cyber securitynaihc.net/.../02/...cyber-security-indian-country.pdf · “cyber insurance” may...
TRANSCRIPT
![Page 1: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/1.jpg)
CYBER SECURITY
IS INDIAN COUNTRY SAFE FROM
CYBERCRIMINALS?
![Page 2: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/2.jpg)
TOPICS
What is Cyber Security
Common Types of Threats
Recognizing Threats
Prevention
Issues Unique to Indian Country
Questions
![Page 3: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/3.jpg)
WHAT IS CYBER
SECURITY?
Protecting our computers, systems and data
the same way you protect your homes,
securing the doors and windows and
preventing intrusion.
Why are we concerned? Monetary loss, data
loss, system and computer damage.
![Page 4: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/4.jpg)
![Page 5: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/5.jpg)
![Page 6: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/6.jpg)
![Page 7: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/7.jpg)
CNET.com 12/5/2019
![Page 8: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/8.jpg)
COMMON TYPES
OF THREATS
Viruses
Worms
Trojan Horses/Logic Bombs
Social Engineering
The .ishings
Ransomware
![Page 9: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/9.jpg)
VIRUSES
A virus attaches itself to a program, file, or disk.
When the program is executed, the virus activates
and replicates itself.
The virus may be benign or malignant but executes
its payload at some point (often upon contact).
Viruses can cause computer crashes and loss of
data.
In order to recover or prevent virus attacks:
Avoid potentially unreliable websites/emails.
System Restore.
Re-install operating system.
Use and maintain anti-virus software.
![Page 10: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/10.jpg)
WORMS
Independent program that
replicates itself and sends
copies from computer to
computer across network
connections.
Upon arrival, the worm may be
activated to replicate.
![Page 11: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/11.jpg)
LOGIC BOMBS /
TROJAN HORSES
Logic Bomb: Malware logic executes upon
certain conditions. The program is often used
for otherwise legitimate reasons.
Examples: “If This Than That”
Software which malfunctions if maintenance fee is not paid.
Employee triggers a database erase when he is fired.
Trojan Horse: Masquerades as a benign
program while quietly destroying data or
damaging your system.
Download a game: It may be fun but contains hidden code that
gathers personal information without your knowledge.
![Page 12: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/12.jpg)
SOCIAL
ENGINEERING
Social engineering manipulates people into performing
actions or divulging confidential information. Like a
confidence trick or simple fraud, the term applies to
the use of deception to gain information, commit
fraud, or access computer systems.
Phone calls, ex. IT Department, Vendor, Government,
etc.
In Person, ex. Personal questions to assist with
security questions.
Email, ex. Requesting bank account info.
![Page 13: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/13.jpg)
THE .ISHINGS
Phishing
Spear Phishing
Smishing and Vishing
Whaling Phishing
![Page 14: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/14.jpg)
PHISHING
Phishing is the fraudulent attempt to obtain sensitive
information such as usernames, passwords and credit
card details by disguising oneself as a trustworthy
entity in an electronic communication.
Usually email based.
Click on a link.
Open an attachment.
![Page 15: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/15.jpg)
PHISHING EXAMPLES
![Page 16: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/16.jpg)
SPEAR PHISHING
Spear phishing is an email or electronic
communications scam targeted towards a specific
individual, organization or business. Although often
intended to steal data for malicious purposes,
cybercriminals may also intend to install malware on a
targeted user’s computer.
Email based like Phishing Attack.
![Page 17: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/17.jpg)
SMISHING AND
VISHING
Smishing and vishing are types of phishing attacks that
try to lure victims via SMS message and voice calls.
Both rely on the same emotional appeals employed in
traditional phishing scams and are designed to drive
you into urgent action. The difference is the delivery
method.
Both cell phone based.
Smishing-SMS Messages with malicious links. Ex.
update account or personal info, etc.
Vishing-Voice Call. Ex. Social Security, Jury Duty, IRS,
Accident, Police, Kidnapping scams.
![Page 18: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/18.jpg)
SMISHING
EXAMPLE
![Page 19: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/19.jpg)
WHALING
PHISHING
Whaling is a common cyber attack that occurs when
an attacker utilizes spear phishing methods to go after
a large, high-profile target, such as the c-suite.
Malicious actors know that executives and high-level
employees (like public spokespersons) can be savvy to
the usual roster of spam tactics; they may have
received extensive security awareness
training because of their public profile, and the
security team may have more stringent policies and
heftier tools in place to protect them. This leads
attackers who try to phish these targets to look
beyond the same old tried-and-true tactics to more
sophisticated, targeted methods.
![Page 20: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/20.jpg)
WHALING PHISHING EMAIL EXAMPLE
![Page 21: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/21.jpg)
RANSOMWARE
Ransomware is a of malware that encrypts documents, pictures and other files, making them unreadable. The attacker then holds the decryption key for ransom until you agree to pay money, usually through a method such as BitCoin, other digital currency, or gift cards.
Contact law enforcement.
Ransomware assumes that you’ll pay to recover your files – if you back them up regularly, you have no need to pay the ransom. However….
Computer systems can be “Locked” requiring the purchase of entire systems at significant cost.
“Cyber Insurance” may pay attacker to release data but could make you target for future attacks.
You can negotiate with hacker to reduce cost, don’t pay opening bid. Average cost to realease is $700.00.
No guarantee hacker will release data.
![Page 22: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/22.jpg)
RANSOMWARE
DEMAND
INSTRUCTIONS
![Page 23: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/23.jpg)
ADVANCE-FEE SCAMS
Most other email scams involve advance-fees and check fraud, attempting to gain your confidence to move money
on the criminal’s behalf.
Nigerian “419” (Nigerian Criminal Code) scams are the classic example – your help is needed to move a large
amount of money out of a foreign country because someone is ill, has died, or the country’s government is after
it. The victim wires money to assist and never receives anything in return.
New variations include job offers – a sizable wage is sent in advance for a low amount of work, deposited, then
requested to be transferred to another source for payment of some debt. Original check bounces and the victim
has just wired their own money to the criminal.
Precious metal, diamond, gold mine shares, etc.
![Page 24: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/24.jpg)
![Page 25: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/25.jpg)
![Page 26: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/26.jpg)
EMAIL SECURITY
Email is one of the most common and most successful attacks on the internet. Recent statistics cite
up to 90% of successful attacks against businesses begin with a malicious email.
Emails can contain malicious files like virus and malware, link to malicious web sites, or try to coerce
or convince you to give away personal information, like your username and password.
Cybercriminals using email to attack businesses are becoming more and more effective at evading
detection – technology alone is only marginally effective at blocking these new email threats.
Thousands if not millions of emails can be sent in a key stroke, only one needs to work to make it
profitable, Law of Averages.
![Page 27: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/27.jpg)
EMAIL DO’S AND DON’TS
Do: Always verify the sender of a message.
Always hover over web page links (URLs) in email messages to see where they link to – beware URL shortening services (like bit.ly) that may obscure the final web site destination.
Be skeptical of messages with odd spelling/grammar, improper logos or that ask you to upgrade or verify your account.
Report suspicious emails to IT Administrator.
Don’t: Open an attachment from an unknown sender. Consider the source and whether or not the file was
expected.
Click on a link from an unknown sender.
Email someone your username or password.
![Page 28: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/28.jpg)
INDIAN COUNTRY ISSUES
Location
Resources (Investment made in hardening systems, training, etc.)
Wealthy Tribes Attractive Targets (Casino’s, Natural Resources, etc.)
Computer Dependent/Not Computer Dependent
Insider Threat (Any organizations problem.)
![Page 29: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/29.jpg)
PREVENTION,
WHAT CAN YOU
DO
Virus/Malware
SoftwareFirewalls
Up to date software
Employee
Awareness and
Regular Training
Active
Countermeasure
Participate in MS-
ISAC and DHS
Programs
![Page 30: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/30.jpg)
RESOURCES TO
LEARN MORE
DHS Webinar on YouTube
https://www.youtube.com/watch?v=D8kC07tu27A
![Page 31: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/31.jpg)
![Page 32: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/32.jpg)
HOW TO SIGN UP FOR MS-ISAC
https://learn.cisecurity.org/ms-isac-registration
It’s free of charge!
More than 40 tribal governments participate.
![Page 33: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/33.jpg)
QUESTIONS?
![Page 34: Cyber Securitynaihc.net/.../02/...Cyber-Security-Indian-Country.pdf · “Cyber Insurance” may pay attacker to release data but could make you target for future attacks. You can](https://reader033.vdocuments.mx/reader033/viewer/2022051603/5ff515748b13a360503a3780/html5/thumbnails/34.jpg)
Michael J. Donohoe (FBI-Retired)
Live Oak Investigations
P.O. Box 971
Jupiter, FL 33468
www.liveoakpi.com