Cyber Threat Landscape

Proprietary and Confidential

Cyber Threat Awareness


Cyber Threats Understanding the Landscape

EJ Hilbert, Kroll

February 11, 2015



About the Speaker

• Managing Director Kroll Advisory Solutions- Head of Cyber Investigations for EMEA

• President of Online Intelligence- A cyber security and investigative firm specializing in social media and online advertising schemes, scams and crimes.

• Director of Security Enforcement for MySpace – Responsible for addressing all security concerns related to MySpace, its systems and its users. Sued spammers and personally won $240 million.

• FBI Special Agent- Specialized in White Collar Crime, Cyber Crime and Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov email intrusion, Carderplanet takedown/Cardkeeper, and Invita/Flyhook: the Alexey Ivanov case.

• High School Teacher and Coach- History, Science, Baseball, Basketball and Cross Country winning three National Titles

• Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe which I designed and built in my garage with my friend Steve Jobs.

• Consultant on TV shows, movies and books, various media coverage including MSNBC, BBC, ITV, CNN, Financial Times, Rolling Stone, WSJ, Wired, and Gizmodo. Childhood movie and TV star on Disney Channel



All Attacks Require Access

Joe is your employee in the mail room.

He makes minimum wage

He has a corporate email account

He has a corporate computer where he installed iTunes and downloads his pictures

He banks with HSBC

And he just got this email….

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=gyE9KeUbOWNjcM&tbnid=ZxHQVamaCpMVTM:&ved=0CAUQjRw&url=http://despicableme.wikia.com/wiki/File:Despicable_Me_2_-_Blu-ray_Mini_Movie_Sneak_Peak&ei=MB3_U_DpGtPY0QWg8oDYBA&bvm=bv.74035653,d.d2s&psig=AFQjCNGD_qF7dFcu5NPUsa2BTKxiEFP48A&ust=1409314369444219





He Clicked the Link

Your Network Is

Now Owned



Do You Know Who You Are Talking To?Here is a clue-

• Managing Director Kroll Advisory Solutions- Head of Cyber Investigations for EMEA

• President of Online Intelligence- A cyber security and investigative firm specializing in social media and online advertising schemes, scams and crimes.

• Director of Security Enforcement for MySpace – Responsible for addressing all security concerns related to MySpace, its systems and its users. Sued spammers and won personally $240 million.

• FBI Special Agent- Specialized in White Collar Crime, Cyber Crime and Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov email intrusion, Carderplanet takedown/Cardkeeper, and Invita/Flyhook: the Alexey Ivanov case.

• High school Teacher and Coach- History, Science, Baseball, Basketball and Cross Country winning three National Titles

• Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe which I designed and built in my garage with my friend Steve Jobs.

• Consultant on TV shows, movies and books, various media coverage including MSNBC, BBC, ITV, CNN, Financial Times, Rolling Stone, WSJ, Wired, and Gizmodo. Childhood movie and TV star on Disney Channel



What are Cyber/Digital Threats?

Cyber threats can be broken into four categories: Cyber Crime- Computer-enabled attacks for profit

or gain

Cyber Espionage- Long term data spying for various reasons

Cyber Warfare- Destruction of Critical Infrastructure

Activism – Attacks to embarrass or discredit



Cybercrime

Financially motived attacks and breaches intended to make a profit

Computer Dependent Versus Computer Enabled CD- System disruption, phishing and malware CE- Data Theft and Fraud

Rarely is the attack a “hack”, rather it is a compromise of users credentials resulting in an Account Takeover

Credit cards and financial credentials are not the only target but they are a Media “Tangible”

Data “kidnapping” and extortion payments are a viable money maker for criminals

Social media and contact data is more valuable than your credit card.



Zeus and SpyEye



Cyber Espionage

The intention is to gain long term access

Not just one attack but several intent on creating access

Limited fear of attack discovery but no of prosecution

Economic and Political motivations but loss is hard to calculate

New EU laws may require breach notification for all companies



Cyber Warfare

New class of weapons system

Industrial Control Systems targeted

Intention is to disrupt or destroy

Stuxnet, Schmoon, Flame, etc.

Result in hardware and data losses Stuxnet = loss of 10yrs of data

Schmoon = loss of 30,000 systems

WiPall.D (aka G.O.D.) = Petabytes lost at Sony

Weaponized programs that are placed out in the wild for use by others.

Cyber weapons are not contained nor do they self destruct



Activism

Why stage a real world protest when you make you point online to everyone

They showcase the weakness in systems exposing them for other attacks

Intent to publically embarrass those companies and people they disagree with while being “anonymous.”

Impact can be devastating to the person, the company, the Infrastructure and the clients.

Most attacks are low level defacements or social engineering of employees.



Which Of Those Affect You?

Crime What data do you

have and what is it worth on the market?

Internal vs. External fraud

Disruption and Extortion

Can your systems be used against others?

Espionage Who wants what you

know?

Are there indications of a slow bleed?

Do you have contracts others might want to exploit?

How can I embarrass senior management?

Activism Who are your haters?

Why?

Do you have data that can be used against your allies or your enemies?

Do you have data

What is your company’s social profile?

Warfare What is the effect of

taking you offline?

Can I disturb, disrupt or dismantle a portion of your business?

What is your BC/DR plan?

Resiliency – technical, commercial and reputational



Significance?

229The average number of days an intruder sits in your system before being

discovered. Most discoveries are made through third party notification.



Parting Thoughts?

What information do you hold and why is it valuable?

Who has access to the information?

How do you know? Is there access monitoring in place?

Can you cut their access right now?

If every megabyte of data held was worth £1, how would you protect it?

(The average laptop hard disk holds 500gb or 500,000mb)



Questions?

E.J. HilbertManaging Director

Cyber Practice HeadKroll EMEA

[email protected]/ejhilbert

www.linkedin.com/in/ejhilbert

mailto:[email protected]

http://www.twitter.com/ejhilbert

http://www.linkedin.com/in/ejhilbert

Cyber Threat Landscape

Documents

cyber security

cyber crime

cyber investigations

confidential cyber threats

security concerns

social media

email intrusion

myspace responsible