cybersecurity threats and trends
TRANSCRIPT
Cybersecurity Threats and Cybersecurity Threats and Trends
Nantawan WongkachonkittiEGA
How Safe are we?
Ref: CNN
2015 Cybersecurity Threats
1.Malicious messages that 1.Malicious messages that really look like the real thing
2.Ransomware moves into the cloud and onto your phone
3.Point-of-sales attacks4.Targeting the ‘one 4.Targeting the ‘one percent’
5.Espionageware and cyberwar
Ref:Julianne Pepitone: http://www.cnbc.com/id/102301336Ref: Gartner
2015 Cybersecurity Trends
1.A shift to a mind-set that no company is immune to cyber company is immune to cyber attacks and perimeter security is no longer enough
2.Companies now need to detect threats inside the firewall and as they develop
3.Greater investment in cyber intelligence technologies that enable rapid detection and enable rapid detection and response
4.The role of the Chief Information Security Officer (CISO), will make more of an impact
5.Skills shortage of people with the right cyber security skills
Ref: Paul Stokes, COO of Wynyard Group: https://www.policingtoday.co.uk/top-10-cyber-security-trends-for-2015.aspxRef: Gartner
How many hits does a
search for the term
Search: hacker
How many hits does a
search for the term
'hacker' in Google reply
with?
179,000,000
Hacker: World Forum
• Black Hat
• Welcome to DEFCON®, the Largest Underground Hacking
Convention in ...
Information about the largest annual hacker convention in Information about the largest annual hacker convention in
the US, including past speeches, video, archives, and
updates on the next upcoming show as well as ...
www.defcon.org/ -
Item Price
Platinum and Gold Master Cards, with Track I and II data $20 - $35
Underground Hacker Markets
Platinum and Gold Master Cards, with Track I and II data $20 - $35
New Identity (ssn, dob, bank account, credit card, …) $200-300
Online banking account with $9,900 balance $300
Compromised computer $6 - $20
Phishing Web site hosting – per site $3 - $5
Verified Paypal account with balance $50 - $500
Skype Account $12
World of Warcraft Account $10World of Warcraft Account $10
Remote Access Trojans (RATs) $20-50
Exploit Packs (Nuclear Exploit Pack) $50/400/600 D/W/M
Hacking into a Website $100-$300
DDoS Attack $3/60/350 H/D/W
Doxing (Social Engineering+information-stealing malware) $25-$100
Ref: Dell Secure Works http://www.secureworks.com/assets/pdf-store/white-papers/wp-underground-hacking-report.pdf
2015 Data Breach Category Summary
Hack:US Government• In 2006, a stolen laptop and external hard-drive resulted in the largest breach, affecting 26.5 million veterans and family members.
• In 2009, Virginia Department of Health website, • In 2009, Virginia Department of Health website, demanding $10 million for 8.2 million patient records.
• In 2011, when backup tapes containing the records of 4.9 million patients were stolen out of an employee’s car.
• In April 2012, the Texas Attorney General accidentallyreleased 6.5 million social security numbers during a lawsuit against the state’s voter ID law.
• In 2012, International hackers stole financial records by phishing the South Carolina Department of Revenue with 5.7 million people were affected.
• In 2013, the US National Security Agency (NSA) was collecting the telephone records of 10 million of collecting the telephone records of 10 million of Americans by t ex-CIA systems analyst Edward Snowden
• In 2015, the attack on the Office of Personnel Management could have compromised the personal information of 4.2 million current and former federal employees.
Ref: http://www.politifact.com/truth-o-meter/article/2015/jun/16/largest-cyber-attack-history-huckabee-claims-its-o/
Hack: Thailand• May 15th, 2015 a simple Grabit
key logger was found to be
Thailand housing maximum number of infected machines
key logger was found to be
maintaining thousands of victim
account credentials from hundreds of
infected systems.
• Kaspersky Lab discovers Grabit: A
Cyber-spy Tracking SMBs in
Thailand, India and the US
• Just one of the command-and-
control servers was able to steal control servers was able to steal
2,887 Passwords, 1,053 Emails and
3,023 Usernames from 4,928
different hosts.
Ref:http://thetechportal.in/2015/05/31/lethal-malware-named-grabit-infects-smes-and-startups-in-thailand-india-and-others-kaspersky/
Hack: Widely Affected
• TeslaCrypt
• Ransomware that locks files until • Ransomware that locks files until victims pay to restore them.
• It holds the files for a ransom of $250 to $1,000.
• It uses the AES algorithm to encrypt files.
• According to the information from FireEye, the number of victims they FireEye, the number of victims they counted was 1,231, but only 13% of them purchased the decryption keys.
• TeslaCrypt Authors Make $76,500 in About 2 Months.
Ref: Dell Secure Works http://www.secureworks.com/cyber-threat-intelligence/threats/teslacrypt-ransomware-threat-analysis/
Why do breaches still occur?
Today’s data centers are protected by strong perimeter defense…
But threats and exploits still infect servers. Low-priority systems are often the target.
Threats can lie dormant, waiting for the right moment to strike.
10110100110101001010000010
Attacks spread inside the data center, where internal controls are often weak. Critical systems are targeted.
Server-server traffic growth has outpaced client-server traffic. The attack spreads and goes unnoticed.
Possibly after months of reconnaissance, the infiltration relays secret data to the attacker.
1010010100000101001110010100
Ref: VMWare
Zero Trust Model• “ No More Chewy Centers: Tha Zero Trust Model of Information Security”by John Kindervag with Stephanie Balaouras, Kelly Mark, and Claire O’ Malley from Forrester
• Concepts:
1.All resources are accessed in a secure manner regardless of location.
2.Access control is on a “ need-to-know” basis and is strictly know” basis and is strictly
enforced.
3.Verify and never trust.
4.Inspect and log all traffic.
5.The network is designed from the inside out.
Ref: Forrester
Zero-Trust Model in Reality – Operationally Infeasib le
Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible
Little or nolateral controls
inside perimeter
InternetInternet
DataCenter
Insufficient OperationallyInfeasible
Ref: VMWare
Traditional Network Security Diagram
Ref: Forrester
5 Steps to create a Zero Trust network1.Identify your toxic data sources
2.Map the transaction flows regarding toxic data
3.Architect a Zero Trust Network based upon the toxic data sources and the way it’ s used
transactionally
4.Write your rules on your segmentation gateway based on the expected behaviour of the data and expected behaviour of the data and the users or applications that interact with the data
5.Monitor the network; inspect and log the traffic; and update rules based up on the visibility and intelligence that you get from your security analytics system
Ref: Forrester
E-Government servicesOther Government’s services
ServicesServices
Cloud Cloud Inter SaaS
Government Government ComputerComputer
Emergency and Emergency and Readiness Readiness
Cloud Provider
Cloud Provider
Cloud ProviderCloud
SaaSPaaSIaaS
Government
Readiness Readiness Team (GTeam (G--CERT)CERT)
Risk Assessment
Incident MonitoringInformation
17
24x7 Helpdesk and Contact CenterEGA Contact EGA Contact CenterCenter
Government AgencyGINGovernment
Agency
AnalysisResponse
TeamAwareness Raising
Services
❖ Incident Response
❖ Government Security Monitoring
❖ IT Security Awareness Raising❖ IT Security Awareness Raising
❖ Quarterly Training
❖ Anual Conference
❖ Incident Drill
❖ Risk and Vulnerability Assessment
❖ IT Security Consultants
1
Thank you
CONFIDENTIAL19