1
00:00:01,020 --> 00:00:02,930
<v ->Common Delivery Methods.</v>

2
00:00:02,930 --> 00:00:05,400
There are a myriad of ways that your computer

3
00:00:05,400 --> 00:00:07,230
can get infected with malware.

4
00:00:07,230 --> 00:00:10,530
But by far, the most common ones come from software,

5
00:00:10,530 --> 00:00:12,510
messaging, and media.

6
00:00:12,510 --> 00:00:15,840
Software and messaging are things like email programs,

7
00:00:15,840 --> 00:00:19,030
peer-to-peer networks like BitTorrent, FTP servers,

8
00:00:19,030 --> 00:00:21,540
and pretty much any other way that we communicate

9
00:00:21,540 --> 00:00:23,700
from one computer to another.

10
00:00:23,700 --> 00:00:24,970
When I'm talking about media,

11
00:00:24,970 --> 00:00:27,790
we're talking about things like CDs and DVDs,

12
00:00:27,790 --> 00:00:30,490
USB thumb drives, external hard drives,

13
00:00:30,490 --> 00:00:33,910
tape backups, and even old school floppy disks.

14
00:00:33,910 --> 00:00:35,570
Now, I know what you're thinking.

15
00:00:35,570 --> 00:00:37,940
Jason, I'm smart enough not to pick up

16
00:00:37,940 --> 00:00:39,630
some USB drive off the ground

17
00:00:39,630 --> 00:00:42,040
and take some disks that I don't know where they came from,

18
00:00:42,040 --> 00:00:43,990
and slide it into my work computer.

19
00:00:43,990 --> 00:00:44,880
But guess what?

20
00:00:44,880 --> 00:00:47,400
This stuff happens every single day.

21
00:00:47,400 --> 00:00:50,260
Often it's because our human nature is to be nice,

22
00:00:50,260 --> 00:00:53,000
and we're trusting and we want to be helpful to people.

23
00:00:53,000 --> 00:00:55,590
So somebody comes over to your cubicle with a USB drive

24
00:00:55,590 --> 00:00:57,290
and says, hey I got three minutes

25
00:00:57,290 --> 00:00:59,000
before I got to give this presentation.

26
00:00:59,000 --> 00:01:01,350
Can you please print out my slide deck for me?

27
00:01:01,350 --> 00:01:03,810
Will you take that and put it in your drive?

28
00:01:03,810 --> 00:01:05,110
Well, you might.

29
00:01:05,110 --> 00:01:06,370
A lot of people do.

30
00:01:06,370 --> 00:01:08,270
And when they do that, there could be malware

31
00:01:08,270 --> 00:01:11,620
on that USB drive and we just infected the network.

32
00:01:11,620 --> 00:01:13,940
So, beyond plugging in a USB drive

33
00:01:13,940 --> 00:01:15,720
or a CD that you found on the floor,

34
00:01:15,720 --> 00:01:18,310
what's another place that you can get infected from?

35
00:01:18,310 --> 00:01:20,960
Well, there's a thing known as a watering hole.

36
00:01:20,960 --> 00:01:22,520
But before we talk about it in computers,

37
00:01:22,520 --> 00:01:25,010
let's talk about a watering hole in the real world.

38
00:01:25,010 --> 00:01:27,630
If you go to Africa, there's a lot of desert there,

39
00:01:27,630 --> 00:01:29,160
and the animals need water.

40
00:01:29,160 --> 00:01:31,370
And so when they find a lake or an oasis,

41
00:01:31,370 --> 00:01:33,690
the animals will gather there and they'll drink the water,

42
00:01:33,690 --> 00:01:34,670
and then they'll go off

43
00:01:34,670 --> 00:01:36,340
and they'll do what animals do all day.

44
00:01:36,340 --> 00:01:37,760
And eventually they'll come back

45
00:01:37,760 --> 00:01:39,470
because they need more water again.

46
00:01:39,470 --> 00:01:41,550
And they'll do this time and time again.

47
00:01:41,550 --> 00:01:44,970
So watering holes are a place that people have to return to,

48
00:01:44,970 --> 00:01:46,660
or in this case, animals.

49
00:01:46,660 --> 00:01:48,510
Now, what does this have to do with your business

50
00:01:48,510 --> 00:01:49,690
and with computers?

51
00:01:49,690 --> 00:01:51,930
Well, it's the exact same concept.

52
00:01:51,930 --> 00:01:54,220
There's a lot of us who have routine habits,

53
00:01:54,220 --> 00:01:56,440
where we do the same thing day in and day out.

54
00:01:56,440 --> 00:01:59,460
And those places that we go are our watering holes.

55
00:01:59,460 --> 00:02:02,050
For example, every morning my wife gets up,

56
00:02:02,050 --> 00:02:04,730
she gets her cup of coffee, she logs into Facebook

57
00:02:04,730 --> 00:02:06,570
and she starts scrolling her feed.

58
00:02:06,570 --> 00:02:08,300
For her, that would be a watering hole.

59
00:02:08,300 --> 00:02:11,090
It's something she goes to every single day.

60
00:02:11,090 --> 00:02:13,790
Are there those type of things inside your business?

61
00:02:13,790 --> 00:02:16,330
Maybe there's a supplier that you go to every single day

62
00:02:16,330 --> 00:02:18,030
to check your invoices.

63
00:02:18,030 --> 00:02:19,740
Well, if you think about this,

64
00:02:19,740 --> 00:02:22,370
an attacker can figure out where that website is

65
00:02:22,370 --> 00:02:23,720
that you go to every day.

66
00:02:23,720 --> 00:02:25,690
And if they can go and attack that company

67
00:02:25,690 --> 00:02:28,490
and embed viruses or malware into their website,

68
00:02:28,490 --> 00:02:31,070
when you go to the website to do regular work,

69
00:02:31,070 --> 00:02:32,690
like pulling your invoices,

70
00:02:32,690 --> 00:02:34,730
you can also be pulling that virus.

71
00:02:34,730 --> 00:02:37,970
So their website now becomes a watering hole for malware.

72
00:02:37,970 --> 00:02:40,480
And the malware that sits there behind that website

73
00:02:40,480 --> 00:02:42,240
will get potential victims.

74
00:02:42,240 --> 00:02:43,970
Now, if they got your supplier

75
00:02:43,970 --> 00:02:46,210
and they got all the people who visit the supplier,

76
00:02:46,210 --> 00:02:48,520
they can ultimately get you too.

77
00:02:48,520 --> 00:02:49,630
There are lots of things

78
00:02:49,630 --> 00:02:51,670
that can create watering holes for us.

79
00:02:51,670 --> 00:02:54,410
There's an automated toolkit called an exploit kit

80
00:02:54,410 --> 00:02:57,200
that makes this really easy to do as an attacker.

81
00:02:57,200 --> 00:02:59,560
Fortunately for us, a lot of websites

82
00:02:59,560 --> 00:03:01,240
that are watering holes and places

83
00:03:01,240 --> 00:03:04,540
that we go every single day, are very well secured.

84
00:03:04,540 --> 00:03:07,210
If you think of a place like Facebook or Google,

85
00:03:07,210 --> 00:03:09,250
they have teams of cyber security experts

86
00:03:09,250 --> 00:03:12,180
working to keep their site up and keep it safe.

87
00:03:12,180 --> 00:03:13,650
Unfortunately for us though,

88
00:03:13,650 --> 00:03:15,730
attackers are really smart people.

89
00:03:15,730 --> 00:03:17,970
And if they know that you go to Facebook all the time,

90
00:03:17,970 --> 00:03:20,250
they're going to try to figure out a way to still trick you.

91
00:03:20,250 --> 00:03:23,450
And they might do something that's known as Typosquatting.

92
00:03:23,450 --> 00:03:25,460
I have an example here on the screen.

93
00:03:25,460 --> 00:03:28,020
My website is DionTraining.com.

94
00:03:28,020 --> 00:03:29,720
Now, if you look at the one on the bottom,

95
00:03:29,720 --> 00:03:32,420
it says DionTrainings.com.

96
00:03:32,420 --> 00:03:35,580
Now I have a happy face and a sad face, why is that?

97
00:03:35,580 --> 00:03:38,180
Well, the happy face is on our official website,

98
00:03:38,180 --> 00:03:39,690
DionTraining.com.

99
00:03:39,690 --> 00:03:42,070
That's the one that we own, that's the good site.

100
00:03:42,070 --> 00:03:44,760
That's the site that is secure and ready to go.

101
00:03:44,760 --> 00:03:46,940
I don't own DionTrainings.com,

102
00:03:46,940 --> 00:03:48,990
but if an attacker was to try to spoof you,

103
00:03:48,990 --> 00:03:51,140
they might buy DionTrainings.com

104
00:03:51,140 --> 00:03:53,290
thinking that you might add an extra S

105
00:03:53,290 --> 00:03:55,480
and have a typo at the end of my domain name

106
00:03:55,480 --> 00:03:58,150
when you're trying to go and log in to your course.

107
00:03:58,150 --> 00:03:59,680
And if they have control of that site,

108
00:03:59,680 --> 00:04:01,480
they might clone it to look like my site.

109
00:04:01,480 --> 00:04:03,120
And they might place malware there

110
00:04:03,120 --> 00:04:04,690
and then use that as a watering hole

111
00:04:04,690 --> 00:04:07,140
to try to go after all of my students.

112
00:04:07,140 --> 00:04:09,970
Now, that's just the example of how watering holes work

113
00:04:09,970 --> 00:04:12,290
in an effective way around businesses.

114
00:04:12,290 --> 00:04:15,480
So, maybe you don't have Facebook, you have Facebooks.

115
00:04:15,480 --> 00:04:18,010
Maybe you have something that is spelled just a little off,

116
00:04:18,010 --> 00:04:20,180
like Yahoo with three O's.

117
00:04:20,180 --> 00:04:22,140
That's the idea of a Typosquatting.

118
00:04:22,140 --> 00:04:24,570
And then you can have a website behind it

119
00:04:24,570 --> 00:04:27,820
that is a watering hole for the attack.