BAE SYSTEMS PROPRIETARY All rights reserved. 2019 © BAE Systems plc. Unpublished work. Joseph Rooke Security Consultant – Threat Intelligence 12 th September 2019 How is the cyber threat landscape evolving alongside geopolitics?
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.
Joseph RookeSecurity Consultant – Threat Intelligence12th September 2019
How is the cyber threat landscape evolving alongside geopolitics?
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.2
Cyber in the News
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.3
Why Cyber?
My background & Interests Cyber
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.4
Changing Geopolitical Landscape
Nation State
Nation State
Bipolar (1945-1991)
NationState
Unipolar (1991-Present)
Nation State
Nation State
Nation State
Nation State
Multipolar (?)
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.5
Changing nature of conflict
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.6
Correlation or causation?
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.7
Correlation or causation?
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.8
Correlation or causation?
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.9
Threat IntelligenceNational Security
Oil & Gas
Insurance
Manufacturing
Banking
Government
Telecommunications
Mot
iva
tion
Capability
Cyber Activists
Cyber Criminals
StateActors
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.10
RedScorpion
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.11
Intrusion
Phishing email
Office document
opened
Malicious exploit code
executed
1st Stage FINALPAYLOAD
Weaponised Document
Download Malware
from Dropbox
Dropbox
Finalinstallationof malware
National Security
Oil & Gas
Government
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.12
Investigation
Compromised C&C server
Commands issued to victim
Data exfiltrated
Attacker
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.13
Attribution
Lunch break
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.14
NotPetya
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.15
MalwareSETUP: Software Supply Chain attack
+ many more…
Ukraine Gov. & CNI
Multinationals with operations, subsidiaries or suppliers in Ukraine
VICTIMS
Mimikatz
PsExec, WMIC
Enumerate
Eternals
Encrypt files
Erase boot sector
‘Ransom note’
Malware
Spread Destroy
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.16
Impact
Company Sector Impact
LegalEmail and phone communications were out for two days.
Full recovery took longer. Paid staff 15,000 hrs of overtime in recovery phase.
Logistics $400m+ in losses reported to the SEC.
LogisticsRebuild of network took 10 days. Estimated losses of $300m+.
Shipping volumes down 20% during outage.
PharmaUnable to manufacture certain drugs temporarily – including Gardasil.
Estimated $870m in losses reported.
Food $150m+ in losses reported.
Oil & GasOne of a number of Russian companies impacted. Impact unknown,
but oil production said to be unaffected.
Materials $350m+ in losses reported.
Advertising Costs estimated at $15m.
Biggest operational
impact?
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.17
International response
Why was this the response?
Attack was aimed at Ukraine
Destructiveness of attack which affected critical national infrastructure
Global collateral damage deemed beyond acceptable
norms of behaviour
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.18
Summary
New geographies and sectors falling victim to attacks
Hacktivist, Criminals and State-sponsoredAPT collaboration
Targeting of MOFAs and government organisations
State-sponsored targeting of Commercial and Financial sector
Geopolitics Cyber Space
BAE SYSTEMS PROPRIETARY
All rights reserved. 2019 © BAE Systems plc.Unpublished work.19
Thank You