Home

  Microsoft PowerPoint - kerr-auscert-user-survey-brisbane-july-08.ppt

Microsoft PowerPoint - kerr-auscert-user-survey-brisbane-july-08.ppt AusCERT Home Users  Computer Security Survey  2008 Kathryn Kerr Manager, Analysis and  Assessments Copyright © 2008 AusCERT 1 Agenda • Scope • Purpose • Methodology • Key findings • Conclusion Copyright © 2007 AusCERT 2 Survey scope • Random sample of Australian based home  computer users with Internet connections • 18 years + • 1,001 responses • conducted March 2008 Copyright © 2007 AusCERT 3 Purpose • Threat environment – Active targeting of client computers to support  variety of cybercrime, including online ID theft • Seek better understand the security posture,  attitudes and awareness of home Internet  users in Australia • Help raise awareness of online security issues  among home Internet users Copyright © 2007 AusCERT 4 Purpose • Was there any connection between risky  behaviours and incidents of malware  infections? • Some results from the survey support this view  but not conclusively Copyright © 2008 AusCERT 5 Methodology • Nielsen, market research and information  company – Nielsen selected sample, conducted the survey and  collated results – Nielsen online web portal  – Results post weighted for age and gender • AusCERT specified the questions, analysed  results and prepared report • Sample error rate is 3.1% Copyright © 2007 AusCERT 6 Malware infections • 23% reported confirmed malware infections – Confirmed means detected by AV or anti‐spyware  after infection (not quarantined) (15%); or – Informed by trusted third party, such as ISP, bank,  other professional organisation (11%) • 70% of these were infected 1+ times in the last 12  months – Hence 16% of all respondents had 1 or more  confirmed malware infections in last 12 months • (70% x 233 = 16% x 1001) Copyright © 2008 AusCERT 7 Broadband and malware • Always on broadband vs connecting computer to  broadband only when computer in use. • 27% of “always on” broadband users (54%)  reported malware infections – 27% of 540 compared to: • 14% of broadband users who only connect to the  Internet when computer in use (34%) with  malware infections – 14% of 343 Copyright © 2008 AusCERT 8 Spam links and malware • 30% reported clicking on links in spam email • 32% of this group reported malware infections compared to: • 65% said they didn’t click on spam email links • 19% of these reported malware Copyright © 2008 AusCERT 9 Disabling security features and  malware • Do you routinely disable AV, firewall or browser security  features to allow maximum functionality for online  games, P2P etc? • 13% (132) did sometimes or always disabled security • 37% of this group reported malware infections compared to: • 62% (624) said they never disabled security features • 21% of these reported malware Copyright © 2008 AusCERT 10 Anti‐virus software • 94% have AV software installed – But only 70% configure automatic updating for AV  “always” – 18% only update “sometimes” automatically and  8% “never” update automatically • 22% with “always” updated AV (70%) still  reported malware infections Copyright © 2008 AusCERT 11 Confidence vs competence Copyright © 2008 AusCERT 12 Confidence vs competence Copyright © 2008 AusCERT 13 Awareness of security issues Copyright © 2008 AusCERT 14 • 38% believe they can rely on AV or anti‐spyware  software to alert them to malware infections – Yet we know that approximately 40% of malware not  detected on average across vendors* when first found  in the wild – *Note these figures vary each day and between  vendors • 33% of those who don’t use anti‐phishing tools  (575 or 57%) don’t know what a phishing site is Awareness of security issues • 46% incorrectly believed that it is not possible  for an attacker to see or modify data when SSL  is being used – which is possible if the computer is compromised  with information stealing malware – Eg, case study in the report Copyright © 2008 AusCERT 15 Summary • 16% reported malware infections in last 12 months • Risky online practices were common among home  Internet users – And result in higher levels of malware infections compared to  those who adopt safer online practices • Over‐confidence in abilities, lack of awareness of security  issues and poor attitudes to security were present  among small proportion of home Internet users • The report is prepared with a view to help raise  awareness among home Internet users of risks and how  to best minimise these risks Copyright © 2008 AusCERT 16 Get the survey • Survey is available online from: http://www.auscert.org.au/usersurvey Copyright © 2008 AusCERT 17

Score: 2038176.6 - https://www.itu.int/ITU-D/cyb/...er-survey-brisbane-july-08.pdf

  A/HRC/41/35/ADD.3

OVERVIEW OF SUBMISSIONS RECEIVED IN PREPARATION OF A/HRC/41/35 : REPORT OF THE SPECIAL RAPPORTEUR ON THE PROMOTION AND PROTECTION OF THE RIGHT TO FREEDOM OF OPINION AND EXPRESSION

Score: 2012448.4 - https://daccess-ods.un.org/acc...en&DS=A/HRC/41/35/ADD.3&Lang=E

  ITUwifi SSID – How

ITUwifi SSID – How to Log In Step 1: Connect Choose ITUwifi SSID Step 2: Log In – (Mandatory) Open a web browser to authenticate. If authentication page does not load, try to access a website you have not visited recently. (...) Use firewall software and updated virus and malware scanners. · 802.11 a/g/n are supported but NOT 802.11b-only equipment. · Browser settings: HTTP Proxy: Turn it Off · SMTP Server: smtp.itu.int (only valid while you are on ITU network) · Printers: Are labeled with print queue name, server name and IP address option 1.

Score: 1804541.6 - https://www.itu.int/ITU-T/edh/files/InfoWirelessLAN.pdf

  Microsoft PowerPoint - Eugene.Nickolov_Modern.Trends.in.the.Cyber.Attacks.ppt

Malware includes computer viruses, worms, features. (...) Concealment can also help get the malware on. Concealment can also help get the malware installed in the first place. (...) BotnetsBotnets can also be can also be used to push upgraded malware to the infected used to push upgraded malware to

Score: 1781568.2 - https://www.itu.int/ITU-D/cyb/...modern-trends-sofia-oct-08.pdf

  Page 16 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial serv

Modify the victim’s profile in the HLR/ VLR to intercept outgoing calls and SMS (via the billing mechanism) Intercept USSD transactions Phish the victim’s mobile banking Intercept the victim’s credentials from —acquire mobile banking credentials using social engineering— an existing USSD transaction perform- account credentials see elaboration in figure 6 ed by the victim Intercept the mobile data Reroute the GTP tunnel of the Provide GPRS/EDGE/UMTS support channel and perform MITM subscriber in order to connect to the to the mobile device and tunnel the internet via the attacker’s POP mobile data connection through the system Cyber attack Credentials to online Use extracted USSD credentials to mobile money account. accounts (bank / email / Use intercepted OTP SMS to login to online account. etc.) Malware implant on the Implant malware on the phone by exploiting a browser vulnerability (inserting mobile device an iframe with a link to an infection website inside a requested web page) 14 • Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions     11     12     13     14     15     16     17     18     19     20     21          

Score: 1759529.1 - https://www.itu.int/en/publica...s/files/basic-html/page16.html

  PowerPoint Presentation

Benefits and Cyber Risks Cloud Services, Remote assistance Non connected car Connected devices, GPS, Internet Autonomous car, complete remote control PAST YESTEDAY TODAY FUTURE 6 CONNECTED CAR TODAY Vehicle-to-Vehicle Vehicle-to-Infrastructure Internet Cloud Services Mobile 7 CONNECTED CAR MAIN SECURITY OBJECTIVES Protect Each Module All ECU, Sensors, BCU Protect Communications Physical and remote connections Persist Advanced Threats Analytics and Analysis Protect Cloud Services OTA updates and Management Safety 8 CONNECTED CAR MAIN INTERNAL VULNERABLE POINTS Head UnitECUs Vehicle Buses 9 POTENTIAL THREAT VECTORS Private Data Key Store H e a d U n it Browser Keypad ECU Man-in-the-Middle Attack Attack from Mobile Device Attack on Key / Certificate Stores Sniffing of User Data Attack from Downloaded Apps Malware Delivery Thru Data Storage Device Malicious Firmware Update Remote Attack on Vehicle Bus Compromised Actuator Exploiting Software Vulnerabilities Operating System Attack on OBD2 10 CONNECTED CAR SECURITY LAYERS Car Gateway Car Cloud Services Network Access Car Network ECU Layers Threat vectors Car Cloud Services • Man in-The-Middle-Attack • Attack From Downloaded Apps NW Access • Sniffing of User Data • Attack From Downloaded Apps • Exploiting Software Vulnerabilities Car Gateway • Attack from Apps in Mobile Device • Exploiting SW Vulnerabilities • Malicious Firmware Update • Malware Delivery Thru Data Storage Devices Car Network • Compromised Engine Actuator • Attack on Vehicle Bus Car ECU, IVI, OBD2 • Attack on Key, • Malicious Firmware Update • Attack on Vehicle Bus 12 Cloud Services Mobile Internet In Car Security Security for Data Centers Kaspersky Security Network Fraud Prevention DDoS Protection Anti Targeted Attack CONNECTED CAR SAFETY THRU SECURITY Mobile Security SDK Mobile Device Management Mobile App Management Mobile Security KasperskyOS Kaspersky Secure Hypervisor Kaspersky Security System Security Expertise Vehicle-to-Vehicle Vehicle-to-Infrastructure 13 HOW WE WORK Threat model • Define security objectives • Create detailed description of scenarios, with results of misuse/abuse cases identification • Threat modelling • Define high-level security requirements • Create a security-focused system architectural concept • Refine threat model and security requirements Architecture • Specify system requirements for the security features • Create test plans and test cases for the security features • Design architecture • Create low-level design Development & testing • Development and testing • Residual risks assessment • Integration with HW and testing • Creation of instrumentation • Final testing and residual risk assessment • Penetration testing (separate dedicated team) 14 15 16 KASPERSKY LAB AUTOMOTIVE SECURITY TECHNOLOGIES

Score: 1759529.1 - https://www.itu.int/en/ITU-T/e...ky%20Automotive%20Security.pdf

  PowerPoint Presentation

. • Ensures that electronic payments are performed with multi-factor authentication • The SCA requirement comes into force from 14 September 2019 • Need better definition of SCA MFA issues • Passwords • Based on Shared Secret • Account Take Over risks • KBA is easy to overcome • Data Breaches • MFA • One of factor from each auth categories • Still Phishable • Device Binding • Browser Fingerprinting (BFP) Source: Reece Guida DB R e p ly in g P ar ty C lie n t Transit SSL/TLS MFA username + password DB Leak Code Injection MITM Malware https://www.avanan.com/blog/author/reece-guida Real Strong Authentication - FIDO • MUST eliminate symmetric shared secrets • Address poor user experiences and friction • FIDO is a building block IMPLICIT AUTHENTI CATION EXPLICIT AUTHENTI CATION DB R ep ly in g Pa rt y C lie n t Transit SSL/TLS WebAuthn username + password 1) Request challenge 2) Process challenge 3) Return Response Auth Need for Certification 1.

Score: 1639017.2 - https://www.itu.int/en/ITU-T/W...Documents/Abbie%20Barbir_3.pdf

  Microsoft Word - itu-study-financial-aspects-of-malware-and-spam.doc

Factors aggravating the dissemination of malware The potential versatility and sophistication of malware render it a potent tool. (...) BUSINESS MODELS RELATED TO MALWARE A diverse cast of actors with widely differing motives populate the malware economy. (...) For example, some malware variants carry a guarantee by the seller to remain undetectable by anti-malware software.

Score: 1605300.7 - https://www.itu.int/ITU-D/cyb/...spects-of-malware-and-spam.pdf

  Microsoft Word - itu-study-financial-aspects-of-malware-and-spam.doc

Factors aggravating the dissemination of malware The potential versatility and sophistication of malware render it a potent tool. (...) BUSINESS MODELS RELATED TO MALWARE A diverse cast of actors with widely differing motives populate the malware economy. (...) For example, some malware variants carry a guarantee by the seller to remain undetectable by anti-malware software.

Score: 1605300.7 - https://www.itu.int/en/ITU-T/W...l_Aspects_Malware_and_Spam.pdf

  PowerPoint Presentation

https://synoptek.com/it-infrastructure-services/managed-security-services/cloud-security-services/ Threat Analytics Platform https://www.fireeye.com/products/threat-analytics-platform/threat-analytics-datasheet-pf-tap.html Threat Analytics Platform http://www.siemworks.com/SecurityIntelligence.asp Use of AI in Threat Intelligence • Automated, continuous analysis and monitoring of all activities in the environment • Applies Threat intelligence – known and unknown • Improved search over networks, many devices and applications • Provides real-time visibility to risk, threat and operational issues • Detect threats that are not detectable in practical way • Scalable to meet business needs • AI Engines are able to predict, detect and quicky respond to: • Intrusions • Insider Threats • Fraud • Behaviour anomalies with users, networks and endpoints • Compliance violation • Disruption to IT Services • Other actionable items NRI Secure Technologies - NeoSOC • Advanced detection tools and techniques using machine learning technology • Provides security monitoring and alerting service with low- false positive rate • Supports 400+ devices and applications as log sources to provide clear visibility into any security threats facing your organization • Rapid deployment • Actionable Alerts • 24/7 security monitoring and alerting • Save on training and focus on high value contextual security work • Performs APT through custom use case threat modelling NRI Secure - Information Security Report 2017 • Surge in access attempts targeting specific devices • Recorded as the largest DDoS attack in history • Mirai IoT Malware and its variants • Restricting unauthorised external access to IoT devices not implemented • IoT Devices need to assessed for security • Devices must be securely configured and preventative measures must be taken • IoT manufacturer must implement strict security controls in their devices NRI Secure - Information Security Report 2017 • HTTPs implementation has increased over the years • Used by website handling highly confidential data • Able to verify web server authenticity and prevents eavesdropping • Antivirus programs don’t work well on communications routed through proxy servers • Companies need to adapt security strategies to support enhanced security features on client devices • Implement HTTPs decryption on communication route NRI Secure - Information Security Report 2017 • In 2017, increase in targeted mass distributed malware emails • Employee need to be trained on how to recognise and avoid malware emails • 26 minutes is ideal response window between detecting an attack and responding to the attack • Employee need to understand the workflow for reporting attack emails NRI Secure - Information Security Report 2017 • Targeted attack emails for the purpose of user education showed improvements • Email training enhances understanding and exposes employee to actual attack methods • Simulated email attack aims to educate employees on avoiding opening suspicious email and clicking on links NRI Secure - Information Security Report 2017 • Cloud services poses threat for users and organisations • NRI Secure found that 40.4% of the companies were using SaaS. • Recent results show that some of the services were used individually without company approval • Individual and departments using cloud services without approval which could be vector for information leak • Unintended, errors in privacy setting and misconfiguration could lead to information leak Sample size: 41 companies Group Exercises 15 minutes for each scenario Group Exercise 1 SCENARIO: One of your organization’s internal departments frequently uses public cloud storage to store large amounts of confidential and sometimes sensitive data. (...) Group Exercise 4 SCENARIO: The browser deployed on all workstations in your organization has been infected with zero day vulnerability.

Score: 1556145.8 - https://www.itu.int/en/ITU-D/R...future%20lessons%20learned.pdf