Transcript Slide 1
Official Use Only
Official Use Only 1
Tony H. McMahon MITS Director, Transition 2 Program Manager Cust.Acct. Data Eng. Program Office Washington, DC Giselle C. Joseph IT Security Specialist MITS CyberSecurity Operations Houston, Texas
Largest IT environment of any U.S. civilian agency
More PII than any other government agency
Process $2.5T of revenues
Complex & diverse IT infrastructure
Complex & diverse business processes utilizing many channels (e-file, paper, internet, phone, walk-in)
80% of American Taxpayers will file electronically by the year 2012
700 + POD’s
2 Official Use Only
Top 10 Attacking Countries (denied) Hit Count
United States (US) 14,911,704 Hit Count is Based on every 3 months China (CN) 1,101,127 Canada (CA) 668,888 Great Britain (GB) Japan Germany (DE)
Official Use Only
No Country Code Europe (EU) Korea (KR Netherlands (NL)
3
Russia (RU) 145,444 106,340 98,002 55,002 47,437 46,623 37,005
DATA
– All information used and transmitted by the organization
Sensitive But Unclassified (SBU)
SBU data refers to sensitive but unclassified information originating within IRS offices. [Ex: Personal, Tax Return Information,
Personally Identifiable Information (
PII).
. PII includes the personal data of taxpayers, and also the personal information of employees, contractors, applicants, and visitors to the IRS [Ex: Home addresses, Names, Social Security Numbers,
National Security Information
Espionage - Cyber
HARDWARE
- Desktop computers, servers, wireless access points (APs), networking equipment, and telecommunications connections etc…
SOFTWARE
- Application programs, operating systems, and security software etc
… 4 Official Use Only
No one knows who I am on the Internet
The Internet is a virtual world, so nothing bad can happen to me
Security software (anti-virus, firewall, etc.) will protect me
The IRS will protect me
Law enforcement will protect me
Official Use Only 5 5
Official Use Only 6
Web-based attack activity, 2009 –2010
Source: Symantec Corporation
Who are they?
No longer just techno geeks.
.
GANGS/GROUPS
►
Criminal gangs
►
Employ individuals or groups of hackers to steal PII, credit card & banking information.
►
Hacker Gangs
►
Create & sell botnets & hacker tools
►
Sometimes engage in activity to wage cyber war on each other or to boost their reputation.
►
Political or religious groups
►
Hacking for military and commercial secrets & to inflict damage.
Hackers, Attackers or Intruders Script Kiddies
Computer Spy
Employees
Political Motivated
Cybercriminals Cyberterrorists
7
“They have Shift from “Glory-Motivated-Vandals” to “Financially-Politically-Motivated-Cyber-Crime
Official Use Only
Chen Ih Hua CIH Virus Joseph McElroy Hacked US Dept of Energy Jeffrey Lee Parson Blaster-B copycat Jeremy Jaynes $24M SPAM KING
8 Official Use Only
Jay Echouafni Competitive DDoS Andrew Schwarmkoff Russian Mob Phisher
•
Photos from colleagues at F-Secure
Highly motivated, professionally trained & equipped adversaries
Espionage and sabotage aimed at US Government, Military & Commercial sites
Strategic & Tactical Attacks
Threat to the military & economic security of the United states
Official Use Only 9
Official Use Only 10
Social Engineering
Phishing, Pharming etc
…
Malware (Malicious Code)
Viruses, Trojans, Spyware, Spam, Botnets etc…
Network Vulnerabilities & Attacks
Weak Passwords, Backdoors, DoS, Spoofing, etc…
Hardware Base Attacks
USB drives, Cell phones etc…
Web Browser Attacks
Cookies, Active X etc…
Communication Based Attacks
Instant Messaging (IM), peer-to peer (P2P) etc…
Wireless Attacks & Protocol-Based Attacks
War Driving, Bluesnarfing etc…
Difficulties in Defending Against Attackers
Speed, Sophistication & Simplicity of Attacks etc…
Lack of Education and Training (Security Awareness)
Smart People doing ‘NOT So Smart Things’
Donate computer with uncleaned disk w/o sanitization.
Social Engineering Tactics Social Engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim.
► ►
E-Mail Phishing, Pharming, Computer hoaxes etc… Telephone
► ►
In Person Shoulder Surfing, Stealing, Browsing Dumpster Diving
► ►
Internet Unsafe Web Sites In Writing
11 Official Use Only
Combat Social Engineering:
► ► ► ► ► ► ► ► ► ► ► ►
Never reveal or share your password Never provide information about IRS systems & networks.
Never change your password to something that another person has requested.
Never disclose Sensitive & Official Use Only (OUO) information. Never reply to e-mail messages that request your personal information.
Never click links in suspicious e-mail.
Never unsubscribe from Email unless it’s a reputable business.
Never download from the Internet on IRS computers.
Always be careful whom and where you download from on home computers.
Always verify the identity of callers Always discard sensitive information appropriately (shred, locked burn bens etc…) When dealing with companies make sure you do your homework to ensure that they are legitimate Better Business Bureau (BBB).
MALWARE Malware
is software that enters a computer system without the owner’s knowledge or consent. Malware is also referred to as Malicious Code or Malicious Content. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web. Malware is a variety of damaging and/or annoying software.
Infecting Malware: Concealing Malware: Three main objectives of Malware:
Viruses, Worms Trojan Horses, Rootkits, Logic Bombs, Backdoors, and Privilege Escalation
Malware for Profit:
Spam, Spyware, and Botnets Official Use Only 12
Trojan Horses Trojan Horse or Trojan,
are a type of malware that disguise themselves as legitimate, it is destructive program that masquerades as an application. When an end-user attempts to install or run the seemingly-benign executable file, their system becomes infected with malicious code, which gives an attacker access to the user’s privileges and sensitive information. [Malware] Trojans are approximately 90% of the Malicious code events detected by IRS every quarter. 80% or more of these Trojans come from Malicious Websites According to Symantec, Trojans are the Most important source of potential infections.
In 2010, 56 percent of the volume of the top 50 malicious code samples reported were classified as Trojans —the same percentage as in 2009.
Spyware (Malware) Spyware
is a general term used to describe software that violates a user’s personal security. Spyware creators are motivated by profit: generate income through advertisements or by acquiring personal information and may change configurations. Although attackers use several different spyware tools, the two most common are
adware
and
key loggers
.
Adware
(Spyware tool) typically display advertising banners or pop-up Ads or opens Web browser while user is on the Internet.
Keylogger
(Spyware tool) is a small hardware device or a program that monitors each keystroke a user types on the computer’s keyboard.
Spyware
usually performs one of the following functions on a user’s computer: Advertising, (Pop-ups), Collecting personal information or Changing computer configurations.
NOTE:
Your Personal Information can be obtained through [zabasearch.com, & Spokeo,] 13 Official Use Only
PHISHING Phishing
is an attack that sends an e-mail or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. [Social Engineering]
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
► Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. ► Phishers like to use variations of a legitimate address ex: www.ebay_secure.com
► In many cases when clicking open pop-ups it will attach Malware to your computer.
SPAM SPAM
is unsolicited, junk e-mail. It continues to escalate through the Internet. On average it costs U.S. Organizations $1000.(or more) per person annually in lost productivity. [Social Engineering / Malware]
Most SPAM comes in forms of Chain letters, Jokes, Hoaxes, and Advertisement.
► Botnets, networks of virus-infected computers, are used to send about 80% of spam.
► Spammers collect e-mail addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. ► Spam averages 80% of all e-mail sent with many containing attachments of Malware.
► In the year 2011 the estimated figure for spam messages are around seven trillion.
NOTE:
For Hoaxes check out Snoopes.com and/or TruthorFiction.com
14 Official Use Only
Web Browsing Web Browsing
– Surfing the web can often lead to unsafe websites. In addition, There are many E-mail messages that direct users to unsafe websites. [Phishing]
UNSAFE WEB SITES – Many legitimate web sites unknowingly have been infected and have malware attached to downloads. Users should never log on to a web site from a link in an e-mail; instead they should open a new browser window and type the legitimate address.
► ► IRM 10.8.27.3 (1) states “Employees should not download unauthorized program. DOWNLOADING NOT PERMITTED.
Any Web site in which the user is asked to enter personal information should start with “https” instead of “http” and should include a padlock in the browser status bar. ► One way to check the links in an e-mail you receive is to place your mouse cursor over the link BUT DO NOT CLICK. This will display the true link as shown in the image below.
Removable Media Removable Media
is designed to be removed from the computer without powering the computer off. Despite advantages, Removable media are widely used to spread malware. [Hardware Based Attack]
REMOVABLE MEDIA – Some types of removable media are blu-ray discs, DVDs, CDs, Memory Cards, Floppy disks, Magnetic tapes, paper data storage, USB drives etc.. iPods, MP3 Players, digital cameras, and smart phones connected to your computer system are also considered to be removable media.
► In 2010 IRS saw an increasing trend of malware related infections resulting from users connecting either IRS issued or personally owned removable media to IRS systems. 15 Official Use Only
Botnet (Malware) Denial of Service Attacks Botnets –
One of the popular payloads of malware today that is carried by Trojan horses, worms and viruses is a program that will allow the infected computer To be placed under the remote control of an attacker. This infected “robot” Computer is known as a
zombie.
When hundreds, thousands, or even tens of Thousands of zombie computers are under the control of an attacker, this creates A botnet. [Malware] Botnets enables attackers to send massive amounts of spam, harvest e-mail addresses, spread malware, manipulate online polls, denying services, flooding Servers with request until servers cannot respond or function properly.
A denial-of-service (DOS)
attack attempts to consume network resources so that The network or its devices cannot respond to legitimate requests.
NOTE: Although DoS attacks are not widespread on wireless networks, inadvertent Interference from other RF devices (cordless telephones, microwave ovens, baby monitors) Can sometimes actually cause DoS. When slow transmission happens either turn them Off or cut them off.
Zero Day Attacks Zero-Day Attack
- This type of attack occurs when an attacker discovers and exploits A previously unknown flaw, providing “zero days’ of warning. 16 Official Use Only
Network Attacks
Network Attacks
– Networks have been the favorite targets of attackers for several reasons.
An attacker who can successfully penetrate a computer network might have access to hundreds and or even thousands of desktop systems, servers, and storage devices. Also, Networks have had notoriously weak security, such as default passwords left set on Network devices. And because networks offer many services to users, it is sometimes Difficult to ensure that each service is properly protected against attackers.
Network Vulnerabilities:
weak passwords, default accounts, backdoors, and privilege escalation.
Network Categories and Methods of Attacks:
denial-of-service, spoofing, man-in-the-middle, and replay attacks, protocol based or wireless etc…
Communication Based Attacks Communication Based Attacks
– Some of the most common communications-based Attacks are SMTP open relays, instant messaging, and peer-to-peer (P2P) networks.
Wireless Attacks Wireless Attacks
– As wireless networks have become commonplace, new attacks have Been created to target networks. These attacks include rogue access points, war driving, Bluesnarfing, and blue jacking.
17 Official Use Only
[email protected] [email protected]
xxx xxx Road Many Emails may lead to unsafe websites Billing: Pxxx xxx "W-2 form update" in Circulation Obtain personal information. (Look at the address link)
The CSIRC team is aware of malicious code circulating via phishing email messages entitled "Important: W-2 form
update". These email messages appear to come from the Internal Revenue Service and offer a link that suggests it legitimate but is in fact a way of luring unsuspecting users into downloading malicious software in the form of a Trojan.
Pictured below is an example of the recent phishing message currently in circulation, the incorrect punctuation and
could vary according to the objective of the true sender.
Payment Method: Credit Card Name On Card: Pxxx x. xxx Credit Card #: 5568 xxxxxxxxxxxx Credit Type: MasterCard Expires: 05/2009 CVV2: 421 ##
Official Use Only
FALSE
–
This notice is yet another redirection scam (also known as “phishing”) Intended to deceive recipients into disclosing their card information, account Information, social security numbers, passwords and other sensitive information.
18
##
Official Use Only 19
[email protected] [email protected]
Attackers take advantage of major events to get monies or to expose your computer to a Malicious Code.
One of the most common ways for cybercriminals to steal money from people is through the use of fake security software, according to the most recent Microsoft Security Intelligence Report. This kind of software is also known as “scareware” or “rogue security software.” Cybercriminals use it to scare people into
downloading more malicious software
onto their computer or pay for a fake product. For more information, see Watch out for fake virus alerts. Here are examples of the graphics used by cybercriminals trick you into downloading their security software.
Microsoft Security Tips
Official Use Only 20