PowerPoint Presentation

[Audio] Hi, everyone Welcome to our presentation on a spambot event ..

[Audio] Presentation describes the cyber attack that occurred on a Nepalese ISP provider, including how it happened, how it was handled, and the techniques used to identify, track, and analyze online spambots..

[Audio] This is our team . Ganesh Uprety , Ramesh Amgai and Kapil Raj Shrestha . We're thrilled to have you all watching our presentation..

[Audio] Lets begin with the introduction. Speaking generally, bots are computer programs that execute repetitive tasks, and they usually operate over the Internet. A spam bot is a specific type of bot that sends (or helps with sending) spam messages..

[Audio] Before getting into an actual event occurred ,first let us know how are bots used for email-spams. Email address harvesting is carried out by bots that scan webpages, look for text that follows the email address format . Once spam bots have an account or otherwise have access to a platform, they will start pushing out spam messages according to a predetermined (by the bot creator) set of rules..

[Audio] One of the biggest internet service providers in Nepal, Vianet Communications, had a " Service Outage in 2020" due to a significant DDOS attack that included downloading bots attached to spam emails sent to its consumers. The attackers bombarded their targets with a variety of attack strategies until one was successful..

[Audio] The incident has been broken down into phases in a series of descriptions. On stage 1 Malicious party had identified the flaw in its intended Internet service provider, Vianet. Attacker Discovered a weakness in online applications and human behavior and Spam messages were distributed to the users and employees of the organization through a reliable source..

[Audio] On stage two attacker infected the user via malware. Spambot activated the trojan viruses, causing the end users, business computers and IoT devices to get infected and have their security compromised..

[Audio] On stage 3 The involved infected devices in the botnet are organized by hackers who also devise a means for controlling them remotely. sizable zombie network was used to control thousands of devices during the operation and the attacker was able to access the targeted computers and devices with administrative privileges..

[Audio] On stage 4 Attacker Co-ordinated Distributed denial of service attack on ISP server..

[Audio] Now lets have a look on changes implemented by the company . They identified network unusual activities and Started Network monitoring , keeping records on network performance and user activity using various tools..

[Audio] They investigated failed login attempts and started tracking failed attempts which helped It staff to establish a baseline and setup alerts for any spikes..

[Audio] They updated system software and implemented a proactive infrastructure patching programme..

[Audio] They deployed purpose built botnet detection solution and started realtime behavioral analysis using various tools to identify network irregularities to stop botnet activities ..

[Audio] Also network intrusion detection system is utilized across the network which helped track network activity and look for suspicious patterns in incoming packets to find malicious activity..

[Audio] And prohibited p2p downloading in business network..

[Audio] Also implemented two factor authentication and stronger credentials and notified user to prevent botnet malware from accessing the device using 2FA and Modified default login information.

[Audio] They started awareness among the user and employee to be aware of software and system flaws.

[Audio] Lets talk on policies to implement . There are three different policies to be used . i.e Issue specific policy, Master policy and firewall policy which will help to cover up functional issue , establish securities objectives and describes the type of traffic that should allow and deny..

[Audio] They implemented comprehensive security policy with different control types . Physical controls, technical controls and administrative controls . Which prevents them safeguarding unauthorized access to the hardware and software..

Preventive Controls. prevent unauthorized or undesirable conduct..

[Audio] There are various policies to be implemented by organization. Some of the comprehensive security policies used are acceptable use policy, remote access policy, access control policy and server malware protection policy..

[Audio] They carried out various security policy with compliance . That is Email policy and social engineering awareness policy . Email policy covers up appropriate use of any email sent from organizations email address and applies to all employees, vendors, and agents operating on behalf of vianet communications.

[Audio] Under compliance measurement The Infosec team will verify compliance to this policy through various methods. And Any exception to the policy must be approved by the Infosec team in advance and if an employee found to have violated this policy may be subject to disciplinary action..

[Audio] Social engineering policy clearly outlines protection of assets to defend the integrity and confidentiality of Vianet's resources ..

[Audio] Under compliance measurement the Infosec team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner..

[Audio] In this paper The article described the cyber attack that occurred on a Nepalese ISP provider, including how it happened, how it was handled, and the techniques used to identify, track, and analyze online spambots and reviewed over the adjustments that the organization made to ensure that such incidents never occurred again..

[Audio] Thank you all.. Teams. . Introduction. About the event.