Presentation on theme: "Modern Malware, Modern Defenses and Protection"— Presentation transcript:
1Modern Malware, Modern Defenses and Protection Mario Chiock, CISSP, CISM, CISA
2Takeaways Current Cybersecurity Landscape Recent data breaches / incidentsExecutive Order / Cybersecurity FrameworkStrategies to better protect the Oil & Gas industry
3Advanced Persistent Threats Traditional Security is Insufficient(CLOUD)(BYOD)Advanced Persistent ThreatsEmpowered EmployeesElastic PerimeterPort 80, 443 , 25, 53Copyright Trend Micro Inc.
4Life cycle of a modern attack Command and Control SystemThreat ActorDrop SiteLook for victimsTargetingInfiltrationCmd & Control CommunicationsExfiltrationEstablish a Backdoor into the NetworkEstablish a Backdoor into the NetworkMalicious data theft & long-term control establishedInstall additional malwareInitial IntrusionMaintain PersistenceAdministrationPropagationDroppermalwarewithembeddedRATData CollectionReconnaissanceInstall utilitiesLateral MovementsPrivilege EscalationObtain user Credentials
5Find Targets Google Facebook Wikipedia Tweeter Zabasearch LinkedIn ShodamRobtexZoomInfoFacebookTweeterLinkedInYelpGoogle+Pinterest
6Step one : bait an end user Use a Zero Day exploitSpear PhishingSocial Media
19Insurers Won’t Cover Energy Companies Because Their Cybersecurity Is Too Weak
20Executive Order 13636 Executive Order 13636 Improving Critical Infrastructure CybersecurityPresidential Policy Directive (PPD)-21Critical Infrastructure Security and ResilienceNIST - Cybersecurity Framework (the Framework)DHS - The Critical Infrastructure Cyber Community – C3C2M2 - Cybersecurity Capability Maturity Model
21Executive Order -- Improving Critical Infrastructure Cybersecurity ( February 12, 2013) Calls for improved cybersecurityCritical Infrastructure – Systems & Assets/ Virtual or Physical that could impact national security – Calls to enhance resiliencyPolicy Coordination – Follow Presidential Policy Directive 1 ( PPD1) of Feb. 13, 2009Cybersecurity Information Sharing – ISAC’sPrivacy and Civil Liberties Protections –Consultative Process – The Secretary shall establish a consultative process to coordinate improvements to the cybersecurity of Critical Infrastructure.Baseline Framework to Reduce Cyber Risk to Critical Infrastructure –Voluntary Critical Infrastructure Cybersecurity Program.Identification of Critical Infrastructure at Greatest Risk.Adoption of Framework
22PRESIDENTIAL POLICY DIRECTIVE/PPD-21 Critical Infrastructure Security and Resilience Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience;Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; andImplement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure.
25DHS - The Critical Infrastructure Cyber Community – C3 http://www
26Cybersecurity Capability Maturity Model http://energy
27Strategies to better protect the Oil & Gas industry Upgrade defenses with next-generation toolsLayer protection base on need (example segment ICS from corporate network)Protect your data at rest ( HD Encryption / Digital Rights Management )Use Multi Factor authentication - Passwords alone no longer secureInvest on PreparednessJoin the ONG-ISACManage Privilege access
28Quick low cost solutions & Countermeasures Remove Privilege access from usersDNS sinkhole (http://handlers.sans.edu/gbruneau/sinkhole.htm )Enable UAC ( User Account Control ) to maxEnable / use AppLockerBlock execution of tools like PsExec, PsLoggedOn, PsService & PsInfoBrowser Check (https://browsercheck.qualys.com )SNORT (http://www.snort.org )Implement SPF (Sender Policy Framework - )
29What else can we do ?Use Application white listing ( Antivirus is not effective )Careful with your 3rd PartyUser Next-Generation tools ( NGFW – Next-Gent Threat prevention )Phishing – Social EngineeringInvest in Preparedness First, Training & Awareness, PreventionEncrypt your Hard DriveUse Data Centric protection (Digital Rights Management)Watermark & Fingerprint highly sensitive documents