defending against modern cyber adversaries
TRANSCRIPT
![Page 1: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/1.jpg)
Defending Against Modern Cyber AdversariesRajitha Udayanga , CISSP | [email protected]
![Page 2: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/2.jpg)
1 Billion US $
![Page 3: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/3.jpg)
8.62 X Defense Budget of FIJIEquivalent to FIJI VAT collection for 2014
![Page 4: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/4.jpg)
5000 Ferrari cars
![Page 5: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/5.jpg)
A multi-national gang of cyber-criminals from Russia, Ukraine
and other parts of Europe, has stolen about a billion US dollars (£650 million) from
financial institutions worldwide via cyber-
hacks over the past two years.
http://www.scmagazineuk.com/us-1bn-stolen-from-100-finance-cos-in-global-cyber-heist/article/398310/
![Page 6: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/6.jpg)
Direct and Indirect Revenue Loss
![Page 7: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/7.jpg)
![Page 8: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/8.jpg)
The Flow……
• Introductions
• Cyber attacks and their consequences
• Adversary capabilities
• Types of attacks / pathways
• Cyber security myths
• Steps for implementing an effective cyber security program
• Cyber security controls Resilience in the face of a cyber attack
![Page 9: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/9.jpg)
Who is the bad guy and where is he ???
Person who hate for western
Person who has some disorder
Person who want to show their colors
Living in Russian federation
BUT
It has changed
![Page 10: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/10.jpg)
Then who ????
• “Insiders” (yes..yes.. Your employees.....)
• Evolving technologies and organizational policies
• Negligence
• Industrial competitors
• Organized crime
• Extremists / Terrorists
• Nation states
Source : http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf
![Page 11: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/11.jpg)
Insiders
• Dissatisfied employees
• Former employees
• Current or prospective employees
• Contractors / outsourced employees
• Support service employees
• Unintentional action / negligence
• Insecure coding / software development
• Design / implementation errors
![Page 12: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/12.jpg)
![Page 13: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/13.jpg)
59% says privilege users are the cause for insider threats
62% says Insider Threats become major problem
Less than 50% organizations considered insider threats
62% says it is difficult to detect
38% says , remediation cost will be US $ 500,000 per incident
![Page 14: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/14.jpg)
![Page 15: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/15.jpg)
Evolving technologies and organizational policies
“Where does our critical data reside?” and “How can we create a secure environment to protect that data, especially when new business models like cloud computing and mobility leave us with little control over it?”
- cisco security expert
• BYOD (Now it’s BYOT)- Bring your own device / thing
• IOT - Internet of things
• Big data
• Cloud services
Source : http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf
![Page 16: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/16.jpg)
Organized crimes
• Threat: Organized crime is using cyber attacks to make billions of dollars per year through:
• Theft
• Extortion
• Commodity market manipulation
• Selling exploits to others
• Real World Example: In 2008, cyber attacks
• disrupted electrical power in South America.
• Impact: Disrupted power in multiple cities.
• Cause: European organized crime syndicate
• (see http://news.cnet.com/CIA-Cyberattack-caused-multiple-city-blackout/2100-7349_3-6227090.htmll
![Page 17: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/17.jpg)
Extremist/Terrorist Threat
• Threat: Disruption or destruction of critical infrastructure, (including emergency response services), denial of service of attacks, theft of information, etc.
• Real World Examples:
• Well known group of extremer called for "cyber war”
• “They will enter the cyber world because it‘s comparatively remote, comparatively safer than strapping on a bomb” said Cofer Black, former head of the CIA Counter Terrorism Center
• In 2011, Anonymous conducted denial of service attacks and broke into “secure” computer systems
• operated by governments and private industry.
![Page 18: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/18.jpg)
National State Threats
• Threat: Over 100 countries are actively involved in acquiring cyber warfare capabilities.
• Low cost / high impact
• Real-World Example: Stuxnet
• Stuxnet worm targets nuclear industry software and equipment in Iran. Stuxnet impacts only clandestinely obtained Siemens control systems.
• Damages plant infrastructure causing extended shutdowns at Iranian nuclear facilities.
• Speculation is that a worm of such complexity could only be developed by a nation-state.
![Page 19: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/19.jpg)
![Page 20: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/20.jpg)
How it comes in to my office?
• Malware coming from the internet
• Malware coming from a trusted source
• Wireless break-ins
• Social engineering
• “Inappropriate” connections
• Compromise data storage
![Page 21: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/21.jpg)
Myth | “We have security by obscurity”
• “My systems are too old and obscure to be interest to attackers.”
• “No one can understand what my system is doing – they can break in but they could not figure out how to abuse the system”
• System, language, and control information is readily available on the Internet.
• Exercises have shown that given enough time and interest, a hacker can crack and take over most systems.
![Page 22: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/22.jpg)
Myth| “We have firewall and anti virus guard. So we are protected”
• Provide protection from what?
• Known viruses/worms
• Some attack pathways
• A firewall is only as good as its configuration
• Purpose: Deter, delay, detect, & deny
• Are firewall logs being monitored to detect an ongoing attack?
• Anti-virus tools only protect you from known viruses. Zero-day viruses cannot be stopped.
• There may be multiple pathways around (or through) firewalls and anti-virus products.
![Page 23: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/23.jpg)
![Page 24: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/24.jpg)
Myth | “We have no insider threat!”
• Even the most secure organizations cannot discount the threat posed by insiders (current or former staff members)
• Co-workers tend to protect colleagues
• Managers tend to protect their team members. “Michel is having a tough time right now, but they will pull through this.”
• It is psychologically easier to mount a cyber attack than a physical attack.
• Non-malicious activities or the failure to follow security policies can turn out to be the insider threat that poses the greatest risk.
![Page 25: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/25.jpg)
To be secure….
• Examine organization- or corporate-wide cyber security practices
• Identify important computer/digital assets
• Conduct table top reviews
• Conduct walk-through inspections and validation testing
• Assess potential threats, attack vectors, and vulnerabilities
• Determine the consequences of compromise
• Perform simple risk assessments
• Evaluate “new” security controls and make risk based decisions on security enhancements
• Maintain an ongoing cyber security program
![Page 26: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/26.jpg)
Top four mitigating steps
1. Rigorously conduct system patching
• Do not let known vulnerabilities persist for extend periods of time
2. Restrict administrative privileges
• Accounts with these privileges are prime targets for attackers
• Limit and tightly control accounts with these privileges
3. Perform and enforce application white listing
• Only allows authorized applications to run
4. Implement defence in depth
• Do not rely on one single technology or defensive measure; have multiple security controls in case one approach fails.
![Page 27: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/27.jpg)
![Page 28: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/28.jpg)
I’m Not using Internet or No SMART Phone
![Page 29: Defending Against Modern Cyber Adversaries](https://reader031.vdocuments.site/reader031/viewer/2022011722/587373b51a28ab3c1a8b5dab/html5/thumbnails/29.jpg)