cyber risks in the satellite industry · to resume takeaways ... farid nakhli created date:...

35
0x70 Eric Bärenzung Cyber risks in the satellite industry

Upload: others

Post on 22-May-2020

2 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Cyber risks in the satellite industry

Page 2: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Page 3: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

A critical infrastructurefor many sectors

Page 4: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

A 36’000 km high overview

Partners / Suppliers / Customers

SatelliteOperator Ground

station

Page 5: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Main threats

Page 6: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Fraudulent usage

Page 7: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Pay TV and Satellite Key Sharing

PayTVOperator Legal

SubscriberSubscriberusing illegaladditional rights

IllegalSubscriber

Page 8: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Signal jamming

Page 9: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Signal jamming

https://www.ebu.ch/contents/news/2012/10/ebu-deplores-middle-east-satelli.html

Page 10: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

In a ideal Operations mode

Page 11: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Baikonour, we have a problem

Taking controlof the satellite

Page 12: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

To resumeProtecting and monitoring signal integrity is key!

Page 13: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Then, as for any company…

Partners / Suppliers / Customers

Phishing

Malware

BYODBring Your Own Device

DDoSDistributed Denial

Of Services

Ransomware

Page 14: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

… but with special interests

Partners / Suppliers / Customers

Espionageincluding

• Office reconnaissance• IP mapping

• Social Engineering• Etc.

APT(Advanced Persitent Threat)

Page 15: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Why hacking?Only few of the potential reasons

Page 16: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Just for fun?!Sean Caffrey

UK citizen – 25 years old

• Ranks, usernames and email addresses of more than 800 users

• 30’000 satellite phoneshttp://www.nationalcrimeagency.gov.uk/news/1111-hacker-stole-satellite-data-from-us-department-of-defense

Page 17: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Or « dreaming » to be a spy.

http://www.thedailybeast.com/wannabe-russian-spy-sentenced-to-five-years-in-prison

More info on:https://www.justice.gov/opa/pr/defense-contractor-employee-arrested-selling-satellite-secrets-undercover-agent-posing

49 years old

Information sold for 3’500 USD

US engineer enamored with spy dramas gets 5 years for trying to sell secrets to Foreign secret service agent

Page 18: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Command and Control

Page 19: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

The standard way

�Find a way to install a malware/ransomware

C&C� Activate and control the malware

Hacker

You

ISPInternet Service

Provider

Page 20: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

« Easy » to stop

C&C� Ask ISP to take down

Domain / server

ISPInternet Service

Provider

(But you will have to do many times)

Page 21: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Talking about Wannacry

Source: https://www.bluecatnetworks.com/blog/2017/05/17/dns-helped-stop-wannacry-ransomware-attack/More info on https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

Marcus Hutchins

Source: http://www.telegraph.co.uk/technology/2017/08/03/fbi-arrests-wannacry-hero-marcus-hutchins-las-vegas-reports/ Kronos

Page 22: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Using satellite transmission

C&C

Internet

�The infected system calls « decoy » satellite subscribers

� Port / Service unknownÞ Invalid requestÞ Call droped

� C&C pretends to be« decoy » userÞ Call accepted

?

� Call broadcastedby the satellite

?

� C&C anwers to the attackedsystem acting as itwas the « decoy » user

� Malware sends back to C&C the hacked data

Source: https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/

Page 23: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Cybersecurity:A business opportunity

Page 24: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Satellite industry startingto offer cyber security services

http://www.maritime-executive.com/article/inmarsat-unveils-cybersecurity-service

Page 25: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

The future?

• Quantum computing• a « hack-proof » communication system

Source: http://thehackernews.com/2017/08/quantum-satellite-data.html

Page 26: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

For Critical Infrastructure

Framework

https://www.nist.gov

Page 27: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

NIST Cybersecurity Framework

Identify Protect Detect Respond Recover

Access Control

Awareness & Training

Data Security

Info Protection Processes and

Procedures

Maintenance

Protective Technology

Asset Management

Business Environment

Governance

Risk Assesment

Risk ManagementStrategy

Anomalies & Events

Security ContinuousMonitoring

Detection Processes

Respond Planning

Communications

Analysis

Mitigation

Improvements

Recovery Planning

Improvements

Communication

Page 28: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

NIST Cybersecurity Framework

Identify Protect Detect Respond Recover

HIGHLOW

HIGH

PRO

BA

BIL

ITY

BUSINESS IMPACT

Risk Assesment

Defineyour

priorities

Think onCyber Insurance

Page 29: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

NIST Cybersecurity Framework

Identify Protect Detect Respond Recover

Awareness & Training

https://securityintelligence.com/news/insider-threats-account-for-nearly-75-percent-of-security-breach-incidents/(**) http://www.computerweekly.com/news/450425184/Security-professionals-name-top-causes-of-breaches

84%

cyberattacks reported been due, at least in part,

to human error (**)

TheX-Factor

Page 30: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

NIST Cybersecurity Framework

Identify Protect Detect Respond Recover

Anomalies & Events

Acquisition

AnalyzeActionACTION

ACTION

The rise ofMachine Learning &Artificial Intelligence

Page 31: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

NIST Cybersecurity Framework

Identify Protect Detect Respond Recover

Mitigation

Recovery Planning

Crisis Managementrequires

PREPARATION

üWho?üWhat?üHow?üWhen?

þþ¨

and TRAINING

üRegional Cyber Drill

Page 32: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

NIST Cybersecurity Framework

Identify Protect Detect Respond Recover

Recovery Planning

Develop

TestImprove

Last backup

IncidentSe

rvic

e le

vel

Time

DegradedService

Back to standard operations

RecoveryPoint Objective

RPOReturn Time on Objective

RTO

DownTime

Page 33: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

To resumeTake aways

Page 34: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

3 take aways

• Satellite industry is a sensitive target for hackers• Start, if not done already, to

• Evaluate your risks• Develop your strategy to protect your organization from

cyber threats• Cybersecurity is a business opportunity

• To differentiate from your competitors• And also to bring you additional revenues opportunities €€€

Page 35: Cyber risks in the satellite industry · To resume Takeaways ... Farid Nakhli Created Date: 10/6/2017 12:18:42 PM

0x70 Eric Bärenzung

Thanks for your attentionEric Bä[email protected]