Cyber Security Threats y y Shehzad Mirza Director of the MS ‐ ISAC SOC Will Pelgrin CIS President and CEO CIS President and CEO MS ‐ ISAC Chair
2.6 Billion Internet Users 2.6 Billion Internet Users 1% Asia 44% 3% 6% Europe 22 7% Europe 22.7% 10% 10% 44% North America 13.0% 13% Lat Am / Carib 10.3% Africa 5.7% 23% Middle East 3.3% Oceania / Australia 1.0%
Connect with constituents Connect with constituents Learn new ideas Learn new ideas The Internet is a tremendous tool t d t l for governments Broadcast public functions live Broadcast public functions live Allows your constituents to Pay employees easily register online register online
Criminals look for data… and state and local governments have a lot of it! To Grave From Cradle And Beyond! Confidential Informants
Leon Panetta, Secretary of Defense “The next Pearl Harbor that we confront could very well be a cyber attack that cripples our b k h l power systems, our grid, our security systems, our y y government systems… Cyber war could paralyze the U S ” U.S.
Who Is Behind The Threats? Who Is Behind The Threats? Cyber Criminals Hacktivists N Nation States i S
Cyber Threats Hacktivism Mobile Devices Insider Threats & Human Error Phishing Old Infrastructure
Hacktivism Hacktivism
H Hacktivism kti i “Attacking corporations governments Attacking corporations, governments, organizations and individuals…to make a point” Sophos 2012 Sophos 2012 Hacktivist groups target: • Private corporations • Federal Government • State Government St t G t • Local Government • • Education Education • Law enforcement groups
User Account Compromise Attack Scenario A k S i 1. Law Enforcement Association (i.e. Sheriff association, Police Benevolent Society, etc) gets i i P li B l S i ) compromised 2. Attackers gather the stolen credentials and either post to sharing website (i.e. Pastebin) or keep the login information for themselves 3. Either the hackers themselves or other malicious actors then download and use the credentials from sharing website to login and access local and federal law enforcement systems 4. The compromise of the "association" system may lead to the compromise of the SLTT government systems
What Can You Do To Prevent This? What Can You Do To Prevent This? • Perform regular vulnerability assessments of all Perform regular vulnerability assessments of all Internet facing systems • Remind employees not to re ‐ use work passwords • Monitor Webmail for: – Failed logins – Logins from out of the area or country – Logins at odd hours dd h
Mobile Devices Mobile Devices Mobile Devices Mobile Devices
Smartphone and Tablet Security Risks Too Many Individuals Still Too Many Individuals Still… – Don’t use encryption, passwords, time-out settings or any other security time out settings or any other security protection – Store their sensitive corporate information on smartphones – Lose one of these devices at some point point
Mobile Devices – Targets of Attack Mobile Devices Targets of Attack “The number of variants of malicious software aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185% in less than a year” – U.S. Government Accountability Office
Leaving your laptop or l t smartphone unattended tt d d can lead to big problems… bl More than 10,000 laptops are reported lost every week at 36 of the p p p y largest U.S. airports, and 65 percent of those laptops are not reclaimed. Ponemon Institute
Insider Threats Insider Threats and Human Error and Human Error
Insider Threats are Real… Can be intentional or accidental • WikiLeaks – Hundreds of thousands of confidential documents leaked by military employee • Inadvertent posting of the Social Security numbers and birth dates of 22,000 government retirees on a state procurement website • Disgruntled city employee tampers with city network to deny access to top administrators t k t d t t d i i t t
Human Error – Weak Passwords tomshardware.com
A longer password is a better password Strong passwords should be 9-12 characters and h t d possess a combination of letters, numbers, , , and special characters.
Example of Strong Password Example of Strong Password • This • Is I • A • Better Better Password = • Password • Which T1@bPwWBH2C T1@bPwWBH2C • Would • Be • Harder • Harder • To • Crack Crack
Most Dangerous Cyber Celebrity!!!! g y y
Phishing Phishing Phi hi Phi hi
Gone Phishing… g Phishing scams entice email recipients into clicking on a link or opening an attachment which is malicious. c s a c ous • WELL WRITTEN • APPEARS CREDIBLE • ENTICING OR SHOCKING SUBJECT SUBJECT • APPARENT TRUSTED SOURCE
Protect Yourself Protect Yourself • Never click on a link in a suspicious e ‐ mail. Never click on a link in a suspicious e mail. • Open a new web browser and manually go to the vendors website to log into your account. g y • Call your vendor using a phone number from an official source to get the information you need. g y
Old Infrastructure Old Infrastructure Old Infrastructure Old Infrastructure
Old hardware and software that is beyond the end of its support lif i life is often still in use today ft till i t d No longer supported by the vendors Using them after end of life places your organization at great risk since any security vulnerability will NOT be fixed, making it easy for hackers to launch a successful cyber attack
Industrial Control Systems
Internet Facing Industrial Control Systems Approximately 7,200 Internet Facing Control System Devices Source: US Department of Homeland Security ICS ‐ CERT Monthly Oct ‐ Dec2012
Case Studies Case Studies
South Carolina 2012 South Carolina 2012 • More than 3.3 million unencrypted bank account numbers and 3.8 million tax returns were stolen in an attack against the South Carolina Department of Revenue. • Data lost: SSNs, bank account numbers and credit card numbers. • Breach due to a state employee falling for a phishing attack that enabled hackers to leverage p g g that employee's access rights to gain access to the government entity's systems and databases.
State of Utah 2012 • 280,000 Social Security numbers were stolen, and another 500 000 people lost personal and another 500,000 people lost personal information. • Eastern European hackers broke into the server maintained by the Utah Department of maintained by the Utah Department of Technology Services in the spring of 2012 by taking advantage of a misconfiguration. g g g
What Can You Do? What Can You Do? • Keep your systems patched Keep your systems patched • Have cyber security policies • Monitor compliance with the policies i li i h h li i • Log and monitor network traffic • Backup your systems on a regular basis and check them before storing off site g • Train employees on good cyber security practices practices
Zeus Financial Fraud Zeus Financial Fraud A bank informed a School District that $758,758.70 was to be transferred overseas was to be transferred overseas The School District cancelled the transaction The Bank than asked about the $1,190,400 that was already sent overseas already sent overseas And the $1,862,400… also already sent overseas
What Can You Do? What Can You Do? • Have a dedicated computer for financial Have a dedicated computer for financial transactions • IP Filtering/white list • IP Filtering/white list • Limit software programs (no java, flash, email, etc.) t ) • Set up “non ‐ privileged user” account • Take advantage of two factor authentication where available where available
Stats Stats
Number of Infections – All MSS Partners Number of Infections All MSS Partners 450 Dec ‐ 12 Jan ‐ 13 400 Feb ‐ 13 Mar ‐ 13 350 300 250 200 150 100 50 0
Daily Activity Summary – All MSS Partners 350 Dec ‐ 12 Jan ‐ 13 300 300 Feb 13 Feb ‐ 13 Mar ‐ 13 250 200 150 100 100 50 0 Accepted Inbound Port Peer ‐ to ‐ Peer Usage SQL Injection Exploit System File Access Login Brute Forcing Server Attack: Web Spyware Traffic Events Scans Attempts Attempts Server
Notifications Notifications 300 Dec ‐ 12 Jan ‐ 13 Feb ‐ 13 Mar ‐ 13 250 200 150 150 100 50 0 Darknet Keylogger Defacement Credentials
The MS-ISAC is here to help!
What is the MS ‐ ISAC? What is the MS ISAC? The Multi ‐ State Information Sharing and Analysis Center (MS ‐ ISAC) is the focal point for l i C ( S S C) i h f l i f cyber threat prevention, protection, response and recovery for the nation’s state, local, d f h i ’ l l territorial and tribal (SLTT) governments.
MS-ISAC Is Built On A Strong Foundation Federal Government Situational Awareness Situational Awareness Homeland Security Advisors SHARE SHARE States & US Territories COLLABORATE Local Governments Local Governments TRUST
Recommend
More recommend