R u hacked
•
4 likes•1,577 views
This document discusses various cybersecurity topics including the rise of cybersecurity, internet of things, ransomware, denial of service (DDoS) attacks, and web application attacks. It provides examples of popular ransomware like CryptoLocker and CryptoWall. It discusses the size and source of DDoS attacks according to reports from organizations like Arbor Networks and Verisign. Methods of carrying out DDoS and ransomware attacks are demonstrated. Defense strategies against each threat are also outlined. The document concludes by emphasizing the importance of security awareness, thinking like an attacker, and risk management in cybersecurity.
Report
Share
R u hacked
- 1. R U Hacked? You website has gone? Sumedt Jitpukdebodin Senior Security Researcher CompTIA Security+, LPIC-1 , NCLA, C|EHv6, eCPPT, eWPT, IWSS, CPTE, GIAC GPEN
- 2. Whoami Name: Sumedt Jitpukdebodin Jobs: Senior Security Researcher Nonprofit jobs: OWASP Thailand - Leader Technical Part, admin of 2600Thailand Hobby: Hacking stuff, Malware analysis, Python programming, read the security news, etc.
- 5. Agenda The rise of cybersecurity Internet of things Ransomware DDoS Web Application Attack Conclusion
- 6. The rise of cybersecurity
- 7. Trend of technology 2015 Computing Everywhere Internet of things 3D Printing Advanced, Pervasive and Invisible Analytics Context-Rich Systems Smart Machines Cloud/Client Computing Software-Defined Applications and Infrastructure Web-Scale IT Risk-Based Security and Self-Protection • Reference:: http://www.itbusinessedge.com/slideshows/top-10-strategic-technology-trends-for-2015-02.html
- 8. Internet of things around the world
- 9. Internet of things in Thailand
- 10. More detail of Internet of Things
- 11. Easy to hack, right?
- 12. Ransomware
- 13. Well-known ransomware TorrentLocker (CryptoLocker) CryptoWall (Crowti) CTB-Locker
- 14. Top 10 Ransomware By Microsoft
- 15. CryptoWall
- 16. CrytoLocker
- 18. iOS Ransomware
- 19. Why it’s so famous?
- 20. Attacking with Ransomware Phishing Attack with attachment file Website Attack (Exploit Kit) (New) Mobile Application Attack
- 21. Demo for simple phishing
- 22. Demo with WINRAR exploit
- 23. What can I do about it? Backup your data Show hidden file-extension Filters EXE in email Disable files running from AppData/LocalAppData folders Use the CryptoLocker Prevention Kit(http://community.spiceworks.com/topic/396103-cryptolocker- prevention-kit-updated) Disable RDP Patch or update software Use a AntiVirus Scan the file with many online scanner (http://www.virustotal.com, https://malwr.com) Use System Restore to get back to a known-clean state
- 24. Denial of Service (DoS) By VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 2, ISSUE 3 – 3RD QUARTER 2015
- 25. Attack Size BPS By ATLAS Q2 2015 Global DDoS Attack Trends (http://www.slideshare.net/Arbor_Networks/atlas-q2-2015final)
- 26. Largest Attack Sizes Year on Year by Arbor
- 27. Top source of DDoS
- 28. DDoS in Thailand
- 29. Attacking with DDoS Cybercrime-as-a-service Zombie or Botnet Tools
- 30. Cybercrime as a service
- 31. DDoS as a service
- 32. DDoS by Tool
- 33. DDoS by Tool (2)
- 35. What can I do about it? Black-Holing Firewall ACL Intrusion Detection/Prevention Systems Servers tuning DDoS Mitigating Appliances + Scrubbing Centre Buy more link
- 39. When will you get hack? Digital Ocean Incident Try to attack the VPS after 10 minutes Got root in 2 days Use the host to be the botnet in 1 days after got root.
- 41. Got root Log
- 42. Using VPS to be a DDoS Tool
- 43. Damage of website got hack Defame the company [Defacement] Stealing information Stealing internal information Use as DDoS Tool Spread the malware
- 44. Web Application Defending Secure Coding Web Application Firewall Penetration Testing
- 45. Conclusion More awareness, more security Don’t have anything secure 100%, we just want to closely 100% Always think like an attacker perspective. Risk Management
- 46. Question and answer time.