If you are having trouble viewing this email, click here to view this online

 

VOLUME 40

   ISSUE 40

20 November  2014

Article of the Month Around the World

ARE YOU A VICTIM OF “CYBER ATTACKS”?

It seems that everything relies on computers and the internet. At present communication is often done by emails, cell-phones and through social networks such as Facebook, Skype and Twitter. Digital cables, mp3s, i-Pods are popular mediums of entertainment. Transportation relies on computerized systems (car engine systems, airplane navigation), shopping is often done via online stores and credit cards. Medicinal equipment and records are often computerized for convenience, business and banking activities and even bookings and channelling is done with the use of computers and through internet, and the list goes on. So this indeed proves that we have become a part of “The Cyber age”.

Therefore, it is indeed high time to think, how much of your daily life relies on computers? Up to what extent do you depend on the internet while living in this sophisticated world? How much of your personal information is stored either on your own computer or on someone else's system? And finally up to what extent you have exposed yourself to Cyber Threats! Therefore you should be aware of ways to protect your computer and yourself without becoming a victim of the so called “Cyber Attacks”.

 

 

Are you aware of the risks you are exposed to?

There are indeed many risks you are exposed to, some more serious than others. Among these, dangers are viruses which could probably erase your entire system, hackers trying to hack your accounts, someone using your computer to attack others, someone breaking into your system and altering files, someone stealing your credit card information and making unauthorized purchases, someone using your personal information, pictures and misleading others.

What is Cyber Security?

Cyber security involves different ways and means in protecting your computer and information by preventing, detecting, and responding to attacks. But unfortunately, still there's no 100% guarantee that you are protected from cyber-attacks even with the best precautions. Cyber security is a trust at a distance, because you are dealing with everyone remotely and not able to confirm identity or authenticity in the traditional sense. Even with secure connections, codes and various other authentication schemes there is always a tendency to spoof identity, provide forged documents or credentials, hold computers and servers hostage to “ransomware” or allow cyber-criminals to be whoever they want to be. In the present day scenario criminals worldwide have seized upon the Internet as a treasure trove to breach, steal, scam, extort, phish, stalk, track and victimize any individual or entity that has a connection to the worldwide web. But there are steps you can take to minimize the threats you are exposed to.

How can you minimize the threats from Cyber Attacks?

Initially, protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them and to find precautions to be protected from them. Hacker, attacker, or intruders are people who seek to exploit weaknesses in software and computer systems for their own gain. They are at present frequently exploiting personal information through social networks such as Facebook and Twitter. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief like creating a virus with no intentionally negative impact, up to malicious activities like stealing or altering information. Therefore, always gain the maximum use of the security and privacy policies provided to you. Use a password which could not be easily traced by anybody (use different symbols, numbers, and letters). Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer. Malicious code can have the following characteristics: It might require you to actually dosomething before it infects your computer. This action could be opening an email attachment, going to a particular web page. And sometimes through USB flash drives. Some forms propagate without user intervention and typically start by exploiting software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via email, websites, or network-based software. Therefore, avoid opening unknown attachments and emails at any instance. Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder. Viruses and worms are examples of malicious code. In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities. If you become a keen member in the Cyber age and know exactly what you should do and the right time it should be done, you will always be less exposed to Cyber-attacks. When you become aware of the threats you are exposed to and ways and means to be protected by them you will not be victimized by your own weaknesses. Always enjoy the maximum privileges which your computer and internet provides you but yet; DO NOT BECOME A PREY OF Cyber Attacks.

 

Yasintha Udara Swarnasinghe
 

Yasintha is an undergraduate of National School of Business Management who is currently following BSc (Honours) Computer Security offered by Plymouth University United Kingdom. Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
 

Hackers, Security Pros Talk Penetration Testing, Social Engineering

  

'...You might have heard of DefCon, the big, bad, Las Vegas penetration and hacking conference where gray (and darker) hats show off their exploits. It's less likely that you've heard of GrrCon, the Grand Rapids, Mich.-based hacking and penetration conference. The event drew 850 attendees in this, its second year, charging as little as $85 per attendee-or $280 for the "VIP Pass" that provided attendees a front-row seat (and power cords) at the keynotes and access to Ping Pong, Foosball, video games and snacks in the speakers' lounge....'

  Android Dominates Around the Globe But Still Snubbed by Silicon Valley
   

'...Based on my experience meeting hundreds of startup founders and VCs in both San Francisco and New York, few professionals in America’s tech hubs have owned an Android phone or believe in the opportunity of the platform. Meanwhile, the growth and prevalence of Android around the globe shows that there’s a massive platform shift going on right now–the type of event that historically has marked a point when one company achieves market dominance. If there is such a shift and opportunity under going on, why don’t the most innovative people in the most successful tech cities in the world care?....'

Webroot's big cloud gamble

   
  

'....Anti-malware vendor Webroot has bet the company on cloud. In October of last year, the company stopped selling packaged software and moved to a software-as-a-service (SaaS) model. CEO Dick Williams says the switch improves the customer service model and takes the burden of managing updates off of the end user....'

Why Availability Is Still King?

  

'....While speed, redundancy, and scale are all critical focuses (and rightfully so) of an Internet Performance Solutions company like Dyn, it is availability that rules as the core attribute and priority amongst any technology vendor. The importance of having network availability, maximum visibility into Internet Performance, and continuous insight on fast response times within your available network, must be highly regarded.......'

Google's mystery barges scrapped as fire hazard

'...Google's mysterious barges were dismantled after being deemed a fire hazard, documents reveal.

The tech giant's floating showrooms, sent to the scrapheap in August this year, appeared in Portland and San Francisco a year ago. While little was known about the purpose of Google's 250-foot barges — containing over 60 shipping containers to create four-story buildings — the $4 million constructions captured the media's attention as invite-only showrooms for new Google products....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in October  2014
 
  
  Fake
 Hacked
  Other
   
  Statistics - Sri Lanka CERT|CC

Going so soon? Microsoft ends retail sales of Windows 8

'...Windows 8 has passed the first milestone on its way to retirement after Microsoft ended retail sales of the operating system. As of 31 October, retailers will no longer be able to order more Windows 8 to sell beyond their existing stock, although it can still be bought installed on a new PC. The operating system went on sale just over two years ago on 26 October 2012, and Microsoft is already shifting emphasis to Windows 10, expected in the middle of next year.....'

IT Security and Risk Management: An overview

'...The world is becoming ever more digital. In developed countries, it's common for people to use multiple digital devices and live a near-permanently internet-connected life — at home, at work and in transit. Developing nations are getting online fast too, and will naturally seek to reap the same benefits of digital connectivity. At the same time, the environment we all inhabit is becoming increasingly digital, with sensors attached to all manner of objects forming the Internet of Things. All this is generally seen as A Good Thing....'

Rap Sheets, Watchlists and Spy Networks Now Available With Single Click

'...Law enforcement officials nationwide now have the ability to search multiple sensitive databases, including spy agency intranets and homeland security suspicious activity reporting – with a single login. The breakthrough in interconnectivity is expected to close information gaps that, among other things, have contributed to the rise in homegrown terrorism and school shootings....'

 
Notice Board
  Training and Awareness Programmes - November 2014
  
DateEventVenue
- 17 November To 21 November Training program on Geographical Information System Institute of Survey and Mapping , Diyathalawa
 
- 17 November To 21 November
 
Training program on Java Programming
 
Esoft Metro Campus, Colombo 4 
- 3 November To 4 November
 
Annual Planing & Progress review workshop with GIS awareness program
 
Institute of Survey and Mapping , Diyathalawa
 
- 1 November To 30 November
 
Hardware Training Program for New Zonal Harware members
 
Kothalawala Defence University , Rathmalana
 
- 12 November To 18 November
 
A/L ICT Teacher Training
 
Meepe Education Center
 
- 22 November To 28 November
 
A/L ICT Teacher Training
 
Meepe Education Center
 
- 17 November To 21 November
 
O/L syllabus Teacher Training
 
NIE, Maharagama
 
- 02 November To 05 November
 
GIS & Annual Program
 
Institute of Survey and Mapping , Diyathalawa
 
- 11 November To 15 November
 

NCOE Teacher Training
 

ICT Branch, Computer Lab
 

Brought to you by: