This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
"The wonderful thing about the Internet is that you're connected to everyone else. The terrible thing about the Internet is that you're connected to everyone else."Vint Cerf (Vice President and Chief Internet Evangelist Google)
4 Footer Goes Here4
Risks are Real & More Visible
Sophisticated worm attacks Iran’s Siemen’s SCADA & MS Windows industry control systems
Stuxnet Worm
The website of U.S Postal Service serving up malware
Blackhole Exploit Injected into USPS Website
77 million accounts
at risk of data theft
Sony PlayStation
Network Down
Applications and information are the business
The servers of RSA have
been breached and
sensitive information
from more than 40
million employees may
have been compromised.
RSA Hit By
Advanced
Persistent Threat
Confirmed that its
computer network
had been broken into
NASDAQ Stock
Market
5 Footer Goes Here5
If it Isn’t Secure, it is for Sale
6 Footer Goes Here6
If it Isn’t Secure, it is for Sale
7 Footer Goes Here7
Understanding data breaches
• Significant spike in 2011 for the number of data breaches
• Breaches are evolving from stolen laptops to more sophisticated techniques
– People• Underestimate threat introduce risk• Lack InfoSec knowledge and experience • Often not empowered by stake holders due
to lack of alignment with business
– Process • What Gets Measured Is Supposed
To Get Results
− Horrible IT metrics at best• Focus on compliance vs. security
– Technology • Deep holes in network visibility that must be addressed
Threats Have Advanced
19 Footer Goes Here19
Focus on Compliance Versus Security
Compliance Security
20 Footer Goes Here20
Network Visibility and Situational Awareness (Gaps Are Critical)
• Firewalls
• Intrusion Detection/Prevention
• Content Monitoring
• Anomaly Detection
• End-Point Protection
• SIEM
Defense in Depth
Expecting different results using the same technology
Massive Gaps
Without insight/visibility…what you don’t know will
hurt you.
21 Footer Goes Here
Advanced Persistent Threat’s
22 Footer Goes Here22
– Slow, silent and deadly
– What’s in not having a name: Encryption, Beacon’s, Custom, Blended…
– Recent Examples
Advanced Persistent Threat(Selective, Sophisticated and Silent)
23 Footer Goes Here23
Historic Overview:
Solar Sunrise
Eligible Receiver
MoonlightMaze
Titan Rain
Byzantine Foothold
US PowerGrid
OperationShockwave
The Classics The Subversives
Aurora
Exxon
The Subversives
1997 1998 1999 2004 2007 2009 2010
Ghostnet
Stuxnet
2011
“The cyber criminal sector in particular has displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders. Criminals are developing new, difficult-to-counter tools.“
"Criminals are collaborating globally and exchanging tools and expertise to circumvent defensive efforts, which makes it increasingly difficult for network defenders and law enforcement to detect and disrupt malicious activities."
Repeat Lateral movement, data extrusion, persistence
Zombie used to send more spam or drive by web application attacks
26 Footer Goes Here26
– What Happened• Verified in 103 countries
▫ Over 1,295 infected hosts identified▫ Impacts + / - a dozen computers on a weekly basis
• Commonly Used Tools (Not Too Sophisticated):▫ Remote access tool called gh0st RAT (Remote Access Tool)▫ Data harvest▫ Email siphoning▫ Listening / Recording of Conversations via microphone and / or webcams
Public APT Activity(Ghost Net) aka Byzantine Foothold