Microsoft MVP (Enterprise Security) Founder: Cybercrime Security Forum! Microsoft International Event Speaker MCT (18 Years) Winner: Microsoft Speaker.
Post on 29-Mar-2015
213 Views
Preview:
Transcript
The Inside Man:Surviving the Ultimate Cyber Threat!Andy Malone MVP, MCTQuality Training (UK) Senior Instructor / ConsultantAndrew.malone@quality-training.co.ukwww.divedeeperevents.com
ATC-B314
Microsoft MVP (Enterprise Security)Founder: Cybercrime Security Forum!Microsoft International Event SpeakerMCT (18 Years)Winner: Microsoft Speaker Idol 2006
Andy Malone
Follow me on Twitter @AndyMalone
The Inside Man Threat? Understanding the
Psychological & Sociological impact of Espionage
Understanding Espionage Tactics, Threats & Techniques
Counter Espionage Techniques & Technologies
The Art of Social Engineering & Corporate Deception
Q&A Session Review
Agenda
“Economic Espionage, Losses to the American Economy now Total more that $13 Billion Per Year…”
Assistant DirectorCounter Intelligence, FBI
It could be Worse than you Think!
Malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.
Firstly, What exactly is the Threat?
Common Espionage / Computer Crimes include.!
• Intellectual Property Theft• Damage of Company Computer
Network• Embezzlement• Copyright Piracy• Planting of Viruses, Worms on
Company Computers• Use of Stealth Listening Devices
/ Recording Equipment• Information Trafficking• Illegal Email Information Theft
• All Employees are Trustworthy right?
• Often difficult to Identify Specific Employee
• Actions are Unpredictable…
• Difficult to Trace / Track• By the time discovery is
made the damage has already been done!
• Plausible Deniability• Poor security measures,
procedures & policies
The Inside Man: The Invisible Threat!
Understanding the Psychological & Sociological impact of Espionage
Why do they do it?• Evidence shows that principle
espionage threats do not come from clever and devious foreigners. It comes from "insiders“
• Of the 98 US Citizens arrested for espionage over the past 20 years, most were trustworthy and loyal at the time they were investigated and first approved for clearance
• Most surprising is that a majority of those who became spies volunteered their services to a foreign government
• They were not enticed, persuaded, manipulated, or coerced into betraying their Source: United States Central Intelligence Agency
Psychological & Sociological impact • Selling secrets is seldom a
sudden, uncontrolled impulse • It is usually the last act of a
long-simmering emotional crisis
• Treatable before the damage was done
• Spies are not "crazy," but they usually are emotionally disturbed or suffer from one or more personality disorders
• Of the personality disorders found in spies, the two most common are antisocial personality disorder and narcissism
Types of Malicious Incidents• "IT sabotage” Typically committed
by system administrators, programmers, technically sophisticated users, privileged users who become very disgruntled
• “Theft of intellectual property” or industrial espionage involving trade secrets like scientific information and source code is typically committed by scientists, engineers and programmers
• When insiders steal intellectual property, they usually act within a 30-day window, because of audit processes.
“And to think I Trusted You!”
I’ve Had Enough…
I Have Dark Thoughts…
I Want More Money…
I Want to Believe…
I Just Can’t Say No…
I do it for the Excitement Factor…
I’m So Gullible…
I’m So Unbelievable…
Information Gathering!
Demo
How they do it?
How do they do it?• Use stealth recording
devices (Audio, video, software based bugs to record private conversations, meetings
• Plant Keyloggers, malicious Software onto company computers
• Illicitly obtain private files / information with intention to illegally share / sell.
Amazing Spy Gear!Buy Yours Today
• The UZI Tactical Defender Pen
• Allows users to break glass
• Can obtain DNA samples from attackers
• Get out of handcuffs ...
• And of course to write
• Only $24.99
Amazing Spy Gear!Buy Yours Today
• 1080p HD infrared spy camera fits your keychain • Rechargeable battery• USB interface for
transferring videos and battery recharging
• Takes regular and IR videos and pictures, as desired
• Motion-detecting record activation
• video recorded as AVI• Records audio
Why? The Threat Landscape has Changed!
Getting the Tools!
Demo
Spot the Warning Signs
Spot the Warning Signs!• Takes unauthorised material home via
documents, thumb drives, computer disks, or e-mail
• Obtains proprietary or classified information on subjects not related to their work duties
• Interest in matters outside scope of duties, particularly those of interest to foreign entities or business competitors
• Unnecessarily copies material, especially if it is proprietary or classified
• Remotely accesses the computer network while on vacation, sick leave, or at other odd times
Spot the Warning Signs!• Disregards company policies
on installing personal software • Access restricted websites• Conduct unauthorized
searches, or downloads confidential information
• Works odd hours without authorization; weekend work
• Has unreported foreign contacts
• Unexplained affluence; buys things that they cannot afford on their household income.
Spot the Warning Signs!• Engages in suspicious
contacts• Shows unusual interest in the
personal lives of co-workers• Concern that they are being
investigated, searches for listening devices or cameras.
• Many people experience or exhibit some or all of the above to varying degrees
Results of a Breach!• Company Defamation• Damaged Reputation• Loss of Customer
Confidence• Potential Financial Losses• Legal Liabilities• Loss of Assets• Breach of Trust• Potential Closure of
Business!
Selling your Secrets!
Demo
Discovery & Recovery
Mitigate the Risk
• Must Place Trust Aside!
• Always Monitor Employee Actions
• Implement a Rigorous Termination Process
• Maintain Backup and Recovery
• Invest in Forensic Procedures
Mitigation: Managing Risk!• Deliver a Pro Active Security
Policy by Management• Communicate Insider Threats
Through Security Awareness Programs
• Conduct Pre-Employment Screening (Facebook, Linked in, Twitter etc)
• Pay Attention to Performance Issue Handling
• Enforce Separation of Duties and Need-to-Know Access
• Monitoring of Insider Email• Monitoring of Insider Keystrokes• Examination of Insider
Computer Files• Limit the Use of 3rd Party Apps
ob Phones / Computers• Monitoring Insider Internet
Traffic• Pay Increased Attention to
Privileged Accounts• Implement Strict Password and
Account Policies
Mitigation: Tech Ways to Mitigate the Risk!
Mitigation: Counter Espionage!• Enforce a Safeguarding
proprietary information Programme (SPI)
• Hire an external CIO or information protection consultant
• Initiate Internal & External compliance auditing
• cover conference room walls with lead sheets to stop bugging by radio transmitters
• Consider Disabling Camera Phones
Mitigation: Defence Against Social Engineering Attacks!
• Pretexting (The Impersonation Game)
• Phishing Attack (Click me please)• Diversion Theft (Look at that!)• Phone Phishing (Hi I’m Calling
from…)• Baiting (The USB Stick Attack)• Quid pro quo (Bogus Phone Calls)• Tailgating
Mitigation: Use Employee Monitoring
Mitigation: No Camera’s, Phones!
Mitigation: Deploy Crypto Solutions
Mitigation: Implement Network Segmentation
Mitigation: Avoid Future Mistakes…
Mitigation: Deploy CCTV
Defensive Implications• The networks of critical
organizations will need to be run as a military defense at all times.• Constant alertness• Well staffed• Regular defensive drills• Standing arrangements for
reinforcement under attack• Extensive technological fortification• Excellent personnel and information
security
Hygiene
• Patches, AV, external firewalls etc• Failsafe design of critical machinery:• Not just idiot-proof but enemy-proof • All critical, but…• There will still be a way in• There will still be vulnerabilities• Current paradigm will be inadequate
Picking up the Pieces!
• Software damage • Integrity checkers• Backup/rollback systems
• Hardware damage• Supply of spares and spare parts• Distributed appropriately• Military logistics approach
Prevent Further Data Leakage• Foster a security-aware culture
in which protecting data is a normal and natural part of every employee's job
• Provide tools and education that employees need to keep data secure, starting with new-hire training and continuing with verbal updates instead of email that might be ignored or lost.
• Evaluate employee behaviour and the associated risks based on factors such as the locale and the threat landscape
Prevent Further Data Leakage• Continuously analyse the risks
of interaction between users and networks, endpoints, applications, data, and of course, other users, to maintain an awareness of the threat environment.
• Provide clear leadership through executive commitment and visibility, so employees understand that executives are engaged and accountable.
• Proactively set security expectations.
Do you have a leak!
Demo
Conclusions…
What do you think?
Q&A
The Inside Man Threat? Understanding the Psychological
& Sociological impact of Espionage
Understanding Espionage Tactics, Threats & Techniques
The Art of Social Engineering & Corporate Deception
Counter Espionage Techniques & Technologies
Q&A Session Review
Review
Related contentATC-B306 - Cybercrime: The 2013 Ultimate Survival GuideATC-B312 – Security Panel DiscussionATC-B202 – A Journey to the Dark Side of Social Networking!ATC-B314 - The Inside Man: Surviving the Ultimate Cyber Threat ATC-B201 - 1984: 21st Century Security Surveillance vs. the Erosion of Freedom!ATC-B213 - The Cloud: Making the Move to a Hybrid World
Find Me Later At...Trustworthy Computing / Cloud Security Table at the Ask the Experts Session.
Trustworthy Computing ResourcesTrustworthy Computing (TwC) is a long-term, collaborative effort to deliver more secure, private, and reliable computing experiences for everyone. Learn more at:http://microsoft.com/twc
Cloud Security Readiness ToolPass the Hash GuidanceData, Insights and Guidance (Security Intelligence Report, volume 14)
and more…
msdn
Resources for Developers
http://microsoft.com/msdn
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Resources for IT Professionals
http://microsoft.com/technet
Complete an evaluation on CommNet and enter to win!
Evaluate this session
Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
top related