cyber security awareness cyber threats and information

This training was written by the Israel National Cyber Directorate for the benefit of the public and serves as a recommendation to all organizations in the Israeli economy. The training is provided to employees in all types of employment, and can be used freely to improve cyber resilience. The defense recommendations will be updated from time to time. It is recommended that a professional factor in the organization (Information Security Managers / CISO, CIOs, Human Resources, Organizational Managers, Organization Training Personnel) deliver the presentation to employees, according to the organization's needs. The tutorial includes a presentation and a handbook, written in male language for convenience only. All rights reserved to the INCD. Any reference to the presentation can be emailed to: [email protected].

Cyber Security Awareness

Cyber Threats andInformation Security

Cyber Threats and Information Security - Employee Training

Recognize and understand organizational and personalcyber threats

Learn basic tools and recommendations to help reducecyber threats due to personal and organizationalcyberspace activity

Knowledge of the professional factor who can becontacted and/or report to in an emergency event

Purpose of Training

2


Content

3

Employees responsibility in the organization What is a Cyber Attack? Cyber Space Threat Actors

How does organization intrusion occurs? Stages of Cyber Attack Types of Malwares

Cyber attack methods Social Engineering Types of Phishing Examples of Phishing Ransomware

Defense Recommendations Tips of a Phishing Email Passwords 2 Factor/Multi Factor Authentication Protecting Office Devices Protecting Devices

while working outside the office

Protecting Personal Devices Using External Storage Devices Protecting Emails Safe Internet Social Networks Report an unusual event


Any employee in the organization can be, usually without his knowledge, a target or a "gateway" to a cyber attack.

Therefore, it is important to understand the meanings anddangers in these threats and to protect information assets inthe personal and organizational aspects. Extreme caution andprocedures needs to be followed to prevent cyber attacks.

Employees responsibility in the organization

4


Cause Damage

What is a Cyber Attack?

פיננסי Data/Financial

Theft

Influence and consciousness

Information collection and theft

5

To gain control without permission

on an information system


RivalsState Powers

Foreign NationsWarfare

EspionageEconomic or Ideological

interestBusiness competitor

Crime & terrorist organizations

HackersHacktivists

Insider Threat(inadvertently/accidentally)

6

Cyber Space Threat Actors

EmployeeAuthorized employee

Service ProviderHuman mistakes

Built-in weaknesses (software / hardware /

firmware)


How does organization intrusion occurs?

End stationMeans of computing or any device connected to

the corporate network, through which the employee accesses software, applications, organizational

information resources and processes.

The human factorPersonal conduct of the human factor, that is, the employee, can be the weak link when it

comes to protecting computerized information and systems in the organization.

Most often, cyber attack will be performed on a network end station through poor personal conduct (click on a link, downloading files, inserting DoK, etc.)

7


Stages of Cyber Attack

Exploration - maintaining access by downloading attack tools on end point,

which then will lead to lateral movement to other end points.

Data exfiltration - Using the attack tools to gain deep access to the

organizations network

Cyber Attack – take over the organizations network, causing damage (Data

theft, attacking systems, business continuity etc.) . Sometimes attempt to

cover\clear tracks.

Intrusion and enumeration - access the network\end station, which is

often achieved through phishing

Reconnaissance - Information gathering about the organization and employees

Not every cyber attack works according to these steps. Attacker can choose stages based on the purpose of the attack, time and resources available to him.

8


Spyware - collects information about a person or organization - without their

knowledge

Most cyber attacks are conducted by MALWARES (malicious software) – to perform illegitimateactions on private or organizational network (disrupt computer operations, gather sensitive data,penetrate & gain access to computer systems etc.) - usually without the user's knowledge.

Trojan - creates a back door to the organization's network in order to leak

information outside the organization.

Virus - software that penetrates the computer covertly and uses computer's

resources while copying and distributing itself

Worm - Similar to a virus but spreads independently on internal networks or

the Internet

9

Types of Malwares

Cyber attack methods


Social Engineering

The attacker manipulates the victim by contacting

him as a legitimate and trustworthy factor (usually

from a recognized or authorized authority).

The referral will usually contain an

urgent\tempting request\payment causing the

victim to respond hastily and take some action).

By doing so, the attacker actually bypasses all

security mechanisms.

11


Phishing attacks are not always easy to identify. Anyone can easily fall victim and accidently,click on a link or open an attachment. If you were tempted, don’t be afraid or embarrassed –its crucial to report immediately the authorized person in your organization, to minimizepossible damages.

Types of PhishingPhishing

Appealing to a large number of

people (similar to casting a fishing

net), usually with the aim to reveal

sensitive information.

Spear Phishing

Send a targeted message

to a specific person or group.

Smishing

Using text messages (SMS,

WhatsApp, etc.) that contain

a link or a malicious

attachment.

Whale Phishing

sophisticated fraud,

targeting famous or senior

factors in organizations.

Voice Phishing

Scam made by phone call,

the attacker pretends to

be a legitimate cause.

12


Appealing to a large number of people (like casting of a fishing net), usually to reveal sensitive information.

Sending a targeted message to a specific person or group.

A fraud made by telephone call, in which the attacker pretends to be a legitimate factor.

Using text messages (SMS, WhatsApp,

etc.) that contain a link or a maliciousattachment.

Targeted, and often sophisticated fraud on famous or significant factor in organizations.

Creating fake webpage for targeting specific keywords and wait for the searcher to land on the fake webpage.

Phishing

Spear Phishing

Smishing - SMS/Text Phishing

Search Engine PhishingVoice Phishing

Whale Phishing

Types of Phishing 12אפשרות שניה לשקף


Examples of Phishing

14


Ransomware

15

The attacker sends a tempting phishing message with the purpose of causing the victim to click on a link or open an attachment

The victim will open the attachment or click on the link, causing the malware to override all defense systems

The ransomware encrypts all files on the computer and sends a ransom request for payment in digital currency (such as Bitcoin)

The ransomware activates a worm, which spreads itself through the network

1

4

3

2

Ransom payment will not necessarily lead the attacker to release the encryption.

•Educate users how ransomware works

•Countermeasures to effectively prevent

infection

•Help ransomware victims retrieve their

encrypted data without having to pay

the criminalshttps://www.nomoreransom.org/

https://www.nomoreransom.org/

https://www.nomoreransom.org/en/index.html

https://www.nomoreransom.org/en/index.html

Basic Defense Recommendations

17

Social Engineering

Phishing

Passwords

2FA\MFADevice Protection

Personal device protectionDetachable mediaE-mail

InternetSocial networksReport an event

Defense Recommendation


18

ישראל ישראלי

Bank Shalom <[email protected]>

קבצים לבקשתך. pdf

Tips of a Phishing Email

1.Notice the senders address, usually an official organization will send an e-mail from an official address, not from Gmail.

2.Before you click, hover the mouse pointer over the link to reveal its true destination.

3.“Dear Customer” – this is not a personal inquiry, customers first name is not used.

4.Examine the email and pay attention to poor wording / spelling mistakes.

5.The phone number looks suspicious and not real.

6.Date format is incorrect.

7.Is the senders name familiar? Did you discuss this before?

8.Always be suspicious of attachments. Open only attachments that come from the source or e-mail from someone expected. If you are unsure - contact the sender through other means of communication (check website, telephone, etc.).

Sometimes even one identification mark is enough to prevent a phishing attack!


Passwords

Choose a long phrase password (passphrase) that includes upper & lower case letters, digits, and special characters (! # $ @)

19

Avoid common passwords, or based on your visible information (birth date, child / pet name, etc.)

Create different accounts: personal and work Choose different passwords for every account you have.

Keep your passwords safe and away from your device. We recommend to memorize or encrypt your password.

Never reveal a password to anyone! Not even a service provider or any factor in your organization.

Set up two factor / multi-factor authentication on every account that allows it.

If you suspect your password was exposed, change it immediately!

Recommendation: use a password manager, it stores all PW in a "Vault", with only one password to remember.(master PW should be long, complex with 2FA)


Adding another layer of protection to prevent fraud, account or identity theft.

Identification process consists of two steps:

2 Factor/Multi Factor Authentication

Something you have – Phone,

Smart card, USB token, RFID, PC

Something you are – Fingerprint, Face recognition , Iris

Something you know – password, PIN, verification question

Multi-factor Authentication (MFA) requires the use of two or more factors

20

1. IdentificationClaiming identity (username, mobile no., ID, email, etc.).

2. AuthenticationBacking up identity by using two of the following factors:

Set up 2FA/MFA onevery application &account that allows it!


Protecting Office Devices

21

Always lock your devices with a strongpassword, PIN, pattern lock, biometric means.

Make sure your computer and mobile deviceshave regular and often backups. In addition,save backups often on offline means(HardDisk/Cloud).

Make sure that you have an automatic updatefor your operating system, software, andbrowser.

Avoid connecting external devices fromunknown sources. Use only your own fixeddevice, which is approved and provided by yourorganization.

Most organizations update & backup endpoints, butnot necessarily private/mobile devices. Therefore, werecommend that you set updates & backups on allyour devices.

When leaving the office or at the end of the workday, remember to logout from your digital accounts and lock your computer (Ctrl + Alt + Delete - Lock)


Findיישוםאתלעדכןמומלץ my phoneהמאפשרנתוניםמחיקתלבצעואףנפרץ/נגנב/שאבדמכשירלאתר.מרחוק

22

Protecting Devices - while working outside the office

Never leave your device unattended!

Lock all your devices using password / PIN /pattern lock / biometric means. Set yourdevice to lock automatically (after not it using forX minutes).

Backup all your devices and its data. In case of theft\loss\hacking – you can recover its data. Back up on Removable Drive or cloud (encrypted and 2FA).

When working in a public place, make sure to hide the screen from foreigners / bystanders.

Recommendation – download Find My Phoneapp to track lost/stolen/breached device, even toerase data remotely.

Avoid connecting external devices from unknown sources. Use only your own fixed device, which is approved and provided by your organization. Prefer receiving files by email.

Avoid connecting a public / free Wi-Fi network. Prefer to connect from a secure network or mobile device (personal access point / hotspot).

Outside the office, avoid working on filescontaining confidential / sensitive businessinformation.


Findיישוםאתלעדכןמומלץ my phoneהמאפשרנתוניםמחיקתלבצעואףנפרץ/נגנב/שאבדמכשירלאתר.מרחוק

23

Protecting Personal Devices

Lock all your devices using password / PIN /pattern lock / biometric means. Set 2FA onevery account/App which allows it!

Set automatic updates on all software/Apps.Download systems update as soon as theyare published.

Backup all your devices and its data. In case of theft\loss\breach – you can recover its data. Back up on Removable Drive or cloud (encrypted and 2FA).

Once in a while check the App Permissions you approved (location, camera, microphone etc.) remove what is unnecessary.

When handing your device to a laboratory repairdevice, make sure you logout from all accounts(use authorized laboratory services).

Download Find My Phone app to track lost / stolen / breached device, even to erase data remotely. Cover your camera when not in use. You can place a sticker/cover on it.

Download\set updated Anti-Virus and Firewall on all devices. On computers, activate windows defender.

Avoid downloads from unknowns sources orlinks. Download only from authorized stores.

Often we use our private devices to read corporate email or make calls andcorrespondence in various media on work-related issues. By doing so, we may become a target on personal or organizational level.


Usage of external storage devices can allow an attacker to access devicesdata, and even use the computer as a potential "gateway" into theorganization. Avoid connecting external devices (CD, DoK, USB devices,mobile phones) from unknown sources. Use external storage devices:

After examinationor whitening*

process (if available)

Only if necessary and with permission

of an authorized factorin the organization

24

Using External Storage Devices

From a reliable orpermanent

external media

Before inserting external media into the corporate network, contact the organization’s authorized factor for examination and approval .Request files to be emailed to you in order to have sort of organization filtration.

*Whitening station – scanning and filtering files from malware and Zero-Day threats.


When using private mobile to readcorporate emails, set a login password onyour device. Also, set 2FA on your emailaccount.

Notice the origin of the sender's address, maybe this is an impersonation?For example: paypal.com or paypa1.com

Avoid sending corporate or sensitive information to an out-of-network email box.If necessary, use email encryption solutions.

Do not forward / send usernames andpasswords by e-mail or on by any publicchannels.

If you already clicked on the link / attachment you received – don’t delete the message so that it can be investigated. Report immediately to the organization’s IT / security manager.

Check a suspicious link, by placing the mouse cursor on it and examine the web address. OR copy and paste it into the web browser bar - before pressing Enter, examine it for suspicious signs

Its important to have two separateaccounts: Personal and organizational.

25

Don’t click on links or open suspiciousattachments from an unknown oreven a known source

Be suspicious of emails that require animmediate\urgent action. If necessary, contact the sender through alternative means(such as a phone call).

When sending an Attachment email,make sure the attachment is indeedwhat you intended to send.

When mailing to a widespread mailing list, prefer to add all recipients in a hidden copy (BCC).

Protecting Emails


Check if the website name matches the its content and whether the website extension is strange / suspicious.

If the site does not include "Contact Us" / “About us" / "Contact Us" / Privacy Policy / "Policies" this is a suspicious sign.

Note that the URL starts with https (s is for Secure), and aclosed lock icon appears next to it, which signifies that it isa secure site (sometimes, despite the existence of the lock -the site is not necessarily secure).

In any case of concern or suspicion - Avoid entering personal or credit card information on the website.

Notice whether the site is: unprofessionally designed, contains misspellings or poor linguistic wording, contains too many links, or is characterized by multiple advertisements.

26

Safe Internet


Social Networks

Examine the security settings of the different apps and:Set a strong password and 2-facor / multi-factor authenticationSet up receiving unrecognized / unauthorized login alertsSet up 3-5 trusted contacts through which you can recover an accountwhen you are locked out.

Be careful and beware before clicking on suspicios links or attachments

Beware of impostor/fake profiles and be suspicious when acceptingfriends requests.

Review the privacy policy in your various accounts and pay attention towhat personal or professional information you disclose and to whom.Could the information be sensitive in a personal or organizationalaspect?Be suspicious and reduce – as possible - the information you reveal.

27


Report an unusual eventWhen there is a certain or even suspected information security breach

In case of suspected cyber event or

uncertainty, it is important to

immediately report to the organization responsible factor!

When there is an identification or suspicion of an operational malfunction, which could cause information security breaches

When there is identification or suspicion of a suspicious action by a colleague or opponent

When an organization computer / end-point or personal mobile which can be used to enter the corporate email – are stolen.

The presence of a suspected or unauthorized party in the organization's premises

28

For more information, Visit the INCD website at:

www.cyber.gov.il

Or call us: 119

http://www.cyber.gov.il/

cyber security awareness cyber threats and information

Documents