Phishing -4-faculty with… Dear Dr. [X], I recently read your article: [Title]. It was very useful in my field of research. I wonder, if possible, to send me these articles to use in my current research: http://shibboleth.uoregon.edud.in/idp/Authn/login.php?url=http://www.sciencedire ct.com/science/article/pii/S03085961100HT00238 Thanks for you Cooperation in Advance. Assoc. Prof. [Name]

Phishing -4-faculty with… flattery, grammar, fake domain, urgency flattery, grammar, fake domain, urgency Dear Dr. [X], I recently read your article: [Title]. It was very useful in my field of research. I wonder, if possible, to send me these articles to use in my current research: http://shibboleth.uoregon. edud.in /idp/Authn/login.php?url=http://www.sciencedir ect.com/science/article/pii/S03085961100HT00238 Thanks for you C ooperation in A dvance. Assoc. Prof. [Name]

Phishing -4-faculty with… flattery, grammar, fake domain, urgency flattery, grammar, fake domain, urgency o $3.4B IP Theft Dear Dr. [X], o 3,800 Professors targeted, across I recently read your article: [Title]. It was very useful in my field of o 144 U.S. universities research. I wonder, if possible, to send me these articles to use in my o 10 Indictments current research: o 60+ UO Faculty & Staff http://shibboleth.uoregon. edud.in /idp/Authn/login.php?url=http://www.sciencedir Compromised ect.com/science/article/pii/S03085961100HT00238 38 Thanks for you C ooperation in A dvance. Assoc. Prof. [Name]

Phishing -4-whales with… From: Michael Schill [mailto:markross@emailolympic.org] Sent: Friday, March 02, 2018 2:02 PM Subject: Michael Schill as Shared a file with you using One Drive Hello, Please find attached the Look Ahead files for Friday March 2nd,2018 Open Kindly let me have your opinion Michael Schill 541-346-3936 President

Phishing -4-whales with… sender impersonation, bad link, tone sender impersonation, bad link, tone From: Michael Schill [mailto:markross@emailolympic.org] Sent: Friday, March 02, 2018 2:02 PM Subject: Michael Schill as Shared a file with you using One Drive Hello, Please find attached the Look Ahead files for Friday March 2nd,2018 Open = http://ko-ontap.com/cat/index.html Kindly let me have your opinion Michael Schill 541-346-3936 President

Gift card scam with… From: bart.conover@uoregon.com Hello You, Please purchase 6 gift cards valued at $250 each and send me the numbers right away. I will tell you a funny story about this when I return to the office, but send me those cards NOW. Bart

Gift card scam… fake domain, context, urgency fake domain, context, urgency From: bart.conover@uoregon.com Hello You, Please purchase 6 gift cards valued at $250 each and send me the numbers right away. I will tell you a funny story about this when I return to the office, but send me those cards NOW. Bart

"Unable to display message" phish

www-svha.msgload9.icu Logged out due to inactivity. Sign in to continue

"Unable to display message" phish www-svha.msgload9.icu 27K Users Received the Msg 15K Users Read Msg 62K Msg Deleted by Security 653 Users Compromised/Disabled 15K Users Password Changes $80K+ in person-hours for Response

Direct Deposit Prelude

jw13925@my.bristol.ac.uk

http://simoladormil.org/…. https://duckweb.uoregon.edu

jw13925@my.bristol.ac.uk ~ 80 users suspected of • giving up DuckIDs & passwords and/or 95#s & https://www.vocation100.com/swelm/ PACs http://trafficpillar.com/perara/ 14 users’ direct deposit • http://macvalleycotton.com.au accounts and routing http://leojaber.com.br numbers changed to the hacker’s

Key Message on Phishing Don't get Phished, S mished, Vished …. By a.... Dumb Hacker!

Password game Bad Ones Good Ones 123456 123456 Letmein Letmein W@r 15 b@d @1w@y5 Strong (76) Football Football My 3y3s @r3 p1nk Strong (70) Iloveyou Iloveyou This is my story Strong (69) Admin Admin Welcome Welcome What is fake news? Strong (87) Monkey Monkey My secret bucket list item is Very Strong (217) Abc123 Abc123 to sing in public hello hello I hate math, but I totally dig Very Strong (197) Starwars Starwars chemistry - Time, 2017 Time, 2017

Password Game OR Bad One Good One Username: Password: toddbay Toddbay$

Password Game OR Bad One Good One Username: Password: marys Iloveyou!

Password Game OR Bad One Good One Username: Password: samanp TheR@t5atemydinner

Password Game OR Bad One Good One Username: Password: samanp TheR@t5atemydinner2

Password Game OR Bad One Good One Username: Password: mandyt Iwillgob@cktoVT

General password tips • • Use password-phrase instead Never use login as password • • Use 2-Factor Authentication Never store them under • keyboards, desk drawers, sticky Use 5ub5t1tut10n5 notes on monitor • Use more than 10 chars • S tore a clue in your wallet/purse • Use different passwords for • Never store them on refrigerator different domains (Yahoo, • Facebook, S nap Chat, Never ever share passwords with UOREGON.EDU) anyone! • • Change them regularly – at Never send them in email least every 6 months • Never enter them with a • Use a password manager “shoulder surfer” present (like KeyPass or LastPass)

Trojans Trojans Viruses Viruses Bots Bots Zombies Zombies Ransomware Ransomware

Dangers of malware… to to OTHERS YOU

How do I get infected? social engineering via email, instant messaging, social media malicious websites and drive-by downloads, P2P file sharing malvertising, man-in-the-middle attacks, exploit kits

General Malware Tips • • Turn on automatic updates Back up important files • on your: Occasionally try to restore o Phones something from backup o Home computers • Report suspicious computer o Tablets activities o Work computers (see IT) • • Never download from untrusted Run up-to-date antimalware websites tool • o Be careful of sites you browse McAfee o to! MalwareBytes o Windows Defender (free)

Social Media tips No Internet delete No Internet delete • • S ecure device – facial, button button password, fingerprint, … Setup 2 Setup 2 -factor factor authN authN • • Don't share secrets • • Turn on privacy settings Trust then connect • • Use different passwords S etup private accounts for different personas • Limit who sees posts • Limit who can find you

Insecure connection Insecure connection intercept…hijack…modify Evil Internet Evil Wifi Photos by Unknown author is licensed under CC BY-SA

VPN, https:// VPN, https:// secure encrypted tunnel Evil Internet Evil Wifi Photos by Unknown author is licensed under CC BY-SA

Top 5 defenses Awareness & Vigilance

Key takeaways 1. Don't get ?hished by a dumb hacker! dumb hacker! 2. Make strong passwords or phrases, and never share them with anyone, ever! 3. Always use 2-factor login, where available Finally, be vigilant but unafraid!

UO Cybersecurity Briefing & Awareness Training Leo F. Howell Chief Information S ecurity Officer lfhowell@uoreqon.com 541-346-1732

UO Cybersecurity Briefing & Awareness Training Leo F. Howell Chief Information S ecurity Officer lfhowell@uore q on. com com lfhowell@uoregon.edu 541-346-1732