Summary of the State of Security Spring Conference... · Federal Information Security Modernization...

©2012 CliftonLarsonAllen LLP 1 1 1 1

©20

12 C

lifto

nLa

rso

nA

llen

LLP

Summary of the State of Security

Tram Jewett, CISA

CliftonLarsonAllen LLP

Virginia GFOA Annual Spring Conference, 2016

©2012 CliftonLarsonAllen LLP 2

Summary of the State of Security

Tram Jewett, MS., CISA,

11 years IT audit and Cyber Security in the Federal and State government

• Pension

• Transportation

• Education

• Housing


What We Will Cover?

• Federal Information Security Modernization Act (FISMA) of 2014

• Cybersecurity Act of 2015

• Breaches

• Ransomware

• Other tools

• How to protect your self

• Cloud Computing

• IoT


Federal Information Security Modernization Act (FISMA) of 2014

• DHS to administer the FISMA

• DHS can issue “binding operational directives”

• OMB retains policy/procedure;

• Modifies reporting to Congress to be less policy, more threat and incident-oriented

• Focus on detecting, reporting and responding to security incidents

• Requires OMB to revise Circular A-130 to eliminate “wasteful/inefficient” reporting requirements


Cybersecurity Act of 2015

• Effective until September 30, 2025

• Voluntary sharing of cyber threat information

• Permits , Authorizations for Preventing, Detecting, Analyzing, and Mitigating Cybersecurity Threats

• Allows networks operators:

– Monitor

– Operate defensive measures

– Share information with others


Why were these Laws necessary?

JAN -- Xoom $31 million business email compromise

FEB -- Deep Panda Likely cause of breach with 80 million victims

MAR -- Premera Data breach affecting 11 million people

APR -- Great Cannon DDoS attacks on GitHub, GreatFire

MAY -- Healthcare Data breaches cause problems for insurance providers

JUN -- OPM breach 21 million victims


Why were these Laws necessary? cont

JUL -- Ashley Madison 100 GB of stolen data in high-profile compromise

AUG -- Ubiquity $47 million business email compromise

SEP -- Blue Termite Chinese cyber-espionage attack on Japanese companies

OCT -- Experion Breach affects 15 million customers

NOV -- Dridex Banking malwares shows up again

DEC -- BlackEnergy Malware causes power outages in Ukraine.


Who performs the Breaches?

Hackers: – They are not individual working alone – They are well funded Professionals – Foreign governments and organizations

(Chinese and ISIL)

Motivation Behind These Attacks

– Financial – Political – Espionage


What are the Hacker’s Tools?

Ransomware is a serious security threat that has data-kidnapping capabilities.

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.


How do you catch Ransomware?

• Viewing compromised websites

• Clicking on a Phishing email

• Other malware


How do you catch Ransomware? cont


How Ransomware Works

• Locks your screen.

• Call home to get encryption keys.

• Encrypting every file, both on the local device and on your network.


How Ransomware Works cont


Ransomware Note

Ransomware demands you to send money in Bitcoin.


Ransomware Note cont

• “Your computer has been infected with a virus. Click here to resolve the issue.”

• “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”

• “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

• Source: https://www.us-cert.gov/ncas/alerts/TA16-091A


CryptoLocker ransom demand


Jigsaw ransomware demand


Jigsaw ransomware demand cont


Ransomware Payment

After the attacker receive the Bitcoins and turns into Dollars, he may send you the key to decrypt your files.


Effect of Ransomware

• Ransomware infections can lead to:

– loss of your information,

– Disruption your operations,

– financial losses incurred to restore systems and files, and

– potential harm to an organization’s reputation.


Effect of Ransomware cont

• Paying the ransom does not guarantee the encrypted files will be released;

• In addition, decrypting files does not mean the malware infection itself has been removed.


Ransomware in the news

• Hollywood Presbyterian Medical Center

• MedStar Health in the Washington, D.C. area

• Methodist Hospital in Henderson, KY

• Chino Valley Medical Center in Chino, CA

• Desert Valley Hospital in Victorville, CA


Popularity of Ransomware

• Ransomware exists because it is:

– Profitable

– Low-budget

– Low stakes

– Does not require much skill to pull off


Ransomware Preventative Measures

• Data backup and recovery plan for all critical information.

• Use application whitelisting

• Keep your operating system and software up-to-date with the latest patches.

• Maintain up-to-date anti-virus software


Ransomware Preventative Measures cont

• Restrict users’ ability (permissions) to install and run their own software.

• Principle of “Least Privilege” to all systems and services.

• Avoid enabling macros from email attachments.


Ransomware Preventative Measures cont

• Train users:

– How to safely handle email attachments, see Recognizing and Avoiding Email Scams (https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf).

– Do not follow unsolicited Web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks (https://www.us-cert.gov/ncas/tips/ST04-014) for more information.

– Follow safe practices when browsing the Web. See Good Security Habits (https://www.us-cert.gov/ncas/tips/ST04-003) and Safeguarding Your Data (https://www.us-cert.gov/ncas/tips/ST06-008) for additional details.

https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf



https://www.us-cert.gov/ncas/tips/ST04-014






Other Hacker’s tool

Root kit

• The Dark Web is like a candy store for hackers

• Exploits vulnerabilities for:

– Microsoft – 2002 servers…

– Oracle …

– Adobe …

– Java ….


Other Hacker’s tool cont


Things you can do to prevent on getting Hacked

• No passwords or blank passwords

• Username is the same as the password

• The username or the username concatenated with itself

• Passwords such as “password,”“passcode,” “admin”

• Service or vendor accounts (backups)

• Built your servers securely from the start


Cloud Computing

– Data Breaches

– Compromised credentials and broken authentication

– Hacked interfaces and APIs

– Exploited system vulnerabilities

– Account hijacking

– Malicious insiders

– APT parasite

– Permanent data loss

– Inadequate diligence

– Cloud service abuses

– DoS attacks

– Shared technology, shared dangers

Cloud Security Alliance (CSA) Treacherous 12


2015 IoT Vulnerabilities


2015 IoT Vulnerabilities cont












Questions?

Date post:	07-Aug-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

Summary of the State of Security Spring Conference... · Federal Information Security Modernization...

Documents