Overview
- Common threats
- Attacker Tactics
- Simple things to protect your device
Basic Terminology
- Malware
- Phishing
- Software Vulnerability
Demo - Phishing Attack
Video!
Protecting Yourself - What you can do
OS and Application Patching
Update your operating system and programs
These should be familiar
Don't Log in as Admin
There are 2 types of accounts:
- User
- Administrator
Administrator accounts are like having the keys to the kingdom. Attackers love them.
Listen to Warnings
...but, warnings don't always make a lot of sense..
Verified Publishers
Software signing a way of checking who authored a piece of software
Office Macros
Macros allow users to write and execute code snippets in Microsoft Office files
And another one...
Attackers try to trick victims into opening Office files with malicious macros inside
Basic Macro tips:
- Disable Macros
- Only run a macro if you know who wrote it
Backups
The safest way to ensure you don't lose your data
How to Backup:
- Storage Device - USB or External Hard Drive
- Cloud - Dropbox, Google Drive, etc.
Ransomware: WannaCry[pt]
Background
- May 2017 an exploit for Windows was released
- Attackers used exploit to distribute ransomware
- Microsoft had patched the vulnerability one month before
What happened when you get ransamware'd
- Can't access your files
- Pay $300 to get them back
- but, you never get them back
How to protect yourself:
- Update Windows
- Backup your data
Thanks!
Questions welcome