Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Cybersecurity 2020Attackers, Attacks and Security Strategies
2
Cybersecurity Challenge
Open and Accessible
IoT Adoption
Budget
ConstraintsExpertise
3
Attack Process
Identification Enumeration Arm UpInitial
ContactCompromise Persistence
Lateral Movement
Exfiltration/ Exploitation
Reuse / Resell / Recycle
4
People Centric Targets
5
Device Centric Targets
6
ncreased sophistication and targeted.
• Successful attacks often lead to password compromise, malware infection, corporate/personal data loss and financial fraud.
7
8
Getting to Know You!
10
Get your Credentials
Hack You
Hack a Site
Buy Them.
Re-engineer your credentials
01 – 02
Password –Pa55W0rD
Facebook PW with FB
Use your Credentials
Social Media
Banking / Financial
Anything else
Credentials
11
12
13
• New breed of highly persistent and stealthy malware.
• Rise in fileless malware and droppers.
• Using highly sophisticated exploits for delivery. No longer need to be in a nation states crosshair to be impacted by their advance cyber weapons.
• Ransomware still common but also seeing increase in stealthier crypto-mining malware.
• Rise in ease of use and availability of cyber crime platforms, Malware/Ransomware as a Service.
14
Ransomware
15
0-Days
Supply Chain Attacks
17
Device
Vulnerability
Target On-Site
Remote Access
Firmware
Remote Access
Company
Credential Theft
Firmware Manipulation
Direct Access
IoT Supply Chain Attacks
18
What Next for Security?
19
Security As A Process
• Visibility
• Detection
• Control
• Reporting
• Measurement
20
Hacking 101 –Phishing to Credential Theft
21
Cybersecurity 2020
Hacking is a process.
Defense should also be a process.
You can be easily targeted.
Network Segmentation is key for IoT.
Passwords are weak use 2FA.
Integrated and automated gives the highest security.