Most Common Security Threats in the E-commerce Environment Malicious code(malware, exploits) backdoors introduce viruses, worms, etc that allow an attacker to remotely access a computer 6 Botnets are a collection of captured bot computers or zombies used to send spam, DDos attacks, steal information from computers and store network traffic for later analysis Bots as in robots are malicious code that can be covertly installed on a computer when connected to the internet. Once installed, they respond to external commands from the attacker Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-12
Most Common Security Threats in the E-commerce Environment ◼ Malicious code (malware, exploits) ❖ Backdoors introduce viruses, worms, etc. that allow an attacker to remotely access a computer ❖ Botnets are a collection of captured bot computers or zombies used to send spam, DDoS attacks, steal information from computers, and store network traffic for later analysis. ❖ Bots, as in robots, are malicious code that can be covertly installed on a computer when connected to the internet. Once installed, they respond to external commands from the attacker Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-12
Most Common Security Threats (cont a Potentially unwanted programs(PUPs) 6 Example vista antispyware 20 13 infects computers running vista .o Browser parasites changes your computer settings "o Adware displays calls for pop -up ads when you visit sites o Spyware may be used to obtain information such as keystrokes, email, IMet Phishing o Social engineering relies on human curiosity, greed, and gullibility to trick users into taking action that results into downloading malware 今上- mau scams .o Spear-phishing spear phishing messages appear to come from a trusted source .o Identity fraud /theft Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-13
Most Common Security Threats (cont.) ◼ Potentially unwanted programs (PUPs) ❖ Example Vista antispyware 2013 infects computers running Vista ❖ Browser parasites changes your computer settings ❖ Adware displays calls for pop-up ads when you visit sites ❖ Spyware may be used to obtain information such as keystrokes, email, IM etc. ◼ Phishing ❖ Social engineering relies on human curiosity, greed, and gullibility to trick users into taking action that results into downloading malware ❖ E-mail scams ❖ Spear-phishing spear phishing messages appear to come from a trusted source ❖ Identity fraud/theft Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-13
Most Common Security Threats (cont Hacking hackers gain unauthorized access a White hat role is to help identify and fix vulnerabilities Black hatintent on causing hard Grey hat breaks in to expose flaws and report them without disrupting the company. They may even try to profit from the event crackers have criminal intent Hacktivist are politically motivated (Green Peace) Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-14
Most Common Security Threats (cont.) ◼ Hacking ❖Hackers gain unauthorized access ◼ White hat role is to help identify and fix vulnerabilities ◼ Black hat intent on causing hard ◼ Grey hat breaks in to expose flaws and report them without disrupting the company. They may even try to profit from the event ❖Crackers have criminal intent ❖Hacktivist are politically motivated (Green Peace) Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-14
Most Common Security Threats (cont ■ Cybervandalisn: Disrupting, defacing, destroying Web site ■ Data breach Losing control over corporate information to outsiders Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-15
Most Common Security Threats (cont.) ◼ Cybervandalism: ❖Disrupting, defacing, destroying Web site ◼ Data breach ❖Losing control over corporate information to outsiders Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-15
Insight on Business: Class Discussion We Are Legion What organization and technical failures led to the data breach on the PlayStation Network? Are there any positive social benefits of hacktivism? Have you or anyone you know experienced data breaches or cybervandalism? Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-16
Insight on Business: Class Discussion We Are Legion ◼ What organization and technical failures led to the data breach on the PlayStation Network? ◼ Are there any positive social benefits of hacktivism? ◼ Have you or anyone you know experienced data breaches or cybervandalism? Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-16