cyber security training virginia marine resources commission mis dept. october 2013
TRANSCRIPT
CYBER SECURITY TRAININGVirginia Marine Resources Commission
MIS Dept.October 2013
WE ARE IN A CYBER WAR
Are you ready for the battlefield?
GOOD SOLIDERS KNOW THE BATTLEFIELD!
2012 Cost of Cyber Crime Study Cyber crimes continue to be costly
Average annualized cost of cyber crime: 2012: $8.9m per year, with a range of $1.4m - $46
million 2011: $8.4 million. Increase of 6 percent or $500,000 Cyber attacks have become common occurrences
Cyber attacks have become common occurrences 2012: 102 successful attacks per week 1.8 successful attacks per company per week. 2011: 72 successful attacks on average per week 42% increase
VITA
VIRGINIA WAS #8 IN CYBER COMPLAINTS FOR 2012
IC3 Annual Report 2012
The Commonwealth received 117,842,683 alerts, or approximately four attacks per second in 2012
VITA
VITA’S 2012 ANNUAL REPORT
VITA
GLOBAL BATTLEFIELD
VITA
CURRENT ENEMY ACTIVITY
BOT NETS DNS Changer is malware and a botnet
that alters a computer’s domain name service (DNS) settings, redirecting infected computers to domains maintained by the malicious actors and used to promote fake and dangerous products
MSISAC
EXPLOIT KITS Malware redirects on compromised
websites, spam email, poisoned search engine results; identifies and takes advantage of vulnerabilities in web browsers, and browser plug-ins, including Java, PDF, and Adobe vulnerabilities
Usually delivers ZeuS, Zeroaccess, Cridex, and FakeAV malware, although it is capable of distributing any malware
Per MSISAC, it is the most widely used kits in existence in the cyber world
MSISAC
WEB CAMERA HACKING Per Justin Vellese with the FBI,
“web camera hacking is a growing crime that's happening all over the world”.
FBIWeb Warning Article
PHISHING
According to Microsoft:
“Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, bank and other account data and passwords, or other information.
Microsoft
PHISHING
What does a phishing email message look like?
Example:
Microsoft
PHISHING
TYPES OF PHISHING Fake email account reset or mailbox
over limit IRS, FBI and Treasury scams Credit Union and Banking scams Major events (Elections, Holidays) Social networking Web sites Fake Websites Websites that spoof your familiar sites
using slightly different Web addresses Instant message program
KEYLOGGER A keylogger is a malware software
program (it can even be hardware) designed to monitor and log all keystrokes.
This is one of the biggest threats of some malware since it can allow all information going through a computer to be stolen; Keyloggers are often set up to look specifically for items like passwords, confidential information, pin numbers, credit card account numbers, ssn – these are the most sought items wanted by criminals for fraud and identity theft
SPAM
What is Spam?Simply stated, Spam is an unsolicited email
Product offers Misdirection to allow
installation of malwareMisinformation (denial of
access)
SOCIAL ENGINEERING
According to Microsoft: “The purpose of social
engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.”
SOCIAL ENGINEERING
Types of Social Engineering” Phishing Spear phishing E-mail hoaxes Telephone or in person fraud Shoulder Surfing
FAKE ALERTVMRC had numerous cases of Fake Alert Trojans in our agency. In each case, the PC had to be reimaged and data was lost.
Remember if you see a pop-up similar to one on the right, turn your computer off immediately and contact MIS personnel. Do not click on anything in an attempt to close this type of “fake alert” window – just a single click executes and installs the malware.
As always, any suspicious computer behavior should be reported immediately to any MIS personnel!
PROTECTING THE WORKPLACE
REMEMBER
YOU ARE THE PRIMARY DEFENSE AGAINST CYBER ATTACKS:
SYMANTEC – 90% of malware requires human interaction
MANDIANT – 100% of successful APT (Advanced Persistent Threat) attacks
compromised the human
DEFENSE - PHYSICAL
Physical protection of all MRC equipment is a primary defense against cyber attacks
Always remember to put your laptop in a locked cabinet at night or hidden in your vehicle when traveling
Always secure USB flash drives, cell phones, and other mobile devices while traveling or unattended in the office
DEFENSE – SCREEN LOCK
Always remember to lock your computer screen when you step away from your desk:
DEFENSE – PROTECT USER IDs & PASSWORDS Change your passwords at a minimum of
every 90 days If your password is comprised or if you
suspect a malware infection, immediately change your passwords – always contact your Information Security Officers if this occurs
Don’t reuse your previous passwords Don’t use the same password for each of
your accounts When your computer prompts you to
save or remember your password, click on “No”
DEFENSE – PROTECT USER IDs & PASSWORDS Use memorable phrases, such as “I
hate Mondays!” Alter caps with lowercase, numbers,
and use symbols: Example: 1h@teM0ndays! Using this format gives you the
opportunity to use the same password for long time. Simply change at least two characters and most policies will allow you to keep the same password.
DEFENSE – PROTECT PASSWORDS Use at least eight characters, including
numerals and symbols Avoid common (dictionary) words Don’t use your personal information,
login, or adjacent keys as passwords Use variety of passwords for your
online accounts
DEFENSE – PROTECT YOUR PERSONAL INFORMATION Don’t give out your name, email or
home address, phone, account numbers or SS number without finding out why it is needed and how it will be protected
Monitor your email- don’t respond to unknown or unsolicited email
When shopping online, take measures to reduce the risk- ensure lit lock or https: (secured) sites are used
Read the company privacy policy
DEFENSE - PROTECT AGENCY SENSITIVE DATA
Sensitive personal information means the first name or first initial and last name in combination with and linked to any one or more of the following data elements that relate to a resident of the commonwealth, when the data elements are neither encrypted nor redacted:
1) Social security number;2) Drivers license number or state identification card number issued in lieu of a driver’s license number; or3) Financial account number, or credit card or debit card number, in combination with any required security code, access code, or password that would permit access to a resident’s financial accounts;
DEFENSE - PROTECT AGENCY SENSITIVE DATA Remember:
** By statute, at MRC, confidential harvest information is also considered sensitive data
DEFENSE –ENCRYPTION Unless authorized otherwise, store sensitive data
only on your designated network drive; if sensitive data is on the network it does not have to be encrypted, but use common sense and encrypt the file if a significant amount of sensitive data is included
If you are required to carry sensitive data on a mobile device, that data is to be encrypted and you must obtain permission to do so by the agency ISO and Commissioner
All encryption software will be installed by MIS personnel only
Never ever send unencrypted sensitive data in an email! Call in the information to the designated person or obtain the proper software from the MIS personnel to encrypt it in an email
DEFENSE –EMAIL !DO NOT send unencrypted sensitive data in an
email! - Always contact MIS if you need to send confidential data by
Watch out for phishing emails Store critical emails in your personal folders COV email accounts must not be auto forwarded to
any external accounts Never ever click on an untrusted link in an email,
always type the link in the browser. HINT: Hover your mouse over an email link, without clicking, if the web address is different from what you would expect it may be phishing or malware website!
Do not open attachments from unknown sources
DEFENSE –EMAIL
200MB
** Remember VITA will never send you a hyperlink in this email for you to click on**
From: Microsoft Outlook Sent: Thursday, September 20, 2012 2:00 AMTo: Subject: Your mailbox is almost full.Importance: High Your mailbox is almost full.
200Please reduce your mailbox size. Delete any items you don't need from your
mailbox andempty your Deleted Items folder.
**This is an example of a legitimate email from VITA informing the user that they are near their storage limit on an email account. There have been regular emails to various users in the agency that are phishing attempts using the “Your mailbox is almost full” line. If it does not look like the above email, delete it!**
163 MB 200MB
DEFENSE –SURFING VITA automatically forces down a popup
blocker in our browsers, if you have to disable it for a website, remember to always re-enable it afterwards
After clicking on a trusted link, always monitor the address bar in the browser, if the web address is different than expected, do not proceed!
Always remember it is better to type in a hyperlink in the address bar from an untrusted source!
DEFENSE – WIRELESS SECURITY If you are issued a VPN FOB, never attach
your pin to the device and always secure your device
Always secure air cards like you would any mobile device
Be alert when using a public wireless network, never transfer or access sensitive data while attached to one!
Hint: Try to avoid the use of public wireless network whenever possible
DEFENSE –MOBILE DEVICES Secure your laptop with a cable lock or store it in locked
area or locked drawer Keep all devices with you during air and vehicle travel
until it can be locked up safely. Do not forget to retrieve it after passing through airport security. Always keep your Blackberry and flash drives in a
secure location. Maintain physical control of these devices!
NEVER EVER store unencrypted sensitive data on these devices!
Limit exposure of your mobile phone number Be choosy when selecting and installing apps Set Bluetooth-enabled devices to non-discoverable Avoid joining unknown Wi-Fi networks and using public
Wi-Fi hotspots Don’t use third-party device firmware to change access
to your deviceUS-CERT
DEFENSE –REMOTE ACCESS Only authorized personnel are allowed to
access their network drives remotely Don’t use public WIFIs to access the VMRC
network server Secure all VPN fobs as if it is a laptop
computer and never attach your pin to the device
Remember to never access sensitive data in a public location
DEFENSE –REBOOT It is best to turn off or reboot a computer at
the end of the day. This will flush the RAM memory and will update configurations
If you use a credit card or sensitive data online, you should clear your search cache and cookies afterwards. This can be done on Internet Explorer by going to Tools>Internet Options>Browsing History>Delete. In addition, it is beneficial to perform this task on a regular basis.
As always, be on the lookout for suspicious activity!
PROTECTING YOUR HOME
DEFENSE AT HOME -SECURITY SOFTWARE
Anti-Virus Software Firewalls Anti-Spyware and Malware Software Email Scanning Web Filters Windows 7 Firewall
MAKE SURE THE FOLLOWING PROGRAMS ARE UP-TO-DATE:
DEFENSE-UP-TO-DATE In order to protect yourself and
your computer you need to ensure that you Operating System and Web Browser is up-to-date
Security patches are frequently updated, so check regularly!
Microsoft
DEFENSE-WIRELESS NETWORKSEnsure your wireless network is
setupas a secure wireless network:
http://www.microsoft.com/windowsxp/using/networking/setup/wireless.mspx
DEFENSE –BACKUP YOUR DATA One of the biggest errors people
make is not backing up their data!
Depending upon your use:
For work we back it up every night For home you should strive to back it
up at least weekly
Windows 7 Back
up
WHEN TO CONTACT MIS AND OTHER AGENCIES
WHEN TO CONTACT MIS? Contact any of your MIS
personnel and supervisor about any cyber security incident!
CONTACT MIS FOR SOFTWARE INSTALLATION Remember to never install software on
any device (computer, USB, blackberry, etc.) without permission from the ISO. This is to ensure we have met all licensing and copyright requirements.
CONTACT FTC WHEN IDENTITY THEFT OCCURS File a complaint with the Federal Trade
Commission: https://www.ftccomplaintassistant.gov Place a fraud alert on your credit reports,
and review your credit reports. This can be accomplished by contacting one of the nationwide consumer reporting agency
File a Police Report Close the accounts that have been
tampered with or opened fraudulently
TEST YOUR CYBER SECURITY KNOWLEDGE Do not forget you are required to take a quiz
after you complete the training. You can access the quiz by login the “Employee Portal”. You will find the quiz under the “System Access”. It is a multiple choice test and should only take a couple of minutes to complete. You are required to pass the test with a 90% - but you can take the test multiple times. If you pass the test by 90%, you will receive a “Nice Job! You've passed!” message.
Thank You!Thanks for going through the training today.
Information Security is critical at work and at home. We appreciate you taking the time to learn the contents of this training and highly encourage you taking some time regularly to read up on security topics. Use our MRC security web page to access more information on security and access account request information. Also available on our security web page is the Agency Information Security Policy – all users should be familiar with the policy and their responsibilities for security as an agency employee.
Please contact Erik Barth (x72262); Linda Farris (x72280) or your supervisor if you have any questions about this training or information security topics in general.
References
VITAIC3 Annual Report 2012Miller School of MedicineMSISACMicrosoftFBIWeb Warning ArticleUS-CERT