fixing cyber security imbalances.itho.me/vendor/2016/cybersecurity/05.fixing cyber... ·  ·...

Fixing Cyber Security Imbalance

Sung-ting Tsai (TT)

2016 Taiwan Cyber Security Summit

June 2016

Sung-ting Tsai (TT)

CEO at Team T5 Inc. • Frequent hacker conference speaker

• Vulnerability researcher and owner of several CVE ID

• 10+ years on security product development

• 8+ years experience on cyber threat research

• Organizer of HITCON (Hacks in Taiwan Security Conference)

tt@teamt5.org

• How do we fix it? Understand type of cyber threats

Prioritize the threat

Get ready for the breach

Advise for security investment

Embracing hackers

• How dangerous is the cyber world Threats targeting everyone

Threats targeting enterprises

Threats targeting Government

• Why the cyber security is so unbalanced Threats vs security solutions

Actors vs target

Ignorance of vulnerability

Agenda

How dangerous is the cyber world?

Malvertisement + Ransomware

Ref: http://technews.tw/2016/03/18/web-advertising-ransomware-json/

Twitter

Dropbox 100 Million Accounts

Linkedin – 117 Million

• Personally Identifiable Information• Botnet / adware Feel nothing basically

• Financial data stealing / phishing Credit card

Online baking / shopping / game

• Scam

• Ransomware

Threats Targeting Everyone (end users)

• DDoS extortion

• Industrial / commercial espionage Intellectual property

Business / customer data

• State-sponsored espionage 情蒐

Spy, intelligence collection

• All threats targeting end users Including botnet, ransomware, etc.

• Server attacks Website defacement

Mail / File / Database server data stealing

• Scam / phishing

Threats Targeting Enterprises (Corporations)

• State-sponsored espionage Spy, intelligence collection

• Cyber-terrorism Cyber sabotage

Critical (information) infrastructure attack

• All threats targeting end users Including botnet, ransomware, etc.

• Server attacks Website defacement

Mail / File / Database server data stealing

• DDoS from hacktivist

Threats Targeting Government

OPM Hack

Japan Pension Service Breach

JTB Hack

Why the cyber security is so unbalanced?

Attack / Defense

Which one is easier?

(Technically speaking, DEFENSE is easier.)

(In reality, DEFENSE is at a disadvantage and expected to lose.)

It is an unbalanced war.

• Security vendors’ technology are advanced, and elegant.

• Countermeasures to all existing attacks.

• Vendors are responsible for the solutions they provided.

Attacks vs Security Solutions

• Keep a perfect defense, always. is impossible.

New features, new systems, new people, brings

new weaknesses.

New vulnerabilities are disclosed everyday (for

example: 2012 struts2).

• Ignorance of vulnerability Vulnerability is critical to success or failure.

• ACTORs are experts, and target?

• ACTORs are Human (not just a malware)

HUMAN vs computer programs?

• ACTORs adapt and change rapidly. Actors usually bypass new defense quickly with

very low cost.

• Malware updates are always faster than security products. Speed of response and reaction.

ACTORs vs Targets (the imbalance)

A story

https://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/

Fixing the Imbalance

Understand the type of threats

• What kind of threat you should concern?

• Deal with high-priority threats first.

Prioritize the Threats

Cyber

Espionage

eCrime

Hacktivist

Botnet / Spam

• Understand their Techniques, Tactics, and Procedures (TTP).

• Understand their purposes.

Understand your enemies

Ref: http://detect-respond.blogspot.tw/2013/03/the-pyramid-of-pain.html

• You will be pwned, sooner or later.

• Be prepared.

• It is not all about defense, it also matters how fast you can mitigate the incident.

Get Ready for the Breach

• Invest on people, not only software or hardware Your enemies are human. They are well-trained hackers. You

cannot rely on computer programs only.

You need good security strategy to defend. Only people can

make strategy.

• Invest on cyber threat intelligence Build your own threat intelligence program.

Continuously produce your own intelligence.

Gain advantages to against cyber threats.

Advise for security investment

Embracing hackers is the key step to success in cyber security.

擁抱駭客，才是許多資安問題的最佳解法。

Thank You

tt@hitcon.org