cyber security threats to state government...•cyber alert map •malicious code analysis platform...
TRANSCRIPT
![Page 1: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/1.jpg)
Cyber Security Threats to State Government
David Morris, CTOOffice of CyberSecurity
![Page 2: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/2.jpg)
Relationships
Political Subdivisions
Critical Infrastructure
Tribal Government
StateGovernment
LocalGovernment
InformationSharing,
Education, Training
Cyber Incident Analysis, Forensics
Monitoring, Alerting of
Malicious Cyber Activity
![Page 3: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/3.jpg)
Our Approach• What are we protecting?• Who is the adversary?• What methods to they use?• Do I have the resources necessary
to protect, detect and respond?
![Page 4: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/4.jpg)
Threat Actors
Organized Crime
Terrorist Group
Hacktivists
Petty Criminal
State-Sponsored
Unsophisticated Opportunistic
Cause-related Targets of
Opportunity
High Capacity PII, Intellectual Property
Sophisticated Critical
Infrastructure
Supply Chains Financial Services
![Page 5: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/5.jpg)
Industry Threat Trends
• Increased Sophistication • Blurred line b/w State Sponsored
and Petty Criminal• Evolution of Ransomware
• WannaCry & Petya• Internet of Things (IoT)• Targeted Phishing• Cyber Fatigue / Malaise
![Page 6: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/6.jpg)
Increased Sophistication
![Page 7: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/7.jpg)
Malware as a Service
Malicious software packages to automate the exploitation of a target’s vulnerabilities
Key characteristics:
• Designed for Novices• Simple User Interface• Packages Multiple Attacks
• Tech Support• Performance Metrics
![Page 8: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/8.jpg)
Zero Day Detections – Past 120 Days
![Page 9: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/9.jpg)
Fun with Spam
James Veitch, TedTalk
![Page 10: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/10.jpg)
Security Operations Center
• 67 Alerts• Malicious Software (32)• Investigations (9)• Account Compromise (13)• Probing (10)• Denial of Service (3)
Past 30 Days:
![Page 11: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/11.jpg)
CERT Capabilities
Malware Analysis Log Analysis Packet Analysis Root Cause
Identification
Digital Forensics Investigators
Recognized Court Expert
Certified Incident Handlers
FEMA Cyber Terrorist First Responders
![Page 12: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/12.jpg)
Response Roles
Incident Command Role Agency Extension Role
OCS CERT acts as Incident Command, delegates tasks and communicates with agency leadership
OCS CERT acts an extension of the agency incident response team
![Page 13: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/13.jpg)
Cases
Site Defacements
Credible Threats
Data Breach
Ransomware
APT Activity
System Compromise
![Page 14: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/14.jpg)
What can you do?
Organized Crime
Terrorist Group
Hacktivists
Petty Criminal
State-Sponsored
![Page 15: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/15.jpg)
Risk-Based Approach
![Page 16: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/16.jpg)
Myths and Realities
![Page 17: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/17.jpg)
Policy
Patching
Passwords
Backups
Endpoint Protection
Defense in Depth
![Page 18: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/18.jpg)
Shared Responsibility
•24/7 Security Operation Center and Incident Response Services
•Cybersecurity Advisories and Notifications•Secure Portals for Communication and Document Sharing •Cyber Alert Map•Malicious Code Analysis Platform (MCAP)•Weekly Top Malicious Domains/IP Report•Monthly Members-only Webcasts•Access to Cybersecurity Table-top Exercises•Vulnerability Management Program (VMP) •Nationwide Cyber Security Review (NCSR)•Awareness and Education Materials
![Page 19: Cyber Security Threats to State Government...•Cyber Alert Map •Malicious Code Analysis Platform (MCAP) •Weekly Top Malicious Domains/IP Report •Monthly Members-only Webcasts](https://reader036.vdocuments.us/reader036/viewer/2022070723/5f02055f7e708231d4022f3c/html5/thumbnails/19.jpg)
Summary
• The state is attacked by multiple threat groups with different motives and capabilities
• Attack tools, techniques, and procedures are available to those with limited skills
• Shared responsibility and risk mitigation is critical to defense
• Spear Phishing is #1 delivery method for malicious software
Questions?