1 / 30

The Changing threat landscape of Cybercrime

The Changing threat landscape of Cybercrime. Gerhard Engelbrecht Nedbank Business Banking. Agenda. Introduction Perspectives on a changing world Some recent global events Cyber warfare Observations from local investigations Where to start? Questions. We are all at risk.

evelia
Download Presentation

The Changing threat landscape of Cybercrime

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Changing threat landscape of Cybercrime Gerhard Engelbrecht Nedbank Business Banking

  2. Agenda • Introduction • Perspectives on a changing world • Some recent global events • Cyber warfare • Observations from local investigations • Where to start? • Questions

  3. We are all at risk “All credit card PIN numbers in the World leaked” The body of the message simply said 0000 0001 0002 0003 0004 …

  4. We are not security conscious

  5. Agenda • Introduction • Perspectives on a changing world • Some recent global events • Cyber warfare • Observations from local investigations • Where to start? • Questions

  6. Perspectives on a changing world You can't defend. You can't prevent. The only thing you can do is detect and respond. There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government. Bruce Schneier

  7. Perspectives on a changing world Advanced Persistent Threat (APT): • Organised • Long-term • Attack Who are the targets? • Government • Financial Institutions • Mobile Operators • Engineering • Construction • Mining Sector

  8. Perspectives on a changing world Previously, Apple had all but disabled tracking of iPhone users by advertisers when it stopped app developers from utilising Apple mobile device data In iOS 6, however, tracking is most definitely back on, and it's more effective than ever Source: Business Insider (… but you can opt out) Bruce Schneier

  9. Perspectives on a changing world What we do is like little kids playing soccer – we follow the ball. We focus on the things that are visible instead of the things that are important...Source: Irish Times You don't want to have a police state where people can access anything they want at any time, but hacking groups typically have no such concerns and essentially break the law to have access to this information themselves..Source: CBC News

  10. Perspectives on a changing world If we take as given that critical infrastructures are vulnerable to a cyber terrorist attack, then the question becomes whether there are actors with the capability and motivation to carry out such an operation. While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality. Dorothy Denning

  11. Agenda • Introduction • Perspectives our changing world • Some recent global events • Cyber warfare • Observations from local investigations • Where to start? • Questions

  12. Some recent global events • Ethical hacking schools proliferating – but what about informal, unethical schools? • New attacks actively exploit and reverse the technologies designed to protect you: • Intelligent phishing techniques • Exploitation of browsers • Remote access • $13bn invested in VC in first half 2012 ($14.7bn 2011H1) PwC, National Venture Capital Association • $4bn for software ($2.9bn 2011H1 • New strategies – post anti-virus

  13. Some recent global events A few very recent items in the news In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes Shamoon' Virus Most Destructive Ever To Hit A Business, Leon Panetta Warns World Of Warcraft Hack: Attack KillsThousands Of Players, DestroysSeveral Major Cities House Intelligence Committee Says China Tech Giants Pose National Security Threat To U.S. Samuel Cox, U.S. Cyber Command Officier, Says ChinaIs Targeting Pentagon Computers Hack attack on energy giant highlights threat to critical infrastructure DesignerWare Settlement: Companies Agree To Stop SnoopingOnPeople's Home Computers TwitterHacking Victims Find Stolen Accounts Sold On Black Market Middle East Cyber Attacks On U.S. Banks Were Highly Sophisticated Barnes & Noble Discloses Credit Card Security BreachIn 63 Stores Suspect Named In Devastating Cyberattack On World's Most Valuable Oil Company

  14. Some recent global events ChinaCaveat: China's economic data are a bit like sausages: If you're a fan, it's best not to scrutinize how they're made.  (Wall Street Journal) • Over 1 billion mobile phone users • Third highest number of PC users in the world • China piracy cost software industry $20bn in 2010 (source: Sydney Morning Herald) • In 2009, China’s internet users outnumbered the total population in the USA

  15. Some recent global events China • Expected to add most of the new PC users in the next 3 years globally • From 0 to 1 billion PCs: 27 years • From 1 to 2 billion PCs: 7 years (2015) • China: will be 500m new users of the 2nd billion • China piracy cost software industry $20bn in 2010 (Sydney Morning Herald) • China’s internet users already outnumbered the totalpopulation in the USA – in 2009

  16. Agenda • Introduction • Perspectives our changing world • Some recent global events • Cyber warfare • Lessons learnt from local investigations • Where to start proactive response • Questions

  17. Cyber warfare Politically motivated hacking to conduct sabotage and espionage. Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption. Wikipedia

  18. Cyber warfare North Korea’s government has a “significant”cyber warfare capability that it continues to improve. (October 2012) North Korea employs sophisticated computer hackers trained to launch cyber infiltration and cyber attacks (March 2012) Army General James Thurman, U.S. commander, Korean peninsula …Russia and China have advanced cyber capabilities, and Iran is undertaking a “concerted effort to use cyberspace to its advantage.” (Oct 2012) US Defense Secretary Leon Panetta

  19. Cyber warfare Pres. Obama’s order accelerated a wave of cyber attacks against Iran • From his first months in office, President Obama secretly ordered increasingly sophisticated attacks • Target: computer systems that run in Iran’s main nuclear enrichment facilities • USA’s first sustained use of cyber weapons • Stuxnet (code name Olympic Games) – Did it end there? • W32.Duqu, Flame • US government only recently acknowledged developing cyber weapons • … but has never admitted using them • The US stand to lose even more if its infrastructure is attacked – Jack Bauer, CTU

  20. Cyber warfare The Department of Defense is looking to develop new technologies, including hardened operating systems and other platforms, for managing cyber warfare in real time on a large scale. InformationWeek

  21. Agenda • Introduction • Perspectives our changing world • Some recent global events • Cyber warfare • Observations from local investigations • Where to start proactive response • Questions

  22. Observations from local investigations • “Hammerhead investigation” • Discovery of stolen artifacts by SAPS when they arrested someone on suspicion of other crimes • Underscores links beween organised crime in its various formats – human trafficking, narcotics, cybercrime, etc. • Did not even realise the extent of the compromise • Settled a claim from a business partner regarding compromised information • Suspected system problems, isolated incident • Discovered key logging software • They were compromised, invaded • Properly hacked

  23. Observations from local investigations • Hammerhead • Lost millions, huge reputational damage risk • Exposed over a significant period of time (years) • Root access on Domain Controllers (undetected) • Admin accounts created (and used) (undetected) • Full extent of compromise not known • Check mate: • Massive server farm (1000+ servers) • Exposed open over an extended period of time • Who knows how many backdoors were installed • Not feasible to rebuild entire farm at once

  24. Observations from local investigations • Hammerhead • Identity management very weak • No two-factor authentication, even sensitive areas • No physical segregation of critical data networks • Inadequate and insecure logging • Unclearownership of risk • Is your organisation taking the threat seriously enough? • Are you? • How much is your data worth? • E.g. gift cards/vouchers, credit card details, prepaid electricity/airtime? • And the data of your customers?

  25. Agenda • Introduction • Perspectives our changing world • Some recent global events • Cyber warfare • Observations from local investigations • Where to start? • Questions

  26. Where to start? • Computer forensics is not enough • Prosecution remains a challenge • But: you can be proactive: • Perimeter not properly secured? • Network not properly reviewed because it is not properly understood? • Lack of internal expertise to randomly perform assessments to detect APTs? • Identity management must be world-class • Two-factor authentication, minimum for sensitive areas • Physical segregation of critical data networks • Enable logging, make sure you segregate log store and server (manipulation) • Establish proper clear ownership of risk at the highest level

  27. Where to start? • Change the perspective to protecting data throughout the lifecycle across the enterprise and the entire supply chain • This is NOT an IT function • Assume that your organisation may already be compromised • Upon discovery: • Escalate • If needed, get help!

  28. Agenda • Introduction • Perspectives our changing world • Some recent global events • Cyber warfare • Observations from local investigations • Where to start? • Questions

More Related