cyber security threats and latest trends

7/29/2019 Cyber Security threats and Latest Trends

1/60

LATEST ISSUES & TRENDS IN CYBER

SECURITY & THREATS

Mostly OverEstimated / UnderEstimated


2/60

Not here

to


3/60


4/60

Lets tryto get

familia

rwith

thethreat

vectors!!!


5/60

How many of

you have seenthese in

THEATRES ?


6/60

How many ofyou have FEW

orALL of thesein your

LAPTOPS andHDDs thru

TORRENTZ ?


7/60

Ever thought

ofWhy is allthis FREE ?


8/60

How many ofyou have

LINUX in yourWorkstation

s ?


9/60

How many of

you haveWindows in

yourWorkstation

s ?


10/60


11/60

Collusion is an experimental add-

on for Firefox and allows you to see all

the third parties that are tracking

your movements across the Web. Itwill show, in real time, how that data

creates a spider-web of interactionbetween companies and other trackers.


12/60

Friends List

Their Phone

NumbersTheir Addresses

Your SMSYour MMS

Your Browsing

HistoryYour Chats

Your relatives details

Your referencesUNWANTED APPS


13/60

We are very POSITIVE on

web!!!!


14/60

Does it Matter ?


15/60

Lets find out the answer

with twoscenarios.


16/60


17/60


18/60

In such timesSecuring the IT

Environment getting

DIFFICULT by day?


19/60

LETS GET BACK BY FEW YEARS!!!!When securing the IT environment was easier than it is today.


20/60

Basic informat ion such asusers locations, the

appl icat ionsthey were runn ing and the

typesof devicesthey were us ing were known variables.

LETS GET BACK BY FEW YEARS!!!!

BACK


21/60

In add it ion , thisin format ion

was fair ly s tat ic, so secur i typo l ic ies scaled reasonably well


BACK


22/60

Appl icat ions ran onded icated serversin thedata cen ter


BACK


23/60

TheIT organizationcontro l led

accessto tho se app l icat ions and

establ ished boundar ies toenforce

secur i ty pol ic ies


BACK


24/60

for the most partthe netwo rk experienced

predic table traff ic patterns


T M


25/60

HAPPY CISO!!!!!!

TOUCHING MOMENT


26/60


27/60

Changing the way the netwo rk is A rchi tected


28/60

Appl icat ions/Datamay move betweenserversor

evendata cen tersorcountr ies


29/60

Mult iple diversemobi ledevicesconnectto the corpo rate

netwo rk from var iouslocat ions


30/60

At the same time, users are

extending the corporate network

by going to the cloud forcollaborative applications like

Dropbox or Google

IT no longer knows which

devices may connect to thenetwork or their location.

Data isnt just safely resting in the

data center; it is traversing

the countries.


31/60

BOTNETS


32/60

BOTNETS

40% of the computers

are Botted

A botnet is a collection of internet-

connected programs

communicating with other

similar programs in order toperform tasks.


33/60

So all this


34/60

So all thisalong withthese two

CurrentGiants make

a great

AttackSurface


35/60

CRIMEWAREas aSERVICE


36/60

PRISMis a mass elect ronic s urvei l lance data mining p rogram kn own to h avebeen operated by the United States Nat ional Secur i ty Agency (NSA) since 2007


37/60

The Central Monito r ing System is amass electron ic

survei l lanceprogram in stal led by C-DOT, an Ind ian

Government owned agency .

The CMS gives Ind ia's secur i ty agencies and in com e tax

off ic ialscentral ized access to India's

telecommunicat ions netwo rkand the abi l i ty to

l isten inon & record mobi leland l ine and satell i tecalls and ) , and readpr ivate emails, SMS and MMS and track th e geograph ical

locat ion of indiv idu als, al l in real t ime.


38/60

Operation B70


39/60

It is the type of attack that


40/60

Refers to a hacking technique

that leveragesvulnerabilities

in the code of a web applicationto allow an attacker to send

maliciouscontent from an end-

user and collect some type of

It is the type of attack that

takes advantage of

impropercoding of your

web applications that allowshackerto inject SQL

commands into say a login

form to allow them to gain

access to the data heldwithin your database.

B E l it


41/60

A form ofmalicious code that takes advantage of a

flaw orvulnerability in an operating system orpieceof software with the intent to breach browser

security to alter a user's browser settings withouttheir knowledge

Browser Exploits


42/60


43/60


44/60

Domains of

security


45/60


46/60


47/60

Who decides the Security QRs.?????Sadly.till date the approach has been mostlyreactive since we have been traditional inconfiguring SECURITY!!!!!!!


48/60


49/60


50/60


51/60


52/60

WHAT DO WE DO TODAY?


53/60

TAKE CONTROLLED

RISK

WHAT DO WE DO TODAY?

NO TWO ORG orUSERS CAN HAVE SAME

MODEL OF SECURITY IMPLEMENTATION

THE NEED IS CUSTOMISED MODELFOR EVERYONE

KEEP YOUREYES/EARS OPEN

Know EAL of your product

C h


54/60

Stringent

Hardening

Monitoring

tools

Analysis

tools

Cryptography

Strong

Passwords

Firewalls/UTM

s

AccessControls

Updates

Cyber

Hygiene

Secure

Design

IT IQCookies

Know your

Live DVDs

OpenSource

Common

Passwords


55/60


56/60

And will keep

F l


57/60

Impersonati

onFailure

False

Identity

Revoked Rights

UnauthDisclosure

Theft of Access

Tokens

DoS

Breach of

Anonymity

Unknown

Outsider Attack

User Fraud

Insider Attack

Access

Threats

I AM NOT REFERRING TO SCI FI


58/60

TIME TRAVELLING ROBOTS FROM

THE FUTUREFace recognition starts getting perfectSpeech recognition starts getting perfect

Speaker recognition starts getting perfect

We dont have a good AI todayBut we are improving on AI by day

We have cheap storage

We are recording what goes on.

I AM NOT REFERRING TO SCI FI


59/60

AI will be able to scan ourpast in future

Time travelling robotsare not going to come in our

timesbut they will be there

to scan our pastlaterand in the future they

will be able to know

everythingwe did today

E-Mail : [email protected]
mailto:[email protected]:[email protected]


60/60

p @ p j g

Blog at : http://anupriti.blogspot.com

Twitter : @it_updates
mailto:[email protected]://anupriti.blogspot.com/http://anupriti.blogspot.com/mailto:[email protected]

cyber security threats and latest trends

Documents