Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn
Building the Digital Keystone State Sponsored Attacks Political Warfare Multi-stage-Attack AI Botnets Email Compromise Social Engineering Supply Chain Attack APT Groups ATM Fraud IoT Malware CIIP Attacks Commercial Espionage Crypto-jacking ICO/Smart Contract Attack www.keystone.tn
Building the Digital Keystone Industrial Projection This is how ICS/OT people see it www.keystone.tn
Building the Digital Keystone Hacker Projection This is how Hacker looks at is www.keystone.tn
Building the Digital Keystone OT - real-life convergence Critical infrastructure is a part of society. And now, it is fully convergence Modern OT: • ICS/SCADA • Telecom • Transportation • IoT Business process is not limited by ICS/SCADA. Around you can see lot of accompanying technology which help to operate business process and brings new threats! www.keystone.tn
Building the Digital Keystone Taking the Challenge BEFORE NOW Threat Model for separate ICS Threat Model for ALL industries! Challenging Is it possible? www.keystone.tn
Building the Digital Keystone Security Threats landscape Today’s reality on Critical Infrastructures & Enterprises www.keystone.tn
Building the Digital Keystone Industrial and Energy sector www.keystone.tn
Building the Digital Keystone By January 2016 more than 150 000 of industrial systems were found to be accessible through the Internet. Among them, about 15 000 are vulnerable with a high risk level Most of these components were accessible via HTTP, Fox, Modbus, and BACnet , and in most Time to patch cases, a dictionary password was used for authentication. vulnerabilities Cutting Sword of Mexican Pemex Justice attacked suffered from STUXNET DUQU Saudi Aramco targeted attack 2012 2014 2010 2011 www.keystone.tn
Building the Digital Keystone Key risks for ICS Modes of attack The Impacts and Cyber systems may be subject to consequences unauthorized access through Successful cyber attacks could result in: various means: • Utilities interruption • remotely, via the Internet, or • Plant sabotage / shutdown unsecured telecom networks. • Production disruption • at close hand, through direct • Threats to safety contact with infrastructure (e.g. • Economic loss through a USB port). • Reputational damage • locally, through unauthorized • Loss of real-time monitoring and access to physical infrastructure, or control insider threat • Potential to cause death and injury (infiltration). www.keystone.tn
Building the Digital Keystone Network access Corporate network SCADA network HMI Modbus Gateway Teleworking SCADA Internet Modbus TCP Wireless TCP/IP Modem Remote RTU/PLC maintenance Field units RTU/PLC RTU/PLC www.keystone.tn
Building the Digital Keystone Attack vectors Entry points Corporate network Final targets Intermediate targets Attack vectors SCADA network HMI Modbus Gateway Teleworking SCADA Internet Modbus TCP Wireless TCP/IP Modem Remote RTU/PLC maintenance Field units RTU/PLC RTU/PLC www.keystone.tn
Building the Digital Keystone Typical network Modbus, TCP/IP DNP3, OPC, S7, EtherCAT, FL-net, etc. www.keystone.tn
Building the Digital Keystone Exposed and vulnerable • 100% of tested SCADA networks are exposed to Internet/Corporate network Network equipment/firewalls misconfiguration • MES/OPC/ERP integration gateways • HMI external devices (Phones/Modems/USB Flash) abuse • VPN/Dialup remote access • • 90% of tested SCADA can be hacked with Metasploit Standard platforms (Windows, Linux, QNX, BusyBox , Solaris…) • Standard protocols (RCP, CIFS/SMB, Telnet, HTTP…) • Standard bugs (patch management, passwords, firewalling, application • vulnerabilities) www.keystone.tn
Building the Digital Keystone Train hacking www.keystone.tn
Building the Digital Keystone ETCS level2 Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn
Building the Digital Keystone GSM-R: signaling and telemetry Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn
Building the Digital Keystone OpenBTS MitM/Jamming/Replay Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station www.keystone.tn
Building the Digital Keystone When you connect to the Internet – the Internet connects to you Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn
Building the Digital Keystone Passenger attacking the infrastructure Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn
Building the Digital Keystone Attacks from the Internet Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station www.keystone.tn
Building the Digital Keystone More hacking on ICS to come www.keystone.tn
Building the Digital Keystone Telcos Critical Infrastructure Threats www.keystone.tn
Building the Digital Keystone www.keystone.tn 2 4
Building the Digital Keystone Main threats of 2018 Predicted threats of 2019 and beyond AI used against the industry • IoT attacks on the rise • Uneducated overreliance on cloud • 5G threats • Quantum and the Public Key Infrastructure (PKI) • www.keystone.tn
Building the Digital Keystone Attacker IT network Traffic SS7 Attacker Attacker Attacker OAM Internet GRX/IPX Remote support Attacker LTE Wi-Fi Gateway PS Core SMS-C A MSC WiMAX PON DSL MSC HLR VLR Femto IMS B Attacker Billing CS Core UTRAN www.keystone.tn
Building the Digital Keystone www.keystone.tn
Building the Digital Keystone www.keystone.tn
Building the Digital Keystone Financial Sector www.keystone.tn
Building the Digital Keystone www.keystone.tn
Building the Digital Keystone Misconfiguration Unpatched vulnerabilities Lack of encryption CBS End-of-life systems Lack of assessment Attack vectors GRH Weak authentication and Web access control Weak filtering Portal www.keystone.tn Lack of awareness Employee errors
Building the Digital Keystone OLB: Critical Threats Theft of funds by an Theft of funds authorized user by an external attacker Access to DBMS or OS Theft of funds 5% 10% Access to payment card data 25% Access to private 15% Theft of funds by an information of certain authorized user clients Access to users’ personal data Access to business secrets OLB denial of service Compromise of business secrets and/or client privacy Access to DBMS or OS 15% Access to business secrets 30% Access to DBMS or OS OLB information security threats www.keystone.tn
Building the Digital Keystone SWIFT attack case (2016) US$81 million Lazarus group could have made off with $1 billion www.keystone.tn
Building the Digital Keystone APT: Carbanack case ― Spear phishing Old vulnerabilities exploitation, ― Remote command execution (screenshot capture while accessing sensitive web application, cookies theft, etc.) ― Install a RAT (Ammyy Admin ) for lateral attacks to access the banking accounts processing systems, A billion-dollar APT ― On the target, the attacker record the screen activities to get familiar with procedures and banking workflow via the stolen data. ― These information is used to steal money via SWIFT network. www.keystone.tn
Building the Digital Keystone Blackbox, jackpotting “Black box attack”: unauthorized cash withdrawal is possible with a cheap and popular computer. The credit-card sized and fast programmable device can be easily hidden inside an ATM. Sometimes it can be plugged even outside an ATM. USB-based microcontroller – the most HIDden jackpotting device www.keystone.tn
Building the Digital Keystone Gouvernement Healthcare Other critical sectors Transport Mass Media www.keystone.tn
Building the Digital Keystone Merci pour votre attention é é www.keystone.tn
Recommend
More recommend