Upload
erepublic
View
221
Download
0
Embed Size (px)
Citation preview
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
1/25
Federal Bureau of InvestigationCyber Program
The Cyber Threat
Sacramento Division
Assistant Special Agent in Charge Tom Osborne
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
2/25
Cyber as an FBI Priority
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Down the road, the cyber threat, which cuts across
all FBI programs, will be the number one threat to
the country, surpassing terrorism.
FBI Director Mueller
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
3/25
Who are the Adversaries?
SECRET//NOFORN
Threat Level 1 Inexperienced
Limited funding
Opportunisticbehavior
Target knownvulnerabilities
Use viruses, worms,
rudimentary trojans,bots
In it for thrills,bragging rights
Easily detected
Threat Level 2 Higher order skills
Well-financed
Target known vulnerabilities
Use viruses, worms, trojans,bots to introduce moresophisticated tools
Target and exploit valuable data
Detectable, but hard to attribute
Threat Level 3 Very sophisticated tradecraft
Foreign Intel Agencies
Very well financed
Target technology as well asinfo
Use wide range of tradecraft
Establish covert presenceon sensitive networks
Undetectable?
Sophistication Expertise Funding Patience Target Value
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
4/25
UNCLASSI FI ED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
5/25
HACTIVISTSAlthough the term
hactivist refers tocyber attacks conducted
in the name of polit icalactivism, this segment of
the cyber threatspectrum coverseverything from
individual hackersseeking thrills and
bragging rights to hackergroups conducting
distributed denial ofservice (DDoS) attacks
and website defacementsagainst government and
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
6/25
Hawthorne PD
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
7/25
CRIMINAL
Organized criminal groups
have easily adapted to
todays technology in
exploiting the cyber arena.These groups continually
attack systems for monetary
gain through identify theft,
online fraud, computerextortion, phishing, and
spyware/malware.
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
8/25
Botnet Threat to Financial Sector
A credential stealing malware created by Eastern European cyber actors
Use Malware to carry out online bank account takeovers and steal information
Multiple versions available on the cyber underground making it easy to obtain
Evolving variants make it hard for anti-virus to detect
UNCLASSIFIED//LAW ENFORCEMENT SENSITIVE
UNCLASSIFIED//LAW ENFORCEMENT SENSITIVE
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
9/25
Botnet Case Highlight:
Operation Ghost Click
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
10/25
Botnet Initiative: Operation Clean Slate
Hill/W.H.Notification
Draft JIB
State/Local andTrustedPartners
(Website, IC3,
InfraGard)
PublicAwareness
(PSA,Newspapers,
Advert isement)
Coder
Herder
Users
Botnet/Malware
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
11/25
INDUSTRIAL
ESPIONAGEEvery year, bill ions ofdollars are lost to
foreign and domestic
competitors who
deliberately targeteconomic intelligence
in U.S. industries and
technologies. Through
cyber intrusions,
these intruders searchfor intellectual
property, prototypes,
and company trade
secrets to gain an
illegitimate advantage
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
12/25
STATE ESPIONAGE
Foreign adversaries use cyber
tools as part of traditional
intelligence-gathering andespionage activi ties. These
adversaries conduct
computer network operations
that target mili tary and
governmental organizationsintellectual property and
insider information.
UNCLASSIFIED
UNCLASSIFIED
C SS // O O C S O
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
13/25
Advanced Persistent Threat
Infiltration
Reconnaissance
Infection
Persistence
Escalate Privileges
Install Utilities
Enumerate the Network
Establish backdoors
Exfiltration
Harvest data
Exfiltration
Conceal activity
Intrusion Phases
UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
14/25
0
20
40
60
80
100
120
140
PeakGbps
January February March
Gbps per Attack
Recent Financial Sector Cyber Events
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
15/25
Recent Energy Sector Cyber Events
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
16/25
CYBERTERRORISM
UNCLASSIFIED
UNCLASSIFIED
Cyberterrorism isdisruptive or destructive
acts perpetrated against
noncombatant targets at
the direction, on behalf, or
in support of a terroristgroup or their ideology,
through the use of
computer network attack
or exploitation. Such
intrusions/attacks areintended to intimidate or
coerce a government or
population in furtherance
of a social, political,
ideological, or religiousa enda b causin
UNCLASSIFIED//FOUO
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
17/25
Priority Cyber Threat Target
Critical Infrastructure
Industrial Control Systems (ICS) / SupervisoryControl and Data Acquisition Systems (SCADA):
Controlling the nations critical infrastructure.
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
18/25
STATE-SPONSORED
DISRUPTIONS/WARSeveral nations are aggressivelyworking to develop cyber
warfare doctrine, programs, and
capabil ities. Cyber warfare
enables a single enti ty to have a
significant and serious impact
by disrupting the supply,
communications, and economic
infrastructures that supportmili tary power impacts that
could affect the lives of ci tizens
across the country.
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
19/25
Individuals
Nation-States
HacktivistGroups
Organized CrimeSyndicates
InfrastructureIndustry Law Enforcement& Government
NationStatesIndividuals
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED//FOUO
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
20/25
FBI Investigative and Operational
Capabilities
Investigative Interviews
Evidence Collection
Electronic Surveillance
Network Traffic Analysis
Digital Forensics through Computer Analysis Response Team (CART)
Malware analysis through the Binary Analysis, Characterization, and
Storage System (BACSS)
Cyber Action Team (CAT) Deployment
Legal Attach Support
Indict/Arrest AuthorityUNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
UNCLASSIFIED
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
21/25
Partnerships
No one country, company, or agency can stopcyber crime We must start at the source; we
must find those responsible. And the only way
to do that is by standing together.
Robert Mueller III,
FBI Director
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED//FOUO
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
22/25
NCIJTF Members
22
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
23/25
Cyber Task Forces (CTF)
Each CTF synchronizes domestic cyber threat
investigations in the local community through
information sharing, incident response, and joint
enforcement and intelligence actions.
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
http://hq-eslnx1-014.fbinet.fbi:7777/pls/apex/f?p=210:1http://www.bing.com/images/search?q=ncfta+logo&id=E5323AFF232FBC2B61B4E76DB5E1DA0075AA6D37&FORM=IQFRBAhttp://www.bing.com/images/search?q=ncfta+logo&id=E5323AFF232FBC2B61B4E76DB5E1DA0075AA6D37&FORM=IQFRBA7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
24/25
Private Sector Partnerships
InfraGard
National Cyber-Forensics Training
Allianceand Cyber Initiative and Resource FusionUnit
Information Sharing Analysis Centers
Internet Crime Complaint Center
UNCLASSIFIED//FOUO
http://www.ncfta.net/Index.aspxhttp://www.bing.com/images/search?q=ncfta+logo&id=E5323AFF232FBC2B61B4E76DB5E1DA0075AA6D37&FORM=IQFRBAhttp://www.bing.com/images/search?q=ncfta+logo&id=E5323AFF232FBC2B61B4E76DB5E1DA0075AA6D37&FORM=IQFRBAhttp://clickthumbnail%2829%29/7/27/2019 GTCW13 Winning the Cyber Security Battles - Tom Osborne
25/25
Conclusion
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Questions?