protecting institutional data in a digitally connected world · 2017-07-27 · protecting...
Post on 11-Jun-2018
213 Views
Preview:
TRANSCRIPT
An Analysis of Perspect ives in Cyber Secur i ty
Vadim Pogul ievsky
July 2017
Protecting Institutional Data
in a Digitally Connected World
About me
• Vadim Pogulievsky
• Security Expert
• Building Cyber Security
products for last 15 years
• Led Cyber Security Research
teams for Finjan, McAfee,
Verint and few others
• This is my first time in Nigeria
• Few boring definitions
• A bit of History
• What is APT?
• Attacker’s motivation• Hacktivizm
• Cyber Crime
• Cyber Warfare
• Real Life attack examples
• What to expect next?
Agenda
An attempt to damage, disrupt, or gain unauthorized
access to a computer, computer system, or electronic
communications network.
Cyber-Attack
Hackera person who circumvents security and breaks into a
Computer/Network usually with malicious intent
Who is behind it?
• MALWARE - The word comes from the term
"MALicious softWARE.“
• Malware is any software that infects and/or
damages a computer system without the owner's
knowledge or permission.
Hacker’s arsenal
MalwareViruses
Trojans
Rootkits Worms
Spyware
Adware
History Malware1971 Creeper Virus
1982 Elk Cloner
1986 Brain Virus
1991 Michelangelo Virus
1999 Melissa Virus
2000 ILOVEYOU
2003 SQL Slammer
2005 Commwarrior-A
2005 Koobface
2008 Conficker
2010 Stuxnet
2013 CryptoLocker
2014 Regin
2016 Mirai
2017 WannaCry
2017 NotPetya
Advanced Persistent Threats (APT)
“Advanced"
signifies sophisticated techniques
“Persistent
suggests that a victim
is continuously monitored
“Threat”
indicates human involvement
in orchestrating an attack
Motivation - Hacktivism
• Why? “Because I can..”, Ideological reasons
• Attackers? Individuals, “script kiddies” or small hackers
groups.
• Targets? Ideological opponents or anyone else..
• Technique? DoS, Web sites attacks (admin panel takeover,
defacements, etc)
• Tools? Mostly basic, common, free
• How Much? 10-15 years ago it was a mainstream, now – less,
but still can be painful
• Example
Hacktivism Anonymous
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us
• #OpTrump
• #OpKillingBay
• #OpWhales
• #OpIsrael
• #OpAfrica
Hacktivism The Shadow Brokers• Equation Group Cyber
Weapons Auction – Invitation
• Message #5 - TrickOrTreat
• Message #6 - BLACK FRIDAY /
CYBER MONDAY SALE
• Don't Forget Your Base
• Lost in Translation
Motivation - Cyber Crime• Why? Money
• Attackers? It’s an entire industry. Cyber criminals.
• Targets? Companies, Individuals
• Attack Types? CC Stealers, Bank account compromise, Ransom
• Technique? Social engineering, Botnets, Point-of-Sale, DDoS
• Tools? Professional level: Exploit Kits, Financial/PoS/Crypters
malwares, DDoS tools/malware
• How Much? A lot! All the time! This is the main danger in the Internet
for last 8-10 years.
• Example
Cybercrime Angler Exploit Kit
“Angler activity that they observed
and is likely generating more than $30 million annually”
– Cisco
Motivation - Cyber Warfare• Why? Political reasons, Technology, War
• Attackers? Governments (by Military Cyber units)
• Targets? Industry, Critical Infrastructure, Governments
• Attack types? APTs
• Technique? Combined targeted attack that includes any
available attack vector
• Tools? Specially developed, 0-day exploits, unique malware
• How Much? It’s just a beginning..
• Example?
What is next? More Ransomware
• Global ransomware damages are predicted to exceed $5 billion in 2017
• Number of ransom malwares will continue to grow
• Targeted Ransomware campaigns
• Increased sophistication
• ICS – Industrial Control Systems
• According to IBM: “Attacks targeting Industrial
Control Systems increased over 110% in 2016”
• Outdated protocols, lack of security awareness
What is next? More ICS attacks
What is next? IOT Malware on rise
• IOT – Internet Of Things
• 6.4 billion connected things at 2017
Forecasting over 20 billion IoT devices by 2020
• IOT botnets - number of devices that can enslave
Glossary• Threat - A potential for violation of security.
• Vulnerability - A flaw that allows someone to operate a computer
system with authorization levels in excess of that which the system
owner specifically granted.
• Exploit - a piece of software, a chunk of data, or a sequence of
commands that takes advantage of a bug, glitch or vulnerability
• APT - is a set of stealthy and continuous computer
hacking processes, often orchestrated by human(s) targeting a
specific entity. APT usually targets organizations and or nations for
business or political motives.
• Malware - Malicious software that compromises computers or networks with the intention of disrupting their intended functions or operations. Examples of malware include trojans, worms, viruses, backdoors, etc.
• 0-day attack/exploit - A cyberattack that uses previously unknown coding
(malware, etc.) or exploits a previously unknown security vulnerability.
• Botnet - A network of computers that have been penetrated, compromised, and programmed to operate on the commands of an unauthorized remote user, usually without the knowledge of their owners or operators.
• Data breach - The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
Glossary
top related