Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners.

Slides:



Advertisements
Similar presentations
Cyber Crime and Technology
Advertisements

Chapter 3 E-Strategy.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Life Science Services and Solutions
Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Jacky Altal. T O C  Hackers Terminology  Cyber attacks in 2012 (so far…)  Nations Conflict  Cyber Motives  Characteristics of CyberCrime  DEMO –
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Threats to the Aviation Sector
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
Security for Today’s Threat Landscape Kat Pelak 1.
The Cyber Threat Intelligence Experts
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
ECE Prof. John A. Copeland Advanced Persistent Threat Material.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Information Warfare Theory of Information Warfare
Microsoft Ignite /16/2017 4:54 PM
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Maritime Cyber Risks – What is real, what is fiction?
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
Understanding and distinguishing among cyber activities Dave Piscitello VP Security and ICT Coordination, ICANN.
operational-level system. management-level system.
Week 4 : Sustainable Competitive Advantage
The Marketing Process, Planning & The Marketing Plan.
Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
TECHNOPRENEURSHIP (EM604) Session 6 20 Principles for Creating Successful Technology Ventures Dr. Winarno.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
IT Strategy Jerry N. Luftman.
Threat context TLP WHITE Cyber security panel
Copyright 2009 Trend Micro Inc. Beyond AV security, now with DLP and web protection. Trend Micro PortalProtect SharePoint Security.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
To Engage Your Customers With Your Brand Identity That Makes An Impact And Leave Your Imprint On The Market Break Through The Barriers That Block The Way.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Jan Kallberg, Bhavani Thuraisingham Chapter 19 - From Cyber Terrorism to State Actors’ Covert Cyber Operations,
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Security Mindset Lesson Introduction Why is cyber security important?
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
How to Make Cyber Threat Intelligence Actionable
1 © Mandiant, a FireEye Company. All rights reserved. CONFIDENTIAL Healthcare Breaches – The Next Digital Epidemic Tim Parisi, Senior Consultant.
Copyright © 2010 Pearson Education, Inc. publishing as Prentice HallChapter Achieving Success Through Effective Business Communication.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Edison Electric Institute Cybersecurity 101 October 24,
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
Nuts and Bolts of ATA Chris Lloyd 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Senior Architect
Cyber Threat Intelligence Program Primer NASCUS August 1, 2016 Chicago, IL Christina Saari, Senior Cyber Intelligence Officer National Credit Union Administration.
Surveillance and Security Systems Cyber Security Integration.
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Industrial Control Systems.
Cybersecurity as a Business Differentiator
Cybersecurity, competence and preparedness
Intelligence Driven Defense, The Next Generation SOC
بهترین راهکار را انتخاب کنید...
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
CUSTOMER RELATIONSHIP MANAGEMENT CONCEPTS AND TECHNOLOGIES
CRITICAL INFRASTRUCTURE CYBERSECURITY
Strategic threat assessment
Cybersecurity and its Relevance to CIT
Presentation transcript:

Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners

Just another Zeus? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 2

Who Cares? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 3  Limited resources – Thousands of events a day – Security budgets are a cost center – Noone cares about your non- contextualized “incidents” – Not all incidents are the same – Tough choices are inevitable Bloomberg

Who Cares?  Security priorities should reflect differences in organizations  Two distinguishing features of organization – Likelihood of being targeted  Intellectual property  Access to commodity data  Access to strategic information  Antagonistic relationships  High-value interactions (negotiations, mergers and acquisitions) – Relevance of effects on an organization  Loss of competitive advantage – Strategic: Research and development – Tactical: Negotiations  Brand damage  Customer confidence  Donor or investor confidence Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 4

Who Cares? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 5 Microchip Manufacturer Consumer Retail Global Nongovernmental Organization Strong intellectual property No brand or public antagonism Regular high-value negotiations High-profile valuable brand Steward of commodity financial data Antagonistic relationship with labor Popular; few antagonists Heavily involved in geopolitics Steward of donor information Cyber Espionage Cybercrime Hacktivism Cyber Espionage Cybercrime

Who? Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 6 Hacktivism Actors motivated by ideology, reputation and ego. Attacks often triggered by corporate and political actions, major news events, etc. Cyber Espionage Government-sponsored or affiliated actors and groups seeking intelligence and intellectual property.

The Cybercrime Threat  Noisiest realm for the enterprise  Two types of theats – Opportunistic – Targeted  Market-driven – Scalability and Efficiency – Opportunities for niche sales – Aftermarket Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 7 Cybercriminal Intent:  Compromise  Exfiltrate  Maintain Access  Enable Fraud  Disrupt

The Hacktivist Threat  Motivated by “isms” – Nationalism, Religion, Ethnicity, Environment – Ego  Overt – Advance threats – Open communications – Overt endgame Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 8 Hacktivist Intent:  Compromise  Exfiltrate  Destroy  Disrupt  Dump  Deface  Embarrass

The Cyber Espionage Threat  Gentleman Spy – Covert – Often distinguished by the lack of visible outcomes – At least he won’t embarrass you.  aPT?  Rarely employing sophisticated deception  Regularly betray their interests Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 9 Cyber Espionage Intent:  Compromise  Exfiltrate  Maintain Access  Enable Information Advantage

A Note on Attribution  Key to self-assessment, external collection, and warning  If you can attribute to a known group, and you know there MO, you are ahead of the game  History is the most important insight Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 10 Actor Sender Code C2

Distinguishing Features  History  Actions on Objective  Targeting  Malware Capability  Exploits  Infrastructure Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 11

Actions on Objective  Persistence over time – CE intrusions are measured in years – Cybercrime intrusions measured in months – Hacktivist intrusion measured in days  Type of information collected – Documents and s – Commodity financial data Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 12 Krebs

Targeting  Function or role of targeted personnel  Source and exclusivity of target information  Social engineering  Watering hole choices Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 13

Targeting Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 14

Malware  Historical use of malware – Limited value  Propagation and access to malware – Exclusivity is hard to measure  Malware functionality – Document and CAD exfiltration – Financial credential harvesting  Exploits – Zero-days are not only the realm of CE Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 15

Infrastructure  DGA and fastflux techniques are most often used in large-scale criminal campaigns  Targeting may be present in domains or senders – Consillium.proxydns.com – Unhq.dynssl.com – Voanews.proxynews.com – – Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 16 Actor Code C2 Sender

Making sense of the data points  Not an engineering/math problem  Work with imperfect data  Ultimately produce a judgment – High confidence – Medium confidence – Low confidence  Analysis of competing hypothesis can help us judge between adversary motivations Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 17

Analysis of Competing Hypothesis Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 18 Evidence Cyber EspionageCybercrimeHacktivism No data dumping eventConsistent Highly Inconsistent Zeus malware available through marketplaceNeutral Government social engineering Highly ConsistentInconsistentConsistent No specific targeting for fraudConsistentInconsistentConsistent Multiple year durationConsistentInconsistentConsistent Extra document exfiltration capabilityConsistentInconsistentConsistent Targets acquired through Stratfor, TRC Highly ConsistentConsistent

Questions Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.