Monday, December 24, 2012

An Internet Scam Incident Response Plan

Just imagine yourself visiting one of your favorite web sites that you routinely visit. You think everything is okay because you have all of the recommended security measures in place that will protect you from malicious software; however, this time something is different with your favorite web site. It is a change that attackers have implemented in an effort to retrieve your personal data or cause other damage to your computer but you have no idea the malicious content is there.

The threat is very real and you may think you are safe when you are really not. Attackers have been and are continuing to breach legitimate web sites and use the web site as a platform to trick you and others into downloading their malicious software.

Everything may seem fine until you start to notice indicators that suggest you have become a victim of an Internet scam. So what is your next move? Now is not the time to be worrying about the effects or wondering what you should do next.  You need to take action and you would be able to take immediate action if you have an incident response plan.

What is an incident response plan?  According to Whitman and Mattord (2010) an incident response plan is, “a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets” (p. 82).  In other words, an incident response plan is plan of action for incidents that occur like the example in the beginning.

What is an incident response plan comprised of?  An incident response plan is comprised of four procedures.  They are:

1.      Incident Planning: This procedure consists of developing a set of procedures that define what is going to occur when an incident takes place.  It is important to have someone that has experience with information technology and an understanding of information security develop or review each incident response plan.

2.      Incident Detection: This procedure consists of guidelines on how to detect the indicators of an actual incident.  One of the more difficult aspects of this procedure is classifying an incident and determining if an incident actually occurred.  Whitman and Mattord (2010) endorse categorizing incident indicators into three categories: possible, probable, and definite.  Their recommendation streamlines the procedure and makes it more dependable (p. 86).

3.      Incident Response: It is time to react after it has been determined that an actual incident is occurring or has occurred.  This procedure consists of steps that relate to the identified incident that will contain or stop the incident and lessen the damage caused by it.

4.      Incident Recovery: This procedure begins after the incident has been brought under control.  It consists of conducting a damage assessment, conducting repairs to bring the effected systems and/or data back to their pre-incident configuration, and implementing measures that will correct the vulnerability that facilitated the incident.

An incident response plan does not have to be some elaborate procedure when it is used for personal purposes.  For example, many organizations have incident response plans that are outlined in a multipage document.  However, for home use purposes I have found that a simple flow chart works best.  Below is an example of a generic incident response plan, in a flow chart format, to react to an Internet scam incident that I have developed for home use.
My plans greatest weakness is that everyone in my family does not know it.  This is mostly because they just don't care.  However, my wife told me a story about how one of her coworkers had her bank account information stolen.  The thief ended up stealing a few thousand dollars out of her checking account.  My wife seemed surprised by the event and now she is more open to listening to what I have to say about information security.  She has also expressed an interest in learning my incident response plans.  I think I am going to take advantage of the situation and pass on as much information as I can to her!  Thanks for taking the time to read my post.
References:
Whitman, M., & Mattord, H. (2010). Components of Contingency Planning. In Management of information security (3rd ed., pp. 72-116). Boston, MA: Course Technology Cengage Learning.
Posted by at No comments:

Saturday, December 15, 2012

'Tis the Season for Malicious E-cards??

It's that time of year again when everyone is starting to get into the holiday spirit.  Unfortunately this time of year tends to bring out cyber criminals too.  That is why it is important to not let your guard down especially when it comes to protecting your valuable information.  Cyber criminals are getting into the holiday spirit by devising malicious scams wrapped-up in a holiday looking disguise.  They are doing this to try and take advantage of your built up holiday spirit and get you to execute the malicious software they delivered to you.

There are few that can say that they have never received an e-card. Cyber criminals know that e-cards are popular and take advantage of the well-known fact. Therefore, they have constructed Holiday e-cards that often can carry viruses, Trojans, spyware, and much more.


<Click here to get the entire holiday greeting>

A malicious e-card can look like the picture above.  After you click on it executes the malicious payload.  Everything may seem okay, but in reality the malicious code is just waiting for you to go to a common website.  When you finally do go to that particular website a pop-up window opens that resembles the website and prompts you to enter your credit card information.  This is just one example of a malicious e-card that carried a Trojan.  There are many other methods that use e-cards to deliver malicious code.

So what can you do to prevent yourself from becoming a victim of a Holiday e-card scam?  One way is to look for the signs of a fake e-card.  There are a number of signs that will identifiy if an e-card is legitimate or not.  Below is a list of signs to look for that was taken from Scambusters.com:
  • Spelling mistakes e.g. your name is spelt wrong
  • Sender is someone you don't know
  • Errors are present in the message
  • The sender has an impractical name e.g. Joe Snuffy, John Deere, etc.
  • Message contains a strange URL
Scambusters.com also provides methods that will lessen your chances of becoming a victim of an e-card scam if utilized.  The methods are listed below:
  • Use antivirus software and ensure it is updated regularly
  • Always read the fine print in the terms and conditions if prompted.  If you fail to then you may be agreeing to something that you normally wouldn't agree to
  • If it is from an unknown source then don't click on it, open attachements, or download
  • Delete it if you don't know the sender
The above are good signs to look for when trying to identify a fake e-card and methods to utilize that will lessen your chances of becoming a victim, but the best weapon against them is common sense.  If there is any doubt in your mind about the legitimacy of an e-card that you have received then use some common sense and just do not open it, delete it instead.

Thanks for reading and Happy Holidays!

Reference:
http://www.scambusters.org/ecards.html
Posted by at No comments:

Thursday, December 6, 2012

They Come In All Kinds of Disguises

Internet scammers are becoming more cunning than ever. They are employing every trick in their inventory in an effort to try and get you to give up your most valuable information. When their arsenal of scams is exhausted they come up with even more scams to try and reel you in. The only limit is the attacker’s imagination.

There are probably few that have not been a victim to the infamous "scareware".  Scareware is fake and malicious software that pops up on your computer usually while browsing the internet and appears in the form of an antivirus application. It is designed to trick a victim into downloading malware to his or her computer or into entering his or her credit card information. The Internet scam appears to be effective because McAfee.com reports that scareware's success rate is continuing to grow.
Attackers have recently taken scareware to another level. In the past scareware often would popup in a format that did not resemble a victim’s operating system. Now, to increase their success, attackers are using scareware that will bring up a graphic user interface that matches a victim’s current operating system. When contracted the malware blocks the victim from running .exe files and from starting security software to remove it. In the end, many victims become worried and end up giving in to the demands presented by the malicious software.
Have no fear. There are measures you can implement and practice that will help in preventing you from becoming a victim to scareware:
  1. Ensure you are running a firewall
  2. Keep antivirus software updated
  3. Keep your operating system updated with the latest patches
  4. Watch out for drive-by downloads while browsing new websites
  5. Turn on popup blockers
  6. Be vigilant
http://blogs.mcafee.com/mcafee-labs/multiplatform-fake-av-uses-different-guis
http://blogs.mcafee.com/security-connected/happy-halloween-defense-against-scareware-and-ransomware
Posted by at No comments:

Tuesday, November 27, 2012

Welcome to my first blog! I am a graduate student at Bellevue University working towards a MS in Cybersecurity.   This blog on information security is part of a portfolio that I will be developing as I progress through my studies.  Please feel free to read through my posts and make any comments that you think will add to the content.  Thank-you for taking the time to read my blog.
Posted by at No comments:
Subscribe to: Posts (Atom)