cctld security understanding the anxiety and consequences
play

ccTLD Security Understanding the Anxiety and Consequences Barry - PowerPoint PPT Presentation

Jul 28, 2023 •273 likes •751 views

ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene bgreene@isc.org Agenda ccTLD Security is not new Cybercriminal Toolkit Understanding why security people are irritated might help to provide

  1. ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene bgreene@isc.org

  2. Agenda • ccTLD Security is not “new” • Cybercriminal Toolkit • Understanding why security people are irritated might help to provide context. • Criminal Complicity, Internet Embargo, Chain of Consequence • What can a ccTLD do now? 2

  3. ccTLD Security is not “New” • ICANN - Attack and Contingency Response Planning (ACRP) • Country-Code Top-Level Domain Best Current Practices (draft-wenzel-cctld-bcp-02.txt – expired) • APTLD Guidelines for Operation of DNS Infrastructure by ccTLDs • Lots of presentations: – ICANN and DNS Security, Stability and Resiliency Activities by Greg Rattray – Best Practices of a ccTLD Registry by Adrian Kinderis – Introducing ICANN Security, Stability and Resiliency Activities - DNS Security Training – by Yurie Ito – ccTLD Best Practices by Michuki Mwangi – ccTLD Best Practices & Considerations by John Crain – ccTLD Best Practices & Considerations by Kim Davies 3

  4. Cyber Criminal Toolkit 4

  5. Stage Domain Name SPAM Secondary BOTNET Controller Drive-By Proxy Malware Get Domain Name Servers BOT Herder Stage on NS or FF NS Malware TLD Domain Victim of Crime Packer 5

  6. Prepare Drive-by Send Malware SPAM Secondary BOTNET Controller Drive-By Proxy Malware Load Malware Name Servers BOT Herder Malware TLD Domain Victim of Crime Packer 6

  7. Send SPAM to get People To Click Send SPAM SPAM Secondary BOTNET Controller Drive-By Proxy Malware Click on Name Servers me now BOT Herder Malware TLD Domain Victim of Crime Packer 7

  8. Drive By Violation Click on me now SPAM Secondary BOTNET Controller Drive-By Proxy Malware Name Servers BOT Herder Malware TLD Domain Victim of Crime Packer 8

  9. Poison Anti-Virus Updates SPAM Secondary BOTNET Controller Drive-By Proxy Malware Name Servers BOT Herder Malware Poison the anti-virus Anti-Virus Vendor updates All updates to 127.0.0.1 TLD Domain Victim of Crime Packer 9

  10. Prepare Violated Computer SPAM Secondary BOTNET Controller Drive-By Proxy Malware Name Servers BOT Herder Malware Call to Secondary Anti-Virus Vendor Malware Site Load Secondary TLD Package Domain Victim of Crime Packer 10

  11. Call Home SPAM Secondary BOTNET Controller Drive-By Proxy Malware Name Servers Call to Controller BOT Herder Report: • Operating System Malware • Anti-virus • Location on the Net • Software TLD • Patch Level Domain Victim of Crime • Bandwidth Packer • Capacity of the computer 11

  12. What can an ANS do? Make SPAM Harder We do not know how to SPAM lock this Secondary BOTNET Controller Drive-By Proxy guy in Malware jail! Disrupt Drive- Disrupt By Phishing Controllers Name Servers Help your victimized BOT customers Herder Disrupt the NS Infrastructure Clean Malware Violated Data Centers TLD Domain Victim of Crime Packer Filter Based on TLD 12

  13. Why Cyber-Crime is Institutionalized? 13

  14. Our Traditional View of the World 14

  15. The Reality of the Internet No Borders How to project civic society and the rule of law where there is no way to enforce the law? 15

  16. Three Major Threat Vectors • Critical Infrastructure has three major threat drivers: – Community #1 Criminal Threat • Criminal who use critical infrastructure as a tools to commit crime. Their motivation is money. – Community #2 War Fighting, Espionage and Terrorist Threat • What most people think of when talking about threats to critical infrastructure. – Community #3 P3 (Patriotic, Passion, & Principle) Threat • Larges group of people motivated by cause – be it national pride (i.e. Estonia & China) or a passion (i.e. Globalization is Wrong) 16

  17. Essential Criminal Principles • There are key essential principles to a successful miscreant (i.e. cyber criminal) • These principles need to be understood by all Security Professionals • Understanding allows one to cut to the core concerns during security incidents • Attacking the dynamics behind these principles are the core ways we have to attempt a disruption of the Miscreant Economy 17

  18. Principles of Successful Cybercriminals 1. Don’t Get Caught 2. Don’t work too hard 3. Follow the money 4. If you cannot take out the target, move the attack to a coupled dependency of the target 5. Always build cross jurisdictional attack vectors 6. Attack people who will not prosecute 7. Stay below the pain threshold 18

  19. Principle 1: Do Not Get Caught! • The first principle is the most important – it is no fun getting caught, prosecuted, and thrown in jail – (or in organized crime – getting killed) • All threat vectors used by a miscreant will have an element of un-traceability to the source • If a criminate activity can be traced, it is one of three things: 1. A violated computer/network resources used by the miscreant 2. A distraction to the real action 3. A really dumb newbie 19

  20. Principle 2: Do Not Work Too Hard! • Use the easiest attack/penetration vector available in the toolkit to achieve the job’s objective • Example: If your job is to take out a company’s Internet access the day of the quarterly number’s announcement, would you: 1. Penetrate the Site and Delete files? 2. Build a custom worm to create havoc in the company? 3. DOS the Internet connection? 4. DOS the SP supporting the connection? Why Use DNS “Noisy” Poisoning when it is easier to violate a ccTLD? 20

  21. Principle 3: Follow the Money • If there is no money in the crime then it is not worth the effort. • Follow the money is the flow of money or exchanged value as one miscreant transfers value to another miscreant (or the victim transfers value to the criminal) • A Cyber-Criminal Treat Vector opens when the miscreant finds a way to move ‘stored value’ from the victim through the economy • It is worse if the cyber ‘stored value’ can cross over to normal economic exchange 21

  22. Principle 4: If You Cannot Take Out The Target… • If you cannot take out the target, move the attack to a coupled dependency of the target • There are lots of coupled dependencies in a system: – The target’s supporting PE router – Control Plane – DNS Servers – State Devices (Firewalls, IPS, Load Balancers) • Collateral Damage! 22

  23. Principle 5: Always Build Cross Jurisdictional Attack Vectors • Remember – Don’t get caught! Do make sure ever thing you do is cross jurisdictional. BOTNET LEAF US • Even better – cross the BOTNET HUB law systems (Constitutional, Tort, BOTNET LEAF Japan Statutory, Islamic, etc.) • Even Better – Make BOTNET LEAF sure your “gang” is Australia multi-national – making it harder for Law Enforcement BOTNET LEAF BOTNET LEAF Norway Kuwait BOTNET LEAF China 23

  24. Principle 6: Attack People Who Will NOT Prosecute • If your activity is something that would not want everyone around you to know about, then you are a miscreant target • Why? Cause when you become a victim, you are not motivated to call the authorities • Examples: – Someone addicted to gambling is targeted via a Phishing site – Someone addicted to porn is targeted to get botted – Someone addicted to chat is targeted to get botted – Someone new to the Net is targeted and abused on the physical world – Government, Finance, and Defense, Employees – who lose face when they have to call INFOSEC 24

  25. Principle 7: Stay below the Pain Threshold • The Pain Threshold is the point where an SP or Law Enforcement would pay attention • If you are below the pain threshold – where you do not impact an SP’s business, then the SP’s Executive Management do not care to act • If you are below the pain threshold – where you do not have a lot of people calling the police, then the Law Enforcement and Elected Official do not care to act • The Pain Threshold is a matter of QOS, Resource Management, and picking targets which will not trigger action 25

  26. Criminal Trust • Miscreants will guardedly trust each other • They can be competitors • They can be collaborators • But when there is money on the table, criminal human behavior and greed take over. • Cybercriminal cannibalize each other’s infrastructure. • Cybercriminals attack each other’s infrastructure. DDOS Internet DDOS 26

  27. Dire Consequences • The Miscreant Economy is not a joke. It is not a game. It is not something to play with. – PEOPLE DIE • Once organized crime enter the world of the Miscreant Economy, the days of fun were over. • Now that Cyber-Criminals will use any resource on the net to commit their crime, they don’t worry about the collateral damage done. – Think of computer resources at a hospital, power plant, or oil refinery – infected and used to commit phishing and card jacking. – What happens if someone gets mad at the phishing site, attacks it in retaliation, unintentionally knocking out a key systems. 27

  28. Enduring Financial Opportunities Postulate: Strong, Enduring Criminal Financial Opportunities Will Motivate Participants in the Threat Economy to Innovate to Overcome New Technology Barriers Placed in Their Way Enduring criminal financial opportunities: • Extortion • Advertising • Fraudulent sales • Identity theft and financial fraud • Theft of goods/services • Espionage/theft of information 28

Recommend

TEST ANXIETY AGENDA 1. What is anxiety 2. Break down anxiety 3. Definition 4. Cause 5.

TEST ANXIETY AGENDA 1. What is anxiety 2. Break down anxiety 3. Definition 4. Cause 5.

TEST ANXIETY AGENDA 1. What is anxiety 2. Break down anxiety 3. Definition 4. Cause 5. Tips to help Before and during exams OBJECTIVES Students will: Have a better understanding of test anxiety Examine the effects on the body Gain

846 views • 17 slides
Understanding Stress Managing Anxiety under COVID-19 Dr. Kristen Gustavson, LCSW, PhD Agenda u

Understanding Stress Managing Anxiety under COVID-19 Dr. Kristen Gustavson, LCSW, PhD Agenda u

Understanding Stress Managing Anxiety under COVID-19 Dr. Kristen Gustavson, LCSW, PhD Agenda u Stress in the time of Coronavirus u Understanding how stress works u What does Scripture say about Anxiety & Stress u Ways we can address Anxiety

230 views • 10 slides
Security in the .CO ccTLD Gonzalo Romero CSO - .CO Internet ICANN Meeting # 48 Buenos Aires,

Security in the .CO ccTLD Gonzalo Romero CSO - .CO Internet ICANN Meeting # 48 Buenos Aires,

Security in the .CO ccTLD Gonzalo Romero CSO - .CO Internet ICANN Meeting # 48 Buenos Aires, ARGENTINA, November 17-21, 2.013 Agenda Motivation Security Policies Knowledge Transfer and Cooperation Action Malicious Activities

627 views • 8 slides
What Is Anxiety? Anxiety is often adaptive Often hereditary, can be brought on by life

What Is Anxiety? Anxiety is often adaptive Often hereditary, can be brought on by life

Supporting Your Child in Managing Stress and Anxiety 3/26/2019 NS MSHS Anthony Puliafico, PhD Don Merriman, PhD Feelings of nervousness and fear in anticipation of a potential negative event Anxiety is universal What Is Anxiety?

460 views • 20 slides
How .CO ccTLD handles cybersecurity matters Agenda 1. About us 2. .CO Security Motivation

How .CO ccTLD handles cybersecurity matters Agenda 1. About us 2. .CO Security Motivation

How .CO ccTLD handles cybersecurity matters Agenda 1. About us 2. .CO Security Motivation Relationship Strategy Policies Process 3. .COllaboration Efforts in Colombia 4. Q&A 2 About us . CO Internet Started

529 views • 26 slides
Brief(er) history of .so ccTLD Delegation & redelegation Mohamed Ibrahim .so ccTLD project

Brief(er) history of .so ccTLD Delegation & redelegation Mohamed Ibrahim .so ccTLD project

Brief(er) history of .so ccTLD Delegation & redelegation Mohamed Ibrahim .so ccTLD project Manager Brief(er) history of .so ccTLD Delegation & redelegation http://www.iana.org/reports/2009/so-report-03feb2009.html GMOs role

296 views • 17 slides
Anxiety Management What is anxiety? Signs and symptoms Strategies to manage anxiety

Anxiety Management What is anxiety? Signs and symptoms Strategies to manage anxiety

Anxiety Management What is anxiety? Signs and symptoms Strategies to manage anxiety Resources Picking up danger were good at it! Anxiety has been bred into us over thousands of years as an adaptive survival strategy. In

754 views • 26 slides
Americans Feeling Chronic Anxiety Anxiety in the U.S. is at an all-time high. We are the most

Americans Feeling Chronic Anxiety Anxiety in the U.S. is at an all-time high. We are the most

11/28/2017 Americans Feeling Chronic Anxiety Anxiety in the U.S. is at an all-time high. We are the most anxious nation in the world! 2017 Unisys Security Index The land of the Stars and Stripes has become the country of stress and strife.

185 views • 3 slides
THAT MEAN? Jolene Arasz, Psy.D. UNDERSTANDING ANXIETY: WHAT IS IT? Any uncomfortable feeling

THAT MEAN? Jolene Arasz, Psy.D. UNDERSTANDING ANXIETY: WHAT IS IT? Any uncomfortable feeling

STUDENT SUCCESS: WHAT DOES THAT MEAN? Jolene Arasz, Psy.D. UNDERSTANDING ANXIETY: WHAT IS IT? Any uncomfortable feeling that we experience; sad, angry, irritable, scared, etc. Our body is telling us, Something isnt right here! I

240 views • 20 slides
Anxiety Subjective Anxiety Dif ifference Between Stress and Anxiety Stress is an external

Anxiety Subjective Anxiety Dif ifference Between Stress and Anxiety Stress is an external

Types of Anxiety Objective Anxiety Subjective Anxiety Dif ifference Between Stress and Anxiety Stress is an external pressure on an individual Anxiety is the subjective emotional response to the stressor So How Do They Deal With All This?

573 views • 16 slides
TLD-OPS ccTLD Security and Stability Together ccNSO ICANN 62 June 27, 2018 A first delivery

TLD-OPS ccTLD Security and Stability Together ccNSO ICANN 62 June 27, 2018 A first delivery

TLD-OPS ccTLD Security and Stability Together ccNSO ICANN 62 June 27, 2018 A first delivery : the DDOS Mitigation Playbook The goal of the first workshop was to explore how TLD-OPS members can collaborate to detect and mitigate DDOS

1.12k views • 13 slides
Understanding & Alleviating Fear & Anxiety in Children & Adolescents with ASD Laura

Understanding & Alleviating Fear & Anxiety in Children & Adolescents with ASD Laura

Understanding & Alleviating Fear & Anxiety in Children & Adolescents with ASD Laura B. Turner, Ph.D., BCBA Presented at the Hudson Valley Regional Center for Autism Spectrum Disorders 3 rd Annual Fall Conference

428 views • 20 slides
TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day June 26, 2018 ICANN62,

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day June 26, 2018 ICANN62,

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day June 26, 2018 ICANN62, Panama Jacques Latour, .ca (Chair) TLD-OPS Global technical incident response community for and by ccTLDs , open to all ccTLDs Brings

411 views • 10 slides
TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day March 11, 2018 ICANN61,

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day March 11, 2018 ICANN61,

TLD-OPS Update ccTLD Security and Stability Together ccNSO Members Day March 11, 2018 ICANN61, San Juan Jacques Latour, .ca (Chair) TLD-OPS Global technical incident response community for and by ccTLDs , open to all ccTLDs Brings

318 views • 10 slides
TEST ANXIETY Strategies to Handle Test Anxiety OVERVIEW What is test anxiety? Positive verses

TEST ANXIETY Strategies to Handle Test Anxiety OVERVIEW What is test anxiety? Positive verses

TEST ANXIETY Strategies to Handle Test Anxiety OVERVIEW What is test anxiety? Positive verses negative thoughts Three stages of test anxiety Exercise and test anxiety Balanced diet with test anxiety POP procedure Myth verses Reality

379 views • 20 slides
Anxiety Treatment Best Practices Objectives: 1. Participants will gain a good understanding

Anxiety Treatment Best Practices Objectives: 1. Participants will gain a good understanding

Abby Callis, PsyD Director of Quality & Outcomes Family Service and Guidance Center acallis@fsgctopeka.com 785.270.8932 Anxiety Treatment Best Practices Objectives: 1. Participants will gain a good understanding of the evidence

384 views • 34 slides
The Worry Monster How to help your kids cope with anxiety Anxiety Anxiety is an emotion that

The Worry Monster How to help your kids cope with anxiety Anxiety Anxiety is an emotion that

The Worry Monster How to help your kids cope with anxiety Anxiety Anxiety is an emotion that all of us experience at times. It can actually be productive and helpful. If it interferes with their ability to go to school, enjoy their usual

594 views • 38 slides
Understanding Key Evidence Gaps in the Treatment of Anxiety Disorders in Children, Adolescents,

Understanding Key Evidence Gaps in the Treatment of Anxiety Disorders in Children, Adolescents,

Understanding Key Evidence Gaps in the Treatment of Anxiety Disorders in Children, Adolescents, and Young Adults: A Stakeholder Workshop July 26, 2017 Welcome & Housekeeping Todays meeting is open to the public and is being recorded

777 views • 24 slides
Objectives Young People and To understand what we mean by the term anxiety Anxiety

Objectives Young People and To understand what we mean by the term anxiety Anxiety

14/02/2017 Objectives Young People and To understand what we mean by the term anxiety Anxiety To consider how we can recognise a YP has anxiety To gain insight from a YP who has experienced anxiety Michelle Blackler CAMHS

258 views • 8 slides
Switching Nigerians to .ng ccTLD A Multi stakeholder Approach To Growing ng.ccTLD Ope Odusan

Switching Nigerians to .ng ccTLD A Multi stakeholder Approach To Growing ng.ccTLD Ope Odusan

Switching Nigerians to .ng ccTLD A Multi stakeholder Approach To Growing ng.ccTLD Ope Odusan Chief Operating Officer Nigerian Internet Registration Association oodusan@nira.org.ng http://www.nira.org.ng Tel: +234 808 208 2766

1.35k views • 11 slides
IRNI C .ir ccTLD Registry Alireza Saleh alireza@irnic.ir When did we start? .ir ccTLD

IRNI C .ir ccTLD Registry Alireza Saleh alireza@irnic.ir When did we start? .ir ccTLD

IRNI C .ir ccTLD Registry Alireza Saleh alireza@irnic.ir When did we start? .ir ccTLD started in 1994 IRNIC is part of IPM, Institute for Research in Fundamental Sciences www.nic.ir How did we proceed? When What Number of

192 views • 7 slides
1 Bible Study Lesson: We are accustomed to dividing up our Biblical understanding by chapter and

1 Bible Study Lesson: We are accustomed to dividing up our Biblical understanding by chapter and

PHILIPPIANS Part 13: From Anxiety to Peace 08.29.10 Jessica Reads Matthew 6:30-34 / Philippians 4:6-7 MSG Brianna Sings Inhale, Exhale. Introduction: Today I d like to talk about anxiety. All of us feel anxious at some time or another.

249 views • 4 slides
Understanding Your Childs Dual Diagnosis: Autism Plus ADHD or Anxiety Leandra N. Berry, Ph.D.

Understanding Your Childs Dual Diagnosis: Autism Plus ADHD or Anxiety Leandra N. Berry, Ph.D.

Understanding Your Childs Dual Diagnosis: Autism Plus ADHD or Anxiety Leandra N. Berry, Ph.D. Assistant Professor BCM Department of Pediatrics, Section of Psychology Associate Director of Clinical Services Autism Center, Texas Childrens

920 views • 81 slides
8/8/2010 School Anxiety, Phobia, and Separation Anxiety Three Major Barriers to Academic and

8/8/2010 School Anxiety, Phobia, and Separation Anxiety Three Major Barriers to Academic and

8/8/2010 School Anxiety, Phobia, and Separation Anxiety Three Major Barriers to Academic and Social Development Physiology of Anxiety When an individual experiences anxiety body reacts with Adrenalin rush Increases focused,

444 views • 8 slides

More recommend