'

The New Modern Adversaries: Cyberattacks and Data Breaches

Понравилась презентация – покажи это...





Слайд 0

Modern Adversaries Why modern hackers are winning the battle and how we can still win the war Andy Manoske, Principal


Слайд 1

Who is Amplify Partners? We are an early stage, entrepreneur-focused venture capital firm investing in technical teams solving technical problems www.amplifypartners.com @AmplifyPartners



Слайд 2

About the Author Andy Manoske Principal, Amplify Partners Product @ AlienVault 
 (Open Threat Exchange, AlienVault Labs Research) Product @ NetApp
 (Product Security, Cryptography) Economics & Computer Science @ SJSU
 (Mathematic Economics, Information Security) @a2d2



Слайд 3

Successful cyberattacks are on the rise… Cyberattack Reports to US-CERT by Year 70000 52500 35000 17500 0 2006 2007 2008 2009 2010 2011 2012 2013 2014 Source: US CERT


Слайд 4

…because we are facing more sophisticated attackers Source: Verizon DBIR 2014


Слайд 5

The modern hacker is an advanced adversary… but not necessarily because it’s better than previous
 generations of attackers. (Sorry, Neo)


Слайд 6

Instead, modern hacking tools are more advanced
 and more available than ever before Source: Axiomatic Design/Design Patterns Mashup: Part 2 (Cyber Security)


Слайд 7

These tools make even novice modern hackers…. …incredibly dangerous


Слайд 8

Modern adversaries are able to strike highly defended 
 targets because hacking tools have advanced faster than
 security systems that detect and stop attacks


Слайд 9

Anthem was well defended 200 person 
 Information Security Staff $50 Million
 spent on security per year Source: Indianapolis Business Journal


Слайд 10

But they were not prepared for their adversary’s complex attack >12 Months 
 Access to sensitive user data 80 Million
 Records stolen Source: Crowdstrike, NYT


Слайд 11

To build new security systems 
 that can defend against complex attacks We need to build software that can detect, and stop,
 modern tools used by modern adversaries


Слайд 12

Who are Modern Adversaries?


Слайд 13

The modern hacker is 
 frequently a professional …who attacks 
 private businesses
 for financial gain Source: Hackmageddon


Слайд 14

Most modern attacks target companies to steal valuable data: most frequently financial data or intellectual property. Source: Hackmageddon


Слайд 15

Hackers then sell this stolen data on the black market Reported PII theft and fraud, 2006-2014 and that data is used increasingly to commit identity theft, espionage, and possibly even acts of terrorism.


Слайд 16

Not every cyberattack is focused on profit. Defacing or destroying online property remains a key objective for many advanced adversaries


Слайд 17

There are typically three types of modern adversary Reported PII theft and fraud, 2006-2014 State Sponsored
 Hackers Organized Crime Hacktivists


Слайд 18

State Sponsored Adversary: 
 Energetic Bear / Dragonfly Reported PII theft and fraud, 2006-2014 Russian hacking group either supported or directly managed by Russian state intelligence ● Unpublicized attack on petroleum pipeline operator to steal energy infrastructure information ● Unpublicized Industrial Control System (ICS) sabotage of EU-based energy management operator to cause future attacks and outages


Слайд 19

Organized Crime Adversary: 
 Solntsevskaya Bratva Reported PII theft and fraud, 2006-2014 Largest crime syndicate of the Russian mob heavily involved in cybercrime, with >$3B in annual revenue from hacking ● 2014 JP Morgan Chase data breach targeting wealth management and credit card user data ● 2008 cyberattacks to spread disinformation on Georgian government websites during Russia’s invasion of South Ossetia


Слайд 20

Hacktivist Adversary: 
 AntiSec Reported PII theft and fraud, 2006-2014 Anarchist campaign of former members of hacking group Lulzsec and members of the Anonymous community. ● 2014 data breach of the US International Association of Chiefs of Police to leak personnel data in response to investigations on Occupy Wall Street protestors. ● 2011 compromise of Fox News’ Twitter account to spread fake story that President Obama had been injured in a Terrorist bombing.


Слайд 21

Most attacks are being perpetrated by organized crime hackers and hacktivists Source: Hackmageddon


Слайд 22

Which means most attacks are from less individually sophisticated adversaries… Attacker Sophistication State Sponsored Hacking Organized Crime Hacktivists Attacker Resources


Слайд 23

…who employ less sophisticated attacks… …reliant upon pre-made tools and malware


Слайд 24

To confront the majority of attacks from advanced adversaries We must detect and stop modern hacking tools


Слайд 25

Unfortunately, modern hacking tools and malware are good at evading detection Encryption Modern malware is frequently encrypted to defeat
 signature-based intrusion detection systems Botnets Modern hacking tools and malware hide behind 
 legions of slaved “zombie” computers


Слайд 26

But while botnets and encryption may hide most tools and malware The command and control (or “C2”) structure behind those tools generally remains the same Source: Cisco


Слайд 27

Example: Attackers who struck the US Office of Personnel Management (OPM) used the same C2 server… Source: AlienVault


Слайд 28

…that was used to attack as well as several US 
 companies in… Defense Aviation Oil and Gas
 Infrastructure Source: AlienVault, Symantec


Слайд 29

There is a lot of things the security industry can do to 
 confront modern threats…


Слайд 30

…but if we want to stop most attacks from advanced 
 adversaries we need to build software that PERFORMS DYNAMIC ANALYSIS Introspects incoming files and traffic for
 possible C2 infrastructure SHARES DATA ON ATTACKERS Automatically shares analysis data to 
 open-source platforms to be used in
 security defenses


Слайд 31

TL;DR A new generation of modern adversaries
 is driving a hacking boom This generation has access to powerful, 
 easy to use hacking tools If we do not rethink our approach and update
 our security systems, the advantage enjoyed
 by modern adversaries will continue to grow


Слайд 32


×

HTML:





Ссылка: