u s embassy event - today’s cyber threats
DESCRIPTION
Presented on 3 Nov. 2010TRANSCRIPT
CHAIYAKORN APIWATHANOKULCISSP, IRCA:ISMS, SANS GCFA
Chief Security OfficerPTT ICT Solutions Company Limited
Stay Ahead of Cyber Threats
Committee Member of Thailand Information Security Association
Speaker Profile
Cyber Defense Initiative Confere
nce 20102
Current Cyber Threats
Cyber Threats Summary
Threat Convergence
▪ Digital world and physical world is now homogeneous
▪ CCTV, Door Access Control, ID Badge, HVAC, Medical Devices and other Automation System
Threat Summary of 2010
2011 Outlook
Economic condition continue to fluctuate More people is out of job Criminal has more incentive Budget is tighten Technology makes things faster, smaller, better,
cheaper and more available to those who never ever had accessibility before.
Technology is easier to user but much more sophisticated behind like an iceberg
New technology allows newer and innovative threats
Individual
- Privacy
- Life
- Bank acc.
Enterprise
- Business espionage
- Sabotage
- Fraud
- Financial loss
- Reputation
Industry
- Specific industry sector damage i.e. telecom, healthcare, energy, financial
Country
- Cyber Warfare
- Sabotage
- Criminal
- Terrorism
- National symbol
Global- Criminal
- Terrorism
Stolen Credit cards
Botnets
Exploits
Spam
Phishing &Identity Theft
Scam Websites Compromised E-Merchants
Credit Card Fraud
Hacked Databases
Identities
UndergroundCurrency
Credit Cards
The threat is out there and more and more innocence users are getting on-board
More bandwidth (3G/4G)
More smarter devices
More users/subscribers
More innocence targets
More accessibility
More application (good & bad)
Criminal utilizes leading-edge technology/methodology, while many people still: Using password as “password” or “12345”
Password length not less than 8, fine, then “12345678”
Have to mix alphabet with number, ok, “password123”
Leave their WiFi router/AP no password
Leave their ADSL router configuration as default
Simple trick still work well
Win a Lotto
Celebs’ clip
Free ticket
Fake Antivirus
Malicious link
Bit.ly
Our_picture.zip
(National) Cybersecurity Day Security awareness medias and contents in
local language (National) Cybersecurity Awareness Program
Keep the bad guy out (from outside)
What if the bad guy is inside?
Strong external security perimeterbut weak internal control
From the response of over 10,000 executives around the globe
Organizations have more visibility on their environment as the number of “Don’t know” decreases
The attacks aim more on the data Network and system exploitations seem steady
From the response of over 10,000 executives around the globe
CEO’s or CFO’s may consider allocating budget not only for maintaining current security level but to advance security capability of the whole organization
From the response of over 10,000 executives around the globe
Board of directors need to hear from CISO CISO and CIO has some contradict aspect of function (check and balance)
From the response of over 10,000 executives around the globe
Use custom software to infiltrate computers
Steal information Steal credential Steal intellectual property
Key logger BotNet Virus/worm Rootkit
DEVICES
Network Computer Mobile phone Home automation IP camera Access door Building Automation System
(BAS) Medical device Implantable device Power grid, power substation SCADA/DCS/Industrial
Automation Super car (Porsche 911) Many many others
COMMON ATTACK SURFACE
Network (protocol) Operating system Application Implementation
19
Cyber Defense Initiative Confere
nce 201020
21
22
1. Attack to unpatched/outdated OS/service/software/application
2. Operator screen taken over3. Attack to database or file server4. Password brute force5. Malware propagation6. Eavesdrop (sniff) information from the network7. Incomplete implementation of TCP/IP8. Denial of Service (DOS)9. Embedded web interface in the device10. Default authentication password or no password at all
23
1) More focus on Data Correlation2) Threat intelligence analysis will become more important3) Endpoint security becomes more important4) Focusing in on proactive forensics instead of being reactive5) Moving beyond signature detection6) Users will continue to be the target of attack7) Shifting from focusing on data encryption to key
management8) Cloud computing will continue regardless of the security
concerns9) New Internet protocols with increase exposure10) Integrated/embedded security devices
M&A in IT Security Industry More targeted custom malware attacks More on the “white-list” approach rather than “black-
list” More on hardware (design) security Memory (RAM) attack (decrypted data, password, pin
and etc.) As a result from PCI, HIPAA, GLBA that asked for
encrypting sensitive data at rest and in transit Monitoring and Analysis Capability will increase Wireless in more other purposes More Cloud Computing Issues Digital investigator job will be highly demanded
Emerging of legislation compliance requirement Royal Decree (ETA.C25) (announced in Sep. 2010 and will be enforced after 180 days)
ISO27001 Critical Infrastructure Sectors
Business Continuity BS 25999
Increase of infosec workforce in government, public sector and private sector
Raise awareness and inspiration in infosec career in academic institutes
Increase user awareness of Thailand citizen
