Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation Service for Businesses and Governments Cyber Security & Privacy Foundation Pte. Ltd., Singapore Cyber Security & Privacy Foundation (CSPF)
“ I’m no expert, but I think it’s some kind of cyber attack! ” 2 Cyber Security & Privacy Foundation (CSPF)
Cyber Threat - A Serious, Live Threat Cyber attacks present financial, operational, reputational, regulatory, geopolitical and M&A risks Attacks are an assault on a institution’s strategic imperatives CYBER THREATS NOW A No longer just the IT team’s migraine MAINSTREAM Committed, phenomenally skilled, unconventional and • BUSINESS RISK highly resourceful, Black Hat hackers are an overwhelming THAT DEMAND problem for conventionally resourced IT setups CEO AND BOARD LEVEL ATTENTION Cyber attacks are somewhat like a heart attack Never know when one is around the corner • 3 Cyber Security & Privacy Foundation (CSPF)
Cyber Threat - A Serious, Live Threat Financial Impact Revenue losses Regulatory penalties Disruption of business systems Erosion of customers Non Financial Impact Stolen product designs or Reputational damage prototypes Pirating of products Theft of business and manufacturing processes Diversion of R&D data Loss of sensitive information such Impact on innovation, loss of as M&A plans and corporate trade secrets strategy 4 Cyber Security & Privacy Foundation (CSPF)
Major Threats Distributed Denial of Service Hacking DDoS attacks typically cripple an organisation Black Hat attacks on Web portals, Email servers, Data Base • • servers, SCADA systems, App Stores, Routers Services like Net banking, Mobile banking, ATMs, Mail servers, • trading/clearing platforms go unavailable for few hours/longer All round attack – Personal, Mobile, Desktop devices & • Firmware Store front is shut down • Results in Leakages – database, personal records, patient • Crucial systems needed by hospitals, patients, drug firms, • records health insurers are disabled Outages and breakdown in Utilities : power, water, gas, • SCADA and other control systems failure, power grid collapse, • trading, payment & clearing systems, Tax Information Networks internet access failure Non functional email servers and internet network can lead to • information vacuum internally and with clients, customers, suppliers, regulators 0 Day & APT Attacks Interconnected Business Ecosystem Attacks Intense, organised attacks on critical sectors & organisations Partners, suppliers, supply chains • • -Labeled as Advanced Persistent Threats given their draconian -Smaller, less prepared members of ecosystems more tempting • • nature targets to get a foothold into the system -APTs can have long term impact and severely compromise • organisations & their insurers 5 Cyber Security & Privacy Foundation (CSPF)
Establishments vs Hackers Establishments Say We Have Latest security tools • A CISO • Antivirus, firewall, Intrusion prevention system - all updated • Compliance with best security processes • Top consultants undertaking audits, vulnerability assessments and penetration testing • Hackers Say Ha! We don’t look at your certifications or who did it. Or how good your processes are • We need a single vulnerability to get in! • We have 0 day vulnerabilities which none is aware of • We have an Advanced Persistent Threat Team (criminals, hackers, insiders and money) that never • gives up 6 Cyber Security & Privacy Foundation (CSPF)
Daily Cloud Scan 7
Cyber Security Structure Security Technologies – WAF/Firewall/IDS/SIEM is present. ISO 270001 Standards are implemented around data center, VAPT is regularly done to satisfy compliance/regulatory requirement/certification requirement. Analysis of SIEM logs SOC monitors and analyses logs and takes corrective action with logs from WAF/firewall/IPS. The traffics are blocked which are then blacklisted. WAF allows signature to be blocked. MOST ORGANIZATION ASSUME THEY ARE SECURE. 8 Cyber Security & Privacy Foundation (CSPF)
Points to be Noted Hacking Incidents Global hacking incidents include US Gov & Fortune 100 have happened. BFSI organization has been recently compromised and regulators have taken strict action. Point of infiltration(APT): External web application/services/mobile application – insecure • SQL injection/XSS/IDOR/File upload/Broken authentication • 0day vulnerabilities on exposed services • Default passwords on frameworks/applications/devices • Lateral movement through Pivoting(from exposed interfaces) • Existing Cyber Security Structure not able to address the above point of infiltration. • 9 Cyber Security & Privacy Foundation (CSPF)
Daily APT Scan Executive Summary Web Reputation Automated APMS & Security Scan Vulnerability (WRSS) Assessment Corporate DF24 Anti-Fraud module Web Security scanner Advanced intrusive Defacement monitor extending to Anti – scans for model including for customer facing Phishing, Anti- vulnerabilities on external VA of web portals. Includes Malware and Anti – webportal/web network for protective Android mobile Spam (APMS). Protect services. and compliance app/windows soc against Reputation, requirements desktop app Financial & IP loss. (for quick alerts) Secure against Trojan Horses, Ransom Demands 10 Cyber Security & Privacy Foundation (CSPF)
APMS (Anti Phishing, Malware & Spam) Non-intrusive monitoring to protect against Reputation, Financial & IP loss Exhaustive scan of global phishing and spamming databases to cross- check potential compromises of customer’s domain/s Sandbox application to browse customers’ site/s and check if iframe, malware, java drive by can be downloaded to infect the machines of the end users of a bank’s website or a e - commerce portal 11 Cyber Security & Privacy Foundation (CSPF)
APMS Automated daily scan and report generation Phishing complaints reporting system Anti-viruses check for web portal infections by crawling through all known paths DNS hijack check Similar Domain Name - Electronic Eye (EE) Ap24 phish tank, CTL - Feed processing(EE) 12 Cyber Security & Privacy Foundation (CSPF)
Anti-Phishing, Malware and Spam (APMS) scrutiny + scan of web portals and web services – Human Critical Index(HCI) Checks for specific CMS vulnerabilities WRSS Heuristic Shell detector – identifies (Web Reputation hackers web-shells in web & Security Scan) portals/web app. Manual entry point adding for security analyst 13
WRSS Machine learning assisted Hacker Entry Point Mapper(HEP) – Maps entry points normally discovered by hackers Root cause analysis of Sensitive Information Leakages on Internet False positive marker – handled by security analyst Accepted Risk/Ignore – Export for auditors 14 Cyber Security & Privacy Foundation (CSPF)
WRSS Manual APT bug-track for customer. Automatic report generation template for the customer (used by security analyst) 15 Cyber Security & Privacy Foundation (CSPF)
Automated VA for IP Automated VA for IP Identification, quantification, and prioritization of vulnerabilities Advanced intrusive model including external and internal vulnerability assessment (VA) of network for protection and compliance requirements 16 Cyber Security & Privacy Foundation (CSPF)
Automated VA for IP Automated VA for IP Scans multiple IP for open ports, enumerates and identifies vulnerability. We mark human critical index of the device(CISO of organization tells us which are most critical in organization). AVA IP has facility to mark false positive when scanner identify it wrongly/when not applicable. The security analyst dedicated to your organization marks it. 17 Cyber Security & Privacy Foundation (CSPF)
Automated VA for IP Security Analyst can mark Exporting accepted risk for Ignore/Accepted risk. auditing purpose. Manual APT bug-track for Automatic report generation customer. template for the customer (used by security analyst) 18 Cyber Security & Privacy Foundation (CSPF)
Overall Service Daily APMS report to Weekly AVA/WRSS All critical /high customer report with Bugtrack vulnerabilities from report. automated WRSS/AVA and manual apt testing to be addressed are exported into bug track in the portal. Prioritize vulnerability Strive to ensure no and work with exploitable SOC/Vendor(network/ vulnerability is there. application level) to fix them. 19 Cyber Security & Privacy Foundation (CSPF)
Recommend
More recommend