1 today s speakers
play

1 Today's Speakers From Control Risks Control Risks 3 Luke - PowerPoint PPT Presentation

Control Risks 1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint Consultant Associate Director Associate Director Cyber Protect Digital Forensics Crisis Management Global Cyber Security trends


  1. Control Risks 1

  2. Today's Speakers From Control Risks

  3. Control Risks 3 Luke Fardell James Lythe Shaun Flint Consultant Associate Director Associate Director Cyber Protect Digital Forensics Crisis Management

  4. Global Cyber Security trends

  5. Control Risks 5 Global cyber security compliance trends during COVID-19 Africa Asia South America South Africa is China established a developing COVi-ID. Cyber security and nationwide telecom data Given that privacy privacy legislation is still analysis platform with laws are in evolving. Infrastructure is several contact tracing development there is not as resilient which led apps. No consent for concern that personal to Colombia withdrawing personal data collection information may not its contact tracing app from individuals when it is be properly protected and now looking to use a for public security during the pandemic. Google and Apple purposes. solution. Australia COVIDSafe App. Concern regarding Europe function creep, with North America In the UK, an app information being used has been for other law Some state-level Middle East developed using a enforcement purposes. effort. There is a decentralized UAE has concern over the system due to developed three complex use of concerns the tracing apps. cryptography previous trial app Limited information infrastructure did not about how the apps developed by Apple meet privacy and protect data. and Google which security needs to be tested. requirements.

  6. Control Risks 6 Update on cyber attacks exploiting the pandemic Share of attack vector of organised operations since Count of organised COVID related January operations since January 2020 Phishing and spearphishing 40 35 Drive-by compromise 30 Remote services 25 20 Malicious app 15 10 Brute force 5 Denial of service 0 0% 10% 20% 30% 40% 50% 60% Percentage of attacks by threat actor category Geographic spread of organised operations since January 39% Cybercriminal 5% Nation-state 3% Other Cyber activist 53%

  7. Control Risks 7 Recent Attack Vectors Since March 2020 the following attack vectors have been observed during Control Risks Cyber Response Cases  Enterprise equipment in home environment misconfiguration  False sense of security phishing  Perimeter misconfiguration  Huge email chain campaign – Qakbot/Dopplepaymer  Remote Desktop Protocol (RDP) access  Webserver compromise through vulnerable 3 rd party application  Website defacement through Server Side T emplate Injection

  8. Control Risks 8 Typical Attack Timeline Lateral Movement to test credentials and scope Attacker external Deploy the ransomware access and data reconnaissance, phishing and confirm its success campaign or brute force Scan the Network to attempts Exfiltrate a dataset obtain high value targets Elevate privileges to obtain local or domain Craft Ransomware script using scan results admin account Attacker gains a foothold inside the network and sets Disable Anti-Virus up persistence mechanism and communication channel

  9. Most Common Attack Vectors

  10. Control Risks 10 Scenario Pandos Chicken are not getting enough customers They want to steal the secret recipe from their rivals Nan’s Chicken Nan’s Chicken have a very secure network, previous attempts have failed. Pandos identify that Nan’s Chicken get their chickens from ‘Dave the chicken farmer’ Obtain a Shell in the Nan’s Chicken network There is no greater objective….

  11. Control Risks 11 Attack Path Dave the Nan’s Pandos Farmer Chicken 03 02 01 Secret_Recipe.txt Chicken

  12. Control Risks 12 Hack Dave’s email Reconnaissance  Website  Companies House  Google  Facebook  Twitter  Instagram

  13. Control Risks 13 Dave’s Website

  14. Control Risks 14 Email Dave

  15. Control Risks 15 Obtain Credentials for Dave’s Gmail  Trick Dave into entering his credentials into a fake google webpage.

  16. Control Risks 16

  17. Control Risks 17

  18. Control Risks 18 We use Dave’s email account  Craft a payload to beacon back to our infrastructure  Set up infrastructure  Use Dave’s email to send the payload  Wait for reverse TCP connection

  19. Control Risks 19 Recap

  20. Control Risks 20 Capabilities of the Reverse TCP connection  Read and Edit documents  Upload/download files  Execute binaries  Privilege escalation  Network scanning  Clear event logs  Search for files  Open Webcam  Screenshots

  21. Control Risks 21

  22. Control Risks 22

  23. Control Risks 23 RDP Brute Force Externally facing systems with RDP access  Remote scans of networks to identify systems  Username often visible  Password brute force attack mounted until access gained

  24. Control Risks 24

  25. Control Risks 25 Exfiltration of Data Exfiltration methods observed  Archiving of files for exfil  RDPClip – Copy and pasting through remote session  Mailbox syncing using stolen credentials  Staging on Webserver for external download  SMB shares  Meterpreter Session over HTTPS  FTP.exe

  26. Remote Crisis Management

  27. Control Risks 27 Managing cyber risk remotely Awareness Home Corporate Corporate Comms Segregation Virtual Private Network Training Multi Factor Authentication Change Default Settings Phishing Simulation Gateway Filtering Update Devices Tech Talks Audit and Logging Dialogue with IT Teams

  28. Control Risks 28 Three areas of focus for cyber crisis management Companies are actively reviewing and changing their strategic approach to resilience, to bring clarity to uncertainty. We’ve outlined three of the common themes below Leadership People Intelligence ▪ ▪ ▪ How can leaders improve the speed How can people become a more Which risks need to be monitored and and response of decision making integrated part of the resilience what triggers are needed ▪ ▪ How can risk specialists help improve framework How can the situation be understood ▪ strategic decision making How can we enable employees to work and communicated to key stakeholders ▪ ▪ How can leaders educate themselves flexibly while maintaining well-being and How do we make our cyber contingency about the risks security plans agile and mobile ▪ ▪ ▪ Knowing when to call a crisis What skills do employees need to Who are the experts we need to call develop

  29. Control Risks 29 A final thought - developing resilience Don’t go back to normal, go back to better

  30. Control Risks 30 Q&A Please type your questions here

  31. controlrisks.com

Recommend


More recommend