INFORMATION SECURITY AWARENESS Information Security Education - - PowerPoint PPT Presentation

keeping yourself and your family safe in a tech driven world

Information Security Education & Awareness Team C-DAC Hyderabad

Toll F Free No: 1

1800 0 425 6 6235

Leading a Secured Digital Life…….

INFORMATION SECURITY AWARENESS

Ministry of Electronics & Information Technology Government of India

Tuesday, December 5, 2017

INFO NFORMA RMATION TION SE SECUR CURITY ITY AWAR AREN ENESS ESS

Inform formati ation

• n Se

Secur urit ity y Educ ucati ation

• n & Aware

arene ness ss Team

C-DAC DAC Hyde dera rabad bad

keeping yourself and your family safe in a tech driven world

www.infosecawareness.in

Cyber society

In today’s world, we depend on Internet at home, in school and at work place

How and for what purpose do you use the Internet ??

Education

Fun/Entertainment

Online Banking

Online Shopping

Communication

E-mail

Social Networking

While using the Internet what are the primary online risks you face

Malware

Yes, the answer is

What is a malware ??

Malware in short known for malicious

• software. It is

software designed to infiltrate a computer system without the

• wner's informed

consent.

Types of Malwares ?

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams. Ransomware

Ransomware

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

These type of malware alter the normal operation of your machine, thus barring you to use it properly. Thereafter, these programs display warning messages asking for money to get your device back to normal working condition.

After reading this, you might be thinking why people create Malware. Here are some reasons which may compel a coder to write malware codes:

• Take control of a person’s computer for personal or professional

reasons.

• To get financial benefits.
• To steal confidential data.
• To prove their point regarding a security breach that can be done on

a system.

• To take down an individual computer or a complete network.

Let’s Discuss about recent ransomware attack happened ?

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

Wa Wanna nnaCry Cry/Wa Wann nnaCrypt aCrypt Ransomwa ansomware re ? ?

The WannaCry ransomware attack is an ongoing worldwide cyberattack by the WannaCry ransomware cryptoworm, which targets computers running the Microsoft Windows

• perating system by encrypting data and demanding ransom

payments in the Bitcoin cryptocurrency.

How the WannaCry attack Spread the Countries

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

Cont..

• On Friday morning Spanish mobile operator Telefonica was among the first

large organizations to report infection by WannaCry.

• By late morning, hospitals and clinics across the UK began reporting

problems to the national cyber incident response Centre.

• In Europe, French carmaker Renault was hit, in Germany, Deutsche Bahn

became another high-profile victim.

• In Russia, the ministry of the interior, mobile phone provider Megafon and

Sberbank became infected.

• Although WannaCry's spread had already been checked, the US was not

entirely spared, with FedEx being the highest-profile victim.

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Wannacry encrypts the files on infected Windows systems.

This ransomware spreads by using a vulnerability in implementations of Server Message Block (SMB) in Windows

• systems. This exploit is named as ETERNALBLUE.
• The ransomware called WannaCrypt or WannaCry encrypts

the computer's hard disk drive and then spreads laterally between computers on the same LAN. The ransomware also spreads through malicious attachments to emails.

• In order to prevent infection, users and organizations are

advised to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010.

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

The The file ile extensions xtensions that hat the the mal alwar ware is is targ targeting eting contain contain cer certain tain clusters sters of

• f formats
• rmats including

ncluding:

• Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
• Less common and nation-specific office formats (.sxw, .odt, .hwp).
• Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
• Emails and email databases (.eml, .msg, .ost, .pst, .edb).
• Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
• Developers' sourcecode and project files (.php, .java, .cpp, .pas,

.asm).

• Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg,

.aes).

• Graphic designers, artists and photographers files (.vsd, .odg, .raw,

.nef, .svg, .psd).

• Virtual machine files (.vmx, .vmdk, .vdi).

Best practices to prevent ransomware attacks:

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Maintain updated

Antivirus software on all systems.

• Check regularly for the

integrity of the information stored in the databases.

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Regularly check the contents of

backup files of databases for any unauthorized encrypted contents

• f

data records

• r

external elements, (backdoors /malicious scripts.)

• Ensure

integrity

• f

the codes /scripts being used in database, authentication and sensitive systems

Cont..

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Keep the operating system

third party applications (MS

• ffice, browsers, browser

Plugins) up-to-date with the latest patches.

• Application whitelisting/Strict

implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP%

• paths. Ransomware sample

drops and executes generally from these locations.

Cont..

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Don't open attachments in unsolicited

e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the

• rganization's

website directly through browser

• Follow safe practices when browsing the
• web. Ensure the web browsers are secured

enough with appropriate content controls.

Cont..

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

Cont..

• Network segmentation and segregation

into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.

• Disable

ActiveX content in Microsoft Office applications such as Word, Excel, etc.

• Disable

remote Desktop Connections, employ least-privileged accounts.

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• If not required consider

disabling, PowerShell /windows script hosting.

• Restrict users' abilities

(permissions) to install and run unwanted software applications.

Cont..

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Enable personal firewalls on

workstations.

• Implement strict External Device (USB

drive) usage policy.

• Employ data-at-rest and data-in-transit

encryption.

• Consider installing Enhanced Mitigation

Experience Toolkit, or similar host-level anti-exploitation tools.

Cont..

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

• Block the attachments of file types like

exe|pif|tmp|url|scr|reg|cer|cmd|pst| com|bat|dll|dat|hlp|hta|js|wsf.

• Carry out vulnerability Assessment and

Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled

• auditors. Repeat audits regularly.

Cont..

Generic Prevention Tools:

'M 'Malware' ware' is an umb mbrell rella a ter erm m used d to ref efer r to a variety ety of form rms s of host stile e or intrusive sive softw ftwar are e including ding comput puter er viruses, uses, worms, s, Troj

• jan

an horse rses, s, ransom somware ware, , spyw ywar are, e, adware, ware, scareware areware, , and other er ma malicious

• us

prog

• grams.

rams.

Sophos: Hitman.Pro https://www.hitmanpro.com/en-us/surfright/alert.aspx4 Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued) https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/ Malwarebytes Anti-Ransomware(formally Crypto Monitor) https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/ Trendmicro Ransomware Screen Unlocker tool https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx Microsoft Enhanced mitigation and experience toolkit(EMET) https://www.microsoft.com/en-us/download/details.aspx?id=50766

Follow us www.infosecawareness.in

https://www.facebook.com/infosecawareness

TOLL FREE No. 1800 425 6235

https://www.youtube.com/channel/UCWPBKQryyV vydUy4rYsbBfA

https://plus.google.com/u/0/10693786986013 9709031/posts

isea@cdac.in

Email id:

Tuesday, December 5, 2017