Chapter 19 Notes Flashcards
What happened with Equifax
- Summer 2017
- grabbed data on 143 million customers in the US, Canada, and UK (addresses, SSN, driver’s liecense numbers, credit card numbers, etc.)
- due to an exploit of a vulnerability in an open source component, Apache Struts product, that the firm had 2 months to fix
- CEO retired and the total cost revealed to be the most expensive in corporate history.
What was the Target Hack
- hackers installed malware in Target’s security and payments system in 2013 designed to steal every credit card used in company US stores (40 million cards and personal info on 70 million customers exposed)
- target paid over a million for software from the security firm FireEye to detect breaches in real time and the software worked, Target just ignored the warnings
- the firm’s secuirty software has an option to automatically delete malware as its detected but the team turned the function off
- as a result was the firm’s largest ever decline in transactions, falling profits, lawsuits, and the CEO’s dismissal.
- code was snuck into the system using security creds of one of Target’s partners and disguised as BladeLogic, a data center management product
What did the data breaches of Equifax and Target show?
security must be a top organizational priority, but also that the vast majority of security breaches are preventable. it is important to determine whether firm has technologies, training, policies, and procedures to assess risks, lessen the liklihood of damage, and respond in the event of a breacj
Annual worldwide cybercrime costs:
$600B per year
Motivations for hackers?
account theft and illegal funds transfer, stealing personal or financial data, compromising computing assets for use in othr crimes, extortion, intellectual property theft, espionage, cyberwarfare, terrorism, pranksters, protest hacking , revenge
what are data harvesters?
cybercriminals who infiltrate systems and collect data for illegal resale, typically to cash-out faudsters
what are cash-out fraudsters
criminals who might purchase assets from data harvesters to be used for illegal financial gain. they might buy goods using stolen credit cards or create false accounts
what are botnets?
networks of infiltrated and compromised machines controlled by a central command; can be used for sending spam from thousands of accounts, launching fraud efforts or staging distributed denial of service (DDoS), which effectively shut down websites by overwhleming with a crushing load of seemingly legit requests sent by thousands of machines at the same time.
Extorsionist might leverage botnets or hacked data to demand payment to avoid retribution. (T/F)
True, a US-based extortion plot againt VA threatened to reveal names, SSN and other info stolen from medical recorrds database.
What is ransomware?
allows criminals to take data assets hostage, locking and encrypting infected computers, rendering them unusable and irrecoverable unless wants are met like payment
Coorporate espionage is performed by:
insiders, rivals, or foreign government
for ex. a scientist was busted trying to sell R&D documents and secret data on proprietary products.
How has cyberware become a legitimate threat?
technology disruptions by terrorits or a foreign power might be devastating
ex. cutting off power, communication, temperature controls (demonstrated by white hat hackers in a 60 minute news program; forcing oil refinery to overheat and cause an explosion, which would be expensive and difficult to replace).
What is Stuxnet?
a worm that infiltrated Iranian nuclear facilities and reprogrammed the industrial control software operating hundreds of uranium-enriching centrifuges; caused devices to spin into damage. the sophisticated attack went undetected as it was happening.
showed that it’s now possible to destroy critical infrastructure without firing a shot.
Malicious pranksters are also called
griefers or trolls; one group posted seizure-inducing images on websites frequently visited by people suffering with epilepsy.
What are hacktivists?
target firms, websites, or even users as a protest measure; Twitter was once brought down, and Facebook was hobbled as hackers targeted the social networking and blog accounts of Georgian blogger Cyxymu. this attack silences millions of accounts as collateral damage in a DDoS attack meant to mute the single critic.
Example of revenge-seeking motivation?
San Francisco city government lost control of a large portion of its own computer netwrok over ten-day period when an employee refused to share critical passwords
What did former CIA employee, Edward Snowden do?
He leaked over 1.7 million documents from US, British, and Australian agencies that revelaed that the agencies had data-monitoring efforts far more pervasive than many realized (direct access to audio, video, photos, e-mails, documents, etc. at major US companies and unlimited access to phone records from Verizon US customers). Such surveillance efforts can put citizens and corporations at risk if poorly executed and inefftively managed.
What is XKeyscore?
a tool that allows the collection of data on nearly everything a user does on the Internet
Why are the good guys outmatched?
Law enforcement agencies dealing with computer crime are undersourced, outnumbered, outskilled, and underfunded. Staffed with weak personnel. Govt can rarely match the pay scale offered by private industry to deal with the growing hacker threat.
What is a hacker? White hat? black hat?
someone who breaks into a computer or a paricularly clever programmer; white hat hackers are good guys sharing their knowwledge to uncover computer weaknesses without exploiting them in hopes security will be improved; black hat criminals, crackers, are computer criminals
User and Admin threats
- bad apples: dishonest employees and insiders including cleaning or security staff
- social engineering: con games that trick employees into revealing info or performing tasks that compromise a firm (impersonating, befriending, harassment/guilt/intimidation, charm, setting off false alarms, surveys)
- phishing: leverages the reputation of a trusted firm or friend to trick the victim into performing an action or revealing info (downloading malware, attaching groups, attracting with personalized writing, using social media)
- passwords: insecure password systems
- careless/uninformed user (sharing settings, no encryption, software updates turned off, etc)
zero-day exploits
Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.
what is being done to build better passwords?
biometrics, single-use passwords, multi-factor authentication, transactions only on authorized devices
Technology threats
- malware seeks to compromise a computing system without permision, targeting its OS, browsers, plugins, and scripting languages
Methods of infection for technology threats:
- viruses: infect other software or files
- worms: programs that take advantage of security vulnerability to automatically spread (unlike viruses, worms do not require an executable)
- trojans: misleads users of its true intent by disguising itself as a standard program
goals of the malware
- botnets or zombie networks: infected computers controlled remotely by a central command
- malicious adware - programs installed without user consent or knowledge to serve ads
- spyware - monitors user actions or netwrok traffic
- keylogger - records user keystrokes
- screen capture - records pixels on user’s screen
- card skimmer - captures data from a swipe card’s magnetic strip
- RAM scraping ot storage scanning software - scans computing memory for sensitive data and looking for sensitive info
- Rasomware - encrypts users files with demands that a user pay to regain contorl
