IT Y

U R C
– C LE A

r 4 S E V
t e ET A D O

a p N NI
h
C TE L A R V
I

IN H D
P
As real life and online become indistinguishable from each
other, cybercrime has become a part of our daily lives.

ATTACKS against businesses and nations hit the headlines

with regularity.
Most companies are HIGHLY DEPENDENT on digital processes
and this dependence will continue to increase.

 No bank or mail-order company would survive a total failure of its central

IT system lasting several days.

 No vehicle can be designed, manufactured or delivered without

software.

 No power plant can be operated without IT control systems.

A one-hour business interruption can result in financial losses ranging from

€100,000 to €3 million – depending on the company’s size and how seriously
critical business applications are affected,”

explains José Fidalgo, risk engineer at

Allianz Global Corporate & Specialty (AGCS).
AVERAGE NUMBER OF WEB ATTACKS

The average number of attacks against any company’s set of web

applications is staggering:

 They range from 300 to 800 per day

 Never fall below 140 per day

 government entities,
 financial services companies,
Aiming to harm:  IT companies,
 educational and healthcare institutions,
 energy and manufacturing companies.

Over one million web attacks against people

each and every day in 2015.
PURPOSE OF ATTACKS

Personal data is the most critical resource

possessed by government entities, due to which
GOVERNMENT ENTITIES
attacks tend to focus on either databases or
application users directly.

are generally intended to access data (such as

EDUCATIONAL INSTITUTIONS exam materials) or modify it (such as exam
results).

ENERGY AND to obtain full control over company

MANUFACTURING COMPANIES infrastructure.
PURPOSE OF ATTACKS

mostly driven by theft of information: more

HEALTHCARE than half of attacks were aimed at gaining
access to data.

EXAMPLES:

the Dark Overlord hacking group posted the medical records of around 180,000
patients from three medical centers.

Lithuanian plastic surgery clinic: over 25,000 photos, including naked before
and after pictures, were made public. Initially, the hackers demanded a ransom
from both the clinic (equaling EUR 344,000) and its clients (up to EUR 2,000
from each to delete the data).

One more company that suffered due to a web application vulnerability was
Molina Healthcare, with about 5 million patient records made public
ZERO-DAY VULNERABILITY

Vulnerabilities can appear in almost any type of software, but the most
attractive to targeted attackers is software that is widely used.

The softwares where majority of these vulnerabilities are discovered :

 INTERNET EXPLORER which are used on a daily basis by a vast

 ADOBE FLASH number of consumers and professionals.

More than 75% of all legitimate websites have unpatched vulnerabilities.

A New Zero-Day Vulnerability Was Discovered

on Average Each Week in 2015.
ADOBE FLASH PLAYER

 has continually been the

subject of malicious
exploitation over the years
 accounted for 10
vulnerabilities classified as
zero days in 2015
 Google recently announced
that Flash will no longer be
supported natively in
Chrome
 Adobe Flash will gradually
fall out of common usage
over the next year
 DATA BREACH
The total reported
At the close of 2015, the largest data breach number of exposed
ever publicly reported: identities jumped
 191 million records exposed – MEGA 23 % to 429 million.
BREACH*
 9 mega-breaches reported

*A mega-breach = a breach of more than 10

million records

Over Half a Billion Personal Records

Were Stolen or Lost in 2015
FAKE TECHNICAL SUPPORT SCAMS

first reported by Symantec in 201.0

Attackers trick people with pop-ups that alert them to a serious error or
problem, thus steering the victim to an 800 number, where a “technical
support representative” attempts to sell the victim worthless services

The countries targeted the most by tech support scams:

 US,  Australia
 UK,  Germany.
 France,
COMPANIES BEHAVIOR

In 2015, more and more companies chose NOT TO REVEAL the full
extent of the breaches they experienced.

Companies choosing not to report the number of records lost increased by

85%.

In 2015, a government organization or a financial company targeted for

attack once was most likely to be targeted again at least three more times
throughout the year.
EMAIL SPAM (JUNK EMAIL)

 unsolicited bulk messages sent through email.

 has been growing in popularity since the early 1990s

Recipients of spam often have had their email addresses

obtained by spambots

SPAMBOTS

 automated programs that crawl the internet looking for email

addresses to create email distribution lists.
PHISHING

 Phishing emails are typically sent by a known contact or

organization.

 These include a malicious link or attachment that installs

malware on the target's device, or directs the target to a malicious
website that is set up to trick them into giving sensitive
information like passwords, account information or credit card
information.
SPEAR PHISHING
 an email-spoofing attack that targets a specific organization or individual,
seeking unauthorized access to sensitive information.

 the apparent source of the email is likely to be an individual within the

recipient's own company -- generally, someone in a position of authority -- or
from someone the target knows personally.

The success of spear phishing depends upon three things:

 the apparent source must appear to be a known and trusted

individual;
 there is information within the message that supports its validity,
 the request the individual makes seems to have a logical basis.

Spear-phishing campaigns targeting

employees increased 55% in 2015.
WHALING ATTACK
 is a spear-phishing attack directed specifically at high-profile
targets like C-level executives, politicians and celebrities.

Whaling attacks are also customized to the target and use the same
social-engineering, email-spoofing and content-spoofing methods
to access sensitive data.
MALWARE (MALICIOUS SOFTWARE)

Any program or file that is harmful to a computer user.

Malware includes:
 computer viruses,
 worms,
 Trojan horses FUNCTIONS performed by malicious
 spyware. programs : data
 Stealing
 encrypting or deleting sensitive data,
 altering or hijacking core computing
functions
 monitoring users' computer activity without
their permission
A VIRUS
 is the most common type of malware

 Is defined as a malicious program that can execute itself

and spreads by infecting other programs or files.

A WORM
 is a type of malware that can self-replicate without a host program;

 worms typically spread without any human interaction or

directives from the malware authors.
A TROJAN HORSE

 is a malicious program that is designed to appear as a

legitimate program;

 once activated following installation, Trojans can execute

their malicious functions.

SPYWARE
is a kind of malware that is designed to:
- collect information and data on users
- observe their activity without users' knowledge.
Other types of malware include functions or features designed for a specific
purpose.

RANSOMWARE
 designed to infect a user's system and encrypt the data.
 Cybercriminals then demand a ransom payment from the victim
in exchange for decrypting the system's data.

A ROOTKIT
 is a type of malware designed to obtain administrator-level
access to the victim's system.
 Once installed, the program gives privileged access to the
system.
A BACKDOOR VIRUS - REMOTE ACCESS TROJAN (RAT)

 is a malicious program that secretly creates a backdoor into an

infected system that allows threat actors to remote access it
without alerting the user or the system's security programs.
MALVERTISING
Its first appearance was detected in 2007.

Reputable websites are increasingly hit with these types of attacks

Sites which have all fallen victim to malvertising campaigns

 The New York Times,
 Forbes (ironically after asking readers to disable their ad blocker
software)
 Spotify.

In the case of the New York Times, criminals posted legitimate ads for a
week prior to gain the trust of the paper before sending bad ads.

Malvertising has also been linked to mobile

devices, specifically Android, meaning it has
crossed over into the mobile world.
HOW
THE GMAIL SCAM
WORKS
SOCIAL ENGINEERING USING SOCIAL MEDIA

criminals seek to leverage the trust people have in their own

social circles to spread scams, fake links, and phishing.
SOCIAL ENGINEERING USING SOCIAL MEDIA
SOCIAL ENGINEERING USING SOCIAL MEDIA
EMAIL SECURITY ADVICE

On a personal level, this means remaining vigilant by:

 Not opening emails from unknown senders

 Looking for the padlock and checking the encryption certificate on
any sites where you enter sensitive data
 Not using unsecure networks when accessing sensitive data

For organizations to remain vigilant by:

 Deploying email encryption where possible

 Ensuring that email is scanned for malware, spam, and
phishing
 Using web security systems to block access to known phishing
sites
CYBERSECURITY IN ROMANIAN COMPANIES

Survey: "Security in the Digital World“ (http://www.outsourcing-today.ro/articol.php?id=7084)

 40% of Romanian companies - NO formal cybersecurity strategy,

 Almost 60% of the organizations are planning to increase their cybersecurity

budget in the next financial year,

PERCEIVED CYBERSECURITY CHALLENGES

CYBERSECURITY IN ROMANIAN COMPANIES

SOLUTIONS TO IMPROVE DIGITAL SECURITY

increasing awareness (including training) of the employees

regarding threats combined with increasing awareness and 77%
support of the management

The need to hire additional security resources 67%

The need to exchange security information with others 57%

More than 2/3 of respondents use a Data Loss

Prevention (DLP) solution and this points out that
DLP became a common security measure, similar
with antivirus solutions.