© 2015 Pearson Education Ltd. Chapter 1 Chapter 1.

En presentation över ämnet: "© 2015 Pearson Education Ltd. Chapter 1 Chapter 1."— Presentationens avskrift:

1 © 2015 Pearson Education Ltd. Chapter 1 Chapter 1

2 © 2015 Pearson Education Ltd.  Define the term threat environment.  Use basic security terminology.  Describe threats from employees and ex-employees.  Describe threats from malware writers.  Describe traditional external hackers and their attacks, including break-in processes, social engineering, and denial-of-service attacks.  Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation.  Distinguish between cyberwar and cyberterror. 1-1

3 © 2015 Pearson Education Ltd. 1-2

4 © 2015 Pearson Education Ltd.  This is a book about security defense, not how to attack (Det finns i andra boken SB) ◦ Defense is too complex to focus the book mostly on specific attacks  However, this first chapter looks at the threat environment—attackers and their attacks  Unless you understand the threats you face, you cannot prepare for defense  All subsequent chapters focus on defense 1-3

5 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-4

6 © 2015 Pearson Education Ltd.  Att skicka kreditkortsnummer över SSL är rätt så säkert.  Att skicka samma kreditkortsnummer i klartext i ett E-mail är osäkert Det är metod och form som avgör graden av säkerhet.  Internetdesignen är osäker.  Grundprotokollen osäkra.  Din ”säkra dator” kan anslutas till Internet om: ◦ Du har tillräckligt bra kunskaper. ◦ En bra säkerhetsplan. ◦ Erforderlig hård- och mjuk-vara

7 © 2015 Pearson Education Ltd.  The Threat Environment ◦ The threat environment consists of the types of attackers and attacks that companies face 1-6

8 © 2015 Pearson Education Ltd.  Security Goals ◦ Confidentiality (Konfidentiellt, hemligt)  Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. 1-7

9 © 2015 Pearson Education Ltd.  Security Goals ◦ Integrity (Integritet, äkta)  Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data. 1-8

10 © 2015 Pearson Education Ltd.  Security Goals ◦ Availability (Tillgängligt)  Availability means that people who are authorized to use information are not prevented from doing so 1-9

11 © 2015 Pearson Education Ltd.  Compromises ◦ Successful attacks ◦ Also called incidents ◦ Also called breaches (not breeches) 1-10

12 © 2015 Pearson Education Ltd.  Countermeasures ◦ Tools used to thwart (förhindra) attacks ◦ Also called safeguards, protections, and controls ◦ Types of countermeasures  Preventative (Skydda)  Detective (Upptäcka)  Corrective (Korrigera) 1-11

13 © 2015 Pearson Education Ltd.  Information leak  Brute force attack  Buffer overflow  Format String  Directory traversal  Man-in-the-middle attack (MITM)  Social engineering

14 © 2015 Pearson Education Ltd.  Information om och från hård- och mjuk- vara, speciellt firewall och nätutrustning är en grund för angriparen. Informationen kan komma från: ◦ Utrustningen. ◦ Meddelanden till support-forum ◦ Offentlig information typ din egen web ◦ SNMP (Simple Network Management Protocol) (readonly communitystring=public) (read/write = private eller admin) Möjligt att skriva konfiguration till nätutrustning. (Routrar, Switchar, Firewall, Servrar, Klienter, m.fl.) ◦ Routing-information på Internet

15 © 2015 Pearson Education Ltd.  Password cracking (kommer mer längre fram) ◦ Många gånger alldeles för lätt att knäcka admin/guest-pw Angriparens metod: Använder något av alla automatiska password-crackingprogram som finns Motmedel: ◦ Ändra namn på Administrator och Guest ◦ Starka lösenordsrutiner ◦ Audit-logg (Du ser antal misslyckade inloggningar) ◦ Som admin kan man regelbundet själv använda någon av applikationerna för att se hur det ser ut i dom egna servrarna. !!! Varning för att applikationen kan lämna ifrån sig information till skaparen av applikationen.!!!

16 © 2015 Pearson Education Ltd.  Mycket vanligt problem. En applikation med fast längd på input-buffer får mer data än vad som kan hanteras. Data rinner helt enkelt över till andra delar av minnet utan att applikationen förhindrar det. Den överskjutande delen innehåller programkod som körs och ger angriparen tillgång till systemet.  Orsaken oftast slarviga C/C++ programmerare (array,pointer och string mm. saknar automatisk ”bounds checking”) Uppgift finns i Workshop-delen

17 © 2015 Pearson Education Ltd.  Gäller Web, FTP och andra program som använder ”Directory tree” ◦ Angriparen ändrar i anropet till en service och får se directory-strukturen istället för t.ex. en web-sida. ◦ Angriparen kan kanske lyckas exekvera program som han egentligen inte ska ha rättighet till. ..\..\..\windows\com.exe En service ska om möjligt aldrig tillåta att användaren kan komma åt enskilda filer och directoryn nedanför roten.

18 © 2015 Pearson Education Ltd.  Är ingen attack på systemet utan på de data som skickas.  Är basen för angrepp på krypterade data t.ex. SSH (secure shell) och SSL (secure socket layer). En kopia av sessionen lagras för senare analys.  Angreppet möjligt genom IP-adress spoofing dvs. att anropen skickas till angriparen som kopierar informationen och skickar sedan anropet vidare till den verkliga mottagaren med angriparens IP som avsändare. (Svaret kommer att skickas till angriparen som då passar på att ta en kopia av det också och sedan skicka svaret vidare till den ursprungliga avsändaren) Mer längre fram

19 © 2015 Pearson Education Ltd.  The First Attack ◦ April 17-19, 2011 ◦ Attacks happened a few weeks after the large earthquake, tsunami, and reactor meltdowns ◦ Used SQL injection to steal 77 million accounts ◦ Turned off access to PlayStation Network (PSN) ◦ Publicly acknowledges intrusion a week after the intrusion, on April 26 th ◦ CEO, Kazuo Hirai, issues public apology ◦ Hacking group “Anonymous” is suspected 1-18

20 © 2015 Pearson Education Ltd.  The Second Attack ◦ May 1 st, 2011 – Sony Online Entertainment ◦ Similar SQL injection attack used to steal additional 24.6 million accounts ◦ Turned off access to all Sony Online Entertainment servers ◦ CEO, Kazuo Hirai, issues written response to US Congress (May 4 th ) about steps to prevent future attacks ◦ Some PSN services start to come online on May 15 th 1-19

21 © 2015 Pearson Education Ltd.  The Third Attack ◦ June 2 nd, 2011 – SonyPictures.com ◦ Similar SQL injection attack used to steal additional 1 million accounts ◦ SonyPictures.com is immediately shut down ◦ Hacking group LulzSec claims responsibility and issues press statement 1-20

22 © 2015 Pearson Education Ltd.  LulzSec press statement “Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money. We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’.” 1-21

23 © 2015 Pearson Education Ltd.  SQL injection is an attack that involves sending modified SQL statements to a web application that will, in turn, modify a database.  Attackers can send unexpected input through their web browser which will enable them to read from, write to, and even delete entire databases. 1-22

24 © 2015 Pearson Education Ltd.  SQL statement below shows parameters passed to a database for a legitimate login  SELECT FROM Users WHERE username=‘boyle02’ AND password=‘12345678’; 1-23

25 © 2015 Pearson Education Ltd.  Malformed SQL statement below shows SQL injection by passing unexpected parameters through a Web interface  Will always return a true value  SELECT FROM Users WHERE username=‘boyle02’ AND password=‘whatever’ or 1=1--’; 1-24

26 © 2015 Pearson Education Ltd. Exempel: ◦ Inloggning i Web tar emot textsträngar. (User/PW) Om man skickar in kommandon istället så kan dessa komma att exekveras om programmeraren inte kontrollerar värden som kommer.  ”%&’()+;<>= (ASCII:34,37,38,39,40,41,43,59,60,62,61)  ”;Drop table kunddata” ◦ C-kod:printf(”%s”, str); Instruktion att skriva en enkel sträng ”str” printf(str); Gör samma sak men utan kontroll av ”str” Om angriparen kan specifiera strängen till ex. ”%x%x%x%x%x” (%x = unsigned hexadecimal integer) så skrivs dom fem översta värdena i stacken ut. (%n = värde) så skrivs värdet till stacken istället, ex. så kan returadressen i stacken ändras vilket innebär att angriparen kan få den egna koden att exekveras.

27 © 2015 Pearson Education Ltd.  The attackers ◦ Members of both LulzSec and Anonymous are involved ◦ Just before attacks on Sony, Anonymous announced the launch of operation “#OpSony” for lawsuits against George Hotz ◦ George Hotz was being sued by Sony for jailbreaking PlayStation 3 ◦ Cody Kretsinger was arrested on Sept. 22, 2011 and pled guilty for his involvement in the Sony attacks ◦ Hector Monsegur, facing 122 years in prison, was key informant who identified other attackers 1-26

28 © 2015 Pearson Education Ltd.  The Fall-Out: Lawsuits and Investigations ◦ Sony offered 1 year of free identify theft services, month of free gaming, and a few free games from a limited selection ◦ To date, no known credit fraud (bedrägeri) directly tied to the Sony data breaches ◦ Fined $395,000 by UK because “security measures were simply not good enough” ◦ Sony estimates losses at $171 million ◦ Difficult to estimate damage to Sony’s reputation 1-27

29 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-28

30 © 2015 Pearson Education Ltd.  Employees and Ex-Employees Are Dangerous ◦ Dangerous because  They have knowledge of internal systems  They often have the permissions to access systems  They often know how to avoid detection  Employees generally are trusted ◦ IT and especially IT security professionals are the greatest employee threats (Qui custodiet custodes?) 1-29

31 © 2015 Pearson Education Ltd.  Employee Sabotage ◦ Destruction of hardware, software, or data ◦ Plant time bomb or logic bomb on computer  Employee Hacking ◦ Hacking is intentionally accessing a computer resource without authorization or in excess of authorization ◦ Authorization is the key 1-30

32 © 2015 Pearson Education Ltd.  Employee Financial Theft ◦ Misappropriation of assets ◦ Theft of money  Employee Theft of Intellectual Property (IP) ◦ Copyrights and patents (formally protected) ◦ Trade secrets: plans, product formulations, business processes, and other info that a company wishes to keep secret from competitors 1-31

33 © 2015 Pearson Education Ltd.  Employee Extortion ◦ Perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim’s interest  Sexual or Racial Harassment of Other Employees ◦ Via e-mail ◦ Displaying pornographic material 1-32

34 © 2015 Pearson Education Ltd.  Internet Abuse (Missbruk) ◦ Downloading pornography, which can lead to sexual harassment lawsuits and viruses ◦ Downloading pirated software, music, and video, which can lead to copyright violation penalties ◦ Excessive personal use of the Internet at work 1-33

35 © 2015 Pearson Education Ltd.  Carelessness (Vårdlöshet/Slarv) ◦ Loss or theft of computers or data media containing sensitive information  Other “Internal” Attackers ◦ Contract workers ◦ Workers in contracting companies  Misstag (Vanligast och kan vara farligast) SB 1-34

36 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-35

37 © 2015 Pearson Education Ltd.  Malware ◦ A generic name for any “evil software”  Viruses ◦ Programs that attach themselves to legitimate programs on the victim’s machine ◦ Spread today primarily by e-mail ◦ Also by instant messaging, file transfers, etc. 1-36

38 © 2015 Pearson Education Ltd.  ILOVEYOU virus source code: 1-37

39 © 2015 Pearson Education Ltd.  Worms ◦ Full programs that do not attach themselves to other programs ◦ Like viruses, can spread by e-mail, instant messaging, and file transfers 1-38

40 © 2015 Pearson Education Ltd.  Worms ◦ In addition, direct-propagation worms can jump from one computer to another without human intervention on the receiving computer ◦ Computer must have a vulnerability for direct propagation to work ◦ Direct-propagation worms can spread extremely rapidly because they do not have to wait for users to act 1-39

41 © 2015 Pearson Education Ltd.  Blended Threats ◦ Malware propagates in several ways—like worms, viruses, compromised webpages containing mobile code, etc.  Payloads ◦ Pieces of code that do damage ◦ Implemented by viruses and worms after propagation ◦ Malicious payloads are designed to do heavy damage 1-40

42 © 2015 Pearson Education Ltd.  Nonmobile Malware ◦ Must be placed on the user’s computer through one of a growing number of attack techniques ◦ Placed on computer by hackers ◦ Placed on computer by virus or worm as part of its payload ◦ The victim can be enticed to download the program from a website or FTP site ◦ Mobile code executed on a webpage can download the nonmobile malware 1-41

43 © 2015 Pearson Education Ltd.  Trojan Horses ◦ A program that replaces an existing system file, taking its name  Trojan Horses ◦ Remote Access Trojans (RATs)  Remotely control the victim’s PC ◦ Downloaders  Small Trojan horses that download larger Trojan horses after the downloader is installed 1-42

44 © 2015 Pearson Education Ltd.  Trojan Horses ◦ Spyware  Programs that gather information about you and make it available to the adversary  Cookies that store too much sensitive personal information  Keystroke loggers  Password-stealing spyware  Data mining spyware 1-43

45 © 2015 Pearson Education Ltd.  Trojan Horses ◦ Rootkits  Take control of the super user account (root, administrator, etc.)  Can hide themselves from file system detection  Can hide malware from detection  Extremely difficult to detect (ordinary antivirus programs find few rootkits) 1-44

46 © 2015 Pearson Education Ltd.  Backdoor: Efter det att ett system hackats så brukar angriparen lämna kvar en ”backdoor”, för att slippa gå igenom processen att knäcka systemet igen, oftast i forma av en Trojan men även Maskar (Worm) används.  Trojan: Normalt program kompletteras med ytterligare kod (gömd). Har ingen egen funktion för spridning.  Mask (Worm): Helt egen programkod (exekverbar fil) Självspridande.  Root-kit: Ett antal trojaner (systemfiler) som angriparen ändrat på för att få tillgång till systemet (Mycket svårt att avslöja) Root-kits installeras automatiskt med script-teknik vilket gör dom extra besvärliga att bli av med. Root-kit kopplas till utvalda TCP-portar så att angriparen kan ansluta till dessa. Root-kit är lätta att få tag i och finns för dom flesta NOS Städning root-kit: Enda egentliga rimliga åtgärden är ominstallation av NOS allt annat är för osäkert och besvärligt.

47 © 2015 Pearson Education Ltd.  Egna observationer (svårt då dom flesta root-kit är väldigt ”rena”)  Port-scanning. Efter installation och varje förändring så gör man en ”Baseline scan” sedan så kör man periodiskt scanningar och jämför resultatet med baseline. Kan avslöja att Root-kits används (öppna portar).  System state scanner typ. Tripwire™ Som ovan men här handlar det om hela den statiska installationen av NOS, Alla statiska filer och konfigureringar lagras krypterat i en databas, regelbundet görs jämförelser och varje avvikelse rapporteras. Finns för flera olika OS och även som Open Source för Linux (begränsningar finns jämfört med den kommersiella versionen).  Antivirus-programvara och ”security scanners” Kan oftast bara detektera, varför speciella rensningsprogram krävs. (Antivirus-program öppnar endast filen och tittar i den och jämför med viruslista. Root-kit består av flera program och konfigureringar och ett eller flera installations-script)  Root-kit detection program kan bara upptäcka kända Root-kit.

48 © 2015 Pearson Education Ltd.  Mobile Code ◦ Executable code on a webpage ◦ Code is executed automatically when the webpage is downloaded ◦ Javascript, Microsoft Active-X controls, etc. ◦ Can do damage if computer has vulnerability 1-47

49 © 2015 Pearson Education Ltd.  Social Engineering in Malware ◦ Social engineering is attempting to trick users into doing something that goes against security policies ◦ Several types of malware use social engineering  Spam  Phishing  Spear phishing (aimed at individuals or specific groups)  Hoaxes (Luring, kedjebrev) 1-48

50 © 2015 Pearson Education Ltd.  Fra: Bjørn Svensson Sendt: 19. februar 2015 09:21 Til: Bjørn Svensson Emne: aktuella Detaljer kräver för uppgradering  Postlådan har överskridit det lagringsgräns som har angetts av administratören, och du kommer inte att kunna ta emot nya e-post förrän du åter verifiera den. Till re-giltighet- > Klicka här http://helpdeskweb0114.wix.com/kontrollgrupp http://helpdeskweb0114.wix.com/kontrollgrupp 1-49

51 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-50

52 © 2015 Pearson Education Ltd.  Traditional Hackers ◦ Motivated by thrill, validation of skills, sense of power ◦ Motivated to increase reputation among other hackers ◦ Often do damage as a byproduct ◦ Often engage in petty crime 1-51

53 © 2015 Pearson Education Ltd.  Anatomy of a Hack ◦ Reconnaissance (Spaning) probes (Figure 1-11)  IP address scans to identify possible victims  Port scans to learn which services are open on each potential victim host 1-52

54 © 2015 Pearson Education Ltd. 1-53

55 © 2015 Pearson Education Ltd.  Anatomy of a Hack ◦ The exploit  The specific attack method that the attacker uses to break into the computer is called the attacker’s exploit  The act of implementing the exploit is called exploiting the host (exploatera, utnyttja) 1-54

56 © 2015 Pearson Education Ltd. 1-55

57 © 2015 Pearson Education Ltd.  Chain of attack computers (Figure 1-13) ◦ The attacker attacks through a chain of victim computers ◦ Probe and exploit packets contain the source IP address of the last computer in the chain ◦ The final attack computer receives replies and passes them back to the attacker ◦ Often, the victim can trace the attack back to the final attack computer ◦ But the attack can usually only be traced back a few computers more 1-56

58 © 2015 Pearson Education Ltd. 1-57 For probes whose replies must be received, attacker sends probes through a chain of attack computers. Victim only knows the identity of the last compromised host (123.125.33.101), not that of the attacker. For probes whose replies must be received, attacker sends probes through a chain of attack computers. Victim only knows the identity of the last compromised host (123.125.33.101), not that of the attacker.

59 © 2015 Pearson Education Ltd.  Social Engineering ◦ Social engineering is often used in hacking  Call and ask for passwords and other confidential information  E-mail attack messages with attractive subjects  Piggybacking  Shoulder surfing  Pretexting  Etc. ◦ Often successful because it focuses on human weaknesses instead of technological weaknesses 1-58

60 © 2015 Pearson Education Ltd.  Utnyttjar okunskap och mänsklig vänlighet.  Angriparen tar reda på saker om målet t.ex. namn på IT-personal, sekreterare m.fl. genom att: ◦ Ringa och fråga. ◦ Läsa tidningar och årsrapporter. ◦ Låtsas vara försäljare och t.o.m. träffar anställda ◦ Dyker i pappersåtervinningen När angriparen har nog med information ringer han någon icke tekniker och frågar efter det han vill ha t.ex. Lösenord. (Angriparen uppger sig vara någon på IT- avdelningen och ska fixa något problem på nätverket)  Fysisk access, d.v.s. folk skriver faktiskt upp lösenord på små lappar och genom att skaffa sig fysiskt tillträde så kan angriparen få reda på det han vill ha. (Här finns ju en väldigt stor risk om det är en intern angripare)  Virus och Maskar (worms)! Förekommer fortfarande att folk öppnar okända eller misstänkta E-mail. Åtgärder: Information om social engineering till dom anställda.

61 © 2015 Pearson Education Ltd. Åtgärder: Information om social engineering till dom anställda. ◦ Skriv aldrig ner PW ◦ Svara inte på frågor i telefon eller via e-mail ◦ Låt misstänkta e-mail vara. ◦ Kontakta IRT (Incident Report Team) eller IT-personalen vid minsta misstanke. ◦ Använd antivirusprogramvara. ◦ Se till att alla buggfixar installeras kontinuerligt. (SUS) Med stöd för Microsoft SUS (Software Update Services) kan administratörer automatisera de senaste systemuppdateringarna ◦ Admin. Frågar aldrig efter PW utan om han behöver använda en annans konto så efter förfrågan ändrar han lösenordet, varefter användaren måste ändra till ett nytt innan denne släpps in igen.

62 © 2015 Pearson Education Ltd.  Denial-of-Service (DoS) Attacks ◦ Make a server or entire network unavailable to legitimate users ◦ Typically send a flood of attack messages to the victim ◦ Distributed DoS (DDoS) Attacks (Figure 1-15)  Bots flood the victim with attack packets  Attacker controls the bots 1-61

63 © 2015 Pearson Education Ltd. 1-62

64 Brute force attack DDoS DistributedDoS Mål AAAAAAA DoS-attacker ”Management-layer” Root-kit Angripar e IRC (Internet Relay Chat) Bot

65 © 2015 Pearson Education Ltd.  Skill Levels ◦ Expert attackers are characterized by strong technical skills and dogged persistence ◦ Expert attackers create hacker scripts to automate some of their work ◦ Scripts are also available for writing viruses and other malicious software 1-64

66 © 2015 Pearson Education Ltd.  Skill Levels ◦ Script kiddies use these scripts to make attacks ◦ Script kiddies have low technical skills ◦ Script kiddies are dangerous because of their large numbers 1-65

67 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-66

68 © 2015 Pearson Education Ltd. 1-67  The Criminal Era ◦ Today, most attackers are career criminals with traditional criminal motives ◦ Adapt traditional criminal attack strategies to IT attacks (e.g., fraud, etc.) (Bedrägeri)

69 © 2015 Pearson Education Ltd. 1-68  The Criminal Era ◦ Many cybercrime gangs are international  Makes prosecution difficult  Dupe citizens of a country into being transshippers of fraudulently purchased goods to the attacker in another country ◦ Cybercriminals use black market forums  Credit card numbers and identity information  Vulnerabilities  Exploit software (often with update contracts)

70 © 2015 Pearson Education Ltd. 1-69  Fraud (Bedrägeri) ◦ In fraud, the attacker deceives the victim into doing something against the victim’s financial self- interest ◦ Criminals are learning to conduct traditional frauds and new frauds over networks ◦ Also, new types of fraud, such as click fraud

71 © 2015 Pearson Education Ltd. 1-70  Financial and Intellectual Property Theft (Stöld) ◦ Steal money or intellectual property that can be sold to other criminals or to competitors  Extortion (Utpressning) ◦ Threaten a DoS attack or threaten to release stolen information unless the victim pays the attacker

72 © 2015 Pearson Education Ltd. 1-71  Stealing Sensitive Data about Customers and Employees ◦ Carding (credit card number theft) ◦ Bank account theft ◦ Online stock account theft ◦ Identity theft (Allt vanligare)  Steal enough identity information to represent the victim in large transactions, such as buying a car or even a house

73 © 2015 Pearson Education Ltd. 1-72  Corporate Identity Theft ◦ Steal the identity of an entire corporation ◦ Accept credit cards on behalf of the corporation ◦ Pretend to be the corporation in large transactions ◦ Can even take ownership of the corporation

74 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-73

75 © 2015 Pearson Education Ltd.  Commercial Espionage ◦ Attacks on confidentiality ◦ Public information gathering  Company website and public documents  Facebook pages of employees, etc. ◦ Trade secret espionage  May only be litigated if a company has provided reasonable protection for those secrets  Reasonableness reflects the sensitivity of the secret and industry security practices 1-74

76 © 2015 Pearson Education Ltd.  Commercial Espionage ◦ Trade secret theft approaches  Theft through interception, hacking, and other traditional cybercrimes  Bribe an employee  Hire your ex-employee and solicite or accept trade secrets ◦ National intelligence agencies engage in commercial espionage 1-75

77 © 2015 Pearson Education Ltd.  Denial-of-Service Attacks by Competitors ◦ Attacks on availability ◦ Rare, but can be devastating 1-76

78 © 2015 Pearson Education Ltd. 1.1 Introduction & Terminology 1.2 Employee and Ex-Employee Threats 1.3 Malware 1.4 Hackers and Attacks 1.5 The Criminal Era 1.6 Competitor Threats 1.7 Cyberwar and Cyberterror 1-77

79 © 2015 Pearson Education Ltd.  Cyberwar and Cyberterror ◦ Attacks by national governments (cyberwar) ◦ Attacks by organized terrorists (cyberterror) ◦ Nightmare threats ◦ Potential for far greater attacks than those caused by criminal attackers 1-78

80 © 2015 Pearson Education Ltd.  Cyberwar ◦ Computer-based attacks by national governments ◦ Espionage ◦ Cyber-only attacks to damage financial and communication infrastructure ◦ To augment conventional physical attacks  Attack IT infrastructure along with physical attacks (or in place of physical attacks)  Paralyze enemy command and control  Engage in propaganda attacks 1-79

81 © 2015 Pearson Education Ltd.  Cyberterror ◦ Attacks by terrorists or terrorist groups ◦ May attack IT resources directly ◦ Use the Internet for recruitment and coordination ◦ Use the Internet to augment physical attacks  Disrupt communication among first responders  Use cyberattacks to increase terror in physical attacks ◦ Turn to computer crime to fund their attacks 1-80

82

83 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior written permission of the publisher. © 2015 Pearson Education Ltd.