Understanding the Invisible Internet, Chase Cunningham

7/31/2019 Understanding the Invisible Internet, Chase Cunningham

http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 1/41



Define

Defend

Defeat

Questions







Social Engineering

Trickery or deception for the purpose of information

gathering, fraud, or computer system access.



Ripped from the Headlines

Stratfor to settle class action suit over hack

Reuters - Jun 27, 2012

NEW YORK (Reuters) - The global security analysis company StrategicForecasting Inc will settle a class action lawsuit brought by one of its ...

Local: Stratfor settles hacking class action lawsuit MyBroadbandStratfor settles with clients over major Anonymous hack RT

Stratfor settles class-action over Anon megahack with freebies

www.pcworld.com/.../fake_netflix_app_poses_datastealing ...

by Brennon Slattery - in 9,932 Google+ circles - More by Brennon SlatteryOct 13, 2011 – Symantec discovered the Trojan, dubbedAndroid.Fakeneflic, and assessed it as a "very low-level risk." However,placing the sneaky malware ...

Fake Netflix Android App Steals Your Data | News & Opinion ...

http://www.google.com/url?sa=t&rct=j&q=stratfor%20hack&source=newssearch&cd=1&ved=0CCsQqQIwAA&url=http://in.reuters.com/article/2012/06/28/us-stratfor-hack-lawsuit-idINBRE85R03720120628&ei=NvP6T5LGF4WP6wG_gr3KBg&usg=AFQjCNElnLC-LbOXdiAldutWSJNb6tt0kQ



http://www.google.com/url?url=http://mybroadband.co.za/news/security/53713-stratfor-settles-hacking-class-action-lawsuit.html&rct=j&sa=X&ei=NvP6T5LGF4WP6wG_gr3KBg&ved=0CC0Q-AsoADAA&q=stratfor+hack&usg=AFQjCNGrezDuujbhjEfoI8nnoiuRAlaQKQ




http://www.google.com/url?url=http://rt.com/usa/news/stratfor-clients-anonymous-hack-014/&rct=j&sa=X&ei=NvP6T5LGF4WP6wG_gr3KBg&ved=0CC4Q-AsoATAA&q=stratfor+hack&usg=AFQjCNHNbozARTA555fQ4Kwvpbzcf6NvaA




http://www.google.com/url?url=http://www.theregister.co.uk/2012/06/29/stratfor_settles_class_action_lawsuit/&rct=j&sa=X&ei=NvP6T5LGF4WP6wG_gr3KBg&ved=0CC8Q-AsoAjAA&q=stratfor+hack&usg=AFQjCNFhjc9tMjepOr8S2ErySZJTb0xpKw


http://www.pcworld.com/.../fake_netflix_app_poses_datastealing

https://profiles.google.com/101606040925310416308

http://www.google.com/search?q=Android.Fakeneflic&hl=en&sa=X&gl=us&biw=1223&bih=492&prmd=imvns&tbs=ppl_ids:--101606040925310416308-,ppl_nps:Brennon+Slattery,ppl_aut:1&ei=2_P6T4C1KeKR6wHy5Oi6Bg&ved=0CFgQnxYwAQ

http://news.google.com/news/story?hl=en&gl=us&q=stratfor+hack&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=1223&bih=492&um=1&ie=UTF-8&ncl=dnN7EeIFgACrZ7M2DTkrMfxRIS_7M&sa=X&ei=NvP6T5LGF4WP6wG_gr3KBg&ved=0CCwQqgIwAA



















Social Engineering

• Accepting LinkedIn invite with bogus HTML tag

From: "Ian Rainey" <[email protected]>

Subject: [dm] LinkedIn Notification

Date: May 14, 2012 12:42:31 PM EDT

To: [email protected]

LinkedIn

REMINDERS

Invitation notifications:

From Colton Alston (Your co-worker)

PENDING MESSAGES

There are a total of 3 messages awaiting your response. Visit your InBox now.

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to anyother LinkedIn user without your permission. ) 2010, LinkedIn Corporation.

mailto:[email protected]


http://prelude.dir.bg/addon.html















Social Engineering

• Dumpster Diving



Social Engineering

Acting like a superior on the phone



• Phishing: Acquiring information such as usernames,

passwords, SSN, accounts, by masquerading as a

trustworthy entity.

Hello Dear ,I am Miss Gloria Uzoka. A computer scientist with central bank ofNigeria. I am 26 years old, just started work with C.B.N. I cameacross your file which was marked X and your released diskpainted RED, I took time to study it and found out that you have

paid VIRTUALLY all fees and certificate but the fund has not beenrelease to you…



Spearphishing

A form of phishing targeting specific users.

Trojans

Sneak in under the network’ssecurity posture.



Malware/Exploit

Software that is written to cause harm, damage, or covert

action against a network by exploiting the algorithms and

operations of the system itself.




Shared code indicates Flame, Stuxnet creators worked together

CNET - Jun 11, 2012

Researchers at Kaspersky Lab say code is shared in the two threats and that therewas an exploit in Stuxnet that was previously unknown.

by Elinor Mills - More by Elinor Mills

In-Depth: Researchers Connect Flame to US-Israel Stuxnet Attack Wired NewsBlog: Flame cyberweapon is tied to Stuxnet program New Scientist (blog)Flame and Stuxnet teams worked together, researchers report Fox News

New Zeus Variant Targets Facebook and Google Users

PC Magazine - 4 days ago

You wouldn't click a link in email and enter your credit card details; you know better.But a new Zeus variant waits until after you've logged into ...

Zeus : How to Fight Back BankInfoSecurity.comAction Fraud warns of a Zeus malware strain that puts Facebook and ... InquirerThreatMetrix detects new strain of Zeus Trojan Computer Business Review

http://www.google.com/url?sa=t&rct=j&q=stuxnet&source=newssearch&cd=5&ved=0CEkQqQIwBA&url=http://news.cnet.com/8301-1009_3-57450292-83/shared-code-indicates-flame-stuxnet-creators-worked-together/&ei=PDf7T5PbC8LX6wHYh-DBBg&usg=AFQjCNFP22dw96AYVoSOCmnS9LdJB8Y6uA&cad=rja




http://www.google.com/search?q=stuxnet&hl=en&gl=us&tbs=ppl_ids:--114359738470992181937-,ppl_nps:Elinor+Mills,ppl_aut:1&sa=X&ei=PDf7T5PbC8LX6wHYh-DBBg&ved=0CFQQnxYwBA

http://www.google.com/url?url=http://www.wired.com/threatlevel/2012/06/flame-tied-to-stuxnet/&rct=j&sa=X&ei=PDf7T5PbC8LX6wHYh-DBBg&ved=0CEsQ-AsoADAE&q=stuxnet&usg=AFQjCNE5b5ZYNnF-ejJOuZSEjmyPLcMVtw



http://www.google.com/url?url=http://www.newscientist.com/blogs/onepercent/2012/06/flame-stuxnet-share-code.html&rct=j&sa=X&ei=PDf7T5PbC8LX6wHYh-DBBg&ved=0CEwQ-AsoATAE&q=stuxnet&usg=AFQjCNHFwGn3F2wuUXSpErz3dm71e2ZS2w



http://www.google.com/url?url=http://www.foxnews.com/scitech/2012/06/11/flame-and-stuxnet-teams-worked-together-researchers-report/&rct=j&sa=X&ei=PDf7T5PbC8LX6wHYh-DBBg&ved=0CE0Q-AsoAjAE&q=stuxnet&usg=AFQjCNFUeKtu789Zt1pKLTLIORc_kiQcmw



http://securitywatch.pcmag.com/none/299945-new-zeus-variant-targets-facebook-and-google-users



http://www.google.com/url?url=http://www.bankinfosecurity.com/interviews/zeus-how-to-fight-back-i-1592&rct=j&sa=X&ei=ozf7T4SnCcqT6wGpofH4Bg&sqi=2&ved=0CDMQ-AsoADAB&q=zeus&usg=AFQjCNHgwSQNitKKhuS-3dY_5Zo1Rg2oMg


http://www.google.com/url?url=http://www.theinquirer.net/inquirer/news/2189300/action-fraud-warns-zeus-malware-strain-facebook-gmail-users-risk&rct=j&sa=X&ei=ozf7T4SnCcqT6wGpofH4Bg&sqi=2&ved=0CDQQ-AsoATAB&q=zeus&usg=AFQjCNEDa_TXOIHCTKAHo-OMO4RBWohmeg




http://www.google.com/url?url=http://security.cbronline.com/news/threatmetrix-detects-new-strain-of-zeus-trojan-050712&rct=j&sa=X&ei=ozf7T4SnCcqT6wGpofH4Bg&sqi=2&ved=0CDUQ-AsoAjAB&q=zeus&usg=AFQjCNGBXHZLDn_3L12F6eLDMXqf0Gf6mQ





















http://www.google.com/search?q=stuxnet&hl=en&gl=us&tbs=ppl_ids:--114359738470992181937-,ppl_nps:Elinor+Mills,ppl_aut:1&sa=X&ei=PDf7T5PbC8LX6wHYh-DBBg&ved=0CFQQnxYwBA





Zero-day: An exploit for a vulnerability for which there is no remedy

either due to its new discovery of lack of industry understanding.



By definition there is no known defense against a Zero-day. Live infear!

Zero-day



Worm: Program designed to replicate and “crawl” through

the network.



Malware/Exploit

DNS Cache Poisoning: Changing a server’s Domain Name System (DNS)

settings which leads to an exploited page or compromise.



Botnet: Group of host computers used as zombies to accomplish

any action.



Insider or Hidden Threat

Anyone who has or had authorized access to an organization’s

network or data and intentionally exceeded or misused that access

in a manner that negatively affected the confidentiality, integrity, or

availability of the organization’s information or systems.




Philip Cummings was ahelp desk staffer at TeleDataCommunication, Inc. (TCI),

1999 to 2000. 30,000 identities stolen

At least $2.7-million loss

(FBI data) Cummings sentenced to 14 years in prison and

$1-million fine

Biggest identity theft in US history



Internal spy sending out company secrets to competitors,

nation states, criminals.

Former employees hacking and selling information.

Hactivism.

Good employees making errors.



Defending Against

Cyber Threats



Defend

Firewalls – a device (hardware or software) that blocks connections

per a set

Firewall: A device or software that blocks internet

connections based on a set of rules.



Darknet: Routed, allocated IP space in which no active

services or servers reside.

Defend



Honey Pot: A system or data that appears to be part of a network, but is

isolated and monitored. Often appears to contain information or a

resource of value to attackers.

Defend



Access Control: Allowing or denying modification of

items based on a set of rules.

External Security: Anything else used to defend or

protect the network via outside agents.

Defend



Defeating Cyber Threats



1. Identify activity outside baseline norms

2. Isolate the action/program

3. Quarantine

4. Remove & Destroy (Hack Back…?)

5. Research the intrusion and its origin. Where the traffic was being

directed?

6. Set up future defense

7. Train users or victims (if applicable)

Defeat



I JUST PLAY ONE ON TV

I’M NOT A REPORTER



Who was targeted? Specific person or user targeted? Why?

What allowed the malicious action to succeed? What did they do about it?

When was the malicious activity first noticed? How long was it in place

before that point?

Did the activity progress?

Are they sure they totally fixed it?





If the attack is the result of social engineering….

How did they lure the victim that resulted in the attack?

(malware, url, attachment, emails, etc..)

Who was targeted? Why?



If the attack is the result of malware….

What is the type of malware used?

Is it a known type of malware? What’s the MD5 or hash associated withit? Is it noted in the National Vulnerability Database or by the hacker

community?

Can it be typed to a specific actor or group?

Where was the system calling out to once exploited? Who was answering?



If the attack is the result of an insider threat…

What was the actors background, position in the company, etc..?

Was the attack sophisticated or simple?

Was it noted internally or were they notified from an external source?

What are the legal ramifications?

Any outside parties affiliated with the malicious behavior?





Espionage anyone?

Look Familiar?



IP Theft, Global Impact



The Black Death



25 million infected by Black Death

20 million infected by Spanish flu



22 million computers infected with top three most popular exploit kits

3 Internet devices on earth for each human

“Internet of things”

See where this is going?



CHASE CUNNINGHAM

CHIEF OF CYBER ANALYTICS

DECISIVE ANALYTICS CORPORATION

(703) 682-0620

[email protected]

Understanding the Invisible Internet

Cyber Threats Simplified

Date post:	05-Apr-2018
Category:	Documents
Upload:	national-press-foundation
View:	215 times
Download:	0 times

Understanding the Invisible Internet, Chase Cunningham

Documents