We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byNicholas Banks
Modified about 1 year ago
Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners
Just another Zeus? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 2
Who Cares? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 3 Limited resources – Thousands of events a day – Security budgets are a cost center – Noone cares about your non- contextualized “incidents” – Not all incidents are the same – Tough choices are inevitable Bloomberg
Who Cares? Security priorities should reflect differences in organizations Two distinguishing features of organization – Likelihood of being targeted Intellectual property Access to commodity data Access to strategic information Antagonistic relationships High-value interactions (negotiations, mergers and acquisitions) – Relevance of effects on an organization Loss of competitive advantage – Strategic: Research and development – Tactical: Negotiations Brand damage Customer confidence Donor or investor confidence Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 4
Who Cares? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 5 Microchip Manufacturer Consumer Retail Global Nongovernmental Organization Strong intellectual property No brand or public antagonism Regular high-value negotiations High-profile valuable brand Steward of commodity financial data Antagonistic relationship with labor Popular; few antagonists Heavily involved in geopolitics Steward of donor information Cyber Espionage Cybercrime Hacktivism Cyber Espionage Cybercrime
Who? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 6 Hacktivism Actors motivated by ideology, reputation and ego. Attacks often triggered by corporate and political actions, major news events, etc. Cyber Espionage Government-sponsored or affiliated actors and groups seeking intelligence and intellectual property.
The Cybercrime Threat Noisiest realm for the enterprise Two types of theats – Opportunistic – Targeted Market-driven – Scalability and Efficiency – Opportunities for niche sales – Aftermarket Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 7 Cybercriminal Intent: Compromise Exfiltrate Maintain Access Enable Fraud Disrupt
The Hacktivist Threat Motivated by “isms” – Nationalism, Religion, Ethnicity, Environment – Ego Overt – Advance threats – Open communications – Overt endgame Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 8 Hacktivist Intent: Compromise Exfiltrate Destroy Disrupt Dump Deface Embarrass
The Cyber Espionage Threat Gentleman Spy – Covert – Often distinguished by the lack of visible outcomes – At least he won’t embarrass you. aPT? Rarely employing sophisticated deception Regularly betray their interests Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 9 Cyber Espionage Intent: Compromise Exfiltrate Maintain Access Enable Information Advantage
A Note on Attribution Key to self-assessment, external collection, and warning If you can attribute to a known group, and you know there MO, you are ahead of the game History is the most important insight Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 10 Actor Sender Code C2
Distinguishing Features History Actions on Objective Targeting Malware Capability Exploits Infrastructure Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 11
Actions on Objective Persistence over time – CE intrusions are measured in years – Cybercrime intrusions measured in months – Hacktivist intrusion measured in days Type of information collected – Documents and emails – Commodity financial data Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 12 Krebs
Targeting Function or role of targeted personnel Source and exclusivity of target information Social engineering Watering hole choices Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 13
Targeting Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 14
Malware Historical use of malware – Limited value Propagation and access to malware – Exclusivity is hard to measure Malware functionality – Document and CAD exfiltration – Financial credential harvesting Exploits – Zero-days are not only the realm of CE Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 15
Infrastructure DGA and fastflux techniques are most often used in large-scale criminal campaigns Targeting may be present in domains or senders – Consillium.proxydns.com – Unhq.dynssl.com – Voanews.proxynews.com – Secretariat.email@example.com – Kulkov.firstname.lastname@example.org Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 16 Actor Code C2 Sender
Making sense of the data points Not an engineering/math problem Work with imperfect data Ultimately produce a judgment – High confidence – Medium confidence – Low confidence Analysis of competing hypothesis can help us judge between adversary motivations Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 17
Analysis of Competing Hypothesis Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 18 Evidence Cyber EspionageCybercrimeHacktivism No data dumping eventConsistent Highly Inconsistent Zeus malware available through marketplaceNeutral Government social engineering Highly ConsistentInconsistentConsistent No specific targeting for fraudConsistentInconsistentConsistent Multiple year durationConsistentInconsistentConsistent Extra document exfiltration capabilityConsistentInconsistentConsistent Targets acquired through Stratfor, TRC Highly ConsistentConsistent
Questions email@example.com Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com 19
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Threats to the Aviation Sector Stu Solomon, iSIGHT Partners Vice President, Technical Services and Client Operations.
ISIGHT Partners The Cyber Threat Intelligence Experts.
Threat context SOLTRA | AN FS-ISAC DTCC COMPANY CYBER SECURITY PANEL TLP WHITE.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
1 Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL How to Make Cyber Threat Intelligence Actionable Ft. Gordon Cyber Security & Technology.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team 1.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Information Warfare Theory of Information Warfare.
1 © Mandiant, a FireEye Company. All rights reserved. CONFIDENTIAL Healthcare Breaches – The Next Digital Epidemic Tim Parisi, Senior Consultant.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Surveillance and Security Systems Cyber Security Integration.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
The National Counterintelligence and Security Center THE NATIONAL COUNTERINTELLIGENCE AND SECURITY CENTER The Threat Environment Joyce Corell, NCSC Assistant.
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
©2014 Bit9. All Rights Reserved. Prevent Detect & Respond Prevention Visibility Detection Response Security Life Cycle for Advanced Threats EPP ETDR.
Week 4 : Sustainable Competitive Advantage Saib Dianati BUSN9229.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Security Mindset Lesson Introduction ●Why is cyber security important? ●How do we understand cyber security? ●What needs to be done to address cyber security?
Security for Today’s Threat Landscape Kat Pelak 1.
Preview Demi Albuz Benny Lakunishok $3.5M The average cost of a data breach to a company 200+ The median # of days that attackers reside within a victim’s.
Jacky Altal. T O C Hackers Terminology Cyber attacks in 2012 (so far…) Nations Conflict Cyber Motives Characteristics of CyberCrime DEMO –
Edison Electric Institute Cybersecurity 101 October 24, 2014
Understanding and distinguishing among cyber activities Dave Piscitello VP Security and ICT Coordination, ICANN.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Jan Kallberg, Bhavani Thuraisingham Chapter 19 - From Cyber Terrorism to State Actors’ Covert Cyber Operations,
IT Strategy Jerry N. Luftman. IT as Architects of Alignment Knowledgeable about new technologies Privy to tactical and strategical plans Be present in.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
Cyber Threat Intelligence Program Primer NASCUS August 1, 2016 Chicago, IL Christina Saari, Senior Cyber Intelligence Officer National Credit Union Administration.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel.
CURRENT STATUS OF CYBERCRIME Security is the fastest growing service in IT Cyber Crime Costs $750 Billion annually 70% of threats arrive via .
ECE Prof. John A. Copeland Advanced Persistent Threat Material.
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
Deloitte-LBG UK screen 4:3 (19.05 cm x cm) © 2013 Deloitte LLP. Private and confidential. Cyber Security. Evolved. Building Resilience 29th May 2013.
TECHNOPRENEURSHIP (EM604) Session 6 20 Principles for Creating Successful Technology Ventures Dr. Winarno.
© Copyright 2010 Advanced Attack Groups (Objectives, Tactics, Countermeasures ) February 27, 2013.
© 2017 SlidePlayer.com Inc. All rights reserved.