ch08 Internetthreats

(1)

Internet

Threats

(2)

Topics Overview

•

Internet Threats

(3)

Internet Threats

Cyber-bullying is "when the Internet, cell phones or other devices are used to send or post text or images intended to hurt or embarrass another person.“

- National Crime Prevention Council, US

Cyber-bullying

What Cyber-bullies do …….?

• Disclose victim's personal data

(4)

Internet Threats

(5)

Internet Threats

It has been defined as the use of information and communications technology, particularly the Internet, by an individual or group of individuals, to harass another individual, group of individuals, or organization.

Cyberstalking

What Cyberstalkers do …….?

 False accusations

 _{Attempts to gather information about the victim}  Transmission of Threats

 Encouraging others to harass the victim, False victimization

 _{The solicitation of minors for sexual purposes}  Attacks on data and equipment

 _{Ordering goods and services}  Identity Theft

Cyberstalkers find their victims from …….?

(6)

Internet Threats

Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity through an electronic communication, especially e-mails.

Phishers’ Major Techniques:

 _{Man-in-the-middle Attacks}  _{URL Attacks}

 _{Cross-site Scripting Attacks}  _{Observing Customer Data}

(7)

Internet Threats

(8)

Internet Threats

 URL Attacks

Bad Domain Names

Using URL obfuscation techniques, the attacker tricks the customer into connecting to their proxy server instead of the real server.

For example, the customer may follow a link to http://www.my-bank.com instead of

(9)

Internet Threats

Phishers’ Major Techniques:

 Cross-site Scripting Attacks

Cross-site scripting attacks make use of custom URL or code injection into a valid web-based application URL or imbedded data field. These techniques are the result of poor web-application development processes.

Typical formats for CSS injection into valid URL’s include: Full HTML substitution:

http://mybank.com/ebanking?URL=http://evilsite.com/phishing/fakepage.htm

Inline embedding of scripting content:

http://mybank.com/ebanking?page=1&client=<SCRIPT>evilcode...

Forcing the page to load external scripting code:

(10)

Internet Threats

(11)

Internet Threats

 Observing Customer Data

Key-loggers and Screen-grabbers can be used to observe confidential customer data as it is entered into a web-based application.

 Client-side Vulnerability Exploitation

(12)

Internet Threats

A real-life Phishing Example:

Subject: Westpac official notice Westpac

AustraIia's First Bank

Dear cIient of the Westpac Bank,

The recent cases of fraudulent use of clients accounts forced the Technical services of the bank to update the software. We regret to acknowledge, that some data on users accounts could be lost. The administration kindly asks you to follow the reference given below and to sign in to your online banking account:

https://oIb.westpac.com.au/ib/defauIt.asp

We are gratefuI for your cooperation.

(13)

Internet Threats

A real-life Phishing Example:

(14)

How to Detect a Phishing

Email?

•

Urgently asking for action (usually in threat of

consequences)

–

Actions could include changing your password or

providing financial information.

•

The email usually does not include any

personal information related to you

–

The email does not address you by name or does

(15)

How to Detect a Phishing

Email? (cont’d)

•

The email contains a form that asks for financial

information (e.g. credit card number) or login

credentials.

•

The email asks you to click on a link included in the

email.

– _{The link is either different than the text shown or does not}

seem to lead to the organization’s website

•

The email contains poor language

– _{spelling or grammar mistakes}

(16)

Internet Threats

Webspam

Webspam is the term for webpages that are designed by webmasters to trick search engines and draw users to their websites.

Why do Spammers Create Spam Pages ?

 To make money

 To change search engine rankings

 To do harm to users’ computers with sneaky downloads

How do Spammers Create Spam Pages ?

 Hidden text and hidden links

 Keyword stuffing

 Sneaky redirects

(17)

Internet Threats

E-mail spoofing

E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source.

E-mail spoofing is a technique commonly used for spam e-mail and

phishing to hide the origin of an e-mail message.

The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses, valid messages from legitimate sources could fall into this category.

(18)

Internet Threats

(19)

Internet Threats

Denial-of-Service (DoS) attack

A of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

How to block a "denial of service" attack?

(20)

Internet Threats

Chain letters – a problem

 Mask viruses or other malicious activity

Although they seem harmless, may have negative impact if you forward them:

Consume bandwidth/space within the recipient's inbox.

Force people to waste time sifting through the messages and possibly taking time to verify the information.

You are spreading hype and, often, unnecessary fear and paranoia.

Some types of chain letters

Hoaxes: Attempt to trick or defraud users, could be malicious, instructing users to delete an important file by claiming it is a virus. It could also be a scam that convinces users to send money or personal information.

Designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information, also promise users monetary rewards for forwarding the message. Urban legends usually have no negative effect aside from wasted bandwidth and time.

(21)

Hoa x M

(22)

Internet Threats

Internet Enemies

A virus is a self-replicating and self-executable malicious software. It spreads being attached to other files (documents with the ability to contain macros, images, movies, music, almost anything which could be executed or run by a user or another software).

Computer Virus

Worms

Computer worms are similar to viruses (they are also self-replicating), but while viruses are attached to another software, worms can function separately. Worms can delete files on your computer, send files via e-mails, even to spread across the Internet.

Trojan horse (Trojan)

(23)

(24)

Internet Threats

Internet Enemies (contd.)

This is a special kind of software, which once installed, is totally hidden on your computer. One of its most dangerous activity is that it leaves a 'backdoor' on the target system, and can gain control over it without the needed privileges. It can also hide keyloggers which can send data about what you type in on your computer.

Rootkit

They collect personal data from your computer and send it to a company who analyses it to gain precious information for their business.

(25)

Sp

yw

are

Sp

yw

(26)

Internet Threats

Defense Mechanisms

A firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network or the Internet.

What type of firewall is best?

 Hardware: Router

(27)

Internet Threats

Defense Mechanisms

Use Anti-Virus Software

Anti-virus software is designed to protect

you and your computer against known

viruses. But with new viruses emerging

daily, anti-virus programs need to be

updated regularly.

(28)

Internet Threats

Defense Mechanisms

Attacker E-mail

Victim [Shortest & Easiest Route]

 Don't give your email address out arbitrarily.

 Don't follow links in spam messages.

 Do not open email from unknown sources.

 Consider opening an additional email account.

 Use caution when opening/downloading attachments.

 Password………?

 Don't spam other people.

(29)

Internet Threats

Defense Mechanisms

Secure Your Web Browser

(30)

Internet Threats

Defense Mechanisms

Digital Signature

Authentication

Authentication is the process of verifying that information is coming from a trusted source. Methods: Passwords, Checksum, CRC etc.

Encryption

Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. A digital signature is basically a way to ensure that an

(31)

Internet Threats

Defensce Mechanisms

Digital Certificate

Certificate Authority (CA)

A certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party..Some CAs include :

A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust.

VeriSign, Inc.,

Mountain View, California

Comodo Group, Inc. Washington, USA

WebTrust

(32)

(33)

Internet Threats

Defense Mechanisms

Debunking Some Common Myths



Anti-virus software and firewalls are 100% effective.



Software is installed on your computer, you do not

have to worry about it anymore.



There is nothing important on your machine, so you

do not need to protect it.



Attackers only target people with money.



When computers slow down, it means that they are

(34)

Internet Threats

Defense Mechanisms

Internet Surfing in Cybercafé:

 You never know what kind of malicious program or person is lurking in the next public computer you are going to use.

So ………….. WHAT TO DO????

 Lets not leave any evidence of your work in public computer/cybercafé.

(35)

Internet Threats

Defense Mechanisms

 Use Process Explorer to see attackers attempt.

 Use portable version of web browser.

 Bypass key loggers

 Securely erase your data.

 Use portable anti-virus.

https://oIb.westpac.com.au/ib/defauIt.asp