Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modern Malware, Modern Defenses and Protection

Published byRoy Sturgess Modified over 10 years ago

Similar presentations

Presentation on theme: "Modern Malware, Modern Defenses and Protection"— Presentation transcript:

1 Modern Malware, Modern Defenses and Protection
Mario Chiock, CISSP, CISM, CISA

2 Takeaways Current Cybersecurity Landscape
Recent data breaches / incidents Executive Order / Cybersecurity Framework Strategies to better protect the Oil & Gas industry

3 Advanced Persistent Threats
Traditional Security is Insufficient (CLOUD) (BYOD) Advanced Persistent Threats Empowered Employees Elastic Perimeter Port 80, 443 , 25, 53 Copyright Trend Micro Inc.

4 Life cycle of a modern attack
Command and Control System Threat Actor Drop Site Look for victims Targeting Infiltration Cmd & Control Communications Exfiltration Establish a Backdoor into the Network Establish a Backdoor into the Network Malicious data theft & long-term control established Install additional malware Initial Intrusion Maintain Persistence Administration Propagation Dropper malware with embedded RAT Data Collection Reconnaissance Install utilities Lateral Movements Privilege Escalation Obtain user Credentials

5 Find Targets Google Facebook Wikipedia Tweeter Zabasearch LinkedIn
Shodam Robtex ZoomInfo Facebook Tweeter LinkedIn Yelp Google+ Pinterest

6 Step one : bait an end user
Use a Zero Day exploit Spear Phishing Social Media

7 Step two : exploit a vulnerability

8 Step three: download a backdoor

9 Peer – to – Peer Botnet

10 Whack-a-mole security

11 Actors Using Explosions in Boston as a Lure

12 Most Common types of Cyber attacks

13 Data Breaches

14 Saudi Aramco - Shamoon 30,000 machines
Insider Exploiting privilege account Use of default passwords Use of share accounts

15 Malware threatening offshore rig security

16 Other Cyber Attack to oil & gas

17 Hackers Break into Corporate Systems through Vending Machines and Online Restaurant Menus

18 Phishing still hooks energy workers

19 Insurers Won’t Cover Energy Companies Because Their Cybersecurity Is Too Weak

20 Executive Order 13636 Executive Order 13636
Improving Critical Infrastructure Cybersecurity Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and Resilience NIST - Cybersecurity Framework (the Framework) DHS - The Critical Infrastructure Cyber Community – C3 C2M2 - Cybersecurity Capability Maturity Model

21 Executive Order -- Improving Critical Infrastructure Cybersecurity ( February 12, 2013)
Calls for improved cybersecurity Critical Infrastructure – Systems & Assets/ Virtual or Physical that could impact national security – Calls to enhance resiliency Policy Coordination – Follow Presidential Policy Directive 1 ( PPD1) of Feb. 13, 2009 Cybersecurity Information Sharing – ISAC’s Privacy and Civil Liberties Protections – Consultative Process – The Secretary shall establish a consultative process to coordinate improvements to the cybersecurity of Critical Infrastructure. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure – Voluntary Critical Infrastructure Cybersecurity Program. Identification of Critical Infrastructure at Greatest Risk. Adoption of Framework

22 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 Critical Infrastructure Security and Resilience
Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience; Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure.

23 NIST Cybersecurity framework http://www.nist.gov/cyberframework/

24 NIST Cybersecurity framework

25 DHS - The Critical Infrastructure Cyber Community – C3 http://www

26 Cybersecurity Capability Maturity Model http://energy

27 Strategies to better protect the Oil & Gas industry
Upgrade defenses with next-generation tools Layer protection base on need (example segment ICS from corporate network) Protect your data at rest ( HD Encryption / Digital Rights Management ) Use Multi Factor authentication - Passwords alone no longer secure Invest on Preparedness Join the ONG-ISAC Manage Privilege access

28 Quick low cost solutions & Countermeasures
Remove Privilege access from users DNS sinkhole ( ) Enable UAC ( User Account Control ) to max Enable / use AppLocker Block execution of tools like PsExec, PsLoggedOn, PsService & PsInfo Browser Check ( ) SNORT ( ) Implement SPF (Sender Policy Framework - )

29 What else can we do ? Use Application white listing ( Antivirus is not effective ) Careful with your 3rd Party User Next-Generation tools ( NGFW – Next-Gent Threat prevention ) Phishing – Social Engineering Invest in Preparedness First, Training & Awareness, Prevention Encrypt your Hard Drive Use Data Centric protection (Digital Rights Management) Watermark & Fingerprint highly sensitive documents

30 Useful Organizations to join
InfraGard – ISSA – ISACA – ICS-CERT US-CERT STOP-Think-Connect (

31 Questions ?

32 Watch out for Mobile devices malware Industrial controls Systems
Automation equipment (Drilling Automation) Vehicles Internet of things Medical devices

Download ppt "Modern Malware, Modern Defenses and Protection"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
 National association Pamela Walker, Director of Government Affairs National Association of State Chief Information Officers NLC Congressional City Conference:

 National association Pamela Walker, Director of Government Affairs National Association of State Chief Information Officers NLC Congressional City Conference:
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Formulating a Security Policy for the Modern IT Landscape.

Formulating a Security Policy for the Modern IT Landscape.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Similar presentations

Ads by Google