Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
The contents of this presentation contain Booz Allen Hamilton proprietary and or confidential business information. This document is not for public consumption and is not to be disclosed to third parties without the prior written consent of Booz Allen.
OUR PERSPECTIVE ON CYBERSECURITY THREATS
Trends and 2018 Predictions
OCTOBER 2018 - PHILIPPINE S
Booz Allen Hamilton ASEAN
1This document is confidential and intended solely for the client to whom it is addressed.
Mr. Angelo Roxas
Managing Director ASEAN
Angelo provides senior leadership in the Singapore office. His focus is to define and implement the cyber strategy and consulting capabilities in the ASEAN region.
Prior to Booz Allen, Angelo was the co-head of technology for the Barclays Investment bank in Asia Pacific, responsible for the delivery of transformation programmes and governance in the region. During his 11 years with Barclays.
Prior to Barclays, Angelo was a management consultant in London working as an IT strategist and programme manager providing consulting services to private and government sector clients, working across multiple geographies, including Europe, the Middle East and the Americas.
Angelo is a co-founder and advisor to a number of start-up companies and social enterprises and is the former President of the University of Penn and Wharton alumni club of Singapore.
https://www.boozallen.com/ markets/ international/ southeast - as ia.htm l
Email: [email protected]: +65 9234 9948
100+OFFICES
WORLDWIDE
Asia HQ in Singapore
Locations
23,000+CONSULTANTS &TECHNOLOGISTS
5,000+ cyber experts and consultants
Workforce
All MajorINDUSTRIES
SERVED
Comprehensive cyber footprint across markets
Energy and Environment
PublicSector
Defense andIntelligence
Telecom-munication
FinancialServices
Transport
Health
Clients
70 of the world’s 100 largest companies
400+ of the Fortune 500
1st to receive Cyber Incident Response Assistance Accreditation from the NSA
10 global cybersecurity networks for global threat intelligence
Impact
Thought Leadership$100 MN+ INVESTMENT IN STRATEGIC
INNOVATION SINCE 2013
Active publisher of intellectual capital for cyber, digital, predictive intelligence,
and analytics
Ranked first on Vault’s 2016 list of “Best Consulting Firms”
We are a longstanding strategy and technology consultancy with deep experience in cybersecurity, digital, and analytics
Key Business Areas, Track Record, and Partners
2This document is confidential and intended solely for the client to whom it is addressed.
Founded in
1914
Coined the term
Management Consulting
The world’s oldest
international strategy and technology consulting
firm with USD $5.4B in
revenue for FY16
Cybersecurity has expanded from the server room to the boardroom with implications for both business and IT executives
The Evolving Cyber Landscape
Sources: Wall Street Journal, Ponemon Institute, Booz Allen analysis
3This document is confidential and intended solely for the client to whom it is addressed.
Levels of evolution
Time
1980s – 2000sLimited Impact
2000 – 2010Growing Ubiquity
Today+Wide Spread Impact and
Board-Level Accountability
• Attacks continue to increase in frequency and complexity, requiring more oversight
• High-visibility attacks with widespread impact increase the challenges that Boards face
• C-suite executives are increasingly held responsible for both the
technical and public response
• Limited technology use minimizes the impact of attacks and Board responsibility to deal with them
• Companies become increasingly dependent on IT systems
• Numerous personal and business
devices provide multiple avenues for attack
As companies expand the use of technology, Financial Services sectors are increasingly involved in managing technology risk
Increasing Business Impact of Cyber Attacks
Source: Booz Allen analysis
4This document is confidential and intended solely for the client to whom it is addressed.
Yesterday’s CIO and IT Department
Have my network administrators patched and updated our network firmware?
Should we check unaffected hardware as well?
Have we closed all other known vulnerabilities?
Have we patched software both across our major network nodes and end points?
CEO
BOD
IT Dept
Operations
Today’s Corporate Board
What vulnerabilities are represented by our use of automation and technologies that support different business operations?
How do we communicate externally about a cyber attack?
How do we minimize potential regulatory repercussions or fines?
What legal obligations should we anticipate?
Are we impacted by our partnerships with third-parties?
Business Ops
Security
Finance
IT Dept
IR
PR
Gov Affairs
Compliance
Litigation
Export
Contracts
Op RM
Other
Fin RM
CEO
BOD
Risk MgmtOperationsComms Legal
Marginally Impacted Somewhat Impacted Medium to High-Impact Highly Impacted
Recent Cyber Attacks in Financial Services
2017
US$143 million US customers’ information stolen including personal data such as social security numbers
Equifax patched the security vulnerability and provided free credit report freeze for affected customers
2017
5,400 AXA customer’s information was stolen including phone numbers, insurance policy numbers and date of birth
AXA has taken remedial actions to secure their health portal
2016
US$81 million transferred from Bangladesh Bank’s account with New York Fed to the Philippines
SWIFT intensified the efforts for the Customer Security Programme
2015
US$12 million transferred money to accounts in Hong Kong, Dubai, New York and Los Angeles
SWIFT became alarmed by the patterns of cyber attacks on the network
Globally, Financial Services is among the most targeted with an increasing number of high-profile, sophisticated intrusions
Financial Services and Cyber Attacks
Cyber Attacks by Industry Vertical
10
11
11
14
16
27
73
93
109
113
124
201
239
296
471
Trade
Manufacturing
Utilities
Healthcare
Retail
Administrative
Public
Professional
Information
Education
Accommodation
Real Estate
Transportation
Entertainment
Finance
Source: Verizon 2017 Data Breach Investigations Report – Top 15 Verticals based on the Number of Breaches, Open source
NON-EXHAUSTIVE
Bangladesh Bank
The list goes on… and these are just the high-profile publicized attacks
This document is confidential and intended solely for the client to whom it is addressed.
In the APAC region, there are existing legislation laws and governing bodies on Cybersecurity…
Oversight of cybersecurity in the APAC region
Sources: Baker Mckenzie, Asia Pacific Guide to Data Protection
6This document is confidential and intended solely for the client to whom it is addressed.
Yemen
Vietnam
Uzbekistan
U.A.E.
Turkmenistan
Turkey
Thailand
Tajikistan
Syria
Sudan
Sri Lanka
Somalia
Madagascar
Singapore
Saudi Arabia
Qatar
Philippines
Australia
Palau
Pakistan
Oman
Nepal
Mongolia
MalaysiaMalaysia
Lebanon
Laos
Kyrgyzstan
Kuwait
South Korea
North Korea
Kenya
Jordan
Japan
Israel
Iraq
Iran
Indonesia
Indonesia
India
Georgia
Ethiopia
Eritrea
Egypt
Dijbouti
Cyprus
Comoros
China
Cambodia
Myanmar (Burma)
Brunei
Bhutan
Bangladesh
Azerbaijan
Armenia
Afghanistan
Taiwan
Timor Leste (East Timor)
Cyber Security Agency (CSA)
Malaysian Communications and Multimedia Commission and Cybersecurity Malaysia
Cybersecurity Administration of China (CAC)
Office of Cybercrime (OCC)
Ministry of Communication and Informatics/National
Cyber and Encryption Agency
(BSSN)
NON-EXHAUSTIVE
…however, growing threats such as Crypto-currency, ATM and malware attacks are tackling banks in Financial Services Sector
Financial-related cyber crimes throughout the APAC region
Source: MMC - APAC Cyber Risk in Asia Pacific, Reuters, Straits times
7This document is confidential and intended solely for the client to whom it is addressed.
Vietnam
Thailand
Sri Lanka
Singapore
Philippines
Australia
Palau
Nepal
MalaysiaMalaysia
Laos
Indonesia
Indonesia
India
China
Cambodia
Myanmar (Burma)
Brunei
Bhutan
Bangladesh
Taiwan
Timor Leste (East Timor)
Hong Kong
USD$81 Million were stolen from Bangladesh bank using
stolen SWIFT credentials
Malware were installed onto the ATM network to steal
USD$2.6 Million
USD$72 Million worth of Bitcoin was stolen from
Bitfinex exchange
3.2 Million debit cards were compromised due to malware
on the ATM network
USD$350k was stolen from 18 ATMs by an individual with a
Ripper Malware ATM card
NON-EXHAUSTIVE
We predict the following cybersecurity developments over the year of 2018
Predictions from the 2018 Foresights Report
Source: Booz Allen analysis
8This document is confidential and intended solely for the client to whom it is addressed.
Attackers will use updates of popular software to infect
corporate customers
Threat actors will utilize software development
toolkits as a vector of compromise
Cryptocurrencies will be used to skirt sanctions and
launder ill-gotten funds
An increase in states hiring
mercenary hackers and wielding their expertise against
adversaries
An increase in cyber attacks on
industrial control systems (ICS)
1
2
3
4
5
Global Prediction #1: Attackers will use updates of popular software to infect corporate customers
Petya’s Legacy: Hijacking Software Updates to Target Corporate Customers
Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Booz Allen analysis
9This document is confidential and intended solely for the client to whom it is addressed.
• Attackers could compromise a small software provider and use their software updates to attack larger companies downstream
• In essence, they’d be carrying out a small attack to enable a far larger one
What is this about?
• Attackers compromised the update server for a popular Ukrainian tax software called M.E.Doc, sending out poisoned updates that led to the NotPetya outbreak
• Suspected nation-state sponsored hackers compromised CCleaner with the aim of carrying out cyber espionage against various technology and telecommunications firms that used it, including SingTel
Examples
• Companies will continue to be a key target of criminal groups seeking to steal client information and implant ransomware
• System administrators need to constantly monitor developments in the industry to ensure that updates are safe
How will this affect business?
Global Prediction #2: Threat actors will utilize software development toolkits as a vector of compromise
One-stop Shop for Mass Compromise
Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Booz Allen analysis
10This document is confidential and intended solely for the client to whom it is addressed.
• Software libraries and software development kits (SDK) are essentially plug-and-play components that speed development
• These are particularly difficult to patch quickly without disrupting service to web server applications like Apache and WordPress
What is this about?
• The compiler malware XcodeGhost was packaged into an iOS development library for use by Chinese iOS/OS X developers, aiming to collect information on devices
• In March 2017, 132 Android apps on the Google Play store were found to be infected with malicious Iframes from infected Android development platforms
Examples
• In supporting both clients and developers, companies will continue to use these user-friendly and highly customizable tools
• Companies will have to be more proactive at screening the software libraries and development kits their services use
How will this affect business?
Global Prediction #3: Cryptocurrencies will be used to skirt sanctions and launder ill-gotten funds
Evading Scrutiny and Busting Sanctions with Cryptocurrency
Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Recorded Future, Booz Allen analysis
11This document is confidential and intended solely for the client to whom it is addressed.
• Cryptocurrencies offer a lifeline to states and individuals cut off from international financial markets, lending, and lines of credit
• These high-risk agents are able to use cryptocurrencies to perform banned activities with greater ease than before
What is this about?
• In December 2017, North Korea was publicly blamed by the Trump administration for launching the malware WannaCry to gain Bitcoin for the Kim regime
• In August 2017, North Korea emptied its three Bitcoin wallets and converted them to Monero, presumably to enhance the concealment of any future transactions
Examples
• Companies will see more stringent Know Your Customer (KYC), Anti-money Laundering (AML), and Counter-terrorism Financing (CTF) regulations
• Such additional regulation will result in increasing the cost of compliance
How will this affect business?
Global Prediction #4: An increase in states hiring mercenary hackers and wielding their expertise against adversaries
Outsourcing Hackers
Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Booz Allen analysis
12This document is confidential and intended solely for the client to whom it is addressed.
• Hiring foreign cyber mercenaries is significantly faster than the years needed to develop homegrown cyber attack talent
• Increasingly, nation states see cyber attacks as a foreign policy tool to disrupt the operations of competitors and adversaries
What is this about?
• The OilRig espionage campaign and the Qatar News Agency breach both allegedly involved contract foreign hackers
• The Bahamut campaign’s geographically varied target set suggests that one group supported multiple countries’ espionage programs
Examples
• As governments struggle to identify the source/motive of cyber attacks, businesses are often left to defend themselves
• In addition, as governments compete for scarce cyber talent, companies can expect cyber talent to become more expensive
How will this affect business?
Global Prediction #5: We predict an increase in cyber attacks on industrial control systems (ICS)
Attacking and Monetizing Access to ICS
Sources: KrebsonSecurity, Wired, CNN, Booz Allen analysis
13This document is confidential and intended solely for the client to whom it is addressed.
• ICS are integral to a wide variety of key processes, including manufacturing, server farms, shipping, and agricultural processes
• ICS are therefore profitable targets for ransom, or by state-backed actors targeting them to disrupt their operations
What is this about?
• Stuxnet was used to attack centrifuges at Iran’s Natanz uranium enrichment plant, causing centrifuges to fail at an unprecedented rate
• The U.S. Department of Homeland Security demonstrated a controlled hacking into a replica of a power plant's control system, dubbed “Aurora”, resulting in the physical destruction of the generator
Examples
• As automated operations often use ICS, companies developing or utilizing automation are now increasingly vulnerable to attack
• Companies need to expand their cybersecurity awareness, to ensure endpoints are secured and develop contingency plans
How will this affect business?