The document discusses various topics related to cyber security including: 1) Types of cyber attacks seen during the COVID-19 pandemic like typo squatting domains and command and control servers. 2) Web application attacks like SQL injection, XSS, and how to prevent them through input filtering, encoding and CORS. 3) Secure development practices like establishing secure coding norms, separating duties, and fixing issues in a time-bound manner. 4) Quantifying cyber risks using techniques like Six Sigma and creating threat models.

1. Everything there is
to know about cyber
security is from
movies and web
series
SHYAM SUNDAR RAMASWAMI
SR. STAFF CYBER SECURITY ARCHITECT,
CYBER LABS – GE HEALTHCARE

2. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Lead Security Researcher
 Threat and Malware Hunter
 #ambatman
Who am I?
Sr.Staff Cyber Security Architect
Threat and Malware Hunter
#ambatman

3. Can you
identify the
issues in this
unattended
desk?

4. COVID 19 based cyber
attacks region wise

5. COVID
OutBreak
HeatMaps
Dashboards
Covid -19 Trackers

6. Real World Scenes
 Threat actors often use the latest world events
 COVID 19 was popular

12. Typo Squatting
Domains
 wuhan
 clinics
 lab
 tests
 selftestkit
 purchase kits
 helpline

13. The DNS traffic for Typo Squatted
Domain

15. Command and Control Servers

16. How does this
work ?
 Image Source: DNSFilter

18. Lean
Principles

20. Web Application attacks
 OWASP Top 10
 Injection Attacks
 Permission based attacks
 Forms and Fields
 Application based attacks

21. Types of XSS
Stored XSS
Reflected XSS
DOM Based attacks

22. How it
works ?

23. Preventing XSS
 Filters
 Encoding
 Verify inputs
 CORS

24. Secure
coding the
AGILE Way ?
Establish a
norm
Failing
securely
Separation
duties
Fixing
issues
Time
bound
Ownership
Mitigations
Minimize
blast radius

25. Quantifying Cyber attack
risks using Six Sigma?
 Cyber Risk Quantification (CRQ)
 Technical Nature of product -> Risks
- > Impacts
 Mitigating Risks
 Quantify risks

26. Threat models

27. Best
practices
for Threat
model

28. How can we do this in a week?
 Two hours a day
 Be an expert of your product
 Implement learning on your product
 Understand nuts and bolts of a product
 Be a security champion

29. Lean and Research
TIMELINES EASIER RISK
MITIGATIONS
THE 3 OUTCOMES ( IT’S
ME, LISTEN TO THIS ! )
DELIVERABLES

30. AGILE BASED RESEARCH LEADS TO ...
 Blog Series or post
 Conference talk
 Patent or defensive publication
 There is nothing called as FAILED RESEARCH !

31. What is APT ?
ATTACK CAMPAIGN IN WHICH
INTRUDER OR TEAM SITS LONG
TERM IN A NETWORK
GETS SENSITIVE DATA TARGETS ARE CAREFULLY
CHOSEN

32. More about APT
APT is super covert Nation state actors
Financial gain
Political espionage

33. How does it happen ?
 1. Scan the target
 2. Intelligence gathering
 3. Lateral movement by taking down one computer
 4. Back door installation or exploiting a flaw

36. Bronze Mohawk APT
Steganography domain typosquatting multi-hop proxies
Protocol Tunnelling
Archive, encrypt, and
stage collected data
locally and remotely for
exfiltration
C2 channel

37. Infrastructure

38. Lean Cyber security Cycle

39. What can you do to become the
ultimate cyber security guy ?
 Don’t learn cyber security to apply to any product
 Acquire product knowledge and then apply cyber security kills
 Build Threat models
 Spend 2 hrs a day to try out the skills learnt
 5-8 learning hours a week will get you there

40. Thank you