understanding the invisible internet, chase cunningham
Post on 05-Apr-2018
214 Views
Preview:
TRANSCRIPT
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 1/41
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 2/41
Define
Defend
Defeat
Questions
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 3/41
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 4/41
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 5/41
Social Engineering
Trickery or deception for the purpose of information
gathering, fraud, or computer system access.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 6/41
Ripped from the Headlines
Stratfor to settle class action suit over hack
Reuters - Jun 27, 2012
NEW YORK (Reuters) - The global security analysis company StrategicForecasting Inc will settle a class action lawsuit brought by one of its ...
Local: Stratfor settles hacking class action lawsuit MyBroadbandStratfor settles with clients over major Anonymous hack RT
Stratfor settles class-action over Anon megahack with freebies
www.pcworld.com/.../fake_netflix_app_poses_datastealing ...
by Brennon Slattery - in 9,932 Google+ circles - More by Brennon SlatteryOct 13, 2011 – Symantec discovered the Trojan, dubbedAndroid.Fakeneflic, and assessed it as a "very low-level risk." However,placing the sneaky malware ...
Fake Netflix Android App Steals Your Data | News & Opinion ...
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 7/41
Social Engineering
• Accepting LinkedIn invite with bogus HTML tag
From: "Ian Rainey" <xeniatw46@linkedin.com>
Subject: [dm] LinkedIn Notification
Date: May 14, 2012 12:42:31 PM EDT
To: icannalerts@daqus.com
REMINDERS
Invitation notifications:
From Colton Alston (Your co-worker)
PENDING MESSAGES
There are a total of 3 messages awaiting your response. Visit your InBox now.
Don't want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to anyother LinkedIn user without your permission. ) 2010, LinkedIn Corporation.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 8/41
Social Engineering
• Dumpster Diving
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 9/41
Social Engineering
Acting like a superior on the phone
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 10/41
• Phishing: Acquiring information such as usernames,
passwords, SSN, accounts, by masquerading as a
trustworthy entity.
Hello Dear ,I am Miss Gloria Uzoka. A computer scientist with central bank ofNigeria. I am 26 years old, just started work with C.B.N. I cameacross your file which was marked X and your released diskpainted RED, I took time to study it and found out that you have
paid VIRTUALLY all fees and certificate but the fund has not beenrelease to you…
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 11/41
Spearphishing
A form of phishing targeting specific users.
Trojans
Sneak in under the network’ssecurity posture.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 12/41
Malware/Exploit
Software that is written to cause harm, damage, or covert
action against a network by exploiting the algorithms and
operations of the system itself.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 13/41
Ripped from the Headlines
Shared code indicates Flame, Stuxnet creators worked together
CNET - Jun 11, 2012
Researchers at Kaspersky Lab say code is shared in the two threats and that therewas an exploit in Stuxnet that was previously unknown.
by Elinor Mills - More by Elinor Mills
In-Depth: Researchers Connect Flame to US-Israel Stuxnet Attack Wired NewsBlog: Flame cyberweapon is tied to Stuxnet program New Scientist (blog)Flame and Stuxnet teams worked together, researchers report Fox News
New Zeus Variant Targets Facebook and Google Users
PC Magazine - 4 days ago
You wouldn't click a link in email and enter your credit card details; you know better.But a new Zeus variant waits until after you've logged into ...
Zeus : How to Fight Back BankInfoSecurity.comAction Fraud warns of a Zeus malware strain that puts Facebook and ... InquirerThreatMetrix detects new strain of Zeus Trojan Computer Business Review
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 14/41
Zero-day: An exploit for a vulnerability for which there is no remedy
either due to its new discovery of lack of industry understanding.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 15/41
By definition there is no known defense against a Zero-day. Live infear!
Zero-day
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 16/41
Worm: Program designed to replicate and “crawl” through
the network.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 17/41
Malware/Exploit
DNS Cache Poisoning: Changing a server’s Domain Name System (DNS)
settings which leads to an exploited page or compromise.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 18/41
Botnet: Group of host computers used as zombies to accomplish
any action.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 19/41
Insider or Hidden Threat
Anyone who has or had authorized access to an organization’s
network or data and intentionally exceeded or misused that access
in a manner that negatively affected the confidentiality, integrity, or
availability of the organization’s information or systems.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 20/41
Ripped from the Headlines
Philip Cummings was ahelp desk staffer at TeleDataCommunication, Inc. (TCI),
1999 to 2000. 30,000 identities stolen
At least $2.7-million loss
(FBI data) Cummings sentenced to 14 years in prison and
$1-million fine
Biggest identity theft in US history
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 21/41
Internal spy sending out company secrets to competitors,
nation states, criminals.
Former employees hacking and selling information.
Hactivism.
Good employees making errors.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 22/41
Defending Against
Cyber Threats
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 23/41
Defend
Firewalls – a device (hardware or software) that blocks connections
per a set
Firewall: A device or software that blocks internet
connections based on a set of rules.
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 24/41
Darknet: Routed, allocated IP space in which no active
services or servers reside.
Defend
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 25/41
Honey Pot: A system or data that appears to be part of a network, but is
isolated and monitored. Often appears to contain information or a
resource of value to attackers.
Defend
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 26/41
Access Control: Allowing or denying modification of
items based on a set of rules.
External Security: Anything else used to defend or
protect the network via outside agents.
Defend
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 27/41
Defeating Cyber Threats
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 28/41
1. Identify activity outside baseline norms
2. Isolate the action/program
3. Quarantine
4. Remove & Destroy (Hack Back…?)
5. Research the intrusion and its origin. Where the traffic was being
directed?
6. Set up future defense
7. Train users or victims (if applicable)
Defeat
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 29/41
I JUST PLAY ONE ON TV
I’M NOT A REPORTER
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 30/41
Who was targeted? Specific person or user targeted? Why?
What allowed the malicious action to succeed? What did they do about it?
When was the malicious activity first noticed? How long was it in place
before that point?
Did the activity progress?
Are they sure they totally fixed it?
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 31/41
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 32/41
If the attack is the result of social engineering….
How did they lure the victim that resulted in the attack?
(malware, url, attachment, emails, etc..)
Who was targeted? Why?
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 33/41
If the attack is the result of malware….
What is the type of malware used?
Is it a known type of malware? What’s the MD5 or hash associated withit? Is it noted in the National Vulnerability Database or by the hacker
community?
Can it be typed to a specific actor or group?
Where was the system calling out to once exploited? Who was answering?
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 34/41
If the attack is the result of an insider threat…
What was the actors background, position in the company, etc..?
Was the attack sophisticated or simple?
Was it noted internally or were they notified from an external source?
What are the legal ramifications?
Any outside parties affiliated with the malicious behavior?
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 35/41
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 36/41
Espionage anyone?
Look Familiar?
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 37/41
IP Theft, Global Impact
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 38/41
The Black Death
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 39/41
25 million infected by Black Death
20 million infected by Spanish flu
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 40/41
22 million computers infected with top three most popular exploit kits
3 Internet devices on earth for each human
“Internet of things”
See where this is going?
7/31/2019 Understanding the Invisible Internet, Chase Cunningham
http://slidepdf.com/reader/full/understanding-the-invisible-internet-chase-cunningham 41/41
CHASE CUNNINGHAM
CHIEF OF CYBER ANALYTICS
DECISIVE ANALYTICS CORPORATION
(703) 682-0620
CHASE.CUNNINGHAM@DAC.US
Understanding the Invisible Internet
Cyber Threats Simplified
top related