www.nviso.be DEFENDING DIGITAL BUSINESS AGAINST CYBER ATTACKS Presentation SAI – 21/02/2019
Our Agenda 1 Demo time 2 Threat actor groups 3 Nation states 4 Hacktivism 5 Organized cyber crime 6 The bad competitor 7 The Internet of Things and the risks
Tim Beyens I am one of the partners at NVISO where I am responsible for a part of our Cyber Resilience Service Line. Together with my team I assist clients in developing and delivering secure network environments and applications.
Sasja Reynaert I am a security consultant at NVISO, where I mainly focus on DFIR (Digital Forensics & Incident Response) and Red Team Testing engagements.
Demo time
Demo time An eye opening trip into an intrusion
Threat actors Who are they and why are you their target?
Different threat actors – Different threats Not all threat actors operate in the same way as such we need to adapt our prevention / detection / response strategy
Threat actors Who are the typical threat actors behind cyber attacks? What is their motivation / what is the ultimate goal? www.nviso.be | 9
Threat actors www.nviso.be | 10
Threat actors Who are the typical threat actors behind cyber attacks? Nation state actors Actors sponsored and backed by a Nation State Hacktivist groups Actors with a political agenda Organized cyber crime Actors driven by profits engaged in cyber criminality Malicious insiders and competitors Actors operating from inside your organization or in the name of one of your competitors www.nviso.be | 11
Threat actors I ntegrity C onfidentiality A vailability www.nviso.be | 12
Threat actors A simple exercise… www.nviso.be | 13
Nation state actors An advanced threat actor
Nation state actors Who, what, why? • Government X wants insights into the actions of certain individuals in Company Y • Obtain sensitive information • Motivation for attacks can be anything (Political, Strategical, Financial, etc.) • Lots of resources and skills => advanced attacks • They use an Advanced Persistent Threat (ATP) to stealthily exfiltrate data www.nviso.be | 15
Nation state actors Some Examples…. www.nviso.be | 16
Advanced Persistent Threat (APT) What happened? FireEye M-Trends: Beyond the breach An APT is an advanced 47% and targeted cyber attack in which an intruder gains of breaches access to a network and discovered by remains undetected for externals an extended period of time. The above illustrations highlight two interesting statistics: • In EMEA, the median number of days before detection of an intrusion is 106 days (2017); • An average of 47% of breaches are discovered by external parties www.nviso.be | 17
Advanced Persistent Threat (APT) How to prevent, detect, respond? Better get serious about cyber security: Advanced attacks require a high level of maturity to identify, protect, detect, respond and recover from cyber attacks. If your organization is a target for advanced attackers, you would need to implement a proper security management system based on an internationally recognized standard. www.nviso.be | 18
Hactivists In the crosshairs of hacktivists
Hacktivists Who, what, why? • They are usually motivated by a political agenda • Hacktivists would like to see Company X out of business • If they can’t provide their service for some time => their reputation will be damaged • They typically launch a DDOS attack to disrupt services delivery www.nviso.be | 20
(Distributed) Denial of Service What happened? DDoS attacks take down your systems An attack that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources. www.nviso.be | 21
Hacktivists Some Examples • http://www.digitalattackmap.com/ www.nviso.be | 22
(Distributed) Denial of Service How to prevent, detect, respond? Prevent Respond Detect • • • Have a (D)DOS mitigation Monitor incoming traffic Follow the mitigation plan ready plan • Specialized protection • • Secure network and detection tools and Specialized mitigation infrastructure services tools and services • • Scalable and resilient Be conscious: it may be a network architecture smoke screen www.nviso.be | 23
(Distributed) Denial of Service How to prevent, detect, respond? Prevent Respond Detect www.nviso.be | 24
Organized cyber crime Show me the money
Organized Cyber Crime Some Examples…. TO ADD. www.nviso.be | 26
Organized Cyber Crime Some Examples…. TO ADD. The past year we have seen ‘ransomware’ attacks of a whole other scale and with other motivations. www.nviso.be | 27
Organized cyber crime Who, what, why? • Cyber criminals want to make money • Data is important for businesses => losing all data = catastrophically • Infect computers of Company X with Ransomware • More data is taken hostage => More likely to be payed ransom money (if victim not prepared/protected) Your computer files have been encrypted. _ www.nviso.be | 28
Ransomware What happened? A type of computer crime which sees computers or data hijacked and a fee demanded to give them back to their owners. www.nviso.be | 29
Ransomware How to prevent, detect, respond? Respond Prevent Detect • • • Keep systems up to date Anti-ransomware Restore from backup software • • Do no run under admin if Snapshot still • not required Suspicious file extensions unencrypted data • • • Raise awareness for Many files being Assess and improve phishing emails renamed protection • Backup www.nviso.be | 30
Threat Hunting Sysmon www.nviso.be | 31
Internet of Things and the risks
IoT Security What if it goes bad? https://www.youtube.com/watch?v=BnAHfZWPaCs https://www.youtube.com/watch?v=BnAHfZWPaCs www.nviso.be | 38
The Internet of Things (IoT) What is it? The Internet of things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data . Each thing is uniquely identifiable through its embedded computing system but is able to inter-operate within the existing internet infrastructure. www.nviso.be | 39
The Internet of Things (IoT) Are there new risks? Securing an IoT appliance means securing an entire ecosystem. The increased complexity introduces more room for error and vulnerabilities. www.nviso.be | 40
IoT Security A word of caution www.nviso.be | 41
The Internet of Things (IoT) What can you do? Before buying an appliance, look for known vulnerabilities www.nviso.be | 42
The Internet of Things (IoT) What can you do? Don’t expose the appliance on the internet www.nviso.be | 43
The Internet of Things (IoT) What can you do? Shodan Demo www.nviso.be | 44
The Internet of Things (IoT) What can you do? Think twice Be careful about what you throw out www.nviso.be | 45
Questions?
Thank You for your interest in NVISO! Would you like to know more ? Let's get in touch! +32 (0)2 318 58 31 info@nviso.be www.nviso.be
Recommend
More recommend