Understanding Computer and Bio Viruses

Can the online team hear me? Yes, yes, sir. Good. I think we don't have to wait. We'll start today, right? Sorry for the delay by me today. I had to go to a medical test. Last week I went to a difficult situation. so sorry about them getting late uh we talked about virus right i also now thought it's a virus i don't know how much bio bio viruses but now i know about computer virus right computer viruses what happens you get that right so you can see the board right online yes sir can see so in the computer virus there are different viruses we talked about Malware, different malware we talked about. From malware virus, how can it propagate? Mostly through a media. Like what? yeah tell me now you have to tell if you can be asking your exam also maybe like a usb right you put a you insert a usb to your pc to get some files so download some files suddenly you don't know there have been a virus in the usb and it has come to your pc entire file set of your pc is now infected with the virus how did it happen maybe you don't know if you if you knew it you will not put this usb there right so what could have happened probably you would have used this usb previously in your friends pc or laptop first you have used it here your friends laptop is already infected that came into your usb now this is your soldier's usb right so we have usb now uh puts uh sanchika's pc right full of virus now so we have put it here the virus gets come to here now so that comes and this so we ask easy same usb then virus comes to Entire psoriasis This is how this virus propagates There are other malware which needs not a There is no requirement of a USB or any media What is that? Worms We talked about a malware called worm Can you remember? that doesn't require a usb let's say uh for the moment we we think that uh sanjika and zorya are working in the same office right you are connected to network and you are connected to internet as they Surya by working somewhere goes to some website, right? don't know whether it's a necessary website or unnecessary website whatever it goes to this website but with that website for some reason a backdrop gets opened and a worm comes into surya's pc the surya species now infected with this work now after that it has many different rules and logics implemented based on the logic and the rules implemented if you look for the other pieces now available in the case maybe let's say ramadho is also in the same office It looks for all the other species and propagates it to Ramindu's species. It propagates to Santigraha. From there it goes to Ramindu, then from Ramindu it goes to Santigraha. Likewise, it spreads out. Now, the viruses to humans are also somewhat similar. Bio-viruses. Like Surya is here, right? Sanchika is here. Some viruses, you just cough out. It goes to Sanjika. Like what? Known one is, most famous one is, COVID. It spreads across, just like these worms. You don't have to have any media. But there are others, you need a media. I got a good reason for that. oh you don't worry yeah this doesn't get properly this one you need a media what is the media type of things what is the media mosquito right you need a mosquito spice It takes the blood with the virus, right? Now, nose and stuck in here, the virus comes. Only thing you have to be careful is, it's actually mosquito comes. After biting me, it comes there. But I think it's the danger zone is now over for me. So that's why I came today. So just to clear up the lesson as well as about the situation right so don't have worry about that right so we have two sessions today's session and next week after that all our modules will be over so today we will try to cover up whatever we have been doing on the information security then we'll complete those question fast questions ask the questions uh then we will try to figure out i felt like last week the last part you didn't get it properly i think we will try to summarize it in a better way so that it will be clear for you if a question comes in the exam uh then if we get time sorry we have to do the solar winds case study because i saw it in a sample paper i think The sample paper also in addition to the two bus papers. So we will do the SolarWinds case study in detail. Then if we get time we We'll start the next lesson as well. Otherwise, we will straight away start the lesson next week. And we will keep some time to do some more other past paper questions. Have you got time to go through the past paper? No, not yet. When is the exam? Enough time. Yes, enough time. You're on live, no? Okay. So from the information security we have been talking about this incident response. Incident response is mainly covering the documentation part. We finally did in the last week, the last couple of sessions. So it covers mainly what? Information Security Incident Management maintains mainly how to, it explains how to respond to an incident. It mainly covers the documentation part, then the policy part, then the procedure part. It covers confidentiality, integrity, availability, which is the key objectives or goals of our information security subject. What is our key goals? We call it information. What? What do you call it? Information. Information Security Triad or Security Trial. CIA is our base concept for Information Security Module, this module, right? so information security incident management mainly covers reporting information security incidents reporting security weaknesses reporting sorry responsibility and procedures what reporting information security incidences what now uh were all of you available when we discussed about Bangladesh central bank attack, some of you were not there, right? Did you go through the case study? Bangladesh East, no. This one? This case study you didn't do. Did you get the documents? The case study student notes? With the student notes, this has already distributed, this one. This one? This is a very serious attack happened in the world in the banking history so that this can come as an question to the exam right maybe some of the parts some of the key points so what happened here the entire central bank of Bangladesh the central bank of Bangladesh got hacked by some hackers with the support as said right there are no here evidence or any hard and fast documented evidence it is said that there have been internal support as well internal officers How did this happen? Do you need to go through quickly this? None of you here are not done with it, right? When I read this, there was some other self. Huh? Ramithi, were you there? Ah, you were there, right? You were not there. You want to go through quickly? Shall we quickly go through other islamic, like... Well, I believe sometimes maybe this and the SolarWinds attack are two case studies that are specifically given by the syllabus. So there's a very high chance that it comes to the related to exam, right? I don't know because I'm not in the preparing of the exam papers, but I guess yes. Can somebody quickly read? you read the three paragraphs then i'm gonna read this second set yeah now can you read now Hi, I am Anandesh from Amistad, India. I am a student in the Department of Cybersecurity and Cybersecurity Studies. a closer look at them and its impact the results were from this there is also a unique is Infiltrate the VANS system and install the PULSE. The incident highlights the growing random side of the crime network. Need for input security measures to predict against the extent of the attacks. Second word, the ground. the Bangladesh Bank raised of 2061.80, so this indicator sign that and targeted the central bank of Bangladesh. The attack began on February 4th 2016 when HECUS created the Bangladesh Bank's computer system using a Malviya phone system. This Malviya called the HECUS to giving access to the bad, safe, bad, safe, safe credentials which were used to communicate with other banks and financial institutions around the world with access to the safe credentials. the anchor said the middle series of transfer request to federal reserve bank of new york requesting the cost of requesting the transfer of funds from the malayalakshman account to various accounts in the campaigns in sri lanka on the request of the names of faith characterized charities and non-profit organizations to transfer making difficult for authority to trace the funds the attack could have been even more he was taking type 4 by the address precise suspicion Among the staff at the Patron Resort, Mallikov University, the LKAS had requested a transfer to a non-existent entity called Sharika Foundation, which prompted the PATH to investigate the transfer. The Marwadiyas' haste was highly coordinated and well planned to affect the included operation of the Marwadiyas. Social engineering and incidental hackers have gained access to the bank system several weeks before the attack had been studied in the bank operation through mcrs successful attack it's believed that hackers had been in north korea although this has not been officially confirmed Praminder Khan, can you start from here? The attack resulted in the loss of 81 million, which is a significant amount for a country like Bangladesh. The stolen funds were transferred to the Philippines, where they were loaned to the country's casinos. Although some of the funds were eventually recovered, the incident had a significant impact on the country's economy and the reputation of its banking system. The attack. The Bangla Rage, that has been up for 2016, was a highly-subsidized cyber attack that resorted to the theft of over 31 million from the Central Bank of Bangla Rage. The attack was a combination of an anarchy and its success as a stark reminder of the importance of robust cybersecurity measures. The attack began on February 4, 2016. When hackers managed to infiltrate the Bangladesh tax computer systems using an app called Alayak, hackers were able to gain access to the Swiss credit system which enabled them to communicate with other banks and financial institutions around the world to transfer funds internationally. Once the hackers had obtained the Swiss credit system, they began to send the periods of transfer reports. to the Federal Reserve Bank of New York. The hacker digitized the transfers by using the data of the fake charities and altruistic organizations, making it difficult for authorities to trade the funds. The transfer request requested that the funds be transferred from the Bangladesh Baird account to various accounts in the Philippines and Sri Lanka. The Bangladesh Baird site could have been even more catastrophic if the correct site was not identified by the hacker. which is very suspicious among staff at the federal reserve plan for free the hackers had requested the transfer to a non-existent entity called charlotte foundation which prompted the land to investigate the transfer the impact of the gangladesh bank fights were significant both financially and reputation the loss of 81 million was a significant blow to the gangladesh economy and the incident damage the reputation of the country's bank is destroyed although some of the solar funds were eventually recovered the incident highlighted the vulnerability of financial institutions with cyber attacks the recent plan from the bangladesh where high stock is a realistic signal attacks in the future financial institutions must inhibit robust cyber security measures including two-factor authentication and regular security to protect against cyber attacks cyber security awareness training is also essential for employees particularly those who have access to safety safety information Financial institutions worldwide. The attack was highly sophisticated and involved a combination of software-rich engineering inside the health and malware. The impact of the attack was significantly resulting in the loss of 81 million and damaging the reputation of gang-raised banking systems. The lesson learned from the gang-raised bank price was taken seriously by financial institutions worldwide to prevent similar attacks in the future. In fact, the impact of the Bangladesh debt hike of 2016 was extensive, both in terms of financial loss and reputational damage. The take-up of 4 months with 81 BDN was significant blow to Bangladesh's economy. Particularly given the size of the country's GDP, the loss of these funds not only affected the central bank but also had a lethal effect to around the country's banking system. Furthermore, the reputation and the making of the Bangladesh Banking System is profound. The highest expectations of serious government duties in the country's banking industry are such as leaving the public to pay pension, save the insecure, give their money to financial institutions. These lots of tasks have the potential to damage the country's financial sector, reduce investment and help economic growth. Additionally, the long-term risk management has no implications for the global financial system. The use of these credentials facilitates fraudulent transfer, transfer, and demonetization of the responsibility of the international banking system to size the attack. It also raises concerns about the need for greater collaboration among international regulators to advertise their services to the international banking system. the attacks they are of course the greater oversight of the transaction that provides an institution to implement stronger security measures the incident underscored the importance of cyber security as a critical component of financial stability and highlighted the the to remain vigilant and proactive in their efforts to prevent cyber attacks. License Levels The Bangla-based Black House provided several valuable resources to financial institutions around the world. Here are some of the key takeaways. Intimate True-Fax Authentication Financial institutions should implement true-fax authentication for all social tasks such as They should require second-layer authentication such as Force-setting to provide device for a binary chip spam tool. two concepts two factors authentication would make it more difficult cyber communication aid access to which tradition credentials and even shared for human concepts can conduct regular security orders regular security orders can be identified by violence within the system before they can be exploited by attacks the manga is have been prevented in the direct capture since the direct have conducted regular security orders of its computer systems these audits include penetration testing, vulnerability assessment and power trainings. See by visual against insider checks the Bangladesh direct has ignored the collaboration of outsiders who provided their access to the direct system financial institutions must be vigilant against insider checks and implement strict access controls and monitoring system. These controls to improve background checks for all their access controls and which continues monitoring those news at least. Four, provide cyber security and awareness training. Financial institutions must provide cyber security and awareness training to their employees that is in the area who have access to sensitive information. The training to improve their effectiveness of password management and recognizing We see leaders are reporting suspicious activities. Cybersecurity awareness, trading should be conducted regularly and should be tailored to the specific laws and responsibilities of each employee. Conclusion The Bangra-based Bank Hype from 2016 was so highly sophisticated that it attacked the involuntary infiltration of the bank's computer systems for its engineering and insider health. The attack started in the loss of 81 million and had a significant impact on the knowledge, economy and banking system. Financial institutions must learn from this attack and pay for it too. pressures to cure similar incidents in the future. These pressures will both implement into track authentication conducting regular security queries being vigilant against the inside of change for any side security awareness to improve. Financial institutions must also stay up to date with the data side security changes and authorities to ensure they are unequally protected. They should also have incident response plans. in case of cyber attack. These plans should be improved protocols for detecting and maintaining of leads, notified relevant parties and regarding the attack. In summary, the Congress has set five or four steps to reduce the risk of the increasing set of cyber attacks to financial institutions. It is essential for these institutions to take proactive steps to protect their systems, data and customers by implementing the resources and security conducting regular security officer providing employee training and the same institution can be used to be slow successful cyber attack and protect themselves from significant financial and reputation yeah so what is this damage financial damage how much 81 million dollars if it happened to sri lanka do you think Yeah, very hardly getting some dollars right these days if 81 million dollars put out How did it happen? this central banks they have Shift system, shift system. Just like us, we talk about shift system, right? You can remember. Every bank in Sri Lanka has shift system enabled to send funds out and get funds from outside for international transactions. Apart from that, the central bank, they often have shift involved. to have country to country major fund transfers so what has happened here we discussed that shift system when implemented in the bank is implemented in a very secure way right you have a separate room with security access like you have security cards to go inside only can go inside Many security establishments are run in all the banks to ensure the security. Why? It involves millions of dollars of transactions unlike your branch teller. At the branch, what is the maximum amount if a person comes inside can take out? At the teller counters, you are at a run, you are at a teller. you have to tell us how many how much how much money do you get in the morning cash what 80 million rupees right yourself only or or see what we get 80 million rupees it's a hundred million now here in shift What are we talking about? Millions of hundreds of millions of dollars, right? Let's say a hundred million dollars. Maybe with some transactions. So if any theft comes in, it will talk about this amount of money. A hundred million dollars going out in Sri Lanka. What do you think these days? Can you remember when you were in the Arab area, Bangladesh helped us with some foreign funds. How much did they give us as a lot? 20 million dollars, right? So just think of the amounts. 81 million dollars were taken out from... This bungalow is center-bound. How did they try to do this? Some social engineering attack happened. Some people put software called Swift client and got the Swift officer's user and password. onto this application not to the original one but to this application shift their application how now in your branch you normally look into your co-banking system let's say you once going go go to the branch uh what you do you click double click maybe icon or maybe put the url if it is finical finical straight now maybe if it is whatever other uh go banking system it's for banking screen you just simply put the user in the browser right but what if that is not the original or banking but somebody else's straight what will happen the user id and password will go to that application so what have they done this they have taken this user id and password then recorded in their system right now this user a has put his user id and password now this this is fraudster right Toddster has picked user ID and password. Now it is with him. This can happen at any place if you are not vigilant. Sometimes even phishing happens. There is often complaints coming in from customers. similar online banking dangers shown to me I put my user ID and password there they think that user password then they use that user ID and password in the original application now they have now hijacked the user ID and password Now what if the user ID and password is there, that's it, we have granted the system. Now, when the user is not there in the office, on a holiday, fraudster comes into the shift system, and they put user s user ID and password and logs in to shift system. and starts issuing fund transfers to whom you'll get this point yeah first they have a system now forward step comes in and introduce a new system called swift plan this office User A thinks this is the normal shift system and they put the user id and password. This might happen once or twice, right? Sometimes a error message was given and just forget about it. Again put the user id and password and now he starts working because they want only to pick this user id and password. Right? once this user and password is taken they might cause this shift client then allow this user to work normally so he doesn't know that his use and password was social hacked through social engineer he just thought maybe yes if there was a system error again now working right it can happen to you also that's how you have to be careful now let's say you put the user id and password and tries to log in normally what could happen is the co-banking system screen has to come in finagle you get the login screen right after the login screen you get the uh menu screen right in other banking there there will be some other screen but what normally happens in this scenario is You log in, suddenly it goes off. If something like happens, that happens, you have to inform. Incident reporting is important. If something abnormal happens, report. If you try to log into your online bank... suddenly doesn't go to the online banking that balance and the dashboard page but suddenly goes out and allows you to login again be vigilant that not always but it can be a attempt of social engineering so incident reporting is there for you to act immediately you have to report in different different banks it has been documented under different procedures called commonly what is what it says is you should inform it to a particular maybe security officer information security officer see so chief information security officer likewise there might be some hierarchy you have reported then what now here once they have had the user alien password still then that point onwards the user has been continuously working and going home then next day or maybe after not next day actually after one week on a holiday when the user is not there they come back through the system Login to the system, right? Now who is logging in? Protester using user as user and password. Now in this system, choose commands to credit funds to other banks. One name, credit pays, other. Sri Lanka has been right fortunately here there was a case study but I mean if you go through this Bangladesh is in different for another article it says one of the Sri Lankan banks compliance officer has detected this anomaly where the name is incorrect and in inexistent non-existent entity reported immediately to shift reported incident reporting here again right apart from many other technical matters Incident reporting is very very important. So she has, COG, has immediately reported and blocked all the rest of the swift messages coming in from Bangladesh. Fortunately after 81 billion dollars, it stopped. Otherwise it could have been billions. The bankruptcy, now the Bangladesh going on would have happened those days if this continues, right? So incident reporting is so important. That's why I turned directly from this point, right? reporting information security incidents is a key point here there are more than one reporting incident actually one is during the event right incident reporting has happened it is not the case study document as a solution but it can come as your creative idea that Fortunately, this remodeling bank has reported it as a decision. Then, probably, if this user A detected some anomaly or abnormal situation when he logs in, he should have reported that this login didn't work properly that day when he tries to login. Then, there's another. Incident reporting event in this Bangladesh case. What is it? Probably what? Sometimes... This physical security is so tight in Swift Chrome. They should have had some slight indication of a forced attempt or insider attempt. Definitely, it's normally impossible for an outsider to get into this Swift Chrome and do that. So this insider... activities should have been detected at some point so that also should have been reported at some point so this is also related to information security incident so I'm relating straight away the case study while we do the case study also for you to understand it well the way is right what is there findings so i'm not going to go into detail again fully on the case and because we already did it last time i'll go quickly go through the key important points some of the key points this bangladesh system had only user id and password This is it, user ID and password. User ID is for Paa. What is the purpose of user ID? You don't want to have your CID? Is there a purpose? But, how many of you have got two CIDs at the organization? Do you What is the purpose? How you do? Not only in the OpenSHM, but for many other things, you have a use ID. Use ID is to identify yourself. Sometimes people mix this. Use ID is to... identify yourself nothing else there's nothing to hide on that much but you have to keep keep it confidentially but the confidential part is what secret secret part is password password these two you said is very into a password these two protect how when you log into the system use id because now in a physical environment now i can identify this is so rare by looking at right for the system can the system identify So when Surya goes into the laptop, today now things are changing right? Biometric is coming in, those are things different now. So going into that, most of the legacy systems still, now when you go to the laptop and try to log into the Go banking system, how does it identify? Use ID. If Ramindu puts Surya's use ID, System thinks this is so right. That's it. That's as simple as it. Today's legacy systems, we have to live with that. Things will change. For the moment, useID is for the identification. Then password is for the authentication. That means. Make sure that this is exactly Surya. So, use id Surya. S double, right? S Surya. Surya. Then password xxyy 234, right? If Surya give surya as user id and this password only it will allow to login after the authentication now in bangladesh system what happened this has user id and the password and that's it so that's why the fraudster were able to get the user id password then just simply put it to the transaction But in the case study, as lessons learned, what do they suggest? How can we minimize the threat of this? How can we minimize this threat? two factor authentication. This is one factor, single factor. Most of the systems and in Sri Lanka by that time even I think I can remember system has two factor. Systems have been implementing two factor authentication. Online banking you get the OTP to your mobile. some banks allow biometric as the second factor you need to give the password as well as biometric as for the second factor many banks now have already implemented two factor authentication conduct regular audits while if there is anything any problem in this system within inside A regular audit will help to find out any problems within them. Whether there are no ports in this entry and exit, whether these people are using the use id and password properly all those will be monitored through a proper audit. Be vigilant against Inside the text who are the insiders allowed to use these facilities? Who are not allowed any people using other than but they have been allowed we keep Identify them then Now have you a see so ...you know banks you have a CISO in most of the banks they have now right I know it can be has most of the most of the banks are commercial all the banks now have CISOs so they had one major part of the chief information security officer is establishing policies and procedures of course and arranging cyber security awareness training as well or guiding the execution team to fund the awareness training. Sometimes you might get this phishing simulation as a part of that. What is a phishing simulation? They will send a bogus email and see how many of the staff members get caught to that email stating that you will get 20,000 rupees if you click this give the details and they will collect all the staff members who have put the details because why you use id and other details are very very critical to put it into a actual fraudsters uh hype it's very very dangerous so before that see so we'll see who will be vulnerable for those and they will collect them and they will do a special training don't do these things these kind of silly things right now after going through this session you will be aware of that but sometimes be careful the sensor will send such emails right reward and give this give you these details you will go again 25 000 or give gain maybe entitled for the canteen offer something like that Okay, right shall you quickly go through the solar winds attack? acid we didn't Get time to go through this or online team. Please go through this when Suran Rami reads aloud continue to read with them can you see yeah can the online team see the can the online team see the screen now yes right please uh quickly read and we'll try to do this within 20 minutes and uh next we'll do the questions exam questions yeah uh first how many solar wind supply changes in the final month of 2020 first review foreign foreign before you see that infrastructure to gain access to sensitive data from the range of so many partners Welcome to the organization, Slaia. How are they? Business software updates. The incident ultimately exploded and even sold out customers and led to media dollars in total losses. The attack has been dubbed as one of the largest and most sophisticated cyber incident in US history. Motivating many organizations to take a closer look at security risks stemming from their supply chains and software providers. Hi, there are various other security measures that organizations can learn by. We will get details of the details. The organization needs to know the details. The incident first began in September of In the month of May 2019, foreign cybercriminals were able to gain unauthorized access to SolarWinds digital infrastructure. Although it is unclear exactly how the infrastructure was infiltrated, IT experts have confirmed that the hackers likely leveraged highly advanced digital skills to accomplish this feat. From there, the cybercriminals utilized the final month of 2019 test weather, therefore the first step was to detect the potential for a new cybercrime. sunburst into solar wind software. During this time, the hackers remained undetected within the company's digital infrastructure. For temperament 2020, the cybercriminals officially administrated sunburst into solar wind's traction software product, Orion. Just over one month later, solar wind's underway identity hackers had recognized this product with malaria began sending out Orion software to the company's data center. By installing these updates, infected customers unknown will be introduced the harmful malware to their own technology. As a result, this malware provided cyber-feminist victim in e-hackery pub. Also known as a digital backdoor to all affected customers. Make sure that all the hacker's details are yet used. This backdoor to compromise customers' sensitive data. It certainly gave data evidence which is crucial. In total, more than 80,000 SolarWinds customers downloaded the malware and were at risk of potentially having their reports exposed during their time. Because SolarWinds built a reputation as a top US technology company, many of the victimized customers were high-profile organizations and federal agencies. These customers included Microsoft, Intel, Cisco, Deloitte, Astellas, Patreon, and the US Department of... from security justice state commerce attention despite the valdia incident occurring in early 2020 the hackers actually went undiscovered for several more months allowing them to access customer sensitive data in descent of 2020 fire eye cyber security and solar wind customer detection from earlier between inspector and asp factory so we're having on december 11th 2020. IAEA informed SolarWinds of its event. Days later, SolarWinds reported the attack to the U.S. Security and Exchange Commission. Upon investigating the incident, the federal government transferred that the cyber criminals responsible were likely associated with APT-29, which is a Russian hacking group. IT experts later told SolarWinds and its infected customers to implement a new method. to control the malware and effectively cross the digital backdoor that the hackers had created. The impact. Because the incident was relatively recent, its overall impact has been to be seen. As of now, the following consequences resulted from this large scale attack. Recovery costs. Both SolarWings and its impacted customers are expected to incur a combined cost low. more than 90 million dollars in recovery expenses related to the zero these positive code to investigate in data informing all effects affected parties removing the value from every infected network recovering optimized data and implementing on data such as security protocols to create essential increased the attack infected federal agencies These costs have been potentially trickled down to US tax payers as well. Replicational damage. Considering Solarbeam's maintained and sustainable respect for replication prior to the attack, the technology done well received Significant criticism from customers and the public for its cybersecurity shortcomings after the incident occurred. In particular, solar leaves were scrutinized for failing to detect cybercriminals in initial activities within its network and remaining unaware that Orion had been injected with malware until prior ice eventual discovery months later. Thank you for watching. While the venture happens due to imperfect Solaris debt, it is not known. It is soon discovered that a handful of the company's employees possess weak passwords leading up to this event. One employee's password was Solaris 120. Paying it away for any of these legal applications. In January 2020, one month after the details of the incident became public, risk-caught shareholders filed a class action lawsuit against SolarWinds for its cybersecurity failures during the attack. Several months later, the CC announced plans to investigate whether SolarWinds affects customers and dramatically estimated the impact of the incident between their financial reports. As time goes on, and additional damage come to life it's certainly possible that the both solar wind and these customers would encounter more lawsuits and regulatory files related to the incident they self-serve there are several cyber security takeaways from the solar is attacked specifically the incident emphasized the least particular research so supply chain exposures should be ignored About all, this attack showcased how critical it is for organizations to evaluate and assess security concerns within their compliance, including IT and software providers. Even if an organization follows proper IT policies and procedures internally, the compromised supplier could still end up testing its security and digital assets. Supply chain exposures can stem from various elements, including vendors in the organization. access to organizational networks, third parties in the data storage measures and suppliers secure overall cybersecurity practices. While it is not possible to totally eliminate supply changes, there are several steps organizations can take to help reduce these exposures and prevent costly attacks such as incorporating cyber risk management into render contracts. This can include requiring vendors to obtain cyber-insurances, having them issue timely notifications regarding cyber-incidents and establishing clear expectations regarding the destruction of data following the termination of center, minimizing access that third parties have to organizational data. Once a vendor or supplier has been selected, it is crucial to work with them to address any existing vulnerabilities and cyber-seekers. Moving forward, suppliers' access to sensitive data should be restricted on an as-needed basis. Monitoring suppliers' compliance with supply chain management procedures. This may evade adopting a one-size-and-you-are-out policy if a supplier has experienced cyber incidents or failed to meet applicable compliance guidelines. Third parties must prioritize cyber security. As organizations begin to more closely evaluate their supply chain exposures, it is increasingly vital for third-party vendors themselves to adopt effective service security measures. In particular, suppliers need to recognize that private carriers may partner in good order to optimize their larger farms and aid states to prevent such incidents from occurring. For the past few years, the United Nations has been working closely with the United States Totally resarcting cybersecurity devices but also contribute to reduce client trust and loss of business. By upholding proper digital practices, third party vendors can show their clients that they take security seriously, boost their overall reliability and in some cases secure additional contact. Access controls can offer strong detection. From there I'm not sure I can generate access controls. protocols for causes and the structure of the two and utilizing and close to travel develop complicated and unique passes for their accounts in addition to changing these passes from a future implementing multi-factor authentication process that should try to increase to clarify their duties abilities in several ways example entering Answering a security question, everything employs digital access only through technology. Networks and data they need to perform their technical responsibilities. Secondly, different workplace networks prevent all networks from being compromised if a single employee's credentials are So in the sense that the actual security and protection of the tribes is incidental, it processes the importance of any appropriate security and protection of the tribes. This software can be used to verify and identify suspicious digital activity and abuse. The time it refers to, how long it takes to kill the cybercriminals. Persons after their initial network infiltration of the software may seem like them. expensive usb it's very good to continuously monitor the clear details that's first part before it's too late and minimize the infections potentially i was happy cyber incidents social software could consider for monitoring system, anti-virus programs, and the import detection, police and touch management tools. Also, it is very important to conduct routine penetration testing to determine whether the software poses any security gaps or environment vulnerabilities. With such testing, we will determine the product issue flow. should be addressed immediately proper coverage can provide much needed protection finally the solar means incident will be clear that no organization is not even as a technology companies you need to select cyber related process that's why it's crucial to ensure I like that protection against potential cyber incidents like C4U, or for coverage. Make sure your organization works with the trusted computers, professional when navigating these coverage decisions. So more risk management can be assessed, which will help solutions for the customers. Right. When did this happen? very something when 20 10 20 can somebody quickly brief what has happened here this is called a supply chain and a supply chain is what why is it can somebody very briefly tell in even online team can can you briefly tell what has happened here mainly why is it called a supply chain attack other side of course supply chain attacks what is supply chain is connected to solar the dust cover sorry it's connected to the dust cover and that goes connected to the dust covers solar winds solar winds dust covers of course what is solar winds So, it has many customers. So, as Kura said, now, unlike now, most of the other attacks, what do we see? Directly fraudster, where do the fraudster attack? Now, in the Bangladesh case, This Bangladesh Central Bank, their SWIFT system, SWIFT room, reports the attack directly to Bangladesh Central Bank SWIFT room. Directly, they attack. Any other attacks we have come across they directly attack the particular company Right. So the particular company is trying best to protect now there have been some mishandling in the Bangladesh situation, but definitely they would have had many other security Interventions done, tried firewalls the virus guards we discussed previously they might have done that right even in your bank if you take let's say a hypothetical bank the bank might have been covered by firewalls virus cards endpoint detection solutions likewise many other solutions will be there for the organization to be protected so it is protected Hackers will try to direct attack the systems of data users. That is happening, right? Now, here in the solar winds, what happened? There are many organizations like this. Now, there is only one organization here. We go. There are many organizations. One, two, three organization, one organization to online team can see that organization three. the attacker is here hacker or attackers of course they might try attacking here directly in some cases right but rather than that what did they do there is this company called solar winds they manufacture the software called what orion all right what is the purpose of this orion software This is a network monitoring and management system used by many clients. So this Orion software is running in all these organizations. Here it is also Orion. Here it is also Orion. This hacker was smart rather than trying it's very difficult to hack an organization what like pentagon also right because pentagon also there in this list it's not easy what did they do they hacked here at here and put some malware into this orion software now they are running this orion system in this system here they solar winds as the service provider as for any other software like they have to provide the regular patch updates and upgrades so with the new upgrade what did they do before the new upgrade is released hacker puts put his malware into this one so the new upgrade patch when it's sent to here and here and here this hackers patch to offer is now with this which is called sunburst right now sunburst is in this one this sunburst what is the name solar burst Thank you. Thanks. Can you read out the name? Sunburst. Ah, yeah. Sunburst. Right. Sunburst is there. Sunburst is now here. Sunburst is here. So dispatch deployment was done. After this, nobody knows, only the hacker knows, Sunburst is in now. All the clients, it's done. so the supply chain is rather than directly impacting it impacts the service provider or software provider and software provider takes that kick to their client now what this creates a backdoor now they are connected to internet everybody is connected to internet and hackers after some time... Connects to internet and opens this backdrop and get all the details. When I say get all the details, some of the details are not still revealed. What details have been stolen, what details have been changed, what data have been manipulated. No evidence is there yet. Oh, no evidence is revealed. They don't reveal. Because why? That is also dangerous because it involves USA security as well. That is the impact of that attack. But for the sake of calculating the impact, they have calculated the impact. of the attack as the expenses required to reinstall all the systems because to erase this malware system and to reinstall the reinstated systems again that was the cost right Take the system out and put a new system there was a cost they have calculated that's that cost but actual cost of by getting this backdrop is not 90 million how many what is the amount of this one this replacement cost how much $90 million. $90 million was just to replace, take off these infected systems and put the new systems back. It says $90 million. But the impact, the share price, this was $100. by 40% drop to 60 it's a share price suddenly dropping back to 40 plus by by dropping by 40% is a huge loss to a company nearly 50% right half the owners today they are hundred million rich tomorrow they become 60 million you just think how much do you have at your account in your account how much let's say 100 million huh no then 10 million 5 million yeah still save it okay you have five five likes Five lakhs we have in the account. Tomorrow it becomes how much? Just three lakhs. Two lakhs gold straight away because of that somewhere I have done something. Likewise. Okay? so impact financial recovery cost of 90 million 18 000 customers at risk this type of customers well there are 18 000 customers right reputation damage legal ramifications because even very at the very recent time Some customers were trying to get the legal activity, they were going to courts. to file legal actions against SolarWinds. And this went through a long period of time. That relates to a particular kind of attack. What is that attack type? This started in September 2019. They came into the system in September 2019 and no one noticed until March 2020. How many months? At least 6 months. What is the type of attack here? What is it? type of a tank from here ah malaria is there yes right then being six months in the system that's when you take a case study many things come into the picture rather than you just putting the points taking the points on the board or taking the points from the not it's much more comprehensive right now here malware is there then the attacker staying in the system for six months is what type of attack Is it man in the middle attack? Can't be man in the middle attack, staying in the middle attack. Leaders, not Norway. Malware is there, of course. But staying in the middle for six months is what? Crypto-letting is not related here. Social engineering, is it related here? was it not really was it social engineering how did they pick the use id it was not social engineering it was a easy to guess use i faster like uh sanchika puts uh faster like hmb126 company and one two three that employee of solar winds has food SolarWinds 123 never put like that. Now I think you see so and the security engineers don't allow to use those type of passwords, right? No, no password policies has been set. So simple passwords are not allowed now. Then address persistence test? Yes. What is address persistence test? And that's persistence test is that attacker comes into the system silently and stays for a long time by looking at and taking your dealer out and staying doing different things for a long time without your knowledge is advanced persistent threat so this is a advanced persistent threat as well and the nature of the attack is the supply chain attack clear so solar winds or an software hackers embedded the mail line to orion software solar winds distributed the orion new update with the malware and for the sunburst the sun supply exchange exposure should be ignored because your company actually in your level rather not your level probably your security engineers level your resource level they have to be very vigilant what type of software is coming into your organization and as employees you are responsible to ensure that you don't bring in unknown software into your pc so laptops at the office we discussed what happens when you download the vpns and and one one free some sometimes free software right importance of the vendor supplier side security because this supplier has to be secure with access control even there multi-factor authentication was there this shouldn't have been done because maybe easy password will not be a problem there sometimes MF multi-factor authentication was there. Effective security and same detection system should be there. If the backdoors are monitored properly through a intruder prevention system, this should have been avoided by some of the organizations. Finally, it may be possible for insurance cover because this is very very difficult to be avoided because This is not our fault probably, the vendor's fault. But we cannot tell, we cannot wait, stay in that, this vendor's fault, and we cannot get rid of from our customers. Because we are able to, our customers, right? Thousands or millions of our customers. Right. Can you open up? I thought we will not have the time to go through this last time, but we have time. We will quickly go through. I'll just show you a heads up on this. Did you go through this? Now, we discussed about different types of tricks, right? Then we discussed them. details of the test has failed so i just summarize this in the table so that you can memorize this because you can keep this memorized so that in the exam you will get one or two from this to explain and uh brief description then what is the solution available how to avoid and if something happens how to recall as an example virus what is a virus a type of malicious software or malware that attaches itself to a legitimate program or a file When the infected file is open, the virus can spread to other files and damage or steal data. That is virus. Then how do you avoid viruses? Having antivirus software or implementing endpoint detection for endpoint protection. and response solution then you can implement email and the filtering and as well as user education then even after implementing this if a virus field comes into your pc right you have a virus guard but due to maybe sometimes the virus card patch update is not done properly the virus has already come now right then what these are the remedial options recover what do you have maybe isolate the infected system as soon as possible what remove the network avoid Plugging in any other new devices, any other USBs, stop inserting USBs or CDs, right? Then clean or reformat. Sometimes you will have to format. Otherwise, you can't keep it or continue work. So after formatting one, we have to restore from a backup password. So for that, mostly you will have to have a backup of your PC regular. In your office PC, definitely I'm sure your system administrators are maintaining a backup, regular backup, maybe daily or maybe weekly, so that your work is protected at home. How do you do that? At home also you should have a mechanism to protect your data. Maybe so you put it into a Google Drive, go somewhere, upload it somewhere, keep the key work, keep it somewhere else as well so that if your PC's infected still you can format and clean it so that your work is there somewhere else you can put it back right so it's same similar to the others as well so advanced persistent threat there are solutions to avoid then if something happens still how to recover likewise Right, shall we do this past paper quickly? We will not write the entire answer, but we will note down the key points of the answers. Yeah, please read loud. Can the online team see the question paper? Question, past question, past paper question. first we will do this yeah right please go read that uh and now you volunteer to read the question the importance of information security in our lives is investments of organizations in information security but also cyber time risk and cost of data reaches by their very nature financial needs institutions are an effective target for attackers. Also, the data rates cost per capita in the financial industry are among the highest. Investment in information security have also recently become mandatory to achieve credibility for clients and investors' funds and to actually regularly comply. Thus, managed financial institutions need to meet many challenges. That's a brief. So there will be a brief for each and every question, not only for the security question, but all the other stuff, right? So after this brief, probably the key part is the next three questions. First question is what is the information security incident? What is an information security incident? Briefly explain. Can you write yourself a brief answer for that? sure um Hello, my name is I'm a student at the University of Michigan. if you have done that go to the second one also incidents and data breaches what is the difference be very careful when we do this the difference also I highlighted it what is an incident What is a data breach? What is the difference? So, Thank you. Thank you. so moving to the third part also list five types of security attacks and attack vectors again we can call security attack and attack vectors Just be there. okay so what is the first answer can somebody tell very good with the online team vi can you repeat it any any occurrence that threatens the confidentiality integrity or availability of data or information yeah so you can now you have to briefly explain as well then you can you have to add a bit to that here you have to distinguish between incident security incident and the next one still not this is not realized right we don't know whether this actually happened or not this suspect so you can briefly explain the continue you know it has three marks now you get about three marks just putting the exact thing you have put then you have to tell this is actually suspected uh event you have figured out something has gone wrong you have come into suspicious situation where There can be a confidentiality, integrity of availability issue in our system right then the next question uh did the online team get it first uh yeah thanks then uh incidents and data breaches what is the difference now what now we talked about incident right security incident we now in the first part security incident now data breaches how what how do you distinguish now so here you you need to continue to tell again starting from that fifth even maybe first point security incident is a just a suspicious situation where there can be a threat to confidentiality integrity availability of the data in your organization however A data breach is a special situation where the data is at unknown having unauthorized access loss or breached sorry breached in a sense you can say compromised compromised disclosed or unauthorizedly accessed And the disclosure is confirmed as well in a breach. Until the disclosure is confirmed, it is only an incident. Clear? Am I good? Yeah. Did the online team get it clearly? Until a data breach is confirmed, it is only an incident. oh that is called attempted to suspicious event then you have to list five types of security attacks and attack vectors yeah i said you have to be careful right now So for this, you can list down any any night number of attacks, right? We talked about different many attacks. So if it is asked, just simply list down the attacks, or list down the attacks and explain whatever you can explain you straight away name and explain what are the attacks. Malabar, fishing, Trojan. Malva Trojan is a within a Malva right so you have to be careful when you'll be stuck in some of the second parts of the answers you have to think of those Malva category comes and Malva comes as virus Trojan worms isn't it can you remember so in some cases the answer might be okay Malva and Trojan you put together but in some cases you might get stuck now here i'm going to pinpoint some similar thing now see malware virus worm trojans five adware all comes as malware right so when you put malware then again when you put trojan in some cases it will be correct in some answers but in some answers when you go to the second part you'll get stuck here also it's something like that why now what are the others zero day attack man in the middle attack ddos right crypto jacking advanced persistent threats likewise now here this question when you take it specifically say attack and attack vectors now you have to when you view the attack you have to list down the attack vector for that task set so then you have to be careful when you put the first part attack for every attack you need to put the attack vector what is the attack vector what uh what is the meaning of the attack vector how the attack can come to you it's the tag vector what So, attack. Online team, can you see? Yes, sir. First, phishing is an attack, right? Phishing attack. How can the phishing attack come to you? huh? from which? mails yeah email email or you can as soon as soon as it spam email or even sometimes it can be a website like that you can list out that characters right? then um yes of course can be an attack now how what can be a attack vector for that yeah What can we say? We just started with one example today. For Malaya virus, what is the attack vector? Solar winds. Solar winds is a component. For Malaya, attack vector, one vector could be? Maybe. oh my god and there is virus so you know whatever for virus let's say we'll see separate or virus computer virus what is it by external devices yes external devices for usbs tag vector right this can be similar to others as well then for a computer ramil's pc and silvera's pc were connected to the network right so worm can be propagated through the network what else what else can be that other attacks two three still three four another one what are the attacks we have talked about already detours detours attack factories internet you know the detours attack right distributed denial of the service at a Man in the middle attacks. Did you talk about man in the middle attacks? Man in the middle attack can cannot be easily done if there is no network, right? So, network is one. then man in the middle attack can be easily done when there is weak passwords you said weak passwords so this kind of attacks will be easy when there is big passwords some more yeah come with your own idea yeah advanced persistent attacks and transition attacks are the type of solar attack it comes to your system and stay for long time okay what can be the vector there can be many supply chain can be one again the password can be a reason then networks poor network configuration okay so you have to mix and mix sometimes with your legend if you are put this down with propoly If something similar comes, it will not do the same coming in, right? But in first paper questions, they are repeating the questions, right? It is easy. Second paper probably they will have changed. Thank you, Dr. Ilhappanis. the same thing will be rotated in a different way you'll have to answer it in a simply different way okay then uh we saw it for here today and we'll uh do this other answer other question next time and the remaining module as well next time i'll be that will be the last part for uh this semester from digital banking right any questions so far yeah um i think for number of our fortifiers gets updated from next week right do you want to move on let's try to do a couple of exam questions also if we get time because the next one is a very small part but it has a huge content legal are there any lowers here has a very big reference content in a sense big reference list but the content is very small very we can quickly do that right so it doesn't have these questions uh let's meet to next week so let's try to uh be here everybody next week because we will try to do something for the towards exam also thank you

Can the online team hear me? Yes, yes, sir. Good. I think we don't have to wait. We'll start today, right?

Sorry for the delay by me today. I had to go to a medical test. Last week I went to a difficult situation.

so sorry about them getting late uh we talked about virus right i also now thought it's a virus i don't know how much bio bio viruses but now i know about computer virus right computer viruses what happens you get that right so you can see the board right online yes sir can see so in the computer virus there are different viruses we talked about Malware, different malware we talked about. From malware virus, how can it propagate? Mostly through a media.

Like what? yeah tell me now you have to tell if you can be asking your exam also maybe like a usb right you put a you insert a usb to your pc to get some files so download some files suddenly you don't know there have been a virus in the usb and it has come to your pc entire file set of your pc is now infected with the virus how did it happen maybe you don't know if you if you knew it you will not put this usb there right so what could have happened probably you would have used this usb previously in your friends pc or laptop first you have used it here your friends laptop is already infected that came into your usb now this is your soldier's usb right so we have usb now uh puts uh sanchika's pc right full of virus now so we have put it here the virus gets come to here now so that comes and this so we ask easy same usb then virus comes to Entire psoriasis This is how this virus propagates There are other malware which needs not a There is no requirement of a USB or any media What is that? Worms We talked about a malware called worm Can you remember? that doesn't require a usb let's say uh for the moment we we think that uh sanjika and zorya are working in the same office right you are connected to network and you are connected to internet as they Surya by working somewhere goes to some website, right? don't know whether it's a necessary website or unnecessary website whatever it goes to this website but with that website for some reason a backdrop gets opened and a worm comes into surya's pc the surya species now infected with this work now after that it has many different rules and logics implemented based on the logic and the rules implemented if you look for the other pieces now available in the case maybe let's say ramadho is also in the same office It looks for all the other species and propagates it to Ramindu's species.

It propagates to Santigraha. From there it goes to Ramindu, then from Ramindu it goes to Santigraha. Likewise, it spreads out. Now, the viruses to humans are also somewhat similar.

Bio-viruses. Like Surya is here, right? Sanchika is here. Some viruses, you just cough out.

It goes to Sanjika. Like what? Known one is, most famous one is, COVID. It spreads across, just like these worms. You don't have to have any media.

But there are others, you need a media. I got a good reason for that. oh you don't worry yeah this doesn't get properly this one you need a media what is the media type of things what is the media mosquito right you need a mosquito spice It takes the blood with the virus, right? Now, nose and stuck in here, the virus comes.

Only thing you have to be careful is, it's actually mosquito comes. After biting me, it comes there. But I think it's the danger zone is now over for me. So that's why I came today.

So just to clear up the lesson as well as about the situation right so don't have worry about that right so we have two sessions today's session and next week after that all our modules will be over so today we will try to cover up whatever we have been doing on the information security then we'll complete those question fast questions ask the questions uh then we will try to figure out i felt like last week the last part you didn't get it properly i think we will try to summarize it in a better way so that it will be clear for you if a question comes in the exam uh then if we get time sorry we have to do the solar winds case study because i saw it in a sample paper i think The sample paper also in addition to the two bus papers. So we will do the SolarWinds case study in detail. Then if we get time we We'll start the next lesson as well. Otherwise, we will straight away start the lesson next week.

And we will keep some time to do some more other past paper questions. Have you got time to go through the past paper? No, not yet.

When is the exam? Enough time. Yes, enough time.

You're on live, no? Okay. So from the information security we have been talking about this incident response.

Incident response is mainly covering the documentation part. We finally did in the last week, the last couple of sessions. So it covers mainly what?

Information Security Incident Management maintains mainly how to, it explains how to respond to an incident. It mainly covers the documentation part, then the policy part, then the procedure part. It covers confidentiality, integrity, availability, which is the key objectives or goals of our information security subject. What is our key goals? We call it information.

What? What do you call it? Information. Information Security Triad or Security Trial. CIA is our base concept for Information Security Module, this module, right?

so information security incident management mainly covers reporting information security incidents reporting security weaknesses reporting sorry responsibility and procedures what reporting information security incidences what now uh were all of you available when we discussed about Bangladesh central bank attack, some of you were not there, right? Did you go through the case study? Bangladesh East, no. This one? This case study you didn't do.

Did you get the documents? The case study student notes? With the student notes, this has already distributed, this one.

This one? This is a very serious attack happened in the world in the banking history so that this can come as an question to the exam right maybe some of the parts some of the key points so what happened here the entire central bank of Bangladesh the central bank of Bangladesh got hacked by some hackers with the support as said right there are no here evidence or any hard and fast documented evidence it is said that there have been internal support as well internal officers How did this happen? Do you need to go through quickly this?

None of you here are not done with it, right? When I read this, there was some other self. Huh?

Ramithi, were you there? Ah, you were there, right? You were not there.

You want to go through quickly? Shall we quickly go through other islamic, like... Well, I believe sometimes maybe this and the SolarWinds attack are two case studies that are specifically given by the syllabus.

So there's a very high chance that it comes to the related to exam, right? I don't know because I'm not in the preparing of the exam papers, but I guess yes. Can somebody quickly read? you read the three paragraphs then i'm gonna read this second set yeah now can you read now Hi, I am Anandesh from Amistad, India.

I am a student in the Department of Cybersecurity and Cybersecurity Studies. a closer look at them and its impact the results were from this there is also a unique is Infiltrate the VANS system and install the PULSE. The incident highlights the growing random side of the crime network.

Need for input security measures to predict against the extent of the attacks. Second word, the ground. the Bangladesh Bank raised of 2061.80, so this indicator sign that and targeted the central bank of Bangladesh.

The attack began on February 4th 2016 when HECUS created the Bangladesh Bank's computer system using a Malviya phone system. This Malviya called the HECUS to giving access to the bad, safe, bad, safe, safe credentials which were used to communicate with other banks and financial institutions around the world with access to the safe credentials. the anchor said the middle series of transfer request to federal reserve bank of new york requesting the cost of requesting the transfer of funds from the malayalakshman account to various accounts in the campaigns in sri lanka on the request of the names of faith characterized charities and non-profit organizations to transfer making difficult for authority to trace the funds the attack could have been even more he was taking type 4 by the address precise suspicion Among the staff at the Patron Resort, Mallikov University, the LKAS had requested a transfer to a non-existent entity called Sharika Foundation, which prompted the PATH to investigate the transfer.

The Marwadiyas' haste was highly coordinated and well planned to affect the included operation of the Marwadiyas. Social engineering and incidental hackers have gained access to the bank system several weeks before the attack had been studied in the bank operation through mcrs successful attack it's believed that hackers had been in north korea although this has not been officially confirmed Praminder Khan, can you start from here? The attack resulted in the loss of 81 million, which is a significant amount for a country like Bangladesh.

The stolen funds were transferred to the Philippines, where they were loaned to the country's casinos. Although some of the funds were eventually recovered, the incident had a significant impact on the country's economy and the reputation of its banking system. The attack. The Bangla Rage, that has been up for 2016, was a highly-subsidized cyber attack that resorted to the theft of over 31 million from the Central Bank of Bangla Rage.

The attack was a combination of an anarchy and its success as a stark reminder of the importance of robust cybersecurity measures. The attack began on February 4, 2016. When hackers managed to infiltrate the Bangladesh tax computer systems using an app called Alayak, hackers were able to gain access to the Swiss credit system which enabled them to communicate with other banks and financial institutions around the world to transfer funds internationally. Once the hackers had obtained the Swiss credit system, they began to send the periods of transfer reports. to the Federal Reserve Bank of New York.

The hacker digitized the transfers by using the data of the fake charities and altruistic organizations, making it difficult for authorities to trade the funds. The transfer request requested that the funds be transferred from the Bangladesh Baird account to various accounts in the Philippines and Sri Lanka. The Bangladesh Baird site could have been even more catastrophic if the correct site was not identified by the hacker. which is very suspicious among staff at the federal reserve plan for free the hackers had requested the transfer to a non-existent entity called charlotte foundation which prompted the land to investigate the transfer the impact of the gangladesh bank fights were significant both financially and reputation the loss of 81 million was a significant blow to the gangladesh economy and the incident damage the reputation of the country's bank is destroyed although some of the solar funds were eventually recovered the incident highlighted the vulnerability of financial institutions with cyber attacks the recent plan from the bangladesh where high stock is a realistic signal attacks in the future financial institutions must inhibit robust cyber security measures including two-factor authentication and regular security to protect against cyber attacks cyber security awareness training is also essential for employees particularly those who have access to safety safety information Financial institutions worldwide. The attack was highly sophisticated and involved a combination of software-rich engineering inside the health and malware.

The impact of the attack was significantly resulting in the loss of 81 million and damaging the reputation of gang-raised banking systems. The lesson learned from the gang-raised bank price was taken seriously by financial institutions worldwide to prevent similar attacks in the future. In fact, the impact of the Bangladesh debt hike of 2016 was extensive, both in terms of financial loss and reputational damage.

The take-up of 4 months with 81 BDN was significant blow to Bangladesh's economy. Particularly given the size of the country's GDP, the loss of these funds not only affected the central bank but also had a lethal effect to around the country's banking system. Furthermore, the reputation and the making of the Bangladesh Banking System is profound.

The highest expectations of serious government duties in the country's banking industry are such as leaving the public to pay pension, save the insecure, give their money to financial institutions. These lots of tasks have the potential to damage the country's financial sector, reduce investment and help economic growth. Additionally, the long-term risk management has no implications for the global financial system. The use of these credentials facilitates fraudulent transfer, transfer, and demonetization of the responsibility of the international banking system to size the attack.

It also raises concerns about the need for greater collaboration among international regulators to advertise their services to the international banking system. the attacks they are of course the greater oversight of the transaction that provides an institution to implement stronger security measures the incident underscored the importance of cyber security as a critical component of financial stability and highlighted the the to remain vigilant and proactive in their efforts to prevent cyber attacks. License Levels The Bangla-based Black House provided several valuable resources to financial institutions around the world.

Here are some of the key takeaways. Intimate True-Fax Authentication Financial institutions should implement true-fax authentication for all social tasks such as They should require second-layer authentication such as Force-setting to provide device for a binary chip spam tool. two concepts two factors authentication would make it more difficult cyber communication aid access to which tradition credentials and even shared for human concepts can conduct regular security orders regular security orders can be identified by violence within the system before they can be exploited by attacks the manga is have been prevented in the direct capture since the direct have conducted regular security orders of its computer systems these audits include penetration testing, vulnerability assessment and power trainings. See by visual against insider checks the Bangladesh direct has ignored the collaboration of outsiders who provided their access to the direct system financial institutions must be vigilant against insider checks and implement strict access controls and monitoring system. These controls to improve background checks for all their access controls and which continues monitoring those news at least.

Four, provide cyber security and awareness training. Financial institutions must provide cyber security and awareness training to their employees that is in the area who have access to sensitive information. The training to improve their effectiveness of password management and recognizing We see leaders are reporting suspicious activities.

Cybersecurity awareness, trading should be conducted regularly and should be tailored to the specific laws and responsibilities of each employee. Conclusion The Bangra-based Bank Hype from 2016 was so highly sophisticated that it attacked the involuntary infiltration of the bank's computer systems for its engineering and insider health. The attack started in the loss of 81 million and had a significant impact on the knowledge, economy and banking system. Financial institutions must learn from this attack and pay for it too.

pressures to cure similar incidents in the future. These pressures will both implement into track authentication conducting regular security queries being vigilant against the inside of change for any side security awareness to improve. Financial institutions must also stay up to date with the data side security changes and authorities to ensure they are unequally protected.

They should also have incident response plans. in case of cyber attack. These plans should be improved protocols for detecting and maintaining of leads, notified relevant parties and regarding the attack.

In summary, the Congress has set five or four steps to reduce the risk of the increasing set of cyber attacks to financial institutions. It is essential for these institutions to take proactive steps to protect their systems, data and customers by implementing the resources and security conducting regular security officer providing employee training and the same institution can be used to be slow successful cyber attack and protect themselves from significant financial and reputation yeah so what is this damage financial damage how much 81 million dollars if it happened to sri lanka do you think Yeah, very hardly getting some dollars right these days if 81 million dollars put out How did it happen? this central banks they have Shift system, shift system. Just like us, we talk about shift system, right?

You can remember. Every bank in Sri Lanka has shift system enabled to send funds out and get funds from outside for international transactions. Apart from that, the central bank, they often have shift involved.

to have country to country major fund transfers so what has happened here we discussed that shift system when implemented in the bank is implemented in a very secure way right you have a separate room with security access like you have security cards to go inside only can go inside Many security establishments are run in all the banks to ensure the security. Why? It involves millions of dollars of transactions unlike your branch teller. At the branch, what is the maximum amount if a person comes inside can take out?

At the teller counters, you are at a run, you are at a teller. you have to tell us how many how much how much money do you get in the morning cash what 80 million rupees right yourself only or or see what we get 80 million rupees it's a hundred million now here in shift What are we talking about? Millions of hundreds of millions of dollars, right? Let's say a hundred million dollars. Maybe with some transactions.

So if any theft comes in, it will talk about this amount of money. A hundred million dollars going out in Sri Lanka. What do you think these days? Can you remember when you were in the Arab area, Bangladesh helped us with some foreign funds. How much did they give us as a lot?

20 million dollars, right? So just think of the amounts. 81 million dollars were taken out from... This bungalow is center-bound.

How did they try to do this? Some social engineering attack happened. Some people put software called Swift client and got the Swift officer's user and password.

onto this application not to the original one but to this application shift their application how now in your branch you normally look into your co-banking system let's say you once going go go to the branch uh what you do you click double click maybe icon or maybe put the url if it is finical finical straight now maybe if it is whatever other uh go banking system it's for banking screen you just simply put the user in the browser right but what if that is not the original or banking but somebody else's straight what will happen the user id and password will go to that application so what have they done this they have taken this user id and password then recorded in their system right now this user a has put his user id and password now this this is fraudster right Toddster has picked user ID and password. Now it is with him. This can happen at any place if you are not vigilant. Sometimes even phishing happens.

There is often complaints coming in from customers. similar online banking dangers shown to me I put my user ID and password there they think that user password then they use that user ID and password in the original application now they have now hijacked the user ID and password Now what if the user ID and password is there, that's it, we have granted the system. Now, when the user is not there in the office, on a holiday, fraudster comes into the shift system, and they put user s user ID and password and logs in to shift system. and starts issuing fund transfers to whom you'll get this point yeah first they have a system now forward step comes in and introduce a new system called swift plan this office User A thinks this is the normal shift system and they put the user id and password.

This might happen once or twice, right? Sometimes a error message was given and just forget about it. Again put the user id and password and now he starts working because they want only to pick this user id and password. Right? once this user and password is taken they might cause this shift client then allow this user to work normally so he doesn't know that his use and password was social hacked through social engineer he just thought maybe yes if there was a system error again now working right it can happen to you also that's how you have to be careful now let's say you put the user id and password and tries to log in normally what could happen is the co-banking system screen has to come in finagle you get the login screen right after the login screen you get the uh menu screen right in other banking there there will be some other screen but what normally happens in this scenario is You log in, suddenly it goes off.

If something like happens, that happens, you have to inform. Incident reporting is important. If something abnormal happens, report. If you try to log into your online bank... suddenly doesn't go to the online banking that balance and the dashboard page but suddenly goes out and allows you to login again be vigilant that not always but it can be a attempt of social engineering so incident reporting is there for you to act immediately you have to report in different different banks it has been documented under different procedures called commonly what is what it says is you should inform it to a particular maybe security officer information security officer see so chief information security officer likewise there might be some hierarchy you have reported then what now here once they have had the user alien password still then that point onwards the user has been continuously working and going home then next day or maybe after not next day actually after one week on a holiday when the user is not there they come back through the system Login to the system, right?

Now who is logging in? Protester using user as user and password. Now in this system, choose commands to credit funds to other banks. One name, credit pays, other.

Sri Lanka has been right fortunately here there was a case study but I mean if you go through this Bangladesh is in different for another article it says one of the Sri Lankan banks compliance officer has detected this anomaly where the name is incorrect and in inexistent non-existent entity reported immediately to shift reported incident reporting here again right apart from many other technical matters Incident reporting is very very important. So she has, COG, has immediately reported and blocked all the rest of the swift messages coming in from Bangladesh. Fortunately after 81 billion dollars, it stopped.

Otherwise it could have been billions. The bankruptcy, now the Bangladesh going on would have happened those days if this continues, right? So incident reporting is so important.

That's why I turned directly from this point, right? reporting information security incidents is a key point here there are more than one reporting incident actually one is during the event right incident reporting has happened it is not the case study document as a solution but it can come as your creative idea that Fortunately, this remodeling bank has reported it as a decision. Then, probably, if this user A detected some anomaly or abnormal situation when he logs in, he should have reported that this login didn't work properly that day when he tries to login.

Then, there's another. Incident reporting event in this Bangladesh case. What is it?

Probably what? Sometimes... This physical security is so tight in Swift Chrome. They should have had some slight indication of a forced attempt or insider attempt.

Definitely, it's normally impossible for an outsider to get into this Swift Chrome and do that. So this insider... activities should have been detected at some point so that also should have been reported at some point so this is also related to information security incident so I'm relating straight away the case study while we do the case study also for you to understand it well the way is right what is there findings so i'm not going to go into detail again fully on the case and because we already did it last time i'll go quickly go through the key important points some of the key points this bangladesh system had only user id and password This is it, user ID and password. User ID is for Paa. What is the purpose of user ID?

You don't want to have your CID? Is there a purpose? But, how many of you have got two CIDs at the organization?

Do you What is the purpose? How you do? Not only in the OpenSHM, but for many other things, you have a use ID. Use ID is to identify yourself.

Sometimes people mix this. Use ID is to... identify yourself nothing else there's nothing to hide on that much but you have to keep keep it confidentially but the confidential part is what secret secret part is password password these two you said is very into a password these two protect how when you log into the system use id because now in a physical environment now i can identify this is so rare by looking at right for the system can the system identify So when Surya goes into the laptop, today now things are changing right?

Biometric is coming in, those are things different now. So going into that, most of the legacy systems still, now when you go to the laptop and try to log into the Go banking system, how does it identify? Use ID.

If Ramindu puts Surya's use ID, System thinks this is so right. That's it. That's as simple as it.

Today's legacy systems, we have to live with that. Things will change. For the moment, useID is for the identification.

Then password is for the authentication. That means. Make sure that this is exactly Surya. So, use id Surya.

S double, right? S Surya. Surya. Then password xxyy 234, right?

If Surya give surya as user id and this password only it will allow to login after the authentication now in bangladesh system what happened this has user id and the password and that's it so that's why the fraudster were able to get the user id password then just simply put it to the transaction But in the case study, as lessons learned, what do they suggest? How can we minimize the threat of this? How can we minimize this threat?

two factor authentication. This is one factor, single factor. Most of the systems and in Sri Lanka by that time even I think I can remember system has two factor. Systems have been implementing two factor authentication.

Online banking you get the OTP to your mobile. some banks allow biometric as the second factor you need to give the password as well as biometric as for the second factor many banks now have already implemented two factor authentication conduct regular audits while if there is anything any problem in this system within inside A regular audit will help to find out any problems within them. Whether there are no ports in this entry and exit, whether these people are using the use id and password properly all those will be monitored through a proper audit. Be vigilant against Inside the text who are the insiders allowed to use these facilities?

Who are not allowed any people using other than but they have been allowed we keep Identify them then Now have you a see so ...you know banks you have a CISO in most of the banks they have now right I know it can be has most of the most of the banks are commercial all the banks now have CISOs so they had one major part of the chief information security officer is establishing policies and procedures of course and arranging cyber security awareness training as well or guiding the execution team to fund the awareness training. Sometimes you might get this phishing simulation as a part of that. What is a phishing simulation?

They will send a bogus email and see how many of the staff members get caught to that email stating that you will get 20,000 rupees if you click this give the details and they will collect all the staff members who have put the details because why you use id and other details are very very critical to put it into a actual fraudsters uh hype it's very very dangerous so before that see so we'll see who will be vulnerable for those and they will collect them and they will do a special training don't do these things these kind of silly things right now after going through this session you will be aware of that but sometimes be careful the sensor will send such emails right reward and give this give you these details you will go again 25 000 or give gain maybe entitled for the canteen offer something like that Okay, right shall you quickly go through the solar winds attack? acid we didn't Get time to go through this or online team. Please go through this when Suran Rami reads aloud continue to read with them can you see yeah can the online team see the can the online team see the screen now yes right please uh quickly read and we'll try to do this within 20 minutes and uh next we'll do the questions exam questions yeah uh first how many solar wind supply changes in the final month of 2020 first review foreign foreign before you see that infrastructure to gain access to sensitive data from the range of so many partners Welcome to the organization, Slaia.

How are they? Business software updates. The incident ultimately exploded and even sold out customers and led to media dollars in total losses. The attack has been dubbed as one of the largest and most sophisticated cyber incident in US history.

Motivating many organizations to take a closer look at security risks stemming from their supply chains and software providers. Hi, there are various other security measures that organizations can learn by. We will get details of the details.

The organization needs to know the details. The incident first began in September of In the month of May 2019, foreign cybercriminals were able to gain unauthorized access to SolarWinds digital infrastructure. Although it is unclear exactly how the infrastructure was infiltrated, IT experts have confirmed that the hackers likely leveraged highly advanced digital skills to accomplish this feat. From there, the cybercriminals utilized the final month of 2019 test weather, therefore the first step was to detect the potential for a new cybercrime. sunburst into solar wind software.

During this time, the hackers remained undetected within the company's digital infrastructure. For temperament 2020, the cybercriminals officially administrated sunburst into solar wind's traction software product, Orion. Just over one month later, solar wind's underway identity hackers had recognized this product with malaria began sending out Orion software to the company's data center. By installing these updates, infected customers unknown will be introduced the harmful malware to their own technology.

As a result, this malware provided cyber-feminist victim in e-hackery pub. Also known as a digital backdoor to all affected customers. Make sure that all the hacker's details are yet used. This backdoor to compromise customers' sensitive data.

It certainly gave data evidence which is crucial. In total, more than 80,000 SolarWinds customers downloaded the malware and were at risk of potentially having their reports exposed during their time. Because SolarWinds built a reputation as a top US technology company, many of the victimized customers were high-profile organizations and federal agencies. These customers included Microsoft, Intel, Cisco, Deloitte, Astellas, Patreon, and the US Department of... from security justice state commerce attention despite the valdia incident occurring in early 2020 the hackers actually went undiscovered for several more months allowing them to access customer sensitive data in descent of 2020 fire eye cyber security and solar wind customer detection from earlier between inspector and asp factory so we're having on december 11th 2020. IAEA informed SolarWinds of its event.

Days later, SolarWinds reported the attack to the U.S. Security and Exchange Commission. Upon investigating the incident, the federal government transferred that the cyber criminals responsible were likely associated with APT-29, which is a Russian hacking group.

IT experts later told SolarWinds and its infected customers to implement a new method. to control the malware and effectively cross the digital backdoor that the hackers had created. The impact.

Because the incident was relatively recent, its overall impact has been to be seen. As of now, the following consequences resulted from this large scale attack. Recovery costs. Both SolarWings and its impacted customers are expected to incur a combined cost low.

more than 90 million dollars in recovery expenses related to the zero these positive code to investigate in data informing all effects affected parties removing the value from every infected network recovering optimized data and implementing on data such as security protocols to create essential increased the attack infected federal agencies These costs have been potentially trickled down to US tax payers as well. Replicational damage. Considering Solarbeam's maintained and sustainable respect for replication prior to the attack, the technology done well received Significant criticism from customers and the public for its cybersecurity shortcomings after the incident occurred.

In particular, solar leaves were scrutinized for failing to detect cybercriminals in initial activities within its network and remaining unaware that Orion had been injected with malware until prior ice eventual discovery months later. Thank you for watching. While the venture happens due to imperfect Solaris debt, it is not known.

It is soon discovered that a handful of the company's employees possess weak passwords leading up to this event. One employee's password was Solaris 120. Paying it away for any of these legal applications. In January 2020, one month after the details of the incident became public, risk-caught shareholders filed a class action lawsuit against SolarWinds for its cybersecurity failures during the attack. Several months later, the CC announced plans to investigate whether SolarWinds affects customers and dramatically estimated the impact of the incident between their financial reports.

As time goes on, and additional damage come to life it's certainly possible that the both solar wind and these customers would encounter more lawsuits and regulatory files related to the incident they self-serve there are several cyber security takeaways from the solar is attacked specifically the incident emphasized the least particular research so supply chain exposures should be ignored About all, this attack showcased how critical it is for organizations to evaluate and assess security concerns within their compliance, including IT and software providers. Even if an organization follows proper IT policies and procedures internally, the compromised supplier could still end up testing its security and digital assets. Supply chain exposures can stem from various elements, including vendors in the organization.

access to organizational networks, third parties in the data storage measures and suppliers secure overall cybersecurity practices. While it is not possible to totally eliminate supply changes, there are several steps organizations can take to help reduce these exposures and prevent costly attacks such as incorporating cyber risk management into render contracts. This can include requiring vendors to obtain cyber-insurances, having them issue timely notifications regarding cyber-incidents and establishing clear expectations regarding the destruction of data following the termination of center, minimizing access that third parties have to organizational data. Once a vendor or supplier has been selected, it is crucial to work with them to address any existing vulnerabilities and cyber-seekers. Moving forward, suppliers' access to sensitive data should be restricted on an as-needed basis.

Monitoring suppliers' compliance with supply chain management procedures. This may evade adopting a one-size-and-you-are-out policy if a supplier has experienced cyber incidents or failed to meet applicable compliance guidelines. Third parties must prioritize cyber security. As organizations begin to more closely evaluate their supply chain exposures, it is increasingly vital for third-party vendors themselves to adopt effective service security measures. In particular, suppliers need to recognize that private carriers may partner in good order to optimize their larger farms and aid states to prevent such incidents from occurring.

For the past few years, the United Nations has been working closely with the United States Totally resarcting cybersecurity devices but also contribute to reduce client trust and loss of business. By upholding proper digital practices, third party vendors can show their clients that they take security seriously, boost their overall reliability and in some cases secure additional contact. Access controls can offer strong detection.

From there I'm not sure I can generate access controls. protocols for causes and the structure of the two and utilizing and close to travel develop complicated and unique passes for their accounts in addition to changing these passes from a future implementing multi-factor authentication process that should try to increase to clarify their duties abilities in several ways example entering Answering a security question, everything employs digital access only through technology. Networks and data they need to perform their technical responsibilities. Secondly, different workplace networks prevent all networks from being compromised if a single employee's credentials are So in the sense that the actual security and protection of the tribes is incidental, it processes the importance of any appropriate security and protection of the tribes.

This software can be used to verify and identify suspicious digital activity and abuse. The time it refers to, how long it takes to kill the cybercriminals. Persons after their initial network infiltration of the software may seem like them. expensive usb it's very good to continuously monitor the clear details that's first part before it's too late and minimize the infections potentially i was happy cyber incidents social software could consider for monitoring system, anti-virus programs, and the import detection, police and touch management tools.

Also, it is very important to conduct routine penetration testing to determine whether the software poses any security gaps or environment vulnerabilities. With such testing, we will determine the product issue flow. should be addressed immediately proper coverage can provide much needed protection finally the solar means incident will be clear that no organization is not even as a technology companies you need to select cyber related process that's why it's crucial to ensure I like that protection against potential cyber incidents like C4U, or for coverage.

Make sure your organization works with the trusted computers, professional when navigating these coverage decisions. So more risk management can be assessed, which will help solutions for the customers. Right.

When did this happen? very something when 20 10 20 can somebody quickly brief what has happened here this is called a supply chain and a supply chain is what why is it can somebody very briefly tell in even online team can can you briefly tell what has happened here mainly why is it called a supply chain attack other side of course supply chain attacks what is supply chain is connected to solar the dust cover sorry it's connected to the dust cover and that goes connected to the dust covers solar winds solar winds dust covers of course what is solar winds So, it has many customers. So, as Kura said, now, unlike now, most of the other attacks, what do we see?

Directly fraudster, where do the fraudster attack? Now, in the Bangladesh case, This Bangladesh Central Bank, their SWIFT system, SWIFT room, reports the attack directly to Bangladesh Central Bank SWIFT room. Directly, they attack.

Any other attacks we have come across they directly attack the particular company Right. So the particular company is trying best to protect now there have been some mishandling in the Bangladesh situation, but definitely they would have had many other security Interventions done, tried firewalls the virus guards we discussed previously they might have done that right even in your bank if you take let's say a hypothetical bank the bank might have been covered by firewalls virus cards endpoint detection solutions likewise many other solutions will be there for the organization to be protected so it is protected Hackers will try to direct attack the systems of data users. That is happening, right? Now, here in the solar winds, what happened?

There are many organizations like this. Now, there is only one organization here. We go.

There are many organizations. One, two, three organization, one organization to online team can see that organization three. the attacker is here hacker or attackers of course they might try attacking here directly in some cases right but rather than that what did they do there is this company called solar winds they manufacture the software called what orion all right what is the purpose of this orion software This is a network monitoring and management system used by many clients.

So this Orion software is running in all these organizations. Here it is also Orion. Here it is also Orion. This hacker was smart rather than trying it's very difficult to hack an organization what like pentagon also right because pentagon also there in this list it's not easy what did they do they hacked here at here and put some malware into this orion software now they are running this orion system in this system here they solar winds as the service provider as for any other software like they have to provide the regular patch updates and upgrades so with the new upgrade what did they do before the new upgrade is released hacker puts put his malware into this one so the new upgrade patch when it's sent to here and here and here this hackers patch to offer is now with this which is called sunburst right now sunburst is in this one this sunburst what is the name solar burst Thank you.

Thanks. Can you read out the name? Sunburst. Ah, yeah.

Sunburst. Right. Sunburst is there.

Sunburst is now here. Sunburst is here. So dispatch deployment was done. After this, nobody knows, only the hacker knows, Sunburst is in now. All the clients, it's done.

so the supply chain is rather than directly impacting it impacts the service provider or software provider and software provider takes that kick to their client now what this creates a backdoor now they are connected to internet everybody is connected to internet and hackers after some time... Connects to internet and opens this backdrop and get all the details. When I say get all the details, some of the details are not still revealed. What details have been stolen, what details have been changed, what data have been manipulated. No evidence is there yet.

Oh, no evidence is revealed. They don't reveal. Because why?

That is also dangerous because it involves USA security as well. That is the impact of that attack. But for the sake of calculating the impact, they have calculated the impact.

of the attack as the expenses required to reinstall all the systems because to erase this malware system and to reinstall the reinstated systems again that was the cost right Take the system out and put a new system there was a cost they have calculated that's that cost but actual cost of by getting this backdrop is not 90 million how many what is the amount of this one this replacement cost how much $90 million. $90 million was just to replace, take off these infected systems and put the new systems back. It says $90 million. But the impact, the share price, this was $100.

by 40% drop to 60 it's a share price suddenly dropping back to 40 plus by by dropping by 40% is a huge loss to a company nearly 50% right half the owners today they are hundred million rich tomorrow they become 60 million you just think how much do you have at your account in your account how much let's say 100 million huh no then 10 million 5 million yeah still save it okay you have five five likes Five lakhs we have in the account. Tomorrow it becomes how much? Just three lakhs.

Two lakhs gold straight away because of that somewhere I have done something. Likewise. Okay?

so impact financial recovery cost of 90 million 18 000 customers at risk this type of customers well there are 18 000 customers right reputation damage legal ramifications because even very at the very recent time Some customers were trying to get the legal activity, they were going to courts. to file legal actions against SolarWinds. And this went through a long period of time.

That relates to a particular kind of attack. What is that attack type? This started in September 2019. They came into the system in September 2019 and no one noticed until March 2020. How many months? At least 6 months.

What is the type of attack here? What is it? type of a tank from here ah malaria is there yes right then being six months in the system that's when you take a case study many things come into the picture rather than you just putting the points taking the points on the board or taking the points from the not it's much more comprehensive right now here malware is there then the attacker staying in the system for six months is what type of attack Is it man in the middle attack?

Can't be man in the middle attack, staying in the middle attack. Leaders, not Norway. Malware is there, of course. But staying in the middle for six months is what? Crypto-letting is not related here.

Social engineering, is it related here? was it not really was it social engineering how did they pick the use id it was not social engineering it was a easy to guess use i faster like uh sanchika puts uh faster like hmb126 company and one two three that employee of solar winds has food SolarWinds 123 never put like that. Now I think you see so and the security engineers don't allow to use those type of passwords, right? No, no password policies has been set.

So simple passwords are not allowed now. Then address persistence test? Yes. What is address persistence test?

And that's persistence test is that attacker comes into the system silently and stays for a long time by looking at and taking your dealer out and staying doing different things for a long time without your knowledge is advanced persistent threat so this is a advanced persistent threat as well and the nature of the attack is the supply chain attack clear so solar winds or an software hackers embedded the mail line to orion software solar winds distributed the orion new update with the malware and for the sunburst the sun supply exchange exposure should be ignored because your company actually in your level rather not your level probably your security engineers level your resource level they have to be very vigilant what type of software is coming into your organization and as employees you are responsible to ensure that you don't bring in unknown software into your pc so laptops at the office we discussed what happens when you download the vpns and and one one free some sometimes free software right importance of the vendor supplier side security because this supplier has to be secure with access control even there multi-factor authentication was there this shouldn't have been done because maybe easy password will not be a problem there sometimes MF multi-factor authentication was there. Effective security and same detection system should be there. If the backdoors are monitored properly through a intruder prevention system, this should have been avoided by some of the organizations. Finally, it may be possible for insurance cover because this is very very difficult to be avoided because This is not our fault probably, the vendor's fault.

But we cannot tell, we cannot wait, stay in that, this vendor's fault, and we cannot get rid of from our customers. Because we are able to, our customers, right? Thousands or millions of our customers. Right. Can you open up?

I thought we will not have the time to go through this last time, but we have time. We will quickly go through. I'll just show you a heads up on this. Did you go through this? Now, we discussed about different types of tricks, right?

Then we discussed them. details of the test has failed so i just summarize this in the table so that you can memorize this because you can keep this memorized so that in the exam you will get one or two from this to explain and uh brief description then what is the solution available how to avoid and if something happens how to recall as an example virus what is a virus a type of malicious software or malware that attaches itself to a legitimate program or a file When the infected file is open, the virus can spread to other files and damage or steal data. That is virus.

Then how do you avoid viruses? Having antivirus software or implementing endpoint detection for endpoint protection. and response solution then you can implement email and the filtering and as well as user education then even after implementing this if a virus field comes into your pc right you have a virus guard but due to maybe sometimes the virus card patch update is not done properly the virus has already come now right then what these are the remedial options recover what do you have maybe isolate the infected system as soon as possible what remove the network avoid Plugging in any other new devices, any other USBs, stop inserting USBs or CDs, right?

Then clean or reformat. Sometimes you will have to format. Otherwise, you can't keep it or continue work. So after formatting one, we have to restore from a backup password. So for that, mostly you will have to have a backup of your PC regular.

In your office PC, definitely I'm sure your system administrators are maintaining a backup, regular backup, maybe daily or maybe weekly, so that your work is protected at home. How do you do that? At home also you should have a mechanism to protect your data. Maybe so you put it into a Google Drive, go somewhere, upload it somewhere, keep the key work, keep it somewhere else as well so that if your PC's infected still you can format and clean it so that your work is there somewhere else you can put it back right so it's same similar to the others as well so advanced persistent threat there are solutions to avoid then if something happens still how to recover likewise Right, shall we do this past paper quickly? We will not write the entire answer, but we will note down the key points of the answers.

Yeah, please read loud. Can the online team see the question paper? Question, past question, past paper question. first we will do this yeah right please go read that uh and now you volunteer to read the question the importance of information security in our lives is investments of organizations in information security but also cyber time risk and cost of data reaches by their very nature financial needs institutions are an effective target for attackers.

Also, the data rates cost per capita in the financial industry are among the highest. Investment in information security have also recently become mandatory to achieve credibility for clients and investors' funds and to actually regularly comply. Thus, managed financial institutions need to meet many challenges.

That's a brief. So there will be a brief for each and every question, not only for the security question, but all the other stuff, right? So after this brief, probably the key part is the next three questions. First question is what is the information security incident? What is an information security incident?

Briefly explain. Can you write yourself a brief answer for that? sure um Hello, my name is I'm a student at the University of Michigan.

if you have done that go to the second one also incidents and data breaches what is the difference be very careful when we do this the difference also I highlighted it what is an incident What is a data breach? What is the difference? So, Thank you. Thank you. so moving to the third part also list five types of security attacks and attack vectors again we can call security attack and attack vectors Just be there.

okay so what is the first answer can somebody tell very good with the online team vi can you repeat it any any occurrence that threatens the confidentiality integrity or availability of data or information yeah so you can now you have to briefly explain as well then you can you have to add a bit to that here you have to distinguish between incident security incident and the next one still not this is not realized right we don't know whether this actually happened or not this suspect so you can briefly explain the continue you know it has three marks now you get about three marks just putting the exact thing you have put then you have to tell this is actually suspected uh event you have figured out something has gone wrong you have come into suspicious situation where There can be a confidentiality, integrity of availability issue in our system right then the next question uh did the online team get it first uh yeah thanks then uh incidents and data breaches what is the difference now what now we talked about incident right security incident we now in the first part security incident now data breaches how what how do you distinguish now so here you you need to continue to tell again starting from that fifth even maybe first point security incident is a just a suspicious situation where there can be a threat to confidentiality integrity availability of the data in your organization however A data breach is a special situation where the data is at unknown having unauthorized access loss or breached sorry breached in a sense you can say compromised compromised disclosed or unauthorizedly accessed And the disclosure is confirmed as well in a breach. Until the disclosure is confirmed, it is only an incident. Clear?

Am I good? Yeah. Did the online team get it clearly?

Until a data breach is confirmed, it is only an incident. oh that is called attempted to suspicious event then you have to list five types of security attacks and attack vectors yeah i said you have to be careful right now So for this, you can list down any any night number of attacks, right? We talked about different many attacks. So if it is asked, just simply list down the attacks, or list down the attacks and explain whatever you can explain you straight away name and explain what are the attacks. Malabar, fishing, Trojan.

Malva Trojan is a within a Malva right so you have to be careful when you'll be stuck in some of the second parts of the answers you have to think of those Malva category comes and Malva comes as virus Trojan worms isn't it can you remember so in some cases the answer might be okay Malva and Trojan you put together but in some cases you might get stuck now here i'm going to pinpoint some similar thing now see malware virus worm trojans five adware all comes as malware right so when you put malware then again when you put trojan in some cases it will be correct in some answers but in some answers when you go to the second part you'll get stuck here also it's something like that why now what are the others zero day attack man in the middle attack ddos right crypto jacking advanced persistent threats likewise now here this question when you take it specifically say attack and attack vectors now you have to when you view the attack you have to list down the attack vector for that task set so then you have to be careful when you put the first part attack for every attack you need to put the attack vector what is the attack vector what uh what is the meaning of the attack vector how the attack can come to you it's the tag vector what So, attack. Online team, can you see? Yes, sir. First, phishing is an attack, right? Phishing attack.

How can the phishing attack come to you? huh? from which? mails yeah email email or you can as soon as soon as it spam email or even sometimes it can be a website like that you can list out that characters right? then um yes of course can be an attack now how what can be a attack vector for that yeah What can we say?

We just started with one example today. For Malaya virus, what is the attack vector? Solar winds. Solar winds is a component. For Malaya, attack vector, one vector could be?

Maybe. oh my god and there is virus so you know whatever for virus let's say we'll see separate or virus computer virus what is it by external devices yes external devices for usbs tag vector right this can be similar to others as well then for a computer ramil's pc and silvera's pc were connected to the network right so worm can be propagated through the network what else what else can be that other attacks two three still three four another one what are the attacks we have talked about already detours detours attack factories internet you know the detours attack right distributed denial of the service at a Man in the middle attacks. Did you talk about man in the middle attacks? Man in the middle attack can cannot be easily done if there is no network, right? So, network is one.

then man in the middle attack can be easily done when there is weak passwords you said weak passwords so this kind of attacks will be easy when there is big passwords some more yeah come with your own idea yeah advanced persistent attacks and transition attacks are the type of solar attack it comes to your system and stay for long time okay what can be the vector there can be many supply chain can be one again the password can be a reason then networks poor network configuration okay so you have to mix and mix sometimes with your legend if you are put this down with propoly If something similar comes, it will not do the same coming in, right? But in first paper questions, they are repeating the questions, right? It is easy.

Second paper probably they will have changed. Thank you, Dr. Ilhappanis. the same thing will be rotated in a different way you'll have to answer it in a simply different way okay then uh we saw it for here today and we'll uh do this other answer other question next time and the remaining module as well next time i'll be that will be the last part for uh this semester from digital banking right any questions so far yeah um i think for number of our fortifiers gets updated from next week right do you want to move on let's try to do a couple of exam questions also if we get time because the next one is a very small part but it has a huge content legal are there any lowers here has a very big reference content in a sense big reference list but the content is very small very we can quickly do that right so it doesn't have these questions uh let's meet to next week so let's try to uh be here everybody next week because we will try to do something for the towards exam also thank you

Transcript for:Understanding Computer and Bio Viruses

Transcript for:
Understanding Computer and Bio Viruses