2. Cybersecurity components
CIA model
Confidentiality: Keep secret from those not authorized,
Integrity: Prevent unauthorized tampering,
Availability: Ensure authorized parties can access the
data.
Identification: Who I claim to be (e.g. username,
digital cert),
Authentication: How I prove it (password, signature),
Authorization: What is that person allowed to do e.g.
role-based security.
WWW.CYBERGATES.ORG
IAA model
4. Cybersecurity statistics
statistics around the Worldwide
Data breaches, by the dollar
$21,155: The average cost of a data breach, per day
$7.7 million: The average annualized cost to detect, respond to, and mitigate
a breach globally.
Malware and attack trends, by percentage
66%: The proportion of a survey of professionals who identified phishing and
social engineering as top threats
20%: The scope of confirmed data breaches involving social engineering at one
large telecom company.
Cybersecurity spend: Follow the money
$75.4 billion: The estimated worldwide spending on cybersecurity in 2015
$19 billion: The proposed federal cybersecurity budget for 2016.
WWW.CYBERGATES.ORG
Source: https://techbeacon.com/resources/cybersecurity-2016-trend-report-ubm-ponemon-study
5. Web security attack statistics
Over 4K hacked websites since 2011.
Top attacks
Jan 2011 (379)
Jul 2012 (364)
Feb 2013 (275)
Feb 2014 (359)
Apr 2015 (129)
Dec 2016 (188)
Attacks around the Worldwide
Over 1 Billion active websites (NetCraft reports)
Over 1 Million hacked websites / year (Zone-H reports)
WWW.CYBERGATES.ORG
Attacks in Armenia
6. Target websites of mass attacks
Top 5 categories
Websites that use same CMS (WordPress,
Joomla, etc.)
Websites built by the same developer(s)
Websites that use same technology,
library or certain component
Websites hosted by the same Hosting
Provider
Websites of agencies/companies working in
the same industry
WWW.CYBERGATES.ORG
7. Target websites of targeted attacks
Top 5 categories
Online banks and financial institutions
Cloud services (dropbox, Gmail, iCloud,
etc.)
Government agencies, hospitals
Hosting and Internet Service Providers
(ISP)
Small outdated websites that are easy to
hack
WWW.CYBERGATES.ORG
9. Information Leakages
The revelation of the 1 billion accounts
hack could have implications for the $4.8
billion sale of Yahoo to Verizon, which
has yet to close
Around 167 million LinkedIn accounts are
now for sale
Armenian telecom (vivacell, armentel,
orange) databases are free to download
Armenian online banking system codes has
been stolen by an employee
WWW.CYBERGATES.ORG
10. SQL Injection
Smart homes can open the doors to
unauthorized people
98% of Stolen Medical Records due to
Hacking
Hackers use SQL
Injection attacks
against banks
WWW.CYBERGATES.ORG
Image source: http://www.asianmirror.lk/news/item/16544-commercial-bank-of-ceylon-hacked
11. Password bruteforce attacks
Hackers target websites or IoT devices
with weak or default passwords
Authentication systems with no limits for
login attempts
WWW.CYBERGATES.ORG
12. Social Engineering & Phishing
Phishing is a Social Engineering technique to steal
confidential information about the victim such as user login
credentials, credit card information, etc. through the use of
fake login page.
Why social engineering?
- Hacking a human is
much easier than hacking
a business
- Attackers prey on your
human weakness
WWW.CYBERGATES.ORG
13. SPAM
WWW.CYBERGATES.ORG
Corporate emails used in forums and
social networks
Corporate emails found in leaked sources
Email addresses found using dictionary
based bruteforce attacks
14. Malicious software
WWW.CYBERGATES.ORG
Cloacking: malicious code in a webpage
displays porn for certain IP addresses
Malicious code redirects to a malicious
website asking to update your system or
displays an advertisement
Malicious software steals credentials
Malicious software spreads within your
corporate network
15. Blacklists
WWW.CYBERGATES.ORG
Realtime Blackhole Lists (RBL's)
-Centralized databases to prevent SPAM
Google backlist
-Site loses nearly 95% of its organic
traffic
-Modern web browsers display warning
message when someone open your website
16. Botnets
WWW.CYBERGATES.ORG
Your infected machine becomes a proxy
server, spreads adwares or used for
DoS/DDoS attacks
Make sure your device firmware does not
have an in-build backdoor
Make sure you have already changed your
device default password
17. Denial-of-service attack
WWW.CYBERGATES.ORG
CloudFlare protects you from web-based
denial-of-service attacks
BBC became the target of 602 Gbps DDoS
attack
DDoS attack that disrupted internet was
largest of its kind in history: Dyn
published on Wednesday, Mirai was the
“primary source of malicious attack
traffic”
18. Ransomware
WWW.CYBERGATES.ORG
A malicious software encrypts your files.
You must pay to recover them.
Tens of thousands of variants of over 40
ransomware families including Locky,
CryptoWall, TeslaCrypt, and Cerber.
19. Plan A: fixing the problem
Reactive approaches
Computer Emergency Response Team (CERT)
E-mail notifications about an incident
Online support (SIP calls)
Support
Investigation (Digital Forensics)
Consultancy
WWW.CYBERGATES.ORG
20. Plan B: avoiding the problem
Proactive approaches
Testing
Network/Host Vulnerability Assessment
Penetration Testing
Source Code Auditing
Protecting (WebShark, PinCat)
Training
Corporate trainings
University programs
WWW.CYBERGATES.ORG
21. Swiss Army Knife to help you
defend against hackers
WWW.CYBERGATES.ORG
22. CYBER GATES
Corporate website
www.cybergates.org
Company profile on Twitter
www.twitter.com/CyberGatesLLC
Company fan page on Facebook
www.facebook.com/Cyber.Gates.page
Company profile on LinkedIn
www.linkedin.com/company/CyberGates-LLC
Company channel on Vimeo
www.vimeo.com/CyberGates
Company channel on YouTube
www.youtube.com/TheCyberGates
Contacts