1 / 16

Computer Fraud and Abuse Techniques

Computer Fraud and Abuse Techniques. Chapter 6. Learning Objectives. Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources.

amaya-bridges
Télécharger la présentation

Computer Fraud and Abuse Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Fraud and Abuse Techniques Chapter 6

  2. Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers.

  3. Types of Attacks • Hacking • Unauthorized access, modification, or use of an electronic device or some element of a computer system • Social Engineering • Techniques or tricks on people to gain physical or logical access to confidential information • Malware • Software used to do harm

  4. Hacking • Hijacking • Gaining control of a computer to carry out illicit activities • Botnet (robot network) • Zombies • Bot herders • Denial of Service (DoS) Attack • Spamming • Dictionary attacks • Spoofing • Makes the communication look as if someone else sent it so as to gain confidential information.

  5. Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing

  6. Hacking with Computer Code • Zero-day attack • An attack between the time a new software vulnerability is discovered and a patch is released. • Cross-site scripting (XSS) • Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. • Buffer overflow attack • Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. • SQL injection (insertion) attack • Malicious code inserted in place of a query to get to the database information

  7. Other Types of Hacking • Man in the middle (MITM) • Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. • Masquerading/impersonation • Piggybacking • Password cracking • War dialing and driving • Phreaking • Data diddling • Data leakage • podslurping

  8. Hacking Used for Embezzlement • Salami technique: • Taking small amounts at a time • Round-down fraud • Economic espionage • Theft of information, intellectual property and trade secrets • Cyber-extortion • Threats to a person or business online through e-mail or text messages unless money is paid

  9. Hacking Used for Fraud Cyber-Bullying Internet Terrorism Internet misinformation E-mail threats Internet auction Internet pump and dump Click fraud Web cramming Software piracy

  10. Social Engineering Techniques • Identity theft • Assuming someone else’s identity • Pretexting • Using a scenario to trick victims to divulge information or to gain access • Posing • Creating a fake business to get sensitive information • Phishing • Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data • Pharming • Redirects Web site to a spoofed Web site • URL hijacking/Typosquatting • Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site • Tabnabbing • Secretly changing an already open browser tab

  11. Social Engineering Techniques • Scavenging • Searching trash for confidential information • Shoulder surfing • Snooping (either close behind the person) or using technology to snoop and get confidential information • Lebanese looping • Inserting a sleeve into an ATM that prevents it from ejecting the card. Then “helping” the victim in order to see their PIN • Skimming • Double swiping credit card • Chipping • Planting a chip in a card reader • Eavesdropping • Listening to private communications or tapping into data communications

  12. Why People Fall Victim • Compassion • Desire to help others • Greed • Want a good deal or something for free • Sex appeal • More cooperative with those that are flirtatious or good looking • Sloth • Lazy habits • Trust • Will cooperate if trust is gained • Urgency • Cooperation occurs when there is a sense of immediate need • Vanity • More cooperation when appeal to vanity

  13. Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you

  14. Types of Malware • Spyware • Secretly monitors and collects information • Can hijack browser, search requests • adware • Scareware • Software that is sold using scare tactics • ransomware • Keylogger • Software that records user keystrokes • Trojan Horse • Malicious computer instructions in an authorized and properly functioning program • Time bomb/logic bomb • Program that lies idle until some specified circumstance or time • Trap door/back door • Set of instructions that allow the user to bypass normal system controls • Packet sniffer • Captures data as it travels over the Internet • Steganography • Hides data inside a host file • Rootkit • Conceals system files from the operating system and other programs. Can be used to hide trap doors, sniffers, key loggers, etc.

  15. Types of Malware • Superzapping • The unauthorized use of a program to bypass regular controls and perform illegal acts. • Virus • A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself • Worm • Stand alone self replicating program

  16. Cellphone Bluetooth Vulnerabilities • Bluesnarfing • Stealing contact lists, data, pictures on bluetooth compatible smartphones • Bluebugging • Taking control of a phone to make or listen to calls, send or read text messages

More Related