Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER THREAT LANDSCAPE Alok Vijayant CAIIB, MBA(FMS), CEH, H3X

Published byToby Melton Modified over 6 years ago

Similar presentations

Presentation on theme: "CYBER THREAT LANDSCAPE Alok Vijayant CAIIB, MBA(FMS), CEH, H3X"— Presentation transcript:

1 CYBER THREAT LANDSCAPE Alok Vijayant CAIIB, MBA(FMS), CEH, H3X
Good morning ladies and gentlemen, Let me thank the organizers for giving me an opportunity to express my view on information security and the associated risks that could lead to the next generation global war in the cyber realm. Alok Vijayant CAIIB, MBA(FMS), CEH, H3X PGDCS, COP(MANDARIN), ADOP(MANDARIN) Director Cyber Security Operations National Technical Research Organization

2

3 MBA(FMS),CEH, H3X, PGDCS, COP (CHINESE),ADOP DIRECTOR (IDG)
ALOK VIJAYANT MBA(FMS),CEH, H3X, PGDCS, COP (CHINESE),ADOP DIRECTOR (IDG) OFFICE OF NSA (PMO) GOVT OF INDIA EDUCATIONAL BRIEF : Schooling at RIMC, Dehradun, B.Sc(Hons) Physics, DU, MBA(Finance & IT) from FMS, Delhi University, CEH (Certified Ethical Hacking) from EC Council, New York, H3X (Ethical Hacking Expert) from Orchid Seven, PGDCS from IMT, Ghaziabad EXPERIENCE: Served RBI for 14 years in various capacities – Fake Currencies, Bank Frauds, Payment Systems, Dealing Rooms Operations Joined NTRO, Country’s premier Technical Intelligence Agency (2005) as Head of IDG (Information Dominance Group) and TFIU (Tech Financial Intelligence Unit) SPEAKER AT INTERNATIONAL CONF : OWASP International Conference 2009,2010,2011,2012 ClubHack 2008, 2009, 2010,2011,2012 NullCon 2008, 2009, 2010,2011,2012 C0CoN 2009, 2010,2011,2012 MalCoN 2010, 2011,2012 UN Conf on Terrorist Monitoring, Seattle – 2009 SecurityByte Int Conf, 2011 BlackHat 2011 DefCon 2011 India Top 100 CISO Award Ceremony, Panelist Governance Now : Mobility & Reliability – Panelist National CISO Conference 2012 – Speaker (2012) DIA Conference 2012, 2013 SPEAKER AT : RAW Training Institute BPR&D SSB Academy CBI Academy ARTRAC, Defence NICFS IIMC NCRB NDC, Min of Defence MCTE, Mhow Many of the speakers here would be speaking on this topic and would give their perspective on information security, best practices and some of the dos and donts. I shall be speaking on this topic for about 20 minutes giving out the viewpoint of the attacker. As you are aware most of the protected systems get breached by simpler methods. While deployment of firewalls, radwares, IDS and IPS is a technical solution to the threats emanating from the Infosec domains, there are certain perspectives that are often ignored which enter into the realm of behavioural sciences. I shall try and give out those perspectives in a step wise manner in the limited time attributed for this.

4 RESOURCES

5 HUMAN RESOURCE AS A TARGET

6 TECHNICAL RESOURCE AS A TARGET
ESPIONAGE DEGRADATION DESTRUCTION SLEEPER CELL BOTNETS

7 COST OF ATTACK

8 FIREWALL adequately configured to disallow EXECUTABLES
ATTACK INVESTIGATION IN AN ENTERPRISE .. FIREWALL adequately configured to disallow EXECUTABLES

9 Selection of Payload with varying Characteristics
Noisy ESPIONAGE TARGET DESTRUCTION TARGET SLEEPER CELL Boom BOTNETS Selection of Payload with varying Characteristics DDoS Silent Active

10 DETECTION : THE DIRTY METHOD
Running a Sensor

11 HOW WE DO IT …. ATTACK DETECTION NON-OPTIMIZED
STATISTICAL PREDICTION MODEL DIRECT THREAD DETECTION

12 HOW WE DO IT …. ATTACK MITIGATION NON-OPTIMIZED MALWARE ANALYSIS
SANDBOXING OBTAINING BINARIES REVERSING THREAT IDENTIFICATION STATE NCII ACTIVITIES SINKHOLING DNS IDENTIFICATION OF INFECTION ADVISORIES

13

14 Identification of C&C

15 Attack on vital Ministries/Organizations– 15TH Dec 2009
Systematic Investigation – Unique mix of offensive, investigative and recovery mechanism Investigative Posture R&D Posture Other Methods Simulated NIC – asked to place C&C as filter C&C Identified Obtained Details NIC –asked to find recipients of the mail Recipients informed and measures suggested Payload identified and reversed Vaccine Developed NIC –Given fresh sets of targets to place it on filters NIC –450 Mail Ids found compromised Users informed by NIC IB & DIARA Informed and given the list Users Sanitized

16 NATIONAL SECURITY ADVISORY BOARD ATTACK – JAN 2010

17 SHADOW IN THE CLOUD

18 GHOSTNET – II WHAT WAS THE TRIGGER ……
NTRO Team has been investigating and reversing various Malwares received on information systems and studying the signatures over a period of time Cyber Sensor “DRISHTI” has been observing the trends in the cyber space by monitoring incidences of attack on Indian Systems (Database Size is Approximately unique identities) Receipt of distinct signatures of Chinese Information Systems during earlier investigations and analysis by NTRO Team Pilferrage of Data from US/Canadian Investigators pertaining to Indian Logs relating to the GHOST NET II being investigated covertly in US/Canada Matching Data and signature Analysis revealing the existence of same network associated with US/Canada as well as India (Could be leveraged Diplomatically)

19 Analysis Performed by NTRO
Some Comparisons …. Analysis Performed by NTRO Logs obtained from US

20 Analysis Performed by NTRO
Additional Investigation from NTRO on the subject ….. Analysis Performed by NTRO NSAB (National Security Advisory Board) Analysis .. Logs obtained from US

21 Cyber Protection Mechanisms
GHOST NET – II (Shadow in the Cloud) Cyber Operations Cyber Investigation Cyber Intelligence Cyber Defensive Units R&D Cyber Protection Mechanisms Cyber Operations Selectors Cyber Investigations Results Agencies Cabinet Secretary Permission

22 STUXNET INVESTIGATIONS

23 LATEST ATTACK ON MEA, MHA, MOD, NSCS – NOV 1, 2010
NIC MAIL ATTACKER 1 Compromises an account 2 Uses account to send s to identified targets with malicious content TARGETS From : To : Subject : G20 Services.xls (257KB) Attachment : XLS Body : “Please find enclosed the file attachment as desired by you. G20 Services Download this as file. Regards, M.Kaushik, Embassy of India 3 Clicks Mail No action 4 5 Information Leakage

24 TARGET OF ATTACK – MHA, MOD, NSCS, MEA

25 DNS SNIFFER

26 INFECTIONS DETECTED NAGPUR MUMBAI DELHI BENGALURU

27 More Dreaded Challenges
REGIONAL BOTS ETHNIC/RELIGION BOTS TIME-ZONE BOTS POLITICAL BOTS

28 The Great Indian Ring of Fire
DETECTION FOR THE NATIONAL ENTERPRISE The Great Indian Ring of Fire

29 Suggested Course of Action
CIO Forum for CIOs – Indian Infosec Consortium for Indian Infosec Professionals CIO for Head Hunting – IIC for Profile Building for Infosec Professionals IIC – To promote Indigenous Business at the Global Platform GroundZero Summit – To be the International Platform for Showcasing Clean Exit from Corporates – Methods of IT Security Rating Standard based on renumeration model Creation of Indian Ring of Fire to protect Businesses in India Creation of System Incubation Facilities for Crowd Sourced Researches. National Cyber Security Academy – First Course due to be launched at OP JINDAL UNIVERSITY

30 The Hackers Conference

Download ppt "CYBER THREAT LANDSCAPE Alok Vijayant CAIIB, MBA(FMS), CEH, H3X"

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
August 22-23, 2014 Kochi, India Cyber Security and Policing Conference Countering Cybercrime through International Collaboration & Private-Public Partnerships.

August 22-23, 2014 Kochi, India Cyber Security and Policing Conference Countering Cybercrime through International Collaboration & Private-Public Partnerships.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.

1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Cyber Security Management Lesson Introduction ●Understand organizational context for cyber security ●Understand the people, process and technology dimensions.

Cyber Security Management Lesson Introduction ●Understand organizational context for cyber security ●Understand the people, process and technology dimensions.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.

Security: Emerging Threats & Trends Danielle Alvarez, CISO.
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.

Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Cyber Services Plc 2015. BRIEF SUMMARY  Founded in 2015  Founders and members are security veterans with proven international reputation  Resources.

Cyber Services Plc BRIEF SUMMARY  Founded in 2015  Founders and members are security veterans with proven international reputation  Resources.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.

ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Www.cygnia.co.uk 1 1 Advanced Cyber Security Event - Introduction 11 th May 2016 Matt Locker.

1 1 Advanced Cyber Security Event - Introduction 11 th May 2016 Matt Locker.

Similar presentations

Ads by Google