course_notes

CFC Week 4: Cybercrime mitigations

CFC Week 4: Cybercrime mitigations

Learning outcomes

  • List and describe the various mitigation strategies.
  • Understand that there is a constant arms race between criminals and investigators.

List four mitigation strategies

Engineering
Securing computers and networks crippling botnet operations.
Law
Effectively prosecuting malware authors and their associates.
Economics
Making sure that cybercriminals don’t make money.
Education
Increasing user awareness of cybercrime threats.

Two types of Intrusion detection system (IDS)

Misuse-based IDS
rely on models of malicious behaviour to identify matching entries in the event stream
Anomaly-based IDS
rely on models of normal behaviour to identify anomalous entries in the event stream

List engineering mitigations techniques

  1. antivirus software
  2. intrusion detection
  3. patch vulnerabilities
  4. Blacklist
  5. mitigate blackhat search engine optimisation
  6. DNS sinkholing (ISPs can avoid directing their clients to domains that are known to be malicious)
  7. Dynamically allocating the resources (against DDoS)

How to take down a botnet?

  1. seize active C&C servers (law enforcement/ ISPs)
  2. mitigate existing infections (DNS sinkholing)
  3. clean up infected computers (redirect the user and teach them how to)

How to improve user awareness for reducing the rate of malware infections

Educations on:

  • Social engineering, how to avoid installing scareware
  • Software updates, how to keep systems up to date to avoid driven-by download attacks
  • Scams, how not to be money mule or reshipping mule scams

Why arrest criminals is more effective

  • Attackers could always set up a new operation

  • Botnet is easy to set up

  • Attackers learn from the takedown and make the operation more resilient

Two reasons for taking down C&C servers:

  1. Because the act of misusing computers through malware is illegal
  2. Because the operations that the botnet carried out are illegal

List economics mitigation strategies

  • Raise domain cost to curb misuse
  • ISPs need to keep good relations with each other
  • Banks need to keep good relationships with other financial institutions which force rogue banks to stop doing business with cybercriminals
digital_forensics
Licensed under CC BY-NC-SA 4.0
Last updated on May 07, 2022 23:12 +0100
comments powered by Disqus
© 2022 Under The Ginkgo
Cogito, ergo sum
Built with Hugo
Theme Stack designed by Jimmy