you think you are safe online. are you?
DESCRIPTION
Do you think your home-based enterprise is too small to attract attention of hackers and cyber criminals? A hacker would be sitting behind you and follow your password over your shoulder as you are using a public Wi-Fi at Starbucks! Did you know that a pacemaker could be hacked to get personal and medical information to exploit against you for vandalism or monetary gain? The more you are unsuspecting and off-the-guard, the more you are prone to fall prey to devious schemes of cyber attacks. That’s why we created this presentation to present you everything you need to know to detect signs of cyber attacks including - all possible risks of cyber attacks - what’s your chances of getting hit by a hacker, - who is targeting you - What hackers can do? - what type of information they are trying to steal - Are you an Instagram addict? Get to know how your favorite social networking sites and other web-based services are exposing you to hackers - Different types of cyber attacks - Different types of baits, techniques and tools used by hackers - How each type of cyber attacks works - Do you know group of password crackers are at work in cracking your netbanking password? Check out if your password is strong and hard to crack - What tools are they using to crack your password? - How to verify all those banking email communications are NOT FROM YOUR BANK, but cyber attackers? Look out for these signs to distinguish between a phishing and a genuine email message. - Are you choosing the right browser? Is your browser a staple target of hackers – here is how to choose the right browser before you get online - Is your router doubling as a gateway for hackers to pass your information? Here is how to spot and prevent cyber attacks carried out through the router - How to identify if you are opening a genuine or fake website? Here is how you can safeguard yourself before revealing your personal or financial data on a genuine-looking fake website. And many more scary facts and trends of cyber attacks covered in this presentation which can be a small handy 101 guide to keep you alert and safe online. In addition to the information and tips, we have a powerful and really effective tool to help you dodge and combat against hackers as you use Internet. If you needed an active watchdog to monitor, block and guard you from all types of online malicious activities in the background, then you cannot possibly give this a miss to find the best online safety partner for you. Surf through the slides to find out everything you need to know and never thought you actually need… and let us know what you think. We are waiting!TRANSCRIPT
©2014 iYogi Limited. All Rights Reserved.
Presented By:
You Think You Are Safe online.
Are You?
Do you think hackers can?
Well yes, they can do all these. A lot more, actually... Let’s find out.
Transform a mobile device into an audio bug?
Turn Dropbox into a backdoor gateway to a network?
Convert a phone into a spy sensor?
Extract details from a pacemaker?
Install surveillance tools unbeknown to you?
©2014 iYogi Limited. All Rights Reserved.
The attacker can be your Which type of cyber attacks spooks market the most?
next door nerdy neighbor
a suave, introvert colleague
a geeky guy at the gym
that local computer repair shop
engineer
Prying Eyes You Never Noticed!
©2014 iYogi Limited. All Rights Reserved.
Common Cyber Attack Methods
Attack TechniquesJuly 2014
©2014 iYogi Limited. All Rights Reserved.
The more connected you are, the likelier you are to be their target. So, who’s their target?
You Are On Their Hitlist!
High-security locks of homes
Cloud computing services
Social media Smartphone and mobile devices
Smart devices
Power plants Your pacemaker(oh, yes!)
Your car Your geo-location Bring-your-own-devices (BYOD)
©2014 iYogi Limited. All Rights Reserved.
Types Of Cyber Attacks(you should be afraid of!)
Trojan attack
Impersonation
Phishing
Spoofing
DDoS attacks
DNS Poisoning
Password Cracking
©2014 iYogi Limited. All Rights Reserved.
Trojan Attack – How It Works?
Attackers hide Trojan program inside chat messages.
The hacker monitors and controls your PC and steal data.
The Trojan gets installed on your PC.
It takes control of your PC.
It removes, moves, extracts data and execute a file.
Every time you are online, Trojan notifies the hacker.
1
2
3
4
5
6
1. Download file
3. Malicious network
connection to command and control center
End user Machine
2. File get executed in workstation
2. File get executed in a similar environment inside sandbox
File System
Registry & Processes
Customized Virtual Machine
©2014 iYogi Limited. All Rights Reserved.
Impersonation – How It Works?
Hackers follow you on Instant Messengers.
They access your account details.
They steal your user names and passwords.
They impersonate the retrieved data
Interact with your contacts without your knowledge.
1
2
3
4
5
Thus, your IM account gets exposed to identity thefts.
Victim
Attacker
Internet Connection
How Impersonation works?
©2014 iYogi Limited. All Rights Reserved.
Phishing – How It Works?
Hackers divert you to a fake charitable websites
The hacker monitors and controls your PC and steal data
A Trojan is installed on your PC.
It takes control of your PC
It removes, moves, extracts data and execute a file.
Every time you are online, Trojan notifies the hacker.
1
2
3
4
5
6
Different methods of phishing:
Fake websites
Image manipulation
Phone phishing
Link manipulation
JavaScript commands
©2014 iYogi Limited. All Rights Reserved.
Spoofing – How It Works?
Hackers search for IP addresses of legitimate hosts.
They impersonate the message originated from that trusted host.
They gather data from your infected PC.
1
2
3
Different methods of spoofing include:
Man-in-the-middle attack
Spyware techniques
Spoofed PackedSource IP : 192.168.1.100 (Sniffer)Destination IP : 192.168.1.1 (Target)
Rogue antispyware programs
Server spoofing
IP : 10.0.0.1
Gather Sniffed Data
3
1
Spoof Response 2
TargetIP : 192.168.1.1
SnifferIP: 192.168.1.100
IP Spoofing Attach
©2014 iYogi Limited. All Rights Reserved.
DDoS Attacks – How It Works?
Hackers target large websites
You get infected while accessing the infected site.
They create a “zombie” network.
Install client software
Gain remote access on machines connected to the network.
The client software floods infected website with data traffic
1
2
3
4
5
6
Various types of DDoS cyber attacks are –
Buffer Overflow Attacks
SYN Flood Attacks
Teardrop Attacks
Smurf Attacks
Virus and worms
Ping of death
Distributed Denial of Service (or mostly known as DDoS) are conducted on massive level.
Send cookies, Online banking credentials and webmail credentials.
Slowloris DoS attacks
Orders Slowloris DoS attacks on Anonymous hacktivism targets
Anonymous HacktivismWebpage Target
Zeus-Infected Clients
Hacker C&C Server
©2014 iYogi Limited. All Rights Reserved.
DNS Poisoning – How It Works?
Hackers forge DNS information.
They send false DNS information to redirect the traffic.
They send fake DNS reply with fake information
The DNS server stores information in cache.
1
2
3
4
DNS poisoning is used to redirect site visitors from online bank account to a fake website to collect users’ bank account credentials so that they logon and steal data/money.
DNS Cache Poisoning
1 2 3
4
5
6
Cachepoisoned
203.74.17.22 208.174.175.2032
203.74.17.22
What is the IP addressof www.xyz.com?
What is the IP addressof www.xyz.com?
Name server Authoritativeserver(s)
Client
www.xyz.com
Attackingserver
Cache
1. Fictitious addresses
©2014 iYogi Limited. All Rights Reserved.
Password Cracking – How It Works?
Hackers distribute the load of password on several computers
They make a collaborative attempt of cracking password
Password thieves use password cracking tools
They automate the process of deciphering the password
1
2
3
4
Common password cracking tools are –
Mio-Star
Saltine Cracker
Slurpie
John the Ripper
L0phtCrack (LC3)
©2014 iYogi Limited. All Rights Reserved.
Safety Measures to Protect Against Cyber Attacks
©2014 iYogi Limited. All Rights Reserved.
VERIFY
Check for the proof of presence in the
real-world such as address, phone
number, email address so that you can
make a phone call when in doubt.
Right-click on the link, choose
‘Properties’ to verify if the destination
of the link matches with the
information in the email and under
Properties window.
Look for a padlock in the browser
window or if the URL starts with
“https://” .
Check if it has the same address of the
actual website.
3 Golden Rules of Online Safety
SECURE
Check for the proof of presence in the
real-world such as address, phone
number, email address so that you can
make a phone call when in doubt.
Right-click on the link, choose
‘Properties’ to verify if the destination
of the link matches with the
information in the email and under
Properties window.
Look for a padlock in the browser
window or if the URL starts with
“https://” .
Check if it has the same address of the
actual website.
PREVENT
Use less popular browsers having small market
share compared to Internet Explorer, Google
Chrome . Smaller browsers are unprofitable for
hackers to target.
Perform regular virus scan to prevent DDoS types
of cyber attacks.
Secure host systems by updating security patches,
firewall and real-time threat detection tools. With
these security and filtering measures, packets sent
out to the Internet are scrutinized by the security
program installed on the host machine.
Configure modems/routers to prevent those
send/receive broadcast messages to the network.
©2014 iYogi Limited. All Rights Reserved.
If you are too startled to use web services, email accounts or social networking sites, thenleave your cyber attack worries on the expert – TechGenie Absolute.
Above All These, You Should Also Remember –
There is no patch for human negligence toward cyber attacks
No security to prevent greed toward phishing mail with lures
of lottery prize money, large funds transfer etc.
Refrain from visiting unknown donation sites
©2014 iYogi Limited. All Rights Reserved.