VICENATIONAL COUNTERINTELLIGENCE AND SECURITY CENTERCYBER THREATSWHY ARE YOU A TARGETPublicly available informax00740069on helps foreign intelligence enx00740069x00740069es idenx00740069fy people with ID: 892501
Download Pdf The PPT/PDF document "DEFENSE SECURITY SER" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1 DEFENSE SECURITY SER VICE NATIONAL COU
DEFENSE SECURITY SER VICE NATIONAL COUNTERINTE LLIGENCE AND SECURITY CENTER CYBER THREATS WHY ARE YOU A TARGET? Publicly available informaon helps foreign intelligence enes idenfy people with placement and access. Contract informaon (bid, proposal, award or strategies) Company website with technical and program informaon Connecons (partnerships, key suppliers, joint ventures, etc.) with other cleared or non - cleared companies Employee associaon with companies or technologies made public through scienc journals, academia, public speaking engagements, social networking sites, etc. WHAT DO THEY TARGET? Company unclassied networks (internal and extranets), partner and community portals, and commonly accessed websites Proprietary informaon (business strategy, nancial, human resource, email, and product data) Export - controlled technology Administrave and user credenals (usernames, passwords, tokens, etc.) Foreign intelligence enes seek the aggregate of unclassied or proprietary documents which could paint a classied picture HOW DO THEY COMPROMI SE NETWORKS, SYSTEMS, AND TECHNIC AL DATA? Reconnaissance : Research phase used to idenfy and select targets by browsing websites to obtain names, emails, business and social relaonships, and technical informaon. Weaponizaon : The foreign intelligence enes assemble the payload and wrapper, such as coupling a remote access exploit with a prepared spear - phishing email. Delivery : The foreign intelligence enty infects the target, most commonly using email, website hijacking, or removable media (through insiders). Exploitaon : Successful compromise of targeted vulnerability to allow malicious code to be run. Installaon : Executed malicious code inserts malware, such as a Remote Access Trojan or opens a backdoor connecon to the target system – may allow for persistence. Command and Control : The malware will communicate to a controller server to send or receive instrucons from the foreign intelligence enty. Acons on the Objecve : Aer compleng the above acons, the foreign intelligence enty can fulll their requirements. Intelligence requirements can range from exltraon, using the system as a strategic posion to compromise addional systems within the targeted network (hop - point), or sabotaging the system and network. Humans are a weak link in cyber security, and hackers and social manipulators know this. They try to trick people into geng past security walls. They design their acons to appear harmless and legimate. Cyber criminals will use every method available to gain valuable informaon from you. That ’ s why you need to know about the threat. COUNTERMEASURES >> Employees Remember that everyone is a potenal target Use complex passwords, change them regularly, and don ’ t reuse Be wary when connecng with unknown individuals on social networking sites Spear - phishing can happen on any account, including personal email accounts Do not open emails, aachments, or click links from unfamiliar sources, even if they look o
2 0069;cial >> IT Department & Managemen
0069;cial >> IT Department & Management Train all personnel on: Spong a spear phishing, phishing, or whaling email aempt Social networking site connecons Proper cyber security procedures and concerns Implement defense - in - depth: a layered defense strategy that includes technical, organizaonal, and operaonal controls Implement technical defenses: rewalls, intrusion detecon systems, internet content ltering, and a DNS proxy Update your an - virus soware daily and download vendor security patches for all soware Do not use manufacturers ’ default passwords on soware or hardware Monitor, log, analyze and report aempted and successful intrusions to your systems and networks – even unsuccessful intrusions present a counterintelligence value! Maintain open communicaon between company counterintelligence and network defense personnel. Defense only is not a comprehensive strategy WHAT TO REPORT Advanced techniques and/or advance evasion techniques, which imply a sophiscated adversary Password cracking, key logging, encrypon, steganography, privilege escalaon, and account masquerading Pre - intrusion aggressive port scanning Social engineering, electronic elicitaon, email spoong, spear phishing, whale phishing, or direct quesoning, such as through social networking sites Unauthorized network access Actual or aempted unauthorized access into U.S. automated informaon systems Tampering with or introducing unauthorized elements into informaon systems Unexplained user accounts, administrator accounts, and expansion of network privileges Data exltrated to unauthorized domains aecng classied informaon, systems or cleared individuals Malicious codes or blended threats such as viruses, worms, trojans, logic bombs, malware, spyware, or browser hijackers, especially those used for clandesne data exltraon Unauthorized email trac to foreign desnaons Use of DoD account credenals by unauthorized pares Unexplained storage of encrypted data Network spillage incidents or informaon compromise Unauthorized transmissions of classied or controlled unclassied informaon Any cyber acvity linked to suspicious indicators provided by DSS, or by any other cyber centers and government agencies Reportable acvies are not just limited to those acvies that occur on classied informaon systems. Industrial Security Leer 2013 - 05 (which NISPOM paragraph 1 - 301) instructs cleared U.S. companies that they must report acvies that otherwise meet the threshold for reporng, including acvies that may have occurred on unclassied informaon systems. NISPOM paragraph 1 - 302b reminds cleared U.S. companies that they “ shall report eorts by any individual, regardless of naonality, to obtain illegal or unauthorized access to classied informaon or to compromise a cleared employee. DEFENSE SECURITY SER VICE www.dss.mil NATIONAL COUNTERINTE LLIGENCE AND SECURITY CENTER www.ncsc.go