SlideShare une entreprise Scribd logo

A Cyber Security Review

Simon Moffatt
Simon Moffatt

A review of cyber security covering enterprise, consumer and critical infrastructure protection.

Technologie
1  sur  22
Télécharger pour lire hors ligne
A Cyber Security Review Simon Moffatt CISSP CISA MBCS November 2012
A Cyber Security Review 2 Table of Contents Synopsis...............................................................................................................................3 (Cyber) War On Terror........................................................................................................4 Motives............................................................................................................................4 Targets.............................................................................................................................5 Government Lead Defence.............................................................................................6 From Lone Wolves to Botnets, APT's to AET's..................................................................8 Lone Wolves & Botnets..................................................................................................8 APT's to AET's................................................................................................................9 Enterprise Protection..........................................................................................................11 Attack Vectors and Entry Points...................................................................................11 Basic Defence in Depth.................................................................................................12 Offense and Response...................................................................................................14 Enterprise Protection Conclusion..................................................................................15 Consumer Protection..........................................................................................................16 Everything's Online.......................................................................................................16 Vulnerabilities - Learning and Spotting........................................................................16 Protection Steps.............................................................................................................17 Critical Infrastructure.........................................................................................................19 Difference of Priorities: CIA to AIC.............................................................................19 Vulnerabilities - Nature or Nurture?.............................................................................20 Basic Security Erosion..................................................................................................21 Recent Attacks and a Change in Culture.......................................................................21 Infosecprofessional.com 2
A Cyber Security Review 3 Synopsis The following paper covers a range of cyber security topics that were initially published as separate articles for the Infosec Professional blog site between October to November 2012. Infosecprofessional.com 3
A Cyber Security Review 4 (Cyber) War On Terror Any device that connects to the internet is now a potential target, with the motives now becoming political, as control of the information highway becomes paramount. US government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines "cyberwarfare", as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption". This initial sentence is paraphrased straight from Wikipedia, but could just as well have come from a sci-fi movie of the mid 1980's. Cyber war is no longer an imaginary concept, cocooned in the realms of laser gun protection and x-ray vision. It's an everyday occurrence, impacting governments, corporate enterprise and individuals. Motives Internet security in the past has mainly been focused on protecting privately held assets (namely web, FTP and email servers) from being hacked. Hackers would come in various different guises from the script kiddies learning to code, with ideas they had learnt that day at college, right through to 'hacktervists', aiming to make a mark for themselves by defacing a newspaper or corporate website. Today, attacks cover a range of motives. Cash can be a main driver, especially behind many of the sophisticated consumer focused malware attacks. Ransomware has recently hit the headlines, hitting individuals with cash release clauses in order to return laptops and files in working order. Online banking and financial services customers, have long time been hit by email phishing and attempts to deceive individuals of their username and password details. The main goal? Cash. Either through fraud of direct transfer, money has been the aim for the armies of complex botnet operators. Infosecprofessional.com 4
A Cyber Security Review 5 The motive has advanced however, to a more country lead level and is now comfortably embedded in the toolbox of military weapons. US Defence Secretary Leon Panetta, said the cyber attack capability from countries like Iran was growing, and that US authorities believed that Iran was behind several attacks on oil and gas companies in the Persian Gulf. The main motive is to cause disruption. Disruption causes panic and destabilization and ultimately acts as a propaganda tool to show who really is in control of a particular asset or environment. Targets In early October 2012, the Pentagon confirmed that they themselves were on the receiving end of a cyber attack. The White House would not confirm reports that the attack originated in China, but did describe the incident as a 'spear-fishing' attempt. The ongoing political isolation between the United States and Iran, has left many arguing that the recent attacks on US government assets, are a direct retaliation for the monetary sanctionscurrently imposed on Iran. Conversely, the powerful Stuxnet worm found in 2010, which primarily focused on the Siemens SCADA infrastructure within the Iran nuclear enrichment plants, was originally developed with nation-state support, with many speculating Israeli backing. The subtly and remote nature of cyber warfare, makes it's development seem natural, in a time when political tensions are rising either due economic changes or the charge for democracy. Infosecprofessional.com 5
A Cyber Security Review 6 The main targets generally seem to be the major infrastructure installations. As disruption and denial-of-service seem to be the name of the game, water, electricity and communications infrastructure would seem to have the biggest impact on a nations general well being. From a communications perspective, the aspect can be more subtle. Again in 2012, a US House of Representatives Intelligence Committee directive, report that dealings with Chinese telecoms supplier Huawei, should be banned. The UK, Australia and Canada are looking to create similar intelligence reports, against a network provider that has invested over £150m in the UK telecoms backbone in the last 10 years. Whilst a direct attack has not been acknowledged, the gathering of intellectual property and clandestine scanning of network traffic would be a major concern. Government Lead Defence The last 3 years has seen some significant strategic steps being taken by several governments, when it comes to cyber security defence and offence. In 2009, the US formed USCYBERCOM, a department of defence initiative to protect the military's information networks. Also in 2009, Howard Schmidt took the role of cyber security co-ordinator and advisor to the Obama administration. Although he retired from the role this year, it earmarked a new beginning in cyber security management, research and defence. From a UK perspective, GCHQ performs in a similar vain to the US's National Security Agency and has recently announced a new research capability, with partnerships with several top UK universities. The partnerships aim to make it easier for businesses, individuals and government to take informed decisions about how to implement better cyber protection measures. Infosecprofessional.com 6
A Cyber Security Review 7 China too has recently released a new policy outlining it's approach to IT in general and how to counteract and defend against online attacks. Whilst the cost of attacks (and indeed the readiness for organisations and governments to acknowledge being the victim of an attack), is largely unknown, many institutions are putting in place infrastructure, personnel and policies to allow attack and defence mechanisms based on internet resources to take place. Infosecprofessional.com 7
A Cyber Security Review 8 From Lone Wolves to Botnets, APT's to AET's Cyber attacks in 2012, evolve from several different, highly optimised and professional techniques for implementing and distributing malware. This can comprise of individual 'lone wolf' style attacks, right through to the complex networks of robots, capable of distributing malware on a vast scale. I will briefly examine the components of an Advanced Persistent Attack and the increasing rise of Advanced Evasion Techniques, being used by malware to avoid detection. Lone Wolves & Botnets The Lone Wolf - In any walk of life the lone wolf is seen to be independent, agile and potentially unpredictable. Whilst these characteristics are often seen to be difficult to defend against in a cyber security landscape, being an individual can have it's limitations. In the new dawn of the internet era (yes I know, what was that like?) in the early 90's, the appearance of individual hackers was often portrayed as glamorous and cool. The script-kiddy style attacker was generally male, 18-23 years old and a self-badged nerd/geek/social outsider. Their main motive for attacking online systems was simply for prestige and credibility, driving for acceptance of their technical aptitude. Today, there has been a significant movement to a more targeted and explicitly aggressive type of lone wolf attacker. The evolution from script-kiddy to lamer, to cracker and fully fledged hacker has been swift, with tooling, training and support easily available on line. Their main motives tend to political (hacktivist) or for automated income, aiming to harvest and sell identity or banking data from individuals. If income is the driver, the relative safety, anonymity and low investment costs often make on line crime more effective than 'street' style criminality. Infosecprofessional.com 8
A Cyber Security Review 9 Botnets - Robot networks are large scale and complex attack systems. Often controlled by organised criminals, a botnet contains several different components. The network itself, is controlled by a 'bot-herder', which in turn manages several command and control (C&C) centres. These C&C's then help to remotely manage the bots. The bots are simply infected machines on the internet, belonging to everyday users, unaware their machine is infected. These bots then combine, to perform an attack, generally either of a denial of service style, utilising the large processing power available to them, or a data harvesting exercise, often collecting personal information such as identity or social security data. The botnet owners, often have the ability to create their own bespoke malware, which can be distributed online via email attachments, infected URL's (masked via phishing attacks, or more latterly altered QR links) or other USB drops. The botnets are increasingly becoming more 'professionalised' and sophisticated, adapting to new technologies (Twitter has been used as a command channel, with encoded tweets used to contain C&C messages). The main driver is cash. Automated income supplies are often the end goal, which again, compared to street crime is often less risky and more rewarding. APT's to AET's Advanced Persistent Threats - APT's as the name suggests, are advanced targeted pieces of cyber attack software, often developed by large scale organisations or even nation states. APT's generally contain several different pieces of highly optimised components, joined together to perform denial of service or data harvesting attacks. A botnet could be involved in helping to execute the components. APT's often have a specific target, with recent attacks being focused on SCADA style industrial control system and critical infrastructures (Stuxnet, Duqu). The APT will contain an initial payload distributed via social engineering techniques, USB drops, email and infected URL's. Once the initialiser code is distributed, other secondary components such as access escalation tools, data harvesters and propagators are often used to complete the attack. Infosecprofessional.com 9
A Cyber Security Review 10 Code is often self replicating and modifying, making detection and removal difficult. As a result, the true impact of some of the more complex APT's is unknown. Advanced Evasion Techniques - AET's are not themselves malware of pieces or specific attack software. The evasion technique is a relatively new term, used to describe how malware payloads are now using new approaches to avoid detection by next generation firewalls (NGFW's) and intrusion detection systems (IDS's). AET's help to obfuscate the underlying malware code, that helps to evade the often signature based approach to checking inbound network traffic. There are several new tools on the market place, that can help to test the underlying network security devices for any potential vulnerabilities in the ability to prevent malware bypassing perimeter security. Whilst not all traffic using an AET will be malware, it's another tool that is being used in the pursuit of malware distribution. Research by security firm Stonesoft, identified 147 possible atomic evasion techniques. When thinking that techniques could be combined, that is a staggering array of new vectors that could be exploited. Many of the techniques involve using unusual or rarely used protocol properties or design flaws with regards to device memory or configuration. As the number of services, users and online ecommerce transactions increase, so too will the sophistication and professionalism of attackers and the software and techniques they use. Infosecprofessional.com 10
A Cyber Security Review 11 Enterprise Protection Any device connected to the internet is open to attack from either highly complex botnets right through to an individual port scanning for on line ftp or database servers. Corporate networks are no stranger to being specifically targeted, or infected with malware that is delivered via the public network. Attack Vectors and Entry Points Firewall & Network Perimeter - Historically, enterprise security was often viewed with an 'us and them' mentality. Everything on the internal LAN was safe, anything past the DMZ and on the internet was potentially bad. The main attack vector in, was through the corporate firewall and any other perimeter network entry points. The firewall was seen as the ultimate protection mechanism and as long as desktops had anti-virus software installed, that was as much as many organisations needed to do. USB - Desktop PC's where the end goal and they were attacked either through HTTP payloads from websites of dubious origin, or malware was often distributed via email, in attachments such as Excel spread sheets or files containing macro's. The profileration of USB devices also assisted in the distribution of malware, as large files were often easier to copy offline. BYOD - Whilst those issues still exist in many organisations, cyber threats have evolved significantly. Smartphones are omnipresent in the enterprise, whether via Bring Your Own Devices (BYOD) or via internally managed hardware. This brings another dimension. Not only is malware common across a variety of smartphone operating systems, but the smartphones alter the perimeter of the 'safe' internal network. Smartphones will have separate data network access, either via 3G/4G or wifi, for access on unsecured networks (or at least unmanaged from the corporations perspective). Infosecprofessional.com 11
A Cyber Security Review 12 Add to that fact that they can also be used as network 'hotspots', bringing a smartphone to work, could easily be creating a un-firewalled, un-managed router on every desktop. Social Media & Social Engineering - The onset of social media has also brought different angles. Not only are the numerous social media sites used for malware distribution and botnet control, they also give an attacker a new level of information when it comes to spear phishing or targetted attacks. Publicly held information about senior individuals within an organisation, makes social engineering attacks more sophisticated and more likely to succeed. Basic Defence in Depth Cyber protection (like any information security protection) is best applied when done in depth. Having one secure layer of protection, no matter how complex, will be breached at some time in the future. When it is, it's imperative to have several obfuscated layers underneath. Network Security - The network perimeter needs protecting. No doubt about that. Next- generation firewalls provide high and low level OSI stack scanning. Gone are the days of simple port blocking rules. Intrusion detection systems are also a default for many larger organisations. The recent concept of advanced evasion techniques, brings in to question the ability for the current batch of network perimeter devices, to be able to detect complex network delivery configurations, that help to distribute malware payloads. General network asset management and scanning is also important, not only to help identify smartphone related hotspots and 'leaks' out to the internet, but also for unauthorised devices, especially those configured to use IPv6 on IPv4 only networks. Infosecprofessional.com 12
A Cyber Security Review 13 Access Management - A long time problem for larger organisations, is the constant provisioning and de-provisioning of user accounts. The use of least privilege is a must as is regular certification (the checking of existing users and their access levels). Role based access control can also be a major benefit, especially when it comes to the user on- boarding process, however this can be complex to implement. Device level access should also be well managed. Root or administrator equivalent access should be restricted, a long with restricted file system access, with device management and configuration changes not permitted. Unless it's required for the individuals role, policies should be restrictive but not inhibitive. Patching - The age old issue of patching. Software of course should be updated to the level recommended by the vendor. The simple reason, is that from a management perspective, the best support will be received from the vendor or partner, if the most recent patches and service packs are installed. Zero-day attacks are now common practice, with vulnerabilities being exploited before a patch has been provided. In this case, there is a counter argument, to say that newer software could well be more 'buggy' and vulnerable to attack, as it had less time in real world implementation environments. From a simple risk management perspective however, applying patches as soon as possible, can help to get the vendor to accept some of the recovery process, if a breach or issue has occurred. Anti-virus and URL Scanning - Anti-virus is again an age old issue from a management perspective. From the initial anti-virus installation and build, to the distribution of new definitions and then the scanning of machines and recording of infections, anti-virus is key, but also a major headache. You're only as strong as the weakest link and it takes only one machine not to be covered to cause an issue. Virus protection must now cover a range of devices, from laptops, smart phones and print devices, to routers, firewalls and switches, if they're sophisticated enough to have a basic operating system. Infosecprofessional.com 13
A Cyber Security Review 14 Metrics for coverage rates and infection rates are important, as it not only helps with issue detection, but can also provide return on security investment data too - which will help fund projects and build business cases. URL scanners are also popular. This is more about the new concept of reputation based analysis. By using data from other infected parties, databases can be built that can check a formed URL to see if it has been involved with malicious activity or malware distribution. The same concept can also be applied to public subnets. Offense and Response A key message from any CISO to the management board of an organisation, is that they will be attacked and breached as some point. There is no such thing as total protection. The same can be said of risk management. Risk's of a great scale can never be removed entirely, simply reduced or transferred. Incident Response - With that said, a strong process and control centre for data breach and cyber attack recovery and incident response is important. That should include both technical forensic tools and the correct people and processes in place to make them effective. An incident should be properly assessed, with an understanding of the impacted parties and the scope of the attack. Once a full understanding of the attack has taken place, some 'stop the bleeding' style actions should be taken to limit the impact and exposure. This could include tactical short term fixes or changes. Following this should include a detailed root cause analysis phase, with more strategic remediation steps. SIEM, Logging and Forensics - For an incident response to take place, that requires the detection of an incident in the first place. In order to detect an attack requires several interlinked and correlated pieces of security data. Infosecprofessional.com 14
A Cyber Security Review 15 Security Information & Event Monitoring (SIEM) tools should be used to centrally store and manage logs from multiple devices. Signature based analysis can certainly help with the scanning of known attacks, with behaviour profiling technologies helping with the unknown. Forensics style analysis for post-incident management is also popular, with secure duplication of logs and files often hashed to confirm a snapshot has taken place. Enterprise Protection Conclusion I think the main overriding aspect for enterprise cyber protection, is that as a large scale organisation, you will be attacked at some point. That maybe a virus infection, data theft, or a defaced website, but both proactive and reactive measures must be in place to make risk management of the situation effective. Those measures must also be both technical and personnel related. Infosecprofessional.com 15
A Cyber Security Review 16 Consumer Protection Cyber attacks have been well documented in their ability to damage large organisations, government websites and critical infrastructure. However, there is still a large volume of non-technical home and mobile users who are ending up as the victim of on line attacks and identity theft. Everything's Online Well, not quite everything, but most things. You can certainly do all you shopping on line. Banking? Yep. Store your music, photo's and apps? Yep. Watch movies and TV? Yep. Interact with other people? Yep. So, practical, every day aspects can generally be automated and placed on line. The main consumers of on line products and services, is obviously the 'digital native'. The generation Y'er's and below, who were literally born, not with a silver spoon, but a smartphone hanging out of their mouth. Laptops can obviously do everything a desktop could do, but faster and cheaper. With the added option of being portable and using wireless networking. A laptop itself, would be pretty useless without an internet connection. In reality, not many people would use a laptop without the wifi or ethernet LAN connection disabled. Vulnerabilities - Learning and Spotting The use of more portable devices, including smart phones, has increased user convenience, but also opened up a can of worms when it comes to security. Smartphones are not really phones. They're computers, that happen to make calls. The phone itself will contain considerable personal and potentially work related data. Contacts, emails, attachments, internet browsing history, cookies, bookmarks, saved and cached passwords and so on. However, the main vulnerability with respect to consumers, is often not the technology they use, but how they use it. Infosecprofessional.com 16
A Cyber Security Review 17 If you went to a new town or city and someone totally unknown, came up to you and tried to sell you a second hand car, you would probably walk away. You don't know the person's history or credibility and if you wanted to buy a car, you would want to see it, get a review, test drive it and so on. Your basic inner-suspicions would take hold and you would walk away. Those same instincts should be applied to on line browsing, but many users are often blinded by the technology and unfamiliar intermediate steps involved with buying products and services on line. Phishing is popular, as is social engineering - we've all heard the stories of the prince of Nigeria requiring urgent funds to allow safe passage for their daughter who happens to be in your local town. Protection Steps Basic instincts count for a lot. If you receive an email from someone unknown, don't expect it to contain winning lottery information, or a link to photo's from your past. How could it? If an on line deal seems to cheap to be true, it probably is. Use sites that you are familiar with. Reviews of products and services are now available for nearly everything and are available free. From a tech, perspective, treat your on line tooling the same as you would your physical devices, like cars and cookers. Make sure they're up to date and well serviced. If your laptop, operating system or browser is running an old version, get it updated with patches and service packs. Anti-virus, anti-malware and firewall tools should be installed as a minimum default and kept up to date too. Don't use public wifi for things like on line banking, or if you absolutely have to, put in place a local SSH tunnel to add some additional anti-sniffing protection. SSL is an absolute must for any website that requires authentication, including remote email viewing via IMAP or SMTP. Infosecprofessional.com 17
A Cyber Security Review 18 From a smart phone perspective, make sure the OS is up to date, use a 6 digit password to access it (as opposed to a PIN), encrypt the local phone contents and set up insurances and remote-wipe features in case of theft. As more and more of our daily lives will involve on line transactions of some sort, the unfamiliarity aspect of the tooling should fade, allowing our instincts to perform some protection against social engineering, leaving technology to start the fight against APT's. Infosecprofessional.com 18
A Cyber Security Review 19 Critical Infrastructure Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) are two of the standard environments that can constitute a critical environment. Whilst many financial services environments can be described as critical, critical infrastructure is more focused on the key assets described by a government as being essential to the standard function of the society and economy. This would include key utilities such as electricity and water supply, public health institutions and national security groups such as policing and the military. In recent years they have been subject to specific and prolonged attacks, opening up long standing vulnerabilities. Difference of Priorities: CIA to AIC The standard information security triad consists of confidentiality, integrity and availability. The priorities for many business information systems will follow the CIA approach in that order. Confidentiality is still the number one priority, with things like access management, network perimeter security and data loss prevention strategies still the number one budget grabber. The main driver behind such decisions, is often related to the protection of intellectual property, client records or monetary transactions. The output of many service related organisations, obviously takes on a more intangible nature, placing a greater reliance on digital management, storage and delivery of the processes and components that make that organisation work. From a critical infrastructure perspective, I would argue the priorities with regards to the security triad, alter, to focus more on availability, with integrity and confidential being less important. An electrical generation plant has one main focus: generate and distribute electricity. A hospital has one priority: keep people alive and improve their health. Infosecprofessional.com 19
A Cyber Security Review 20 These types of priorities, whilst relying on information systems substantially, are often managed in a way that makes their delivery more important than the component systems involved. This difference in attitudes towards how security policies are implemented, can have a significant impact on vulnerability and exploit management. Vulnerabilities - Nature or Nurture? Vulnerability management from a consumer or enterprise perspective is often applied via a mixture of preventative and detective controls. Preventative comes in the form of patching and updates, in an attempt to limit the window of opportunity from things like zero-day attacks. Detective defence comes in the form of anti-virus and log management systems, which help to minimise impact and identify where and when a vulnerability was exploited. The many basic steps often associated with enterprise protection, are often not always available within critical infrastructure environments. Critical infrastructure is often built on top of legacy systems using out dated operating systems and applications. These environments often fail to be patched due to the lack of downtime or out of hours permitted work. ICS and energy generation systems, generally don't have a 'downtime' period, as they work 24 x 7 x 365. Outage is for essential maintenance only and preventative patching wont necessarily fall into being an essential outage. Due to the age and heterogeneity of such systems, a greater focus on additional patch management would seem natural. Many critical infrastructure environments are also relatively mature in comparison to modern digital businesses. Mechanisation of industrial and energy related tasks is well over a century old, with computerization coming only in the last 35 years. This maturity, has often resulted in cultural and personnel gaps when it comes to information security. Infosecprofessional.com 20
A Cyber Security Review 21 Basic Security Erosion Some of the existing security related policies that have been implemented in critical infrastructure environments are now starting to erode. The basic, but quite powerful and preventative measure, of using air gapped networks to separate key systems from the administrative side of the organisation, is now being eroded. The need for greater management information, reporting and analytical systems, has lead to cross network pollution. The low level programmable logic controllers (PLC's), used for single purpose automation of electromechanical tasks, are now being exposed to the potential of the public network. Through the connection of desktop and laptop devices to previously secured networks, has brought the risk of infection from internet related malware a lot higher. Recent Attacks and a Change in Culture The two major exploits, focused specifically on critical infrastructure related environments in the last couple of years, have probably been the Stuxnet and Duqu attacks. Whilst the motives for these attacks are maybe different to the standard monetary or credibility drivers for malware, they illuminated the potentialfor mass disruption. As with any security attack, post-incident awareness and increased focus often result, with several new attempts at securing critical infrastructure now becoming popular. There are several government lead and not-for-profit organisations that have contributed to security frameworks for critical environments. Kasperky labs also recently announced plans to develop a new build-from-the-ground-up secure operating system, with a focus on critical environments. Infosecprofessional.com 21
A Cyber Security Review 22 Whilst previously only focused on the availability and delivery of key services and products, critical infrastructure environments, now have to manage the increasing threat posed by cyber attacks and malware exposure. Infosecprofessional.com 22

Recommandé

B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloJohn Intindolo
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 

Recommandé

B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloJohn Intindolo
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...IJNSA Journal
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Risky Business
Risky BusinessRisky Business
Risky BusinessSamantha Park
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To YouRonald E. Laub Jr
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESSEDUJIE DOMINIC IGHODALO
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 

Contenu connexe

Tendances

Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To YouRonald E. Laub Jr
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 

Tendances (20)

Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Risky Business
Risky BusinessRisky Business
Risky Business
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To You
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_brief
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013
 

Similaire à A Cyber Security Review

B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalLeslie Lee
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018malvvv
 
Cybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionCybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionESET Middle East
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paperMarioEliseo3
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Implementation of Cyber Security in Corporate Sector of Pakistan
Implementation of Cyber Security in Corporate Sector of PakistanImplementation of Cyber Security in Corporate Sector of Pakistan
Implementation of Cyber Security in Corporate Sector of PakistanIJAEMSJORNAL
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfJayaMalaR6
 
7 Major Types of Cyber Security Threats.pdf
7 Major Types of Cyber Security Threats.pdf7 Major Types of Cyber Security Threats.pdf
7 Major Types of Cyber Security Threats.pdfPhD Assistance
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfVikashSinghBaghel1
 

Similaire à A Cyber Security Review (20)

220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018
 
Cybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connectionCybersecurity Trends 2018: The costs of connection
Cybersecurity Trends 2018: The costs of connection
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docx
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paper
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber Terrorism Essay
Cyber Terrorism EssayCyber Terrorism Essay
Cyber Terrorism Essay
 
Implementation of Cyber Security in Corporate Sector of Pakistan
Implementation of Cyber Security in Corporate Sector of PakistanImplementation of Cyber Security in Corporate Sector of Pakistan
Implementation of Cyber Security in Corporate Sector of Pakistan
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdf
 
7 Major Types of Cyber Security Threats.pdf
7 Major Types of Cyber Security Threats.pdf7 Major Types of Cyber Security Threats.pdf
7 Major Types of Cyber Security Threats.pdf
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 

Dernier

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 

Dernier (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 

A Cyber Security Review

  • 1. A Cyber Security Review Simon Moffatt CISSP CISA MBCS November 2012
  • 2. A Cyber Security Review 2 Table of Contents Synopsis...............................................................................................................................3 (Cyber) War On Terror........................................................................................................4 Motives............................................................................................................................4 Targets.............................................................................................................................5 Government Lead Defence.............................................................................................6 From Lone Wolves to Botnets, APT's to AET's..................................................................8 Lone Wolves & Botnets..................................................................................................8 APT's to AET's................................................................................................................9 Enterprise Protection..........................................................................................................11 Attack Vectors and Entry Points...................................................................................11 Basic Defence in Depth.................................................................................................12 Offense and Response...................................................................................................14 Enterprise Protection Conclusion..................................................................................15 Consumer Protection..........................................................................................................16 Everything's Online.......................................................................................................16 Vulnerabilities - Learning and Spotting........................................................................16 Protection Steps.............................................................................................................17 Critical Infrastructure.........................................................................................................19 Difference of Priorities: CIA to AIC.............................................................................19 Vulnerabilities - Nature or Nurture?.............................................................................20 Basic Security Erosion..................................................................................................21 Recent Attacks and a Change in Culture.......................................................................21 Infosecprofessional.com 2
  • 3. A Cyber Security Review 3 Synopsis The following paper covers a range of cyber security topics that were initially published as separate articles for the Infosec Professional blog site between October to November 2012. Infosecprofessional.com 3
  • 4. A Cyber Security Review 4 (Cyber) War On Terror Any device that connects to the internet is now a potential target, with the motives now becoming political, as control of the information highway becomes paramount. US government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines "cyberwarfare", as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption". This initial sentence is paraphrased straight from Wikipedia, but could just as well have come from a sci-fi movie of the mid 1980's. Cyber war is no longer an imaginary concept, cocooned in the realms of laser gun protection and x-ray vision. It's an everyday occurrence, impacting governments, corporate enterprise and individuals. Motives Internet security in the past has mainly been focused on protecting privately held assets (namely web, FTP and email servers) from being hacked. Hackers would come in various different guises from the script kiddies learning to code, with ideas they had learnt that day at college, right through to 'hacktervists', aiming to make a mark for themselves by defacing a newspaper or corporate website. Today, attacks cover a range of motives. Cash can be a main driver, especially behind many of the sophisticated consumer focused malware attacks. Ransomware has recently hit the headlines, hitting individuals with cash release clauses in order to return laptops and files in working order. Online banking and financial services customers, have long time been hit by email phishing and attempts to deceive individuals of their username and password details. The main goal? Cash. Either through fraud of direct transfer, money has been the aim for the armies of complex botnet operators. Infosecprofessional.com 4
  • 5. A Cyber Security Review 5 The motive has advanced however, to a more country lead level and is now comfortably embedded in the toolbox of military weapons. US Defence Secretary Leon Panetta, said the cyber attack capability from countries like Iran was growing, and that US authorities believed that Iran was behind several attacks on oil and gas companies in the Persian Gulf. The main motive is to cause disruption. Disruption causes panic and destabilization and ultimately acts as a propaganda tool to show who really is in control of a particular asset or environment. Targets In early October 2012, the Pentagon confirmed that they themselves were on the receiving end of a cyber attack. The White House would not confirm reports that the attack originated in China, but did describe the incident as a 'spear-fishing' attempt. The ongoing political isolation between the United States and Iran, has left many arguing that the recent attacks on US government assets, are a direct retaliation for the monetary sanctionscurrently imposed on Iran. Conversely, the powerful Stuxnet worm found in 2010, which primarily focused on the Siemens SCADA infrastructure within the Iran nuclear enrichment plants, was originally developed with nation-state support, with many speculating Israeli backing. The subtly and remote nature of cyber warfare, makes it's development seem natural, in a time when political tensions are rising either due economic changes or the charge for democracy. Infosecprofessional.com 5
  • 6. A Cyber Security Review 6 The main targets generally seem to be the major infrastructure installations. As disruption and denial-of-service seem to be the name of the game, water, electricity and communications infrastructure would seem to have the biggest impact on a nations general well being. From a communications perspective, the aspect can be more subtle. Again in 2012, a US House of Representatives Intelligence Committee directive, report that dealings with Chinese telecoms supplier Huawei, should be banned. The UK, Australia and Canada are looking to create similar intelligence reports, against a network provider that has invested over £150m in the UK telecoms backbone in the last 10 years. Whilst a direct attack has not been acknowledged, the gathering of intellectual property and clandestine scanning of network traffic would be a major concern. Government Lead Defence The last 3 years has seen some significant strategic steps being taken by several governments, when it comes to cyber security defence and offence. In 2009, the US formed USCYBERCOM, a department of defence initiative to protect the military's information networks. Also in 2009, Howard Schmidt took the role of cyber security co-ordinator and advisor to the Obama administration. Although he retired from the role this year, it earmarked a new beginning in cyber security management, research and defence. From a UK perspective, GCHQ performs in a similar vain to the US's National Security Agency and has recently announced a new research capability, with partnerships with several top UK universities. The partnerships aim to make it easier for businesses, individuals and government to take informed decisions about how to implement better cyber protection measures. Infosecprofessional.com 6
  • 7. A Cyber Security Review 7 China too has recently released a new policy outlining it's approach to IT in general and how to counteract and defend against online attacks. Whilst the cost of attacks (and indeed the readiness for organisations and governments to acknowledge being the victim of an attack), is largely unknown, many institutions are putting in place infrastructure, personnel and policies to allow attack and defence mechanisms based on internet resources to take place. Infosecprofessional.com 7
  • 8. A Cyber Security Review 8 From Lone Wolves to Botnets, APT's to AET's Cyber attacks in 2012, evolve from several different, highly optimised and professional techniques for implementing and distributing malware. This can comprise of individual 'lone wolf' style attacks, right through to the complex networks of robots, capable of distributing malware on a vast scale. I will briefly examine the components of an Advanced Persistent Attack and the increasing rise of Advanced Evasion Techniques, being used by malware to avoid detection. Lone Wolves & Botnets The Lone Wolf - In any walk of life the lone wolf is seen to be independent, agile and potentially unpredictable. Whilst these characteristics are often seen to be difficult to defend against in a cyber security landscape, being an individual can have it's limitations. In the new dawn of the internet era (yes I know, what was that like?) in the early 90's, the appearance of individual hackers was often portrayed as glamorous and cool. The script-kiddy style attacker was generally male, 18-23 years old and a self-badged nerd/geek/social outsider. Their main motive for attacking online systems was simply for prestige and credibility, driving for acceptance of their technical aptitude. Today, there has been a significant movement to a more targeted and explicitly aggressive type of lone wolf attacker. The evolution from script-kiddy to lamer, to cracker and fully fledged hacker has been swift, with tooling, training and support easily available on line. Their main motives tend to political (hacktivist) or for automated income, aiming to harvest and sell identity or banking data from individuals. If income is the driver, the relative safety, anonymity and low investment costs often make on line crime more effective than 'street' style criminality. Infosecprofessional.com 8
  • 9. A Cyber Security Review 9 Botnets - Robot networks are large scale and complex attack systems. Often controlled by organised criminals, a botnet contains several different components. The network itself, is controlled by a 'bot-herder', which in turn manages several command and control (C&C) centres. These C&C's then help to remotely manage the bots. The bots are simply infected machines on the internet, belonging to everyday users, unaware their machine is infected. These bots then combine, to perform an attack, generally either of a denial of service style, utilising the large processing power available to them, or a data harvesting exercise, often collecting personal information such as identity or social security data. The botnet owners, often have the ability to create their own bespoke malware, which can be distributed online via email attachments, infected URL's (masked via phishing attacks, or more latterly altered QR links) or other USB drops. The botnets are increasingly becoming more 'professionalised' and sophisticated, adapting to new technologies (Twitter has been used as a command channel, with encoded tweets used to contain C&C messages). The main driver is cash. Automated income supplies are often the end goal, which again, compared to street crime is often less risky and more rewarding. APT's to AET's Advanced Persistent Threats - APT's as the name suggests, are advanced targeted pieces of cyber attack software, often developed by large scale organisations or even nation states. APT's generally contain several different pieces of highly optimised components, joined together to perform denial of service or data harvesting attacks. A botnet could be involved in helping to execute the components. APT's often have a specific target, with recent attacks being focused on SCADA style industrial control system and critical infrastructures (Stuxnet, Duqu). The APT will contain an initial payload distributed via social engineering techniques, USB drops, email and infected URL's. Once the initialiser code is distributed, other secondary components such as access escalation tools, data harvesters and propagators are often used to complete the attack. Infosecprofessional.com 9
  • 10. A Cyber Security Review 10 Code is often self replicating and modifying, making detection and removal difficult. As a result, the true impact of some of the more complex APT's is unknown. Advanced Evasion Techniques - AET's are not themselves malware of pieces or specific attack software. The evasion technique is a relatively new term, used to describe how malware payloads are now using new approaches to avoid detection by next generation firewalls (NGFW's) and intrusion detection systems (IDS's). AET's help to obfuscate the underlying malware code, that helps to evade the often signature based approach to checking inbound network traffic. There are several new tools on the market place, that can help to test the underlying network security devices for any potential vulnerabilities in the ability to prevent malware bypassing perimeter security. Whilst not all traffic using an AET will be malware, it's another tool that is being used in the pursuit of malware distribution. Research by security firm Stonesoft, identified 147 possible atomic evasion techniques. When thinking that techniques could be combined, that is a staggering array of new vectors that could be exploited. Many of the techniques involve using unusual or rarely used protocol properties or design flaws with regards to device memory or configuration. As the number of services, users and online ecommerce transactions increase, so too will the sophistication and professionalism of attackers and the software and techniques they use. Infosecprofessional.com 10
  • 11. A Cyber Security Review 11 Enterprise Protection Any device connected to the internet is open to attack from either highly complex botnets right through to an individual port scanning for on line ftp or database servers. Corporate networks are no stranger to being specifically targeted, or infected with malware that is delivered via the public network. Attack Vectors and Entry Points Firewall & Network Perimeter - Historically, enterprise security was often viewed with an 'us and them' mentality. Everything on the internal LAN was safe, anything past the DMZ and on the internet was potentially bad. The main attack vector in, was through the corporate firewall and any other perimeter network entry points. The firewall was seen as the ultimate protection mechanism and as long as desktops had anti-virus software installed, that was as much as many organisations needed to do. USB - Desktop PC's where the end goal and they were attacked either through HTTP payloads from websites of dubious origin, or malware was often distributed via email, in attachments such as Excel spread sheets or files containing macro's. The profileration of USB devices also assisted in the distribution of malware, as large files were often easier to copy offline. BYOD - Whilst those issues still exist in many organisations, cyber threats have evolved significantly. Smartphones are omnipresent in the enterprise, whether via Bring Your Own Devices (BYOD) or via internally managed hardware. This brings another dimension. Not only is malware common across a variety of smartphone operating systems, but the smartphones alter the perimeter of the 'safe' internal network. Smartphones will have separate data network access, either via 3G/4G or wifi, for access on unsecured networks (or at least unmanaged from the corporations perspective). Infosecprofessional.com 11
  • 12. A Cyber Security Review 12 Add to that fact that they can also be used as network 'hotspots', bringing a smartphone to work, could easily be creating a un-firewalled, un-managed router on every desktop. Social Media & Social Engineering - The onset of social media has also brought different angles. Not only are the numerous social media sites used for malware distribution and botnet control, they also give an attacker a new level of information when it comes to spear phishing or targetted attacks. Publicly held information about senior individuals within an organisation, makes social engineering attacks more sophisticated and more likely to succeed. Basic Defence in Depth Cyber protection (like any information security protection) is best applied when done in depth. Having one secure layer of protection, no matter how complex, will be breached at some time in the future. When it is, it's imperative to have several obfuscated layers underneath. Network Security - The network perimeter needs protecting. No doubt about that. Next- generation firewalls provide high and low level OSI stack scanning. Gone are the days of simple port blocking rules. Intrusion detection systems are also a default for many larger organisations. The recent concept of advanced evasion techniques, brings in to question the ability for the current batch of network perimeter devices, to be able to detect complex network delivery configurations, that help to distribute malware payloads. General network asset management and scanning is also important, not only to help identify smartphone related hotspots and 'leaks' out to the internet, but also for unauthorised devices, especially those configured to use IPv6 on IPv4 only networks. Infosecprofessional.com 12
  • 13. A Cyber Security Review 13 Access Management - A long time problem for larger organisations, is the constant provisioning and de-provisioning of user accounts. The use of least privilege is a must as is regular certification (the checking of existing users and their access levels). Role based access control can also be a major benefit, especially when it comes to the user on- boarding process, however this can be complex to implement. Device level access should also be well managed. Root or administrator equivalent access should be restricted, a long with restricted file system access, with device management and configuration changes not permitted. Unless it's required for the individuals role, policies should be restrictive but not inhibitive. Patching - The age old issue of patching. Software of course should be updated to the level recommended by the vendor. The simple reason, is that from a management perspective, the best support will be received from the vendor or partner, if the most recent patches and service packs are installed. Zero-day attacks are now common practice, with vulnerabilities being exploited before a patch has been provided. In this case, there is a counter argument, to say that newer software could well be more 'buggy' and vulnerable to attack, as it had less time in real world implementation environments. From a simple risk management perspective however, applying patches as soon as possible, can help to get the vendor to accept some of the recovery process, if a breach or issue has occurred. Anti-virus and URL Scanning - Anti-virus is again an age old issue from a management perspective. From the initial anti-virus installation and build, to the distribution of new definitions and then the scanning of machines and recording of infections, anti-virus is key, but also a major headache. You're only as strong as the weakest link and it takes only one machine not to be covered to cause an issue. Virus protection must now cover a range of devices, from laptops, smart phones and print devices, to routers, firewalls and switches, if they're sophisticated enough to have a basic operating system. Infosecprofessional.com 13
  • 14. A Cyber Security Review 14 Metrics for coverage rates and infection rates are important, as it not only helps with issue detection, but can also provide return on security investment data too - which will help fund projects and build business cases. URL scanners are also popular. This is more about the new concept of reputation based analysis. By using data from other infected parties, databases can be built that can check a formed URL to see if it has been involved with malicious activity or malware distribution. The same concept can also be applied to public subnets. Offense and Response A key message from any CISO to the management board of an organisation, is that they will be attacked and breached as some point. There is no such thing as total protection. The same can be said of risk management. Risk's of a great scale can never be removed entirely, simply reduced or transferred. Incident Response - With that said, a strong process and control centre for data breach and cyber attack recovery and incident response is important. That should include both technical forensic tools and the correct people and processes in place to make them effective. An incident should be properly assessed, with an understanding of the impacted parties and the scope of the attack. Once a full understanding of the attack has taken place, some 'stop the bleeding' style actions should be taken to limit the impact and exposure. This could include tactical short term fixes or changes. Following this should include a detailed root cause analysis phase, with more strategic remediation steps. SIEM, Logging and Forensics - For an incident response to take place, that requires the detection of an incident in the first place. In order to detect an attack requires several interlinked and correlated pieces of security data. Infosecprofessional.com 14
  • 15. A Cyber Security Review 15 Security Information & Event Monitoring (SIEM) tools should be used to centrally store and manage logs from multiple devices. Signature based analysis can certainly help with the scanning of known attacks, with behaviour profiling technologies helping with the unknown. Forensics style analysis for post-incident management is also popular, with secure duplication of logs and files often hashed to confirm a snapshot has taken place. Enterprise Protection Conclusion I think the main overriding aspect for enterprise cyber protection, is that as a large scale organisation, you will be attacked at some point. That maybe a virus infection, data theft, or a defaced website, but both proactive and reactive measures must be in place to make risk management of the situation effective. Those measures must also be both technical and personnel related. Infosecprofessional.com 15
  • 16. A Cyber Security Review 16 Consumer Protection Cyber attacks have been well documented in their ability to damage large organisations, government websites and critical infrastructure. However, there is still a large volume of non-technical home and mobile users who are ending up as the victim of on line attacks and identity theft. Everything's Online Well, not quite everything, but most things. You can certainly do all you shopping on line. Banking? Yep. Store your music, photo's and apps? Yep. Watch movies and TV? Yep. Interact with other people? Yep. So, practical, every day aspects can generally be automated and placed on line. The main consumers of on line products and services, is obviously the 'digital native'. The generation Y'er's and below, who were literally born, not with a silver spoon, but a smartphone hanging out of their mouth. Laptops can obviously do everything a desktop could do, but faster and cheaper. With the added option of being portable and using wireless networking. A laptop itself, would be pretty useless without an internet connection. In reality, not many people would use a laptop without the wifi or ethernet LAN connection disabled. Vulnerabilities - Learning and Spotting The use of more portable devices, including smart phones, has increased user convenience, but also opened up a can of worms when it comes to security. Smartphones are not really phones. They're computers, that happen to make calls. The phone itself will contain considerable personal and potentially work related data. Contacts, emails, attachments, internet browsing history, cookies, bookmarks, saved and cached passwords and so on. However, the main vulnerability with respect to consumers, is often not the technology they use, but how they use it. Infosecprofessional.com 16
  • 17. A Cyber Security Review 17 If you went to a new town or city and someone totally unknown, came up to you and tried to sell you a second hand car, you would probably walk away. You don't know the person's history or credibility and if you wanted to buy a car, you would want to see it, get a review, test drive it and so on. Your basic inner-suspicions would take hold and you would walk away. Those same instincts should be applied to on line browsing, but many users are often blinded by the technology and unfamiliar intermediate steps involved with buying products and services on line. Phishing is popular, as is social engineering - we've all heard the stories of the prince of Nigeria requiring urgent funds to allow safe passage for their daughter who happens to be in your local town. Protection Steps Basic instincts count for a lot. If you receive an email from someone unknown, don't expect it to contain winning lottery information, or a link to photo's from your past. How could it? If an on line deal seems to cheap to be true, it probably is. Use sites that you are familiar with. Reviews of products and services are now available for nearly everything and are available free. From a tech, perspective, treat your on line tooling the same as you would your physical devices, like cars and cookers. Make sure they're up to date and well serviced. If your laptop, operating system or browser is running an old version, get it updated with patches and service packs. Anti-virus, anti-malware and firewall tools should be installed as a minimum default and kept up to date too. Don't use public wifi for things like on line banking, or if you absolutely have to, put in place a local SSH tunnel to add some additional anti-sniffing protection. SSL is an absolute must for any website that requires authentication, including remote email viewing via IMAP or SMTP. Infosecprofessional.com 17
  • 18. A Cyber Security Review 18 From a smart phone perspective, make sure the OS is up to date, use a 6 digit password to access it (as opposed to a PIN), encrypt the local phone contents and set up insurances and remote-wipe features in case of theft. As more and more of our daily lives will involve on line transactions of some sort, the unfamiliarity aspect of the tooling should fade, allowing our instincts to perform some protection against social engineering, leaving technology to start the fight against APT's. Infosecprofessional.com 18
  • 19. A Cyber Security Review 19 Critical Infrastructure Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) are two of the standard environments that can constitute a critical environment. Whilst many financial services environments can be described as critical, critical infrastructure is more focused on the key assets described by a government as being essential to the standard function of the society and economy. This would include key utilities such as electricity and water supply, public health institutions and national security groups such as policing and the military. In recent years they have been subject to specific and prolonged attacks, opening up long standing vulnerabilities. Difference of Priorities: CIA to AIC The standard information security triad consists of confidentiality, integrity and availability. The priorities for many business information systems will follow the CIA approach in that order. Confidentiality is still the number one priority, with things like access management, network perimeter security and data loss prevention strategies still the number one budget grabber. The main driver behind such decisions, is often related to the protection of intellectual property, client records or monetary transactions. The output of many service related organisations, obviously takes on a more intangible nature, placing a greater reliance on digital management, storage and delivery of the processes and components that make that organisation work. From a critical infrastructure perspective, I would argue the priorities with regards to the security triad, alter, to focus more on availability, with integrity and confidential being less important. An electrical generation plant has one main focus: generate and distribute electricity. A hospital has one priority: keep people alive and improve their health. Infosecprofessional.com 19
  • 20. A Cyber Security Review 20 These types of priorities, whilst relying on information systems substantially, are often managed in a way that makes their delivery more important than the component systems involved. This difference in attitudes towards how security policies are implemented, can have a significant impact on vulnerability and exploit management. Vulnerabilities - Nature or Nurture? Vulnerability management from a consumer or enterprise perspective is often applied via a mixture of preventative and detective controls. Preventative comes in the form of patching and updates, in an attempt to limit the window of opportunity from things like zero-day attacks. Detective defence comes in the form of anti-virus and log management systems, which help to minimise impact and identify where and when a vulnerability was exploited. The many basic steps often associated with enterprise protection, are often not always available within critical infrastructure environments. Critical infrastructure is often built on top of legacy systems using out dated operating systems and applications. These environments often fail to be patched due to the lack of downtime or out of hours permitted work. ICS and energy generation systems, generally don't have a 'downtime' period, as they work 24 x 7 x 365. Outage is for essential maintenance only and preventative patching wont necessarily fall into being an essential outage. Due to the age and heterogeneity of such systems, a greater focus on additional patch management would seem natural. Many critical infrastructure environments are also relatively mature in comparison to modern digital businesses. Mechanisation of industrial and energy related tasks is well over a century old, with computerization coming only in the last 35 years. This maturity, has often resulted in cultural and personnel gaps when it comes to information security. Infosecprofessional.com 20
  • 21. A Cyber Security Review 21 Basic Security Erosion Some of the existing security related policies that have been implemented in critical infrastructure environments are now starting to erode. The basic, but quite powerful and preventative measure, of using air gapped networks to separate key systems from the administrative side of the organisation, is now being eroded. The need for greater management information, reporting and analytical systems, has lead to cross network pollution. The low level programmable logic controllers (PLC's), used for single purpose automation of electromechanical tasks, are now being exposed to the potential of the public network. Through the connection of desktop and laptop devices to previously secured networks, has brought the risk of infection from internet related malware a lot higher. Recent Attacks and a Change in Culture The two major exploits, focused specifically on critical infrastructure related environments in the last couple of years, have probably been the Stuxnet and Duqu attacks. Whilst the motives for these attacks are maybe different to the standard monetary or credibility drivers for malware, they illuminated the potentialfor mass disruption. As with any security attack, post-incident awareness and increased focus often result, with several new attempts at securing critical infrastructure now becoming popular. There are several government lead and not-for-profit organisations that have contributed to security frameworks for critical environments. Kasperky labs also recently announced plans to develop a new build-from-the-ground-up secure operating system, with a focus on critical environments. Infosecprofessional.com 21
  • 22. A Cyber Security Review 22 Whilst previously only focused on the availability and delivery of key services and products, critical infrastructure environments, now have to manage the increasing threat posed by cyber attacks and malware exposure. Infosecprofessional.com 22