Scribd Logo
Carica

Benvenuto in Scribd!

  • ITMS InfoSec

    Caricato da

    gerwin
    25 visualizzazioni24 pagine
    ITMS-InfoSec

    Titolo originale

    ITMS-InfoSec

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    ITMS-InfoSec

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    25 visualizzazioni24 pagine

    ITMS InfoSec

    Caricato da

    gerwin
    ITMS-InfoSec

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 24

    RANSOMWARE

    THE EVOLUTION OF ENCRYPTION AS A WEAPON


    INTRODUCTION

    • Encryption: the process of encoding messages or data into cipher text to


    prevent unauthorized access
    • Decryption: the process of decoding cipher text via a known key
    • Cipher: algorithm used to perform encryption and decryption
    • Key size – measured in bits
    • Symmetrical Key: same key used to encrypt and decrypt
    • Asymmetrical Key: different keys are used to encrypt and decrypt
    0101001100111100001110010101011010010101000010000111110010101001010
    HOW DOES IT WORK?
    Objective: To send human readable text or media files securely reducing risk of interception or eavesdropping

    This is 1qaz2ws
    my data 3edc4rfv
    5tgb6yhn
    7ujm8ikm
    Key Encryption
    plain text cipher text
    Algorithm

    This is 1qaz2ws
    my data 3edc4rfv Internet
    5tgb6yhn
    7ujm8ikm
    Decryption
    plain text Algorithm cipher text
    +
    Key
    ENCRYPTION: PRACTICAL USE

    • Information Security Best Practice


    • Protecting classified data
    • Transmission of data over insecure or unknown networks
    • Providing remote access to corporate enterprise infrastructure
    • Facilitates Secure Communication
    • Wireless security protocols
    • Network security protocols
    ENCRYPTION: PRACTICAL USE

    • VPN – Virtual Private Network


    • Used to establish a secure link with a VPN server
    • All network traffic is sent and received through the VPN server
    • Typical encryption protocols used:
    • OpenVPN, IPSec, PPTP, L2TP
    • Easy to disguise geological location Web Server
    VPN Server

    OpenVPN HTTP

    USA Singapore
    USA
    ENCRYPTION: PRACTICAL USE

    • Mobile Device Communication


    • 4G LTE encryption algorithms
    • Snow 3G Stream Cipher
    • UEA2 and UIA2 Confidentiality and Integrity Algorithms

    • Apps that utilize end-to-end encryption


    • WhatsApp
    • Viber
    • Skype
    POPULAR ENCRYPTION TOOLS
    INFO AND CYBER SECURITY: THE INCONVENIENCE!!

    • Performance vs Security Tradeoff


    • How much data are you willing to risk?
    • How much security is good enough?

    • What is your disaster recovery plan?


    • Backup and restore procedures
    • Data retention policies
    DISASTER STRIKES!

    • What is Ransomware?!
    • Malware that can hold your computer and/or its data hostage
    • Your computer and/or data is “freed” in exchange for money
    • Premium SMS
    • Bitcoin
    • Western Union
    • Two general types:
    • Lock screen
    • Encrypting ransomware
    RANSOMWARE

    Example: Teslacrypt
    HOW DID THIS HAPPEN?!

    • Popular Ransomware Attack Vectors


    • Spam
    • Email phishing attacks
    • Infected shared external drives
    • Malicious websites
    • Downloading files from untrusted sources
    • Installing pirated software
    HOW DID THIS HAPPEN?!
    Email is #1method
    Ransomware Attack Vectors

    Source: Osterman Research


    HOW DID THIS HAPPEN?!

    7 of 10 malicious email attachments in Q2 2016

    Source: Proofpoint
    RANSOMWARE: THE FALLOUT

    • Now the #1 security concern of most organizations


    • Nearly 50% of organizations have been hit
    • Only 4% confident in ITsec’s ability to prevent future attacks
    • Increasing Competition
    • Ransomware-as-a-Service
    • Master keys leaked by rival groups
    RANSOMWARE: STATISTICS
    56,000
    Overall Ransomware Infections by MONTH March 2016

    Source: Symantec
    RANSOMWARE: STATISTICS
    Average Ransom Amount (by year)

    Amount paid in ransom


    for Q1 2016 = $209
    Million
    • on pace to become
    $1 Billion source
    for cyber criminals

    Source: Symantec
    Almost 2/3 of Submitted Exploits have Ransomware Payloads

    • Effective
    WHY?
    • Lucrative

    Source: Malwarebytes
    RANSOMWARE: TRENDS
    600%

    Source: Proofpoint
    Android Ransomware from 4/2014 to 3/2016

    136,532
    Phones

    Source: Kaspersky
    NOW WHAT?!!

    • Don’t Pay!
    • Doesn’t guarantee you will get your computer and/or data back
    • Funds sent will be used to target you and others further
    • Isolate infected computer from rest of the network
    • Restore files from known good backup
    • Do you even have one???
    • Submit malware to antivirus solution so signatures can be created
    RANSOMWARE: HOW TO AVOID IT?

    • Backup servers and endpoints regularly


    • Secure access to network drives
    • Complex passwords
    • Read-only
    • Deploy enterprise-grade antivirus solution
    • Utilize email security solution
    • Ensure servers and workstations are sufficiently patched
    SUMMARY

    • Encryption when utilized to secure sensitive data and computer systems can be
    extremely effective
    • Cyber criminals have matured in parallel with IT experts and consistently discover
    innovative methods to gain unauthorized access to your data
    • Using encryption, criminals can hold your computers and data hostage until monetary
    demands are met
    • Ransomware is becoming the #1 issue among IT security professionals worldwide
    QUESTIONS
    THANK YOU!

    Scott Pearson
    US Department of State
    Anti-Terrorism Assistance Program
    spearson47@gmail.com

    Potrebbero piacerti anche