CIT 380: Securing Computer SystemsSlide #1 CIT 380 Securing Computer Systems Threats

Scary Internet Stuff: Underground __Dxk&feature=relatedhttp:// __Dxk&feature=related CIT 380: Securing Computer SystemsSlide #2

CIT 380: Securing Computer SystemsSlide #3 What Are Our Defenses? Firewalls Virus Scanners Spyware Scanners Intrusion Detection Systems (IDS/IPS) Patches Backups Prevent Detect Respond Recover

CIT 380: Securing Computer SystemsSlide #4 What Are The Attacks? Phishing Malware Ransomware Spyware Botnets

CIT 380: Securing Computer SystemsSlide #5 Phishing

CIT 380: Securing Computer SystemsSlide #6 Phishing Site

Scary Internet Stuff: Phishing 3x3I&feature=relatedhttp:// 3x3I&feature=related CIT 380: Securing Computer SystemsSlide #7

Amazon.com - Your Cancellation ( ) Dear Customer, Your order has been successfully canceled. For your reference, here`s a summary of your order: You just canceled order # Status: CANCELED _____________________________________________________________________ ORDER DETAILS Sold by: Amazon.com, LLC _____________________________________________________________________ Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel. Thank you for visiting Amazon.com! Amazon.com Earth`s Biggest Selection ORDER DETAILS CIT 380: Securing Computer SystemsSlide #8

CIT 380: Securing Computer SystemsSlide #9 Malware Trojan Horses Viruses Worms

CIT 380: Securing Computer SystemsSlide #10 Ransomware

CIT 380: Securing Computer SystemsSlide #11 Spyware and Adware Most Trojan Horses, some infect directly. –Browser hijacking –Pop-up advertisements –Keystroke and network logging –Steal confidential data from and files

Spyware and Adware 89% of PCs are infected with spyware (2006Q2 Webroot.) – re/excerpt.htmlhttp:// re/excerpt.html CIT 380: Securing Computer SystemsSlide #12

CIT 380: Securing Computer SystemsSlide #13 Rootkits Execution Redirection File Hiding Process Hiding Network Hiding User Program Rootkit OS

Rootkits Video NkZ4http:// NkZ4 CIT 380: Securing Computer SystemsSlide #14

CIT 380: Securing Computer SystemsSlide #15 Botnets Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include: Attempt to infect other PCs Send spam message Launch DOS attack Upgrade attack and control software Virus writers sell botnets to spammers for $0.10/compromised PC

Scary Internet Stuff: Botnets pNSshttp:// pNSs CIT 380: Securing Computer SystemsSlide #16

Wikipedia: Botnet –Historical list of botnets Kraken botnet – CIT 380: Securing Computer SystemsSlide #17

CIT 380: Securing Computer SystemsSlide #18 Key Points Computer crimes same as pre-computer crimes. Differences in digital threats –Automation –Action at a distance –Technique propagation Digital threats –Phishing –Malware –Ransomware –Spyware –Botnets

CIT 380: Securing Computer SystemsSlide #19 References 1.Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List, April 12, The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, John Leyden, "The illicit trade in compromised PCs," The Register, Apr Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July SANS Internet Storm Center, 7.Schneier, Bruce, Beyond Fear, Copernicus Books, Ed Skoudis, Counter Hack Reloaded, Prentice Hall, Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp (