Data breaches occur nearly every day. From very large retailers, down to your fantasy football website, and anywhere in between, they have been compromised in some way. How did the attackers get in? What did they do with the data they compromised? What should I be concerned with in my own business or my systems? This course is the second course in the Practical Computer Security. It will discuss types of threats and attack vectors commonly seen in today’s environment. I hate to be the bearer of bad news, but threats are all over the place! This course isn’t designed to insight fear that there is no hope for keeping systems and business secure, but rather educate you on how attacks are carried out so that you have a better sense of what to look out for in your business or with your systems.
Phishing
Loading...
来自 科罗拉多大学系统 的课程
Cyber Threats and Attack Vectors
56 评分
从本节课中
THREATS AND ATTACK VECTORS IN COMPUTER SECURITY
Welcome! This week we'll explore users and user based attacks. User based attacks are common because it may be easier to compromise a human rather than a computer.
与讲师见面
Greg WilliamsLecturer
Department of Computer Science
In this lesson I'm going to talk about phishing,
and why people fall for phishing,
and give you some examples of phishing that we've actually seen over the past week.
There's few reasons why people fall for phishing.
Usually the victim wants to help somebody else out.
This could be job details.
This could be credentials to make sure that somebody's system doesn't get
compromised or a re-verification of accounts.
The next reason is that victims have something to lose.
This is usually account access,
or it could be even money for example.
The more the message is urgent the more people fall for it.
It's been proven in a number of research studies.
Additionally, it could be something that they are interested in like a Facebook friend,
or a social media connection like a LinkedIn connection, for example.
So, let's look at some phishing messages here.
The first one was sent a couple,
looks like it was sent last month,
but it says, "There is
a technical issues going on the school campus server."
So right there it's poor grammar.
We know that generally when we send out messages from helpdesk or trusted source,
they're going to use correct grammar.
Also says, "Thank you.
UCCS IT Help Desk," and then gives us a real website address,
ucss.info which is our third party alert system.
Now, if I hover to over-validate mailbox,
you can see that it's going to a non-UCCS account or
a non-UCCS website that's going to ask me if I want to enter my credentials.
And I don't want to do that,
because or I don't even want to click on it,
because what if it's not phishing?
What if it's a virus instead?
The next e-mail, actually,
it was pretty successful.
It looks like, and I'm going to let me tell you why in just a minute,
but let's look at the email first,
"Your mailbox has exceeded the limit of 3840 megabytes.
You will be unable to send or receive new emails."
And then in lowercase,
"validate your mailbox," "Click to update" Again,
it's poor use of punctuation.
So, we know that this could be a phishing message.
There's also no signature attached to it.
Now, if I hover over this link it goes to another website again,
but this one is still active.
So, if I go to that link,
and if you're looking at phishing messages please use a virtual machine to do it.
One that does not have any sensitive documents on it.
Because what'll happen is if it's not phishing messages,
or it's not attempting to phish you it could be a virus.
So, I would suggest just copying the link
and putting it into a virtual machine to test where that actually is going.
Now this is a pretty poor designed website.
However, some of the more legitimate, well not legitimate,
but more successful attackers are going to copy
the authentication page to get you to click.
Let's go back to the email here,
and here's how I know this was a very successful phish.
Now this was flagged by our spam and phishing system through Office 365.
But how I know it was successful even though it was blocked for everyone in uccs.edu.
And I'm not sure how many this went to,
because it ended up in quarantine.
So, I have butler.edu here, and look at this.
I got the same exact message from a different university telling me that this message,
when originally sent, was successful both at butler.edu,
somebody there, and also this saintleo.edu as well.
So, if one of our students fell for that,
then they could have also sent out spam or the attackers
could have logged into their email and sent out spam out of their system.
And that's a couple of reasons why attackers want to do that.
Number one, they want to get data inside the network,
or number two, propagate more phishing out to the world.
So, if we look at what is actually legitimate,
we see three different ways to verify if a website is legitimate or not.
And we actually have this on our website,
and if you're an organization I would encourage your security department to also put
up this kind of education.
So, the first giveaway here is it will always have
uccs or cu.edu in the URL before the first single slash.
Some third party websites may be authorized to log into.
However, majority of UCCS and CU websites offer
valid login portals that say, "uccs.edu/."
Common attack method from the attackers or from the phishers is to append
or prepend uccs.edu to the front of that domain without the trailing slash.
So, it could say uccs.edu.xyz or
Weebly or Google or something else that looks legitimate,
and then the slash.
So, that's a giveaway.
The second one is that it's always going to have any log-ons should be encrypted.
So, it should have http:// at the beginning of the URL.
And then the third one is look for the padlock.
Now, depending on which browser that you're using,
the padlock is going to be in different locations.
For Google, it is up in the address bar.
However, for Internet Explorer it could be down in the lower left hand corner.
So, in conclusion, phishing is a real problem for organizations.
It allows attackers to get inside your network with valid credentials,
if somebody falls for phishing.
This is a very easy attack vector
for attackers to go after because people so easily fall for it.
