Oct 032013
 

Problem
Many people mistakenly believe they are not a target and their information or computer has no value. However, your personal information and your computer have tremendous value. In fact, you are one of the cyber criminal’s primary targets.

Crime has existed for thousands of years, and attacks such as fraud, identify theft, and extortion are very common. However, the Internet has made these crimes much more profitable, much simpler to commit, and with far less risk to the criminal.

Before the Internet, criminals could only steal what they physically had access to. Today,
criminals use the Internet to target millions of people worldwide, twenty four hours a day,
seven days a week. And they now have access to sophisticated tools that automate these
attacks — meaning you are constantly under attack by thousands of worldwide criminals.

The simplest way to hack into an organization is by targeting its employees. Unaware employees are the greatest weakness because they make common mistakes, such as clicking on malicious links or using infected USB sticks. As a result of these mistakes, you have become a primary target.

The simplest way to hack into an organization is by targeting its employees. Unaware employees are the greatest weakness because they make common mistakes, such as clicking on malicious links or using infected USB sticks. As a result of these mistakes, you have become a primary target.

Solution
The first step is to understand you are a target. Too often, people believe no one would want to attack them because they have nothing of value. As a result, they do not take the necessary steps to protect themselves, their family, or their information.

In this newsletter, we explain why you are a target and how cyber criminals can find and attack you. By understanding how these threats operate, you will be able to better defend yourself, and we will teach you some fundamental concepts on how you can protect yourself, your family, and our organization.

How and Why Cyber Criminals Find You
Cyber criminals are out to make money — their goal is to make as much money as possible as fast as possible. Once a cyber criminal infects your computer or steals your information, they can then use that information to commit identity theft and fraud, or they can sell your information to other cyber criminals. Cyber criminals will often attempt to not only steal your personal information, but will try to hack you to get into your organization.

The easiest way to accomplish this is to target everyone in the world. If you have an email address, bank account, or computer or mobile device connected to the Internet, you can be attacked. Attackers achieve this by using highly sophisticated tools that fully automate the process of hacking. For example, cyber criminals can scan every computer and mobile device connected to the Internet, and, if they find any system vulnerable, they will automatically hack into it.

Another approach attackers use is building (or purchasing) a database of millions of email
addresses. Criminals will craft email attacks and send those emails to every address in the
database. Unfortunately, the number of emails cyber criminals have access to is constantly
growing. Every time they hack into an organization, they steal email addresses and use them for future attacks, or sell those email accounts to other cyber criminals.

Cyber Crime Is Highly Organized
Over the past decade, cyber criminals have become more and more sophisticated. When cyber criminals first appeared, they often worked alone. They had to build their own attack tools, manually find and hack into computers, send out spam, steal account information, and transfer or wire stolen money all by themselves.

Today’s cyber criminals are far more sophisticated. Each criminal now has their own specific field of expertise, and working together, they have developed their own highly organized community. One group is dedicated to developing and supporting sophisticated attack tools. Another group specializes in hacking into other computers or stealing personal information. Others work to sell compromised computers or stolen bank accounts, while an entirely different group transfers and launders stolen money.

An entire cybercrime economy has emerged, which is constantly improving its tactics and becoming more effective and efficient in making money every day. These criminals form a highly sophisticated threat, one that will be with us for many years to come.

Print this newsletter: Module01-YouAreTheTarget-Newsletter

© The SANS Institute 2013  /  Used with permission from The SANS Institute.

 

Oct 012013
 

This a public awareness campaign that is sponsored by the Department of Homeland Security and supported by private and public organizations alike, including many institutions of higher education.

During the month of October, the ITCS IT Security team will be reaching out to the ECU community to raise awareness of the threats to our personal information and to share best practices for protecting ourselves online. IT Security will dedicate each week of October to a different cyber security issue:

Week 1 – You Are the Target: Explore why you ARE a target in the digital world and protecting yourself online at work and at home.

Week 2 -Social Engineering: How to identify and respond to social engineering attacks—both technical and non-technical.

Week 3 – Social Networking: Weigh the risks of posting your private information on social networking sites, such as Facebook and LinkedIn, and helpful steps to protecting you and the University online.

Week 4 – Passwords: Explore the value of strong passwords and protecting your passwords from others.

Stay tuned!