u s embassy event - today’s cyber threats

CHAIYAKORN APIWATHANOKULCISSP, IRCA:ISMS, SANS GCFA

Chief Security OfficerPTT ICT Solutions Company Limited

Stay Ahead of Cyber Threats

Committee Member of Thailand Information Security Association

Speaker Profile

Cyber Defense Initiative Confere

nce 20102

Current Cyber Threats

Cyber Threats Summary

Threat Convergence

▪ Digital world and physical world is now homogeneous

▪ CCTV, Door Access Control, ID Badge, HVAC, Medical Devices and other Automation System

Threat Summary of 2010

2011 Outlook

Economic condition continue to fluctuate More people is out of job Criminal has more incentive Budget is tighten Technology makes things faster, smaller, better,

cheaper and more available to those who never ever had accessibility before.

Technology is easier to user but much more sophisticated behind like an iceberg

New technology allows newer and innovative threats

Individual

- Privacy

- Life

- Bank acc.

Enterprise

- Business espionage

- Sabotage

- Fraud

- Financial loss

- Reputation

Industry

- Specific industry sector damage i.e. telecom, healthcare, energy, financial

Country

- Cyber Warfare

- Sabotage

- Criminal

- Terrorism

- National symbol

Global- Criminal

- Terrorism

Stolen Credit cards

Botnets

Exploits

Spam

Phishing &Identity Theft

Scam Websites Compromised E-Merchants

Credit Card Fraud

Hacked Databases

Identities

UndergroundCurrency

Credit Cards

The threat is out there and more and more innocence users are getting on-board

More bandwidth (3G/4G)

More smarter devices

More users/subscribers

More innocence targets

More accessibility

More application (good & bad)

Criminal utilizes leading-edge technology/methodology, while many people still: Using password as “password” or “12345”

Password length not less than 8, fine, then “12345678”

Have to mix alphabet with number, ok, “password123”

Leave their WiFi router/AP no password

Leave their ADSL router configuration as default

Simple trick still work well

Win a Lotto

Celebs’ clip

Free ticket

Fake Antivirus

Malicious link

Bit.ly

Our_picture.zip

(National) Cybersecurity Day Security awareness medias and contents in

local language (National) Cybersecurity Awareness Program

Keep the bad guy out (from outside)

What if the bad guy is inside?

Strong external security perimeterbut weak internal control

From the response of over 10,000 executives around the globe

Organizations have more visibility on their environment as the number of “Don’t know” decreases

The attacks aim more on the data Network and system exploitations seem steady

From the response of over 10,000 executives around the globe

CEO’s or CFO’s may consider allocating budget not only for maintaining current security level but to advance security capability of the whole organization

From the response of over 10,000 executives around the globe

Board of directors need to hear from CISO CISO and CIO has some contradict aspect of function (check and balance)

From the response of over 10,000 executives around the globe

Use custom software to infiltrate computers

Steal information Steal credential Steal intellectual property

Key logger BotNet Virus/worm Rootkit

DEVICES

Network Computer Mobile phone Home automation IP camera Access door Building Automation System

(BAS) Medical device Implantable device Power grid, power substation SCADA/DCS/Industrial

Automation Super car (Porsche 911) Many many others

COMMON ATTACK SURFACE

Network (protocol) Operating system Application Implementation

19

Cyber Defense Initiative Confere

nce 201020

21

22

1. Attack to unpatched/outdated OS/service/software/application

2. Operator screen taken over3. Attack to database or file server4. Password brute force5. Malware propagation6. Eavesdrop (sniff) information from the network7. Incomplete implementation of TCP/IP8. Denial of Service (DOS)9. Embedded web interface in the device10. Default authentication password or no password at all

23

1) More focus on Data Correlation2) Threat intelligence analysis will become more important3) Endpoint security becomes more important4) Focusing in on proactive forensics instead of being reactive5) Moving beyond signature detection6) Users will continue to be the target of attack7) Shifting from focusing on data encryption to key

management8) Cloud computing will continue regardless of the security

concerns9) New Internet protocols with increase exposure10) Integrated/embedded security devices

M&A in IT Security Industry More targeted custom malware attacks More on the “white-list” approach rather than “black-

list” More on hardware (design) security Memory (RAM) attack (decrypted data, password, pin

and etc.) As a result from PCI, HIPAA, GLBA that asked for

encrypting sensitive data at rest and in transit Monitoring and Analysis Capability will increase Wireless in more other purposes More Cloud Computing Issues Digital investigator job will be highly demanded

Emerging of legislation compliance requirement Royal Decree (ETA.C25) (announced in Sep. 2010 and will be enforced after 180 days)

ISO27001 Critical Infrastructure Sectors

Business Continuity BS 25999

Increase of infosec workforce in government, public sector and private sector

Raise awareness and inspiration in infosec career in academic institutes

Increase user awareness of Thailand citizen