1 2014 Annual Development Communication Performance Appraisal ReportCYBER SECURITY BEST PRACTICES: ETHICS AND COMPLIANCES FOR SECURE SERVICE DELIVERY 2014 Annual Development Communication Performance Appraisal Report BY Shafi'i Muhammad ABDULHAMID, PhD, MSc & BTech. (MCPN, MIEEE, MNCS, MIAENG, MIACSIT) DEPARTMENT OF CYBER SECURITY SCIENCE FEDERAL UNIVERSITY OF TECHNOLOGY, MINNA.

2 PRESENTER INTRO Shafi’i Muhammad ABDULHAMID PhD in Computer Science from Universiti Teknologi Malaysia (UTM) MSc in Computer Science from Bayero University Kano (BUK), Nigeria and BTech. in Mathematics/Computer Science from the Federal University of Technology Minna, Nigeria. Professional Membership International Association of Computer Science and Information Technology (IACSIT), Computer Professionals Registration Council of Nigeria (CPN), International Association of Engineers (IAENG), The Internet Society (ISOC), Cyber Security Experts Association of Nigeria (CSEAN) and Nigerian Computer Society (NCS). Research Interests Cyber Security, Cloud computing, Soft Computing and BigData. He has published many academic papers in reputable International journals, conference proceedings and book chapters. He has been appointed as an Editorial board member for UPI JCSIT and IJTRD. He has also been appointed as a reviewer of several ISI and Scopus indexed International journals in Elsevier and Springer. Presently he is a lecturer at the Department of Cyber Security Science, Federal University of Technology Minna, Nigeria.

3 presentation Outline cyber security: what you need to knowcybersecurity vs. cyber-crime common cyber threats in nigeria statistics in nigeria what is cyber-safety? top seven cyber-safety actions Ransomware Wannacry Attack Wannacry Statistics Preventions

4 What You Need to Know

5 The notional environment in which communication over computer networks occurs is called the CYBERSPACE. Internet Borderless

6

7 Cybersecurity vs. Cyber-CrimeProtection of assets against risks within, and from, the electronic environment Cyber-Crime Conduct prohibited by law, with prescribed punishment, carried out using digital systems like computers, electronic, ancillary devices, processes and/ or procedures Criminality is the state of being illegal Understanding of Cybersecurity vs. Cyber-Crime: Cybersecurity? Protection of assets against risks within, & from, the electronic environment Cyber-Crime? Conduct prohibited by law, with prescribed punishment, carried out using digital systems like computers, electronic, ancillary devices, processes and/ or procedures. Criminality is the state of being illegal. Cybercriminals operate at the speed of light while law enforcement moves at the speed of law. Barry Raveendran Greene Cyber-criminals operate at the speed of light while law enforcement moves at the speed of law.

8 COMMON CYBER THREATS IN NIGERIAFirst, let’s talk about some common cyber-safety threats and the problems they can cause . . . COMMON CYBER THREATS IN NIGERIA Viruses Viruses infect computers through attachments and file sharing. They delete files, attack other computers, and make your computer run slowly. One infected computer can cause problems for all computers on a network. Hackers Hackers are people who “trespass” into your computer from a remote location. They may use your computer to send spam or viruses, host a Web site, or do other activities that cause computer malfunctions. Identity Thieves People who obtain unauthorized access to your personal information, such as Social Security and financial account numbers. They then use this information to commit crimes such as fraud or theft. Spyware Spyware is software that “piggybacks” on programs you download, gathers information about your online habits, and transmits personal information without your knowledge. It may also cause a wide range of other computer malfunctions.

9 COMMON CYBER THREATS IN NIGERIASome common examples in Nigeria Yahoo boys operation Nigerian mail scam Ponzi and Pyramid Schemes COMMON CYBER THREATS IN NIGERIA

10 SOURCES OF CYBER THREATS

11 Cyber Security ObjectivesINTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure 11

12 Cyber Security ObjectivesUSAGE purpose INTEGRITY authenticity AVAILABILITY access CONFIDENTIALITY disclosure 12

13 “The modern thief can steal more with a computer than with a gun“The modern thief can steal more with a computer than with a gun.” – Anonymous

14 Cyber Crime Map as at 2016 by IC3

15 97,984,736 used the internet on a daily basis in November, 2015Statistics IN NIGERIA $450 million, equivalent to N89.55 billion annual direct losses to the Nigerian economy. 97,984,736 used the internet on a daily basis in November, 2015 45.3% of internet users in Nigeria suffered attack in the third quarter of 2015.

17 Based on the above statistics, between the modern thief with a computer and the old fashion thief with a gun who steals more?

18 Cyber security: then and nowPAST Cyber security is a young and immature field The attackers are more innovative than defenders Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales Attack back is illegal or classified PRESENT, FUTURE Cyber security will become a scientific discipline Cyber security will be application and technology centric Cyber security will never be “solved” but will be “managed” Attack back will be an integral part of cyber security 18

19 INTRODUCTION What is Cyber-safety? Cyber-safety ThreatsWe provides some basic information and practical suggestions for protecting your organizations' information and computer from cyber-attacks. What is Cyber-safety? Cyber-safety Threats Consequences of Inaction Cyber-safety Actions Cyber-safety at Home &Work Campus Cyber-safety Services

20 What is… WHAT IS CYBER-SAFETY? Cyber-safety is a common term used to describe a set of practices, measures and/or actions you can take to protect personal or organizational information and your computer from attacks. As part of this policy, IT units provide annual reports demonstrating their level of compliance. Further, there are services in place to help all staff, admistrators and all members of an organization to meet the cyber-safety standards. Specific information about these services is provided in this slides.

21 CONSEQUENCES OF INACTIONIn addition to the risks identified on the previous slide, as part of the organizations cyber safety policies you may face a number of other consequences if you fail to take actions to protect personal information and your computer. Consequences include: Loss of access to the organizations computing network Loss of confidentiality, integrity and/or availability of valuable information, research and/or personal electronic data Lawsuits, loss of public trust and/or grant opportunities, prosecution, internal disciplinary action or termination of employment.

22 TOP SEVEN CYBER-SAFETY ACTIONSAdditional information about each of the actions below is provided in the next slides. 1. Install OS/Software Updates 2. Run Anti-virus Software 3. Prevent Identity Theft 4. Turn on Personal Firewalls 5. Avoid Spyware/Adware 6. Protect Passwords 7. Back up Important Files

23 Install OS/Software Updates

24 Install OS/Software Updates

25 Install OS/Software UpdatesUpdates-sometimes called patches-fix problems with your operating system (OS) (e.g., Windows XP, Windows Vista, Mac OS X) and software programs (e.g., Microsoft Office applications). Most new operating systems are set to download updates by default. After updates are downloaded, you will be asked to install them. Click yes! To download patches for your system and software, visit: Windows Update: to get or ensure you have all the latest operating system updates only. Newer Windows systems are set to download these updates by default. Microsoft Update: to get or ensure you have all the latest OS and Microsoft Office software updates. You must sign up for this service. Apple: Unix: Consult documentation or online help for system update information and instructions. Be sure to restart your computer after updates are installed so that the patches can be applied immediately.

26 Run Anti-Virus Software

27 Run Anti-Virus SoftwareTo avoid computer problems caused by viruses, install and run an anti-virus program like Kapersky, AVG, Avira, etc . Periodically, check to see if your anti-virus is up to date by opening your anti-virus program and checking the Last updated: date. Anti-virus software removes viruses, quarantines and repairs infected files, and can help prevent future viruses. Some of these Anti-virues offer a free trial version, but organisations should please use licenced versions which are more powerful.

28 SOME Anti-Virus SoftwareS

29 Prevent Identity Theft

30 Prevent Identity TheftDon't give out financial account numbers, Social Security numbers, driver’s license numbers or other personal identity information unless you know exactly who's receiving it. Protect others people’s information as you would your own. Never send personal or confidential information via or instant messages as these can be easily intercepted. Beware of phishing scams - a form of fraud that uses messages that appear to be from a reputable business (often a financial institution) in an attempt to gain personal or account information. These often do not include a personal salutation. Never enter personal information into an online form you accessed via a link in an you were not expecting. Legitimate businesses will not ask for personal information online. Order a copy of your credit report from each of the three major credit bureaus-Equifax, Experian, and Trans Union. Reports can be ordered online at each of the bureaus’ Web sites. Make sure reports are accurate and include only those activities you have authorized.

31 Turn on Firewalls

32 Turn on Firewalls Check your computer's security settings for a built-in personal firewall. If you have one, turn it on. Microsoft OS and Mac OSX have built-in firewalls. For more information, see: Mac Firewall   (docs.info.apple.com/article.html?path=Mac/10.4/en/mh1042.html) Microsoft Firewall (www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx) Unix users should consult system documentation or online help for personal firewall instructions and/or recommendations. Once your firewall is turned on, test your firewall for open ports that could allow in viruses and hackers. Firewall scanners like the one on simplify this process. Firewalls act as protective barriers between computers and the internet. Hackers search the Internet by sending out pings (calls) to random computers and wait for responses. Firewalls prevent your computer from responding to these calls.

33 Avoid Spyware/Adware

34 Avoid Spyware/Adware Spyware and adware take up memory and can slow down your computer or cause other problems. Use Spybot and Ad-Aware to remove spyware/adware from your computer. Watch for allusions to spyware and adware in user agreements before installing free software programs. Be wary of invitations to download software from unknown internet sources.

35 Protect Passwords

36 Protect Passwords Do not share your passwords, and always make new passwords difficult to guess by avoiding dictionary words, and mixing letters, numbers and punctuation. Do not use one of these common passwords or any variation of them: abc123, letmein, password1, iloveyou1, (yourname1), baseball1. Change your passwords periodically. When choosing a password: Mix upper and lower case letters Use a minimum of 8 characters Use mnemonics to help you remember a difficult password Store passwords in a safe place. Consider using KeePass Password Safe (http://keepass.info/), Keychain (Mac) or an encrypted USB drive to store passwords. Avoid keeping passwords on a Post-it under your keyboard, on your monitor or in a drawer near your computer!

37 Back-Up Important Files

38 Back-Up Important FilesReduce your risk of losing important files to a virus, computer crash, theft or disaster by creating back-up copies. Keep your critical files in one place on your computer’s hard drive so you can easily create a back up copy. Save copies of your important documents and files to a CD, online back up service (cloud), flash or USB drive, or a server. Store your back-up media in a secure place away from your computer, in case of fire or theft. Test your back up media periodically to make sure the files are accessible and readable.

39 Home CYBER-SAFETY AT HOME Physically secure your computer by using security cables and locking doors and windows in the dorms and off-campus housing. Avoid leaving your laptop unsupervised and in plain view in the library or coffee house, or in your car, dorm room or home. Set up a user account and password to prevent unauthorized access to your computer files. Do not install unnecessary programs on your computer. Microsoft users can download the free Secunia Personal Software Inspector (https://psi.secunia.com/), which lets you scan your computer for any missing operating system or software patches and provides instructions for getting all the latest updates.

40 Work CYBER-SAFETY AT WORK Be sure to work with your technical staff before implementing new cyber-safety measures. Talk with your technical staff about what cyber-safety measures are in place in your department. Report to your staff any cyber-safety policy violations, security flaws/weaknesses you discover or any suspicious activity by unauthorized individuals in your work area. Physically secure your computer by using security cables and locking building/office doors and windows. Do not install unnecessary programs on your work computer.

41 RANSOMWARE ATTACK!!!

42 Rans0mware RANSOMWARE ATTACK Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

43 RANSOMWARE ATTACK Real world Virtual world of the cyberspaceRans0mware RANSOMWARE ATTACK Virtual world of the cyberspace Real world Move from kidnapping human beings for ransom to kidnapping data, systems, networks, etc for ransom!

44 EXAMPLES OF RANSOMWARERans0mware EXAMPLES OF RANSOMWARE Some good examples of ransomwares are:

45 EXAMPLES OF RANSOMWARERans0mware EXAMPLES OF RANSOMWARE Some good examples of ransomwares are: AIDS Trojan by Joseph Popp in 1989 Trojans such as Gpcode in 2006 Trojan known as Reveton in 2012 Trojan known as CryptoLocker in 2013 TorrentLocker in 2014 WannaCry or WannaCrpt in 12th May, 2017

46 Rans0mware WANNACRY ATTACK

47 WannaCry WANNACRY ATTACK The WannaCry ransomware attack is an ongoing cyberattack of the WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware computer worm targeting the Microsoft Windows (Windows XP, Windos 8, etc) operating system. WannaCry is distributed at random through the cyberspace via phishing s.

48 WannaCry HOW WANNACRY WORKS

49 WannaCry WANNACRY

50 WANNACRY STATISTICS The attack started on Friday, 12 May 2017.It has infected more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency bitcoin in 28 languages. Ransomware encrypting files with $300 – $1200 demand. Over 200,000 victims and more than 230,000 computers infected.

51 WannaCry WANNACRY STATISTICS

52 WannaCry WANNACRY STATISTICS

53 SOME AFFECTED ORGANIZATIONSWannaCry SOME AFFECTED ORGANIZATIONS Andhra Pradesh Police Automobile Dacia Chinese public security bureau Cambrian College CJ CGV Deutsche Bahn Dharmais Hospital Faculty Hospital, Nitra[ FedEx Garena Blade and Soul Government of Kerala Government of West Bengal Harapan Kita Hospital Hitachi Colombia's Instituto Nacional de Salud Lakeridge Health LATAM Airlines Group MegaFon Andhra Pradesh Police National Health Service (England) NHS Scotland Nissan Motor Manufacturing UK PetroChina Portugal Telecom Q-Park Renault Russian Railways Sandvik São Paulo Court of Justice Saudi Telecom Company Sberbank Sun Yat-sen University Telefónica Telenor Hungary Timrå kommun University of Milano-Bicocca Vivo

54 INTERNATIONAL DIMENTIONWannaCry INTERNATIONAL DIMENTION Once installed it uses the exploit and backdoor developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts which have not installed recent security updates, to directly infect any exposed systems.

55 INTERNATIONAL DIMENTIONWannaCry INTERNATIONAL DIMENTION The worm code has been analyzed by cybersecurity firms Kaspersky and Symantec and found to have some similarities with code previously used by Lazarus Group, which is the gang that carried out the cyberattack on Sony Pictures in 2014 and a Bangladesh bank heist in 2016, and has been linked to North Korea's government

56 PREVENTION Prevention is better than cure.WannaCry PREVENTION Prevention is better than cure. The following activities & tips have to execute immediately  Back up your files regularly and keep a recent backup off-site (external server/storage).  Don’t enable macros.  Consider installing Microsoft Office viewers.

57 WannaCry PREVENTION Be very careful about opening unsolicited attachments (normally from ).  Don’t give yourself more login power than necessary (don’t stay logged in as an administrator any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator) Windows update (patch).

58 PREVENTION Patch Name: MS17-010 patch Windows update (patch).WannaCry PREVENTION Windows update (patch). A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack, but many organizations had not yet applied it. Patch Name: MS patch

59 WannaCry PREVENTION If you can’t patch your systems, make sure that you disable Windows SMBv1:

60 Ransomware Decryption Tools – an ongoing listWannaCry Ransomware Decryption Tools – an ongoing list Globe3 decryption tool Dharma Decryptor CryptON decryption tool Alcatraz Decryptor tool // direct tool download HiddenTear decryptor (Avast) NoobCrypt decryptor (Avast) CryptoMix/CryptoShield decryptor tool for offline key (Avast) Damage ransomware decryption tool .777 ransomware decrypting tool 7even-HONE$T decrypting tool .8lock8 ransomware decrypting tool + explanations 7ev3n decrypting tool

61 Thank you for your attention!Shafi’i Muhammad Abdulhamid, PhD Phone: Facebook: Shafi’i Hamidu