Copyright Responsible Cyber I Reproduction Not Allowed B ATTLING C YBER C RIMES ADVISORY,TRAINING AND STAFFING B Y M AGDA C HELLY , M ANAGING D IRECTOR / A CTING CISO R ESPONSIBLE C Y BER P TE . L TD . 1
Copyright Responsible Cyber I Reproduction Not Allowed
BATTLING CYBER CRIMES
ADVISORY, TRAINING AND STAFFING
BY MAGDA CHELLY, MANAGING DIRECTOR / ACTING CISO
RESPONSIBLE CYBER PTE. LTD.
1
Copyright Responsible Cyber I Reproduction Not Allowed
ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND
AMBASSADOR | WOMAN IN CYBER | CISSP CERTIFIED
DOCTOR IN TELECOMMUNICATION ENGINEERING
NOMINATED GLOBAL LEADER, WOMAN IN IT 2017, LONDON, UK
STEVIE AWARDS IN TOKYO JAPAN, 2017 – COMPUTER INNOVATION2
Copyright Responsible Cyber I Reproduction Not Allowed
INTRODUCTION
Steve Jobs (1997)
It's faster in every case to talk to the server than it is
my local hard disk... Carrying around these non-
connected computers -- with tons of data and state in
them -- is byzantine by comparison.
https://www.theguardian.com/technology/2009/jun/04/bruce-schneier-cloud-computing 3
Copyright Responsible Cyber I Reproduction Not Allowed
INTRODUCTION
MORE ATTACK OPPORTUNITIES
Source: https://www.slideshare.net/jbloomberg1/the-cyber-house-of-horrors-securing-the-expanding-attack-surface4
Copyright Responsible Cyber I Reproduction Not Allowed
INTRODUCTION
President Barack Obama (May 29, 2009)
America's economic prosperity in the 21st century
will depend on cyber security…
https://www.theguardian.com/technology/2009/jun/04/bruce-schneier-cloud-computing 5
Copyright Responsible Cyber I Reproduction Not Allowed
AGENDA
WHAT IS CYBERCRIME
CYBERCRIME
PREVENTION
CYBERCRIME FUTURE
CYBERCRIME TYPES
6
Copyright Responsible Cyber I Reproduction Not Allowed
INTRODUCTION
A cybercrime is an abuse or misuse where a computer or
device containing a computer is the object, subject, tool, or
symbol, and the perpetrator intentionally made or could have
made gain.
7
Copyright Responsible Cyber I Reproduction Not Allowed
INTRODUCTION
8
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIMINALS
▪ People violate trust
▪ People commit crimes
▪ Cybercriminals deceive
▪ Cybercriminals think they are too smart to be caught
▪ Security professionals can be potentially dangerous
▪ Cybercriminals copy other cybercriminals
▪ Cybercriminals find computers are attractive targets; it’s from behind a screen
9
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIMINALS
Source: https://www.numbeo.com
Singapore Crime Index 16.58
▪ Fraud
▪ Robbery
▪ Theft.
10
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
▪ Hacktivism
▪ Cyber Crime
▪ Cyber Espionage
▪ Cyberterrorism
▪ Cyber Warfare
11
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
In Internet activism, hacktivism or hactivism is the subversive use of computers
and computer networks to promote a political agenda or a social change. With
roots in hacker culture and hacker ethics, its ends are often related to the free
speech, human rights, or freedom of information movements.
-Wikipedia
▪ Hacktivism
12
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
Cyber Crime is an unlawful act
wherein the computer is either
a tool or a target or both.
▪ Cyber Crime
13
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
▪ Cyber Crime
14
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
We are in the golden age of
cybercrime between disaster
and destruction.
▪ Cyber Crime
15
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
Employee
Network
Social Engineer / Hacker
Internet
Firewall
Social Engineering
Traditional Hacking
▪ Cyber Crime
16
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
The term "white hat" in Internet slang refers to an
ethical computer hacker, or a computer security
expert, to ensure the security of an organization's
information systems.
A black-hat hacker is a hacker who "violates
computer security for little reason beyond
maliciousness or for personal gain".
▪ Cyber Crime
17
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
Script Kiddie – Script Kiddies normally don’t care
about hacking. They copy code and use it for a virus.
18
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
19
Copyright Responsible Cyber I Reproduction Not Allowed
Cyber espionage is the act or practice of obtaining secrets without the permission
of the holder of the information (personal, sensitive, proprietary, or of classified
nature), from individuals, competitors, rivals, groups, governments and enemies for
personal, economic, political or military advantage using methods on the Internet,
networks, or individual computers through the use of cracking techniques and
malicious software including Trojan horses and spyware.
-Wikipedia
CYBERCRIME TYPES
20
▪ Cyber Espionage
Copyright Responsible Cyber I Reproduction Not Allowed
HOW DO THEY DO IT?
▪ E-mails
▪ Trusted web site
▪ Trusted code
▪ Trusted protocols
▪ Trusted internal corporate network
▪ Trusted external client server
CYBERCRIME TYPES
21
Copyright Responsible Cyber I Reproduction Not Allowed
WHY DO THEY DO IT?
▪ Information collection Intelligence
▪ ‘’Knowledge is power’’
– Military
– Economic
– Political
▪ Key individuals
▪ Future opportunities
CYBERCRIME TYPES
22
Copyright Responsible Cyber I Reproduction Not Allowed
Terrorist Use of the Internet vs. Cyberterrorism
CYBERCRIME TYPES
23
▪ Cyberterrorism
Copyright Responsible Cyber I Reproduction Not Allowed
Cyberterrorism is disruptive or destructive acts perpetrated against non-combatant
targets at the direction, on behalf, or in support of a terrorist group or their ideology,
through the use of computer network attack or exploitation. Such intrusions or
attacks are intended to intimidate or coerce a government or population in
furtherance of a social, political, ideological, or religious agenda by causing
disruption, inducing fear, or undermining confidence.
- FBI Definition
CYBERCRIME TYPES
24
Copyright Responsible Cyber I Reproduction Not Allowed
▪ Spear-phishing
▪ Brute Force (Password crackers)
▪ Vulnerability Attacks
▪ Distributed Denial of Service
CYBERCRIME TYPES
25
Copyright Responsible Cyber I Reproduction Not Allowed
▪ Propaganda or terror rise (website defacements)
▪ Fundraising
▪ Facilitation (Research for new soldiers)
▪ Acts to cause harm to life or damage to property
CYBERCRIME TYPES
26
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
27
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
▪ The 06th of January 2015, the CyberCaliphate took over the Twitter
accounts of:
– Albuquerque News Journal (Albuquerque, NM)
– Mountain View Telegraph (Moriarty, NM)
– WBOC News (Baltimore, Maryland).
▪ CyberCaliphate hacked the websites of WBOC TV
28
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
29
▪ 2005: International Convention for the Suppression of Acts of
Nuclear Terrorism
▪ 2010: Protocol Supplementary to the Convention for the
Suppression of Unlawful Seizure of Aircraft
▪ 2010: Convention on the Suppression of Unlawful Acts Relating
to International Civil Aviation
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
▪ Attacks are plentiful and easy
▪ Defences are limited and sometimes costly
▪ Cybercrime happens
▪ Phishing (social engineering) can be easily successful
▪ One mistakes = Jail time
30
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME FUTURE
31
Copyright Responsible Cyber I Reproduction Not Allowed
CYBERCRIME TYPES
Cybercrimes = Formal business ventures
32
▪ Augmented reality and highly personalised content
▪ Physical threats (IoT, Medical devices, etc.)
▪ Virtual property markets
▪ Personal data brokerage
▪ New patterns of employment
https://www.europol.europa.eu/publications-documents/project-2020-scenarios-for-future-of-cybercrime
Copyright Responsible Cyber I Reproduction Not Allowed
PREVENTION
▪ Establish Security Posture…
▪ Monitor and Analyse
▪ Assess Vulnerabilities, Don’t ignore
▪ Spend for Security (may mean $$)
▪ Support Training
33
Copyright Responsible Cyber I Reproduction Not Allowed
PREVENTION
Singapore Landscape for
cyber crime:
▪ Love scam on the rise
▪ Ransomware on the rise
34
Copyright Responsible Cyber I Reproduction Not Allowed
PREVENTION
35
Copyright Responsible Cyber I Reproduction Not Allowed
THANK YOU !
QUESTIONS ?
36
Copyright Responsible Cyber I Reproduction Not Allowed
MAGDA LILIA CHELLY
Managing Director | Cyber-Security Evangelist
Doctor in Telecommunication Engineering, CISSP
Responsible Cyber Pte. Ltd. | Co. Reg No: 201616321C
Industry Specific Cyber-Security Advisory, Training, Awareness & Recruitment
25A Smith Street, Singapore 058939 | +65 8822 8219
www.responsible-cyber.com
CONTACT
37