Documente Academic
Documente Profesional
Documente Cultură
SPYWARE / ROOTKITS
APTs CYBERWARE
Threats
WORMS
2000
2005
2010
Tomorrow
3
Zeus (Zitmo)
Buckshot Yankee Citadel
SpyEye (Spitmo)
Nitro
DuQu
Flame Sykipot
Aurora
Shady Rat
4
Cyber Threats
Effectiveness of Phishing
More than 95% of all attacks tied to State-Affiliated espionage employed Phishing as a means of establishing a foothold in their intended victims systems.
49% External Party LE, Fraud Detection Org., Customer etc1 28% Self Detection Passive Employee, Slow Network etc1 16% Self Detection Active Security Devices1
59% of organizations believe they have been cyber threat targets5 46% believe they are still highly vulnerable despite increased prevention investments5
1Verizon
Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 ESG 7Mandiant
6
Loss of Revenue
Cost of Cyber Breach
$1T/year private sector revenue loss from cyber espionage2 $100B/year Cost of Cybercrime in US6
1Verizon
Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 McAfee / CSIS
7
3.
4. 5. 6.
7.
8.
9. 10.
South Carolina Department of Revenue - 3.8 million tax returns phishing attack California Department of Social Services Sensitive payroll information - 700,000 individuals - mail en route between IT contractors and the Department of Social Services Utah Department of Health Health information and PII - 780,000 Utah citizens - Eastern European hackers taking advantage of poor authentication configuration following database migration to a new server. California Department of Child Support Services Sensitive health and financial records- 800,000 records - lost FedEx shipment United States Bureau of Justice Statistics Embarrassed - 1.7 GB of sensitive data leaked, emails / data dump City of Springfield, MO City claims 2,100 records Anonymous claims more than 1,000 vehicle descriptions from online police reports and records from more than 280,000 summons filed in city digital data stores. United States Navy & DHS Usernames, passwords, email IDs, and security questions and answers for all users on Dep. Websites - Blind SQL injection attacks. Wisconsin Department of Revenue Sensitive seller information - 110,000 people and businesses who sold property in 2011 -embedded file in a Microsoft Access file NASA PII 10,000 employees - unencrypted agency laptop, stolen from employees car New Hampshire Department of Corrections Unauthorized Access inmates accessed the main offender management database system.
8
Cybersecurity
Nation States
Your View?
Government Regulations Internal Policies NIST Policy Reputation
Revenue Loss
DOD 8570
Malware
Customer
Hackers
PII Theft
Embarrassment
NERC CIP
Allies
Insider Threat
DISA STIG
Money Theft
MS-ISAC
Espionage
9
Governance
Regulations
Standards Education Application Presentation Session
Policy
Cybersecurity Scope
Content Security
Transport Network
Data Link Physical Cisco
Advanced Services
Network Security
Distribution Delivery
Partner
Supply Chain Counterfeit Channels
Trusted Systems
Cybersecurity
10
Internal Patrols
11
12
attack identified
attack onset
early warning
attack thwarted
* *
CRISIS REGION
*
Time
vulnerability closed
13
13
Promote Formal Education and Training SANS Institute / MS-ISAC / University Certifications
User
Testing
Take aways
There is no Silver Bullet Silver Buckshot Good News You already have much of what you need It is manageable Train you People Look into Internal Network monitoring Try to Sleep well
15
16
Propagation Mechanism
Persistent Mechanism
Registry
17
Defend
Discover
Remediate
Advanced Forensics
Contain
Fix
18