BATTLING YBER RIMES · 2017. 10. 29. · Copyright Responsible Cyber I Reproduction Not Allowed MAGDA LILIA CHELLY Managing Director | Cyber-Security Evangelist Doctor in Telecommunication

Copyright Responsible Cyber I Reproduction Not Allowed

BATTLING CYBER CRIMES

ADVISORY, TRAINING AND STAFFING

BY MAGDA CHELLY, MANAGING DIRECTOR / ACTING CISO

RESPONSIBLE CYBER PTE. LTD.

1


ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND

AMBASSADOR | WOMAN IN CYBER | CISSP CERTIFIED

DOCTOR IN TELECOMMUNICATION ENGINEERING

NOMINATED GLOBAL LEADER, WOMAN IN IT 2017, LONDON, UK

STEVIE AWARDS IN TOKYO JAPAN, 2017 – COMPUTER INNOVATION2


INTRODUCTION

Steve Jobs (1997)

It's faster in every case to talk to the server than it is

my local hard disk... Carrying around these non-

connected computers -- with tons of data and state in

them -- is byzantine by comparison.

https://www.theguardian.com/technology/2009/jun/04/bruce-schneier-cloud-computing 3


INTRODUCTION

MORE ATTACK OPPORTUNITIES

Source: https://www.slideshare.net/jbloomberg1/the-cyber-house-of-horrors-securing-the-expanding-attack-surface4


INTRODUCTION

President Barack Obama (May 29, 2009)

America's economic prosperity in the 21st century

will depend on cyber security…

https://www.theguardian.com/technology/2009/jun/04/bruce-schneier-cloud-computing 5


AGENDA

WHAT IS CYBERCRIME

CYBERCRIME

PREVENTION

CYBERCRIME FUTURE

CYBERCRIME TYPES

6


INTRODUCTION

A cybercrime is an abuse or misuse where a computer or

device containing a computer is the object, subject, tool, or

symbol, and the perpetrator intentionally made or could have

made gain.

7


INTRODUCTION

8


CYBERCRIMINALS

▪ People violate trust

▪ People commit crimes

▪ Cybercriminals deceive

▪ Cybercriminals think they are too smart to be caught

▪ Security professionals can be potentially dangerous

▪ Cybercriminals copy other cybercriminals

▪ Cybercriminals find computers are attractive targets; it’s from behind a screen

9


CYBERCRIMINALS

Source: https://www.numbeo.com

Singapore Crime Index 16.58

▪ Fraud

▪ Robbery

▪ Theft.

10


CYBERCRIME TYPES

▪ Hacktivism

▪ Cyber Crime

▪ Cyber Espionage

▪ Cyberterrorism

▪ Cyber Warfare

11


CYBERCRIME TYPES

In Internet activism, hacktivism or hactivism is the subversive use of computers

and computer networks to promote a political agenda or a social change. With

roots in hacker culture and hacker ethics, its ends are often related to the free

speech, human rights, or freedom of information movements.

-Wikipedia

▪ Hacktivism

12


CYBERCRIME TYPES

Cyber Crime is an unlawful act

wherein the computer is either

a tool or a target or both.

▪ Cyber Crime

13


CYBERCRIME TYPES

▪ Cyber Crime

14


CYBERCRIME TYPES

We are in the golden age of

cybercrime between disaster

and destruction.

▪ Cyber Crime

15


CYBERCRIME TYPES

Employee

Network

Social Engineer / Hacker

Internet

Firewall

Social Engineering

Traditional Hacking

▪ Cyber Crime

16


CYBERCRIME TYPES

The term "white hat" in Internet slang refers to an

ethical computer hacker, or a computer security

expert, to ensure the security of an organization's

information systems.

A black-hat hacker is a hacker who "violates

computer security for little reason beyond

maliciousness or for personal gain".

▪ Cyber Crime

17


CYBERCRIME TYPES

Script Kiddie – Script Kiddies normally don’t care

about hacking. They copy code and use it for a virus.

18


CYBERCRIME TYPES

19


Cyber espionage is the act or practice of obtaining secrets without the permission

of the holder of the information (personal, sensitive, proprietary, or of classified

nature), from individuals, competitors, rivals, groups, governments and enemies for

personal, economic, political or military advantage using methods on the Internet,

networks, or individual computers through the use of cracking techniques and

malicious software including Trojan horses and spyware.

-Wikipedia

CYBERCRIME TYPES

20

▪ Cyber Espionage


HOW DO THEY DO IT?

▪ E-mails

▪ Trusted web site

▪ Trusted code

▪ Trusted protocols

▪ Trusted internal corporate network

▪ Trusted external client server

CYBERCRIME TYPES

21


WHY DO THEY DO IT?

▪ Information collection Intelligence

▪ ‘’Knowledge is power’’

– Military

– Economic

– Political

▪ Key individuals

▪ Future opportunities

CYBERCRIME TYPES

22


Terrorist Use of the Internet vs. Cyberterrorism

CYBERCRIME TYPES

23

▪ Cyberterrorism


Cyberterrorism is disruptive or destructive acts perpetrated against non-combatant

targets at the direction, on behalf, or in support of a terrorist group or their ideology,

through the use of computer network attack or exploitation. Such intrusions or

attacks are intended to intimidate or coerce a government or population in

furtherance of a social, political, ideological, or religious agenda by causing

disruption, inducing fear, or undermining confidence.

- FBI Definition

CYBERCRIME TYPES

24


▪ Spear-phishing

▪ Brute Force (Password crackers)

▪ Vulnerability Attacks

▪ Distributed Denial of Service

CYBERCRIME TYPES

25


▪ Propaganda or terror rise (website defacements)

▪ Fundraising

▪ Facilitation (Research for new soldiers)

▪ Acts to cause harm to life or damage to property

CYBERCRIME TYPES

26


CYBERCRIME TYPES

27


CYBERCRIME TYPES

▪ The 06th of January 2015, the CyberCaliphate took over the Twitter

accounts of:

– Albuquerque News Journal (Albuquerque, NM)

– Mountain View Telegraph (Moriarty, NM)

– WBOC News (Baltimore, Maryland).

▪ CyberCaliphate hacked the websites of WBOC TV

28


CYBERCRIME TYPES

29

▪ 2005: International Convention for the Suppression of Acts of

Nuclear Terrorism

▪ 2010: Protocol Supplementary to the Convention for the

Suppression of Unlawful Seizure of Aircraft

▪ 2010: Convention on the Suppression of Unlawful Acts Relating

to International Civil Aviation


CYBERCRIME TYPES

▪ Attacks are plentiful and easy

▪ Defences are limited and sometimes costly

▪ Cybercrime happens

▪ Phishing (social engineering) can be easily successful

▪ One mistakes = Jail time

30


CYBERCRIME FUTURE

31


CYBERCRIME TYPES

Cybercrimes = Formal business ventures

32

▪ Augmented reality and highly personalised content

▪ Physical threats (IoT, Medical devices, etc.)

▪ Virtual property markets

▪ Personal data brokerage

▪ New patterns of employment

https://www.europol.europa.eu/publications-documents/project-2020-scenarios-for-future-of-cybercrime


PREVENTION

▪ Establish Security Posture…

▪ Monitor and Analyse

▪ Assess Vulnerabilities, Don’t ignore

▪ Spend for Security (may mean $$)

▪ Support Training

33


PREVENTION

Singapore Landscape for

cyber crime:

▪ Love scam on the rise

▪ Ransomware on the rise

34


PREVENTION

35


THANK YOU !

QUESTIONS ?

36


MAGDA LILIA CHELLY

Managing Director | Cyber-Security Evangelist

Doctor in Telecommunication Engineering, CISSP

Responsible Cyber Pte. Ltd. | Co. Reg No: 201616321C

Industry Specific Cyber-Security Advisory, Training, Awareness & Recruitment

25A Smith Street, Singapore 058939 | +65 8822 8219

[email protected]

www.responsible-cyber.com

CONTACT

37

BATTLING YBER RIMES · 2017. 10. 29. · Copyright Responsible Cyber I Reproduction Not Allowed MAGDA LILIA CHELLY Managing Director | Cyber-Security Evangelist Doctor in Telecommunication

Documents