CYBER SECURITY TRAININGVirginia Marine Resources Commission

MIS Dept.October 2013

WE ARE IN A CYBER WAR

Are you ready for the battlefield?

GOOD SOLIDERS KNOW THE BATTLEFIELD!

2012 Cost of Cyber Crime Study Cyber crimes continue to be costly

Average annualized cost of cyber crime: 2012: $8.9m per year, with a range of $1.4m - $46

million 2011: $8.4 million. Increase of 6 percent or $500,000 Cyber attacks have become common occurrences

Cyber attacks have become common occurrences 2012: 102 successful attacks per week 1.8 successful attacks per company per week. 2011: 72 successful attacks on average per week 42% increase

VITA

VIRGINIA WAS #8 IN CYBER COMPLAINTS FOR 2012

IC3 Annual Report 2012

The Commonwealth received 117,842,683 alerts, or approximately four attacks per second in 2012

VITA

VITA’S 2012 ANNUAL REPORT

VITA

GLOBAL BATTLEFIELD

VITA

CURRENT ENEMY ACTIVITY

BOT NETS DNS Changer is malware and a botnet

that alters a computer’s domain name service (DNS) settings, redirecting infected computers to domains maintained by the malicious actors and used to promote fake and dangerous products

MSISAC

EXPLOIT KITS Malware redirects on compromised

websites, spam email, poisoned search engine results; identifies and takes advantage of vulnerabilities in web browsers, and browser plug-ins, including Java, PDF, and Adobe vulnerabilities

Usually delivers ZeuS, Zeroaccess, Cridex, and FakeAV malware, although it is capable of distributing any malware

Per MSISAC, it is the most widely used kits in existence in the cyber world

MSISAC

WEB CAMERA HACKING Per Justin Vellese with the FBI,

“web camera hacking is a growing crime that's happening all over the world”.

FBIWeb Warning Article

PHISHING

According to Microsoft:

“Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, bank and other account data and passwords, or other information.

Microsoft

PHISHING

What does a phishing email message look like?

Example:

Microsoft

PHISHING

TYPES OF PHISHING Fake email account reset or mailbox

over limit IRS, FBI and Treasury scams Credit Union and Banking scams Major events (Elections, Holidays) Social networking Web sites Fake Websites Websites that spoof your familiar sites

using slightly different Web addresses Instant message program

KEYLOGGER A keylogger is a malware software

program (it can even be hardware) designed to monitor and log all keystrokes.

This is one of the biggest threats of some malware since it can allow all information going through a computer to be stolen; Keyloggers are often set up to look specifically for items like passwords, confidential information, pin numbers, credit card account numbers, ssn – these are the most sought items wanted by criminals for fraud and identity theft

SPAM

What is Spam?Simply stated, Spam is an unsolicited email

Product offers Misdirection to allow

installation of malwareMisinformation (denial of

access)

SOCIAL ENGINEERING

According to Microsoft: “The purpose of social

engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.”

SOCIAL ENGINEERING

Types of Social Engineering” Phishing Spear phishing E-mail hoaxes Telephone or in person fraud Shoulder Surfing

FAKE ALERTVMRC had numerous cases of Fake Alert Trojans in our agency. In each case, the PC had to be reimaged and data was lost.

Remember if you see a pop-up similar to one on the right, turn your computer off immediately and contact MIS personnel. Do not click on anything in an attempt to close this type of “fake alert” window – just a single click executes and installs the malware.

As always, any suspicious computer behavior should be reported immediately to any MIS personnel!

PROTECTING THE WORKPLACE

REMEMBER

YOU ARE THE PRIMARY DEFENSE AGAINST CYBER ATTACKS:

SYMANTEC – 90% of malware requires human interaction

MANDIANT – 100% of successful APT (Advanced Persistent Threat) attacks

compromised the human

DEFENSE - PHYSICAL

Physical protection of all MRC equipment is a primary defense against cyber attacks

Always remember to put your laptop in a locked cabinet at night or hidden in your vehicle when traveling

Always secure USB flash drives, cell phones, and other mobile devices while traveling or unattended in the office

DEFENSE – SCREEN LOCK

Always remember to lock your computer screen when you step away from your desk:

DEFENSE – PROTECT USER IDs & PASSWORDS Change your passwords at a minimum of

every 90 days If your password is comprised or if you

suspect a malware infection, immediately change your passwords – always contact your Information Security Officers if this occurs

Don’t reuse your previous passwords Don’t use the same password for each of

your accounts When your computer prompts you to

save or remember your password, click on “No”

DEFENSE – PROTECT USER IDs & PASSWORDS Use memorable phrases, such as “I

hate Mondays!” Alter caps with lowercase, numbers,

and use symbols: Example: 1h@teM0ndays! Using this format gives you the

opportunity to use the same password for long time. Simply change at least two characters and most policies will allow you to keep the same password.

DEFENSE – PROTECT PASSWORDS Use at least eight characters, including

numerals and symbols Avoid common (dictionary) words Don’t use your personal information,

login, or adjacent keys as passwords Use variety of passwords for your

online accounts

DEFENSE – PROTECT YOUR PERSONAL INFORMATION Don’t give out your name, email or

home address, phone, account numbers or SS number without finding out why it is needed and how it will be protected

Monitor your email- don’t respond to unknown or unsolicited email

When shopping online, take measures to reduce the risk- ensure lit lock or https: (secured) sites are used

Read the company privacy policy

DEFENSE - PROTECT AGENCY SENSITIVE DATA

Sensitive personal information means the first name or first initial and last name in combination with and linked to any one or more of the following data elements that relate to a resident of the commonwealth, when the data elements are neither encrypted nor redacted:

1) Social security number;2) Drivers license number or state identification card number issued in lieu of a driver’s license number; or3) Financial account number, or credit card or debit card number, in combination with any required security code, access code, or password that would permit access to a resident’s financial accounts;

DEFENSE - PROTECT AGENCY SENSITIVE DATA Remember:

** By statute, at MRC, confidential harvest information is also considered sensitive data

DEFENSE –ENCRYPTION Unless authorized otherwise, store sensitive data

only on your designated network drive; if sensitive data is on the network it does not have to be encrypted, but use common sense and encrypt the file if a significant amount of sensitive data is included

If you are required to carry sensitive data on a mobile device, that data is to be encrypted and you must obtain permission to do so by the agency ISO and Commissioner

All encryption software will be installed by MIS personnel only

Never ever send unencrypted sensitive data in an email! Call in the information to the designated person or obtain the proper software from the MIS personnel to encrypt it in an email

DEFENSE –EMAIL !DO NOT send unencrypted sensitive data in an

email! - Always contact MIS if you need to send confidential data by

email

Watch out for phishing emails Store critical emails in your personal folders COV email accounts must not be auto forwarded to

any external accounts Never ever click on an untrusted link in an email,

always type the link in the browser. HINT: Hover your mouse over an email link, without clicking, if the web address is different from what you would expect it may be phishing or malware website!

Do not open attachments from unknown sources

DEFENSE –EMAIL

200MB

** Remember VITA will never send you a hyperlink in this email for you to click on**

From: Microsoft Outlook Sent: Thursday, September 20, 2012 2:00 AMTo: Subject: Your mailbox is almost full.Importance: High Your mailbox is almost full.

200Please reduce your mailbox size. Delete any items you don't need from your

mailbox andempty your Deleted Items folder.

**This is an example of a legitimate email from VITA informing the user that they are near their storage limit on an email account. There have been regular emails to various users in the agency that are phishing attempts using the “Your mailbox is almost full” line. If it does not look like the above email, delete it!**

163 MB 200MB

DEFENSE –SURFING VITA automatically forces down a popup

blocker in our browsers, if you have to disable it for a website, remember to always re-enable it afterwards

After clicking on a trusted link, always monitor the address bar in the browser, if the web address is different than expected, do not proceed!

Always remember it is better to type in a hyperlink in the address bar from an untrusted source!

DEFENSE – WIRELESS SECURITY If you are issued a VPN FOB, never attach

your pin to the device and always secure your device

Always secure air cards like you would any mobile device

Be alert when using a public wireless network, never transfer or access sensitive data while attached to one!

Hint: Try to avoid the use of public wireless network whenever possible

DEFENSE –MOBILE DEVICES Secure your laptop with a cable lock or store it in locked

area or locked drawer Keep all devices with you during air and vehicle travel

until it can be locked up safely. Do not forget to retrieve it after passing through airport security. Always keep your Blackberry and flash drives in a

secure location. Maintain physical control of these devices!

NEVER EVER store unencrypted sensitive data on these devices!

Limit exposure of your mobile phone number Be choosy when selecting and installing apps Set Bluetooth-enabled devices to non-discoverable Avoid joining unknown Wi-Fi networks and using public

Wi-Fi hotspots Don’t use third-party device firmware to change access

to your deviceUS-CERT

DEFENSE –REMOTE ACCESS Only authorized personnel are allowed to

access their network drives remotely Don’t use public WIFIs to access the VMRC

network server Secure all VPN fobs as if it is a laptop

computer and never attach your pin to the device

Remember to never access sensitive data in a public location

DEFENSE –REBOOT It is best to turn off or reboot a computer at

the end of the day. This will flush the RAM memory and will update configurations

If you use a credit card or sensitive data online, you should clear your search cache and cookies afterwards. This can be done on Internet Explorer by going to Tools>Internet Options>Browsing History>Delete. In addition, it is beneficial to perform this task on a regular basis.

As always, be on the lookout for suspicious activity!

PROTECTING YOUR HOME

DEFENSE AT HOME -SECURITY SOFTWARE

Anti-Virus Software Firewalls Anti-Spyware and Malware Software Email Scanning Web Filters Windows 7 Firewall

MAKE SURE THE FOLLOWING PROGRAMS ARE UP-TO-DATE:

DEFENSE-UP-TO-DATE In order to protect yourself and

your computer you need to ensure that you Operating System and Web Browser is up-to-date

Security patches are frequently updated, so check regularly!

Microsoft

DEFENSE-WIRELESS NETWORKSEnsure your wireless network is

setupas a secure wireless network:

http://www.microsoft.com/windowsxp/using/networking/setup/wireless.mspx

DEFENSE –BACKUP YOUR DATA One of the biggest errors people

make is not backing up their data!

Depending upon your use:

For work we back it up every night For home you should strive to back it

up at least weekly

Windows 7 Back

up

WHEN TO CONTACT MIS AND OTHER AGENCIES

WHEN TO CONTACT MIS? Contact any of your MIS

personnel and supervisor about any cyber security incident!

CONTACT MIS FOR SOFTWARE INSTALLATION Remember to never install software on

any device (computer, USB, blackberry, etc.) without permission from the ISO. This is to ensure we have met all licensing and copyright requirements.

CONTACT FTC WHEN IDENTITY THEFT OCCURS File a complaint with the Federal Trade

Commission: https://www.ftccomplaintassistant.gov Place a fraud alert on your credit reports,

and review your credit reports. This can be accomplished by contacting one of the nationwide consumer reporting agency

File a Police Report Close the accounts that have been

tampered with or opened fraudulently

TEST YOUR CYBER SECURITY KNOWLEDGE Do not forget you are required to take a quiz

after you complete the training. You can access the quiz by login the “Employee Portal”.  You will find the quiz under the “System Access”.  It is a multiple choice test and should only take a couple of minutes to complete.  You are required to pass the test with a 90% - but you can take the test multiple times.  If you pass the test by 90%, you will receive a “Nice Job! You've passed!” message. 

Thank You!Thanks for going through the training today.

Information Security is critical at work and at home. We appreciate you taking the time to learn the contents of this training and highly encourage you taking some time regularly to read up on security topics. Use our MRC security web page to access more information on security and access account request information. Also available on our security web page is the Agency Information Security Policy – all users should be familiar with the policy and their responsibilities for security as an agency employee.

Please contact Erik Barth (x72262); Linda Farris (x72280) or your supervisor if you have any questions about this training or information security topics in general.

References

VITAIC3 Annual Report 2012Miller School of MedicineMSISACMicrosoftFBIWeb Warning ArticleUS-CERT