SlideShare une entreprise Scribd logo
1  sur  149
Télécharger pour lire hors ligne
Prof Peter Cochrane OBE
p e t e r c o c h r a n e . c o m
U D P
I P
S I P
TC P
RT P
D C H P
D N S
P N
V P N
L A N
W
A N
W I F IP S T N
W L A N
3 G
4 G 5 G
6 G ? ?
B l u e To o t h
F T T X
V D S L
VO I P
I o T
I 4 . 0
A I
V M O
4 G
C LO
U
D
S
A M P S
A C T S
B O
D
F L A G
I N L E O
P I N
P o C
N A P
P o P P OT S
S ATC o m RO
W
A F C C O D E C C AT VAT M
DT M
F
E
IR
P
F M
D P S K
CYBER Security
In a fully mobile world
D A N G E R O U S E P O C H
C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d
“ We h a v e n e v e r k n o w n s o v e r y m u c h a n d
u n d e r s t o o d s o l i t t l e”
D A N G E R O U S E P O C H
C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d
“ We h a v e n e v e r k n o w n s o v e r y m u c h a n d
u n d e r s t o o d s o l i t t l e”
2 0 2 0
I n f o r m a t i o n 6 0 Z B
M o b i l e s > 1 4 B n
I o T D e v i c e s > 2 5 B n
C o n n e c t i o n s > 5 0 B n
G l o b a l F i b r e > 1 Tm
Tr a f f i c / D a y > 5 E B
Internet traffic
2025 >17.5 ExaBytes/Day
2020 >5.3 ExaBytes/Day
2015 > 1.7 ExaBytes/Day
2000 < 0.3 ExaBytes/Day
1 Exa =109 GBytes
RESUME
R e a l i t y 2 0 2 0
Attacks are escalating
The Dark Side is winning
There are no silver bullets
People are the biggest risk
The attack surface is increasing
Attacker rewards are on the up
All our security tools are reactive
Cyber disruption costs are growing
Companies do not collaborate/share
Attackers operate an open market
More of the same but better
& faster will not change the
game…
…we have to think anew - to get
out of the box and do something
very different !
Infrastructures
Web Resources
PoS + ATMs
Peripherals
Users
IoT
Mobiles
Pcs Tablet
Wearables
Targets
Transport
IT
Retail
Crypto££
Telecom
++++
c y b e r A t t a c k
A c o n n e c t e d / n e t w o r k e d w o r l d
Malware
False ID
Social
Engineering
Hacking
Web Probes
DDoS
Software
Adulteration
Finance
Gov
Health
Care
Education
Industry
Commerce
Services
Hospitality
VictimsTools
Infrastructures
Web Resources
PoS + ATMs
Peripherals
Users
IoT
Mobiles
Pcs Tablet
Wearables
Targets
Transport
IT
Retail
Crypto££
Telecom
++++
c y b e r A t t a c k
A c o n n e c t e d / n e t w o r k e d w o r l d
Malware
False ID
Social
Engineering
Hacking
Web Probes
DDoS
Software
Adulteration
Finance
Gov
Health
Care
Education
Industry
Commerce
Services
Hospitality
VictimsTools
We are all on (a)
l i s t ( s ) & r a t e d
a s t a r g e t s
S o o n e r o r l a t e r
w e w i l l a l l t a k e
a h i t ( o r t w o )
M u c h o f o u r
p e r s o n a l d a t a
i s f o r s a l e !
H E A D L I N E S
B i g g e r t h a n U K G D P ! “ W e a r e l o s i n g t h i s
w a r h a n d s d o w n ”
https://www.varonis.com/blog/cybersecurity-statistics/
A t t a c k C a t a l o g u e
W e f a c e a r a p i d l y c h a n g i n g l a n d s c a p e !
“ I t i s e s s e n t i a l t o m a k e a c y b e r t h r e a t r e v i e w a d a i l y r o u t i n e
b y c o n t i n u a l l y t a p p i n g t h e r i c h v e i n o f r e p o r t s a n d h e a d l i n e
n e w s a v a i l a b l e t o t h e d e f e n c e c o m m u n i t y ”
https://go.crowdstrike.com/crowdstrike-global-threat-report-2020.html
https://www6.gemalto.com/ppc/dtr/global
https://www.accenture.com/gb-en/insights/cyber-security-index
https://solutionsreview.com/endpoint-security/key-findings-the-check-
point-2020-cyber-security-report/
R a n s o m e w a r e
% o f o r g a n i s a t i o n s r e p o r t i n g a t t a c k s
Cyber Security in a Fully Mobile World
P e r s i s t e n t C r i s i s
Anti-phase cyclic actions correlate with events
Company/Institutions/Gov/Industry
Status Surveys remain almost static year-
on-year and show little sign of improvement
despite the growing number and type of
attack plus reputational damage
T H E B I G G E S T R I S K
A t t a c k m o d e s d e p e n d o n p e o p l e f a i l s !
J O E P U B L I C
T h e O L D a t r i s k g r o u p
J O E P U B L I C
T h e O L D a t r i s k g r o u p
Status
User Attitude
I just want to use it: I can’t/don’t want to know or
understand any of the detail - so don’t touch it, don’t
change anything, you might break it, just fix the
problem and let me carry on as normal!
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
BOTNET
Zip
Outdated
Old OS - never updated
Very Few - never updated
Simple and Weak
What ?
No Idea?
Whats That?
None
I use my phone line
Wide Open
???
Blanklook - Don’t care
Very hard to help
at risk group in
need of expert/
Family Help
Young Family
B o r n & l i v e w i t h t e c h
Young Family
B o r n & l i v e w i t h t e c h
Status
User Attitude
We all need to be IT literate and fully understand the
opportunities/risks - child protection is a must and
how/where to get help
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Sufficient /Reasonable
New(ish)
OS - auto-updated
Many - auto-updated
Strong(ish)/Browser Created
Two Factor
Built into OS
Protection Built into OS
Cloud fundamental to set up
Best Deal ADSL/VDSL/Fibre
Supplier Strong Password
Firewall + Child Protection
May have Norton or similar
Parents capable
and protective
kids are eager
beavers
H O M E W O R K E R
A w a r e a n d C y b e r - w o r r i e d
H O M E W O R K E R
A w a r e a n d C y b e r - w o r r i e d
Status
User Attitude
I am a professional and my job depends upon my IT
literacy: I need to fully understand the opportunities
and risks and I need contracted support
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Encryption
VPN
Good
<3 years old
OS - auto-updated
Many - auto-updated
Strong/Browser Created
2 Factor + PIN/Fingerprint
Built into OS + Additional App(s)
Protection inside OS + App(s)
Cloud +Several (>1) HDs
Best ADSL/VDSL/Fibre Speed
Strong Password
FireWall and Malware Protection
Norton or similar +++
Not the norm but able
Sometimes
M o b i l e w o r k e r
Cyber over confident should be worried
M o b i l e w o r k e r
Cyber over confident should be worried
Status
User Attitude
I am a professional road warrior and my job depends
upon me being on the ball and self sufficient & I
have to be aware of physical and cyber security
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Encryption
VPN
Good
<3 years old
OS - auto-updated
Many - auto-updated
Strong/Browser Created
2 Factor + PIN/Fingerprint
Built into OS + Additional App(s)
Protection inside OS + App(s)
Cloud(x2) + Several (>2) HDs
Best ADSL/VDSL/Fibre Speed
Strong Password Random Sites
FireWall and Malware Protection
Norton or similar +++
Normal Mode
Normal Mode
S M E / S ta r t u p
D e f e n d i n g a d i s p a r a t e g r o u p
S M E / S ta r t u p
D e f e n d i n g a d i s p a r a t e g r o u p
Added Complexity
There are no IT standards and/or codes of practice
everyone works on the move using their personal IT
and an array of platforms and apps
People are working from Home, Office, Hotels,
Airports, Coffee Shops with ad hoc networking with
a wide range of data and apps
The attack opportunities are amplified but so are the
complications of navigating multiple locations, device
and OS types along with a diverse spread of Apps
Fledgling companies eventually die or grow up and
this model does not scale to deal with the a large
number of customers and the increased security
requirements - in short: processes, contingencies and
staff training plus a deal of uniformity are a must !
Status
User Attitude
A group of professionals dedicated to the creation of
a successful company - from a variety of backgrounds
with years of IT user experience and awareness
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Encryption
VPN
IT Support
Excellent
Random mix of personal devices
Multiple OS - auto-updated
Many - auto-updated
Strong/Browser Created
2 Factor + PIN/Fingerprint
Built into OS + Additional App(s)
Protection inside OS + App(s)
Cloud(x3) + Many (>??) HDs
Best ADSL/VDSL/Fibre
Strong Password Fixed & Mobile
FireWall and Malware Protection
An Array of Products + Services
Normal Mode
Normal Mode
Some Specialisms eg web site
M e d i u m B i G C o m p a n y
A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s
L a r g e C o m p a n y
Cyber over confident should be worried
M e d i u m B i G C o m p a n y
A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s
L a r g e C o m p a n y
Cyber over confident should be worried
ITs not my bag
THE IT DEPT
Take care of all
this/w
ho cares
IT and Security
never eat their
ow
n
dog food
do theY EVEN
care
IT and Security
never look at or
try to do your
job
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
CATALOGUES OF
PASSW
ORDS FOR
SALE ON
THE
DARK W
EB
D A N G E R O U S E P O C H
We h a v e n e v e r s e e n a n y t h i n g l i k e t h i s !
P r i m e t a r g e t s
F a v o u r i t e c y b e r a t t a c k s e c t o r s $ $
V U L N E R A B I L I T I E S
T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e
V U L N E R A B I L I T I E S
T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e
People
Always The
Biggest
Risk!
P H I S H I N G D E M O
O h s o v e r y e a s y f o r t h e s k i l l e d
Cyber Security in a Fully Mobile World
S P O O F E R S
B i g g e s t f r o n t c o m p a n i e s
I M P E R S O N A T I O N
F a k e I D c a l l c e n t r e s u p p o r t a t t a c k s
C h a l l e n g e
T h i s l i s t e x p a n d s y e a r l y
Malicious Code
inserted into visitor
browsers
Gains Access
to sensitive
data
c y b e r A t t a c k
S y s t e m W i d e O p p o r t u n i t y Po i n t s
R I S K P R O F I L E
T h e b i a s f o l l o w s t h e p e o p l e
R I S K P R O F I L E
T h e b i a s f o l l o w s t h e p e o p l e
“ T h e b u l k o f n a t i o n a l a n d
i n t e r n a t i o n a l n e t w o r k s
a r e p h y s i c a l l y d i f f i c u l t
to access: the level of
e n c r y p t i o n r e n d e r s
i t i m p o s s i b l e t o
access any useful
i n f o o r d a t a”
W e n o w e x a m i n e
t h i s i n d e t a i l
PRIMARY security 1
P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l
VPN
PN
VPN
PN
Dedicated
Fibre
VPN
PN
Dedicated
Fibre
VPN
PN
Network Services
Reseller
with direct routing
Inherently
Secure
Fibre
PN/VPN
PRIMARY security 1
P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l
VPN
PN
VPN
PN
Dedicated
Fibre
VPN
PN
Dedicated
Fibre
VPN
PN
Network Services
Reseller
with direct routing
Inherently
Insecure
Wired
&
Wireless
Inherently
Secure
Fibre
PN/VPN
Strong
Encryption
Hidden
VPN &
Routings
What is actually
in this Cloud?
p a r t i a l v i e w 1
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually
in this Cloud?
p a r t i a l v i e w 1
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually
in this Cloud?
It
is
a
v
ita
l
s
ec
r
et
a
s
to
th
e
d
eta
iled
d
es
ig
n
/en
g
in
eer
in
g
a
d
o
p
ted
A
n
d
th
e
en
em
y
m
u
s
t
n
o
t
k
n
o
w
th
is
p a r t i a l v i e w 2
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l
How is the
Network
Configured?
p a r t i a l v i e w 2
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l
How is the
Network
Configured?
It
is
a
v
ita
l
s
ec
r
et
a
s
to
th
e
d
eta
iled
d
es
ig
n
/en
g
in
eer
in
g
a
d
o
p
ted
A
n
d
th
e
en
em
y
m
u
s
t
n
o
t
k
n
o
w
th
is
S o m e G u e s s e s
W h a t w o u l d w e d o a s d e s i g n e r s ?
S o m e G u e s s e s
W h a t w o u l d w e d o a s d e s i g n e r s ?
In
h
er
en
tly
s
ec
u
r
e
in
th
e
ex
tr
em
e
iff
d
es
ig
n
ed
w
ell
a
n
d
d
eta
il
is
k
ep
t
s
ec
r
et
Cable 3
D i v e r s i t y
M u l t i - C a b l e s P a t h s
Cable 8
Cable 6
Cable 3
D i v e r s i t y
M u l t i - C a b l e s P a t h s
Cable 8
Cable 6
Cable 3
D i v e r s i t y
M u l t i - C a b l e s P a t h s
A
d
d
s
r
es
ilien
c
e
to
a
w
h
o
les
a
ler
n
etw
o
r
k
a
n
d
is
a
v
er
y
effec
tiv
e
d
efen
c
e
a
g
a
in
s
t
D
D
O
S
A
tta
c
k
s
Cable 8
Cable 6
Cable 3
A d d r e s s i n g
M u l t i - C a b l e P a t h s / R o u t i n g Radically Different
For Each Layer
Password Format
Different by Layer
Cable 8
Cable 6
Cable 3
A d d r e s s i n g
M u l t i - C a b l e P a t h s / R o u t i n g Radically Different
For Each Layer
Password Format
Different by Layer
A
d
d
s
r
es
ilien
c
e
A
n
d
A
N
ex
tr
a
la
y
er
o
f
s
ec
u
r
ity
fo
r
a
tta
c
k
er
s
if
th
ey
g
et
th
is
d
eep
Cable 8
Cable 6
Cable 3
Appears to be/mimics real thing, but sees the
Dark Side fighting infrastructure to nowhere!
S p o o f i n g
G h o s t C a b l e s P a t h s
Cable 8
Cable 6
Cable 3
d
ilu
tes
th
e
effo
r
ts
a
n
d
r
es
o
u
r
c
es
o
f
th
e
d
a
r
k
s
id
e
a
n
d
Fr
u
s
tr
a
tes
th
eir
D
es
ig
n
s
to
G
a
in
a
c
c
es
s
Appears to be/mimics real thing, but sees the
Dark Side fighting infrastructure to nowhere!
S p o o f i n g
G h o s t C a b l e s P a t h s
Cable 3
H o p p i n g
D y n a m i c A d d r e s s i n g
Node Addresses Change by the second
to render them invisible to scanners
Cable 8
Cable 6
Cable 3
H o p p i n g
D y n a m i c A d d r e s s i n g
Node Addresses Change by the second
to render them invisible to scanners
Cable 8
Cable 6
Cable 3
H o p p i n g
D y n a m i c A d d r e s s i n g
Node Addresses Change by the second
to render them invisible to scanners
A
s
o
f
th
e
c
r
ea
tio
n
o
f
th
is
p
r
es
en
ta
tio
n
n
o
k
n
o
w
n
a
tta
c
k
h
a
s
b
een
s
u
c
c
es
s
fu
l
a
g
a
in
s
t
th
is
d
efen
c
e
TH E BIG PICTUR E
O p t i c a l F i b r e C a b l e N e t S p i n e
TH E BIG PICTUR E
O p t i c a l F i b r e C a b l e N e t S p i n e
O
v
er
4
30
u
n
d
er
s
ea
c
a
b
les
n
o
w
c
o
n
n
ec
t
th
e
p
la
n
et
a
n
d
c
a
r
r
y
99.999%
o
f
a
ll
tr
a
ffic
EU - Nth America
O p t i c a l F i b r e C a b l e s 2 0 1 9
EU - Nth America
O p t i c a l F i b r e C a b l e s 2 0 1 9
C
A
B
LE
FA
ILS
A
R
E
R
A
R
E
a
n
d
m
a
in
ly
c
a
u
s
ed
b
y
h
u
m
a
n
in
ter
v
en
tio
n
tr
a
w
ls
a
n
c
h
o
r
s
p
lu
s
tid
a
l
a
c
tio
n
UK - North America
1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
UK - North America
1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
D i s p e r s e C a b l e s
a n d
L a n d i n g S i t e s
D i s p e r s e Tr a f f i c
a c r o s s
S e v e r a l C a b l e s
D i v e r s e E m e r g e n c y
r o u t i n g
V i a F r a n c e , S p a i n ,
S c a n d i n a v i a , o n a
m a j o r c a b l e f a i l
M a i n t a i n S e n s i b l e
F a i l u r e M a r g i n s
UK - North America
1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
D i s p e r s e C a b l e s
a n d
L a n d i n g S i t e s
D i s p e r s e Tr a f f i c
a c r o s s
S e v e r a l C a b l e s
D i v e r s e E m e r g e n c y
r o u t i n g
V i a F r a n c e , S p a i n ,
S c a n d i n a v i a , o n a
m a j o r c a b l e f a i l
M a i n t a i n S e n s i b l e
F a i l u r e M a r g i n s
in
w
a
r
tim
e
it
is
n
o
t
u
n
u
s
u
a
l
fo
r
c
a
b
les
to
b
e
a
ta
r
g
et
if
th
ey
c
a
n
b
e
lo
c
a
TED
TH
EN
TH
EY
M
A
Y
B
E
C
U
T
PRIMARY Security 2
L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s
Country
Gateway
Regional
Gateway
Regional
Gateway
DedicatedFibre orWavelengths
Dedicated
Fibre or
Wavelengths
VPN
PN
Total end-to-end nodes
to number < 10
Total end-to-end path
delay to be <150 ms
PRIMARY Security 2
L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s
Country
Gateway
Regional
Gateway
Regional
Gateway
DedicatedFibre orWavelengths
Dedicated
Fibre or
Wavelengths
VPN
PN
Total end-to-end nodes
to number < 10
Total end-to-end path
delay to be <150 ms
All Optical Fibre Net Almost
Impossible to Penetrate but
not entirely so!
All Gateways
Highly Secure
Facilities
All Precise Routings and
Gateway Locations are
not generally available
PRIMARY Security 2
L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s
Country
Gateway
Regional
Gateway
Regional
Gateway
DedicatedFibre orWavelengths
Dedicated
Fibre or
Wavelengths
VPN
PN
Total end-to-end nodes
to number < 10
Total end-to-end path
delay to be <150 ms
All Optical Fibre Net Almost
Impossible to Penetrate but
not entirely so!
All Gateways
Highly Secure
Facilities
All Precise Routings and
Gateway Locations are
not generally available
N
o
n
O
b
v
io
u
s
g
a
t
ew
a
y
g
h
o
s
t
in
g
/d
u
p
lic
a
t
io
n
P
lu
s
s
p
lit
fib
r
e
c
a
b
le
feed
s
c
a
n
b
e
u
s
ed
t
o
in
c
r
ea
s
e
s
ec
u
r
it
y
Ex
t
en
s
iv
e
u
s
e
o
f
en
c
r
y
p
t
io
n
12
8
/2
5
6
/
5
12
k
ey
s
p
lu
s
p
u
b
lic
k
ey
fo
r
c
o
n
t
r
o
l
a
n
d
s
ig
n
a
llin
g
COULD THIS HAPPEN
W o u l d i t i n a l l l i k e l i h o o d w o r k ?
The media just love this scenario…
but undersea cables are 1000s
of time less vulnerable than
satellites!
AND THIS ?
B a d c a b l e d e s i g n !
PRIMARY Security 3
Ra n d o m i s a t i o n o f b y t e s a n d ro u t i n g
Impossible to fully imitate
the complex randomness
in action…so this will
have to suffice !!
R I S K P R O F I L E
T h e b i a s f o l l o w s t h e p e o p l e
“ T h e b u l k o f t h e l o c a l l o o p /
l a s t m i l e i s e x p o s e d a n d
p h y s i c a l l y e a s y to access:
the equipment, copper,
fibre, and wireless
links are open
to attack”
W e n o w e x a m i n e
t h e l a s t m i l e
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e 1 :
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e 1 :
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
1
23
4
5
6
7
8
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
1 2
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
3
4
3 5
5 5 5
5
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
6
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
H e r e i s t h e h a r d w a r e 2 :
7
Why would anyone do this for a few ££
an hour, or is there hidden value add
that we are not seeing?
Stealing all that personal data is often the
bigger prize!
MUCH EASIER
W i t h a h i g h R O I
Gangs generally hired in and exploited
by big crime! Sold on or delivered to
far more capable exploiters…
UP THE VALUE
100s of hack tutorials on-line
A naked mobile device is one price
A live mobile device with all the log-in
and personal data accessible is a much
better deal !
PASSWORD & PACKET SNIFFERS
A v i t a l b r e a k i n t o o l a v a i l a b l e o n t h e D a r k N e t
F r e e o r a v a i l a b l e t o p u r c h a s e
T i m e t o c r a c k a p a s s w o r d = M i n u t e s - H o u r s
E m u l a t i n g h a r d w a r e c a n c o s t k i t + s o f t w a r e a n d i s h a r d !
Password Sniffer: An App that scans and records passwords on a computer or network
interface.
It inspects all incoming and outgoing network traffic and records any instance of a data packet
that contains a password.
Over a period of time it can build up a complete ID, MAC Address, Password et al record
STUDENT WARNING
I d o n o t re c o m m e n d e n t e r i n g t h i s d o m a i n , BU T i t i s t h e o n l y
re a l wa y o f a p p re c i a t i n g t h e f u l l p o t e n t i a l - S O i f yo u d o
d e c i d e t o h a ve l o o k , t h e n :
1) Use an old machine/fake ID in a coffee shop
2) Have your camera, mic, tracking turned off
3) Make sure all location service options are off
4) Employ security (Norton et al) throughout
5) Only have a single app (TOR) installed
6) DO NOT complete any transactions
7) Reveal no personal info whatsoever
8) Factory reset machine when done
9) Security scan machine on boot
RECOMMENDATION: Enter, take a look, get a taste, get out
TORching infrastructure
5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9
I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y
3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s
TORching infrastructure
5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9
I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y
3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s
This is the pow
er of
ignorance w
rit large
belief paranoia
and
a
lack
of any basic
education
3 4 5G save lives day
on
day and these
fools do not know
that they are killing
people
Segue: Demo
P u b l i c K e y M a d e O b v i o u s
L e ss o n s
F r o m
H i s to r y
L e ss o n s
F r o m
H i s to r y
F e n c e
F e n c e + M o u n d
W a l l + M o u n d
W a l l + M o u n d + D i t c h
W a l l + M o u n d + M o a t
W a l l ( s ) + M o u n d + K e e p + M o a t
+ + +
+ + +
W a l l ( s ) + M o u n d + K e e p + M o a t
+ H i d d e n D i t c h + O b s t a c l e s
+ + +
+ + +
C a s t l e i n a C a s t l e !
S lo w e vo l u t i o n
T h e e n e m y i s m o b i l e & a g i l e
E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s
E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !
S lo w e vo l u t i o n
T h e e n e m y i s m o b i l e & a g i l e
I r o n A g e
N a p o l e o n
E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s
E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !
Does this not look
like
the recent history
of
cyber
defence w
ith
layer
on
layer
of
fixed/static
defences
And
w
e are still
building
them
in
the
form
of bunkers at
even
vaster
expense
And after > 2000 years

of evolution, what 

comes next?
WA L L S D O N ’ T W O R K
B u t w e k e e p b u i l d i n g t h e m !
And
w
e are still
building
them
and
they
are still
ineffective and
very
expensive
W H At D I D W E L E A R N !
C o n c e n t r i c d e f e n c e l a y e r s w o r k ( i s h ) ?
N o t s o i f t h e y a r e :
F i x e d
U n c h a n g i n g
U n r e s p o n s i v e
S l o w t o e v o l v e
L a c k i n t e l l i g e n c e
P o o r l y m a i n t a i n e d
O p e r a t e i n i s o l a t i o n
N o t w h o l l y i n t e g r a t e d
N o t f u l l y a n t i c i p a t o r y
H u b
L A N
S w i t c h
C P E
H u b
L A N
S w i t c h
C P E
I S P
C L O U D ( s )
S e c u r i t y a t
e v e r y l a y e r
h a s t o b e
d y n a m i c &
a d a p t a b l e
Assessment
S e c t o r R e a l i t y 2 0 2 0
Attacks escalating
Our exposure is growing
Attackers are winning the war
Attacker get richer by the year
Our defences are not 100% effective
We need to collaborate and share all
We are largely disorganised and underinvesting
People remain our single biggest attack risk
All our security tools are reactive & mostly outdated
Best market model appears to be the airline industry
Assessment
S e c t o r R e a l i t y 2 0 2 0
Attacks escalating
Our exposure is growing
Attackers are winning the war
Attacker get richer by the year
Our defences are not 100% effective
We need to collaborate and share all
We are largely disorganised and underinvesting
People remain our single biggest attack risk
All our security tools are reactive & mostly outdated
Best market model appears to be the airline industry
We present an easy
and very attractive
Opportunity for cyber
hackers and/or
criminals
Collaboration
A i r l i n e s m o d e l 2 0 2 0
Safety record is all
Embraces entire industry
Every accident is investigated
All incident reports are open & shared
Safety communication is pilot/operator centric
Industries, manufacturers, governments all committed
Well organised and structured with a high level of accountability
Passenger and crew safety is the single biggest concern and success metric
Collaboration
A i r l i n e s m o d e l 2 0 2 0
Safety record is all
Embraces entire industry
Every accident is investigated
All incident reports are open & shared
Safety communication is pilot/operator centric
Industries, manufacturers, governments all committed
Well organised and structured with a high level of accountability
Passenger and crew safety is the single biggest concern and success metric
Collaboration
A i r l i n e s m o d e l 2 0 2 0
Safety record is all
Embraces entire industry
Every accident is investigated
All incident reports are open & shared
Safety communication is pilot/operator centric
Industries, manufacturers, governments all committed
Well organised and structured with a high level of accountability
Passenger and crew safety is the single biggest concern and success metric
Flying is generally
the safest mode
transport globally
as a result of this
model
Cyber security is in
need of something
very similar if it is
ever to migrate out
of The victim mode
• No transgressions
• Work up to the limit
• Keep within the spirit & word
• Our responsibility to keep up to date
• Seek legal advice on latitude
• Special dispensations may be possible
• National security/intelligence may help
• In general the Buck ends with you !
C o n s t r a i n t s
O u r f r e e d o m s a r e l i m i t e d
Legal system
Codes of practice
Ethical principles
Moral responsibilities
THE Potential Nightmare
We h a v e n o r e a l e v i d e n c e o f w h o c a n d o w h a t !
The eNemy Innovates fast
T h i n g s l i k e t h i s p o p u p a l m o s t w e e k l y !
A t t a c k T y p e s
W i t h a g r o w i n g s p e c i e s c a t a l o g u e
R e a l T i m e
D e l a y e d
O p e n &
O b v i o u s
I n v i s i b l e
S t e a l t h
R e a d i l y o r
E v e n t u a l l y
I d e n t i f i a b l e
D i f f i c u l t o r
I m p o s s i b l e
t o I d e n t i f y
Disguised
H i d d e n
M a y o r m a y
not (ever) be
d i s c o v e r e d
A t t a c k T y p e s
W i t h a g r o w i n g s p e c i e s c a t a l o g u e
R e a l T i m e
D e l a y e d
O p e n &
O b v i o u s
I n v i s i b l e
S t e a l t h
R e a d i l y o r
E v e n t u a l l y
I d e n t i f i a b l e
D i f f i c u l t o r
I m p o s s i b l e
t o I d e n t i f y
Disguised
H i d d e n
M a y o r m a y
not (ever) be
d i s c o v e r e d
Sophisticated
criminal group
technology
Rogue/nation
state espionage
OR WEAPONISED
Rogue/nation
state espionage
OR WEAPONISED
Hacker/groups
conventional
techniques
D e f e n c e e s s e n c e
S p e e d o f d e t e c t i o n , r e s p o n s e & a d a p t a t i o n
1) Our own passivity is the biggest danger
2) The attacker agility and innovation our biggest challenge
3) Attackers have the first mover advantage & get to choose everything
4) Human defenders cannot be vigilant and prepared 24 x 365 year-on-year
5) Situational awareness is key & rooted in Data/Information gathering/analysis
6) Machines, AI, Machine Learning are key to solving (4 & 5) and giving us the edge
7) The application of anticipatory techniques is still in its infancy and needs investment!
8) Disparate companies, groups and government almost all the components we need
9) It is essential that these resources (8) are brought to bear and integrated with (5 -7)
8) We might just win this war, but not without changing the way we think and operate!
M I N D S E T S
A d i f f e re n t p e r s p e c t i ve
https://
www.y
outube.
com/
watch?
v=X7rh
ovBK_e
A
Audio Book
https://www.youtube.com/watch?v=X7rhovBK_eA
Written 5th C BC
Most important points:
Information matters and an educated guess is
better than a gut decision
Generals should be adept at the "military calculus"
of accounting for anything and everything that
could affect the outcome of a battle
M I N D S E T S
P r o v o c a t i v e s t i m u l a t i o n
More Quotes by famous generals and philosophers
https://bit.ly/2VVJ6Hm
More Quotes by Sun Tzu
https://bit.ly/2VVJ6Hm
BEST Quotes by Sun Tzu
https://bookroo.com/quotes/the-art-of-war
“The supreme art of war is to subdue the enemy
without fighting”
“To know your enemy you must become your
enemy”
1) There is always a threat
2) It is always in a direction you’re not looking
3) Perceived risk/threat never equals reality
4) Nothing is ever 100% secure
5) People are always the primary risk
6) Resources are deployed inversely proportional to actual risk
7) You need two security groups - defenders and attackers
8) Security & operational requirements are mutually exclusive
9) Legislation is always > X years behind
Security Laws
I m m u t a b l e S i n c e 1 9 9 0
Security Laws
I m m u t a b l e S i n c e 1 9 9 0
10) Security standards are an oxymoron
11) Security people are never their own customer
12) Cracking systems is far more fun than defending them
13) Hackers are smarter than you - they are younger!
14) Hackers are not the biggest threat - governments are!
15) As life becomes faster it becomes less secure
16) Connectivity and data half lives are getting shorter too
17) We are most at risk during a time of transition
18) The weakest link generally defines the outcome
p a r A D O X 1
Wa r G a m e s a n d D e f e n c e
“The military play all day and occasionally go to war”
“We are ay war every day and never play”
pA r A D O X 2
N o re t a l i a t o r y d e f e n c e
BY
and
large
w
e
know
w
ho
the
attackers
are
and
w
here
they
reside
but
opt
to
do
nothing
the
enem
y
have
sim
ply
adopted
our
technologies
and
used
them
as
w
eapons
against
us
T o S u r v i v e
We n e e d t o b e c o m e u n i t e d
“Failure the greatest teacher is”
T o S u r v i v e
We n e e d t o b e c o m e u n i t e d
Well Funded R&D
Global Sharing Culture
Tools, Tech & Info Sharing
Proactive Defence Strategies
Skills & Expertise Cooperation
Fast to Respond to/Report Threats
Cooperative Creativity
Engage in Workable Legislation
Help Formulate Law Frameworks
Virtualised Every Aspect of Cyber Defence
Formulate a Rapid Attack/Punitive Responses
“The Art of War
read you must”
C Y B E R C R I M E
A b r i d g e d h i s t o r y a n d c o s t
Banking Malware
Crypto-Currency Attacks
Bitcoin Wallet Stealer
Device & Account Hijacking
RansomeWare
EPoS Attack
Fake News
Propaganda
Social Engineering
DoS, DDoS
Infected eMail
RansomeWare
Identity Theft
DNS Attack
BotNets
Site Sabotage
SQL Attack
Spam
Identity Theft
Phishing
Trojan
Worms
Virus
1997
2004
2007
Estimated
>>1000 Bn
Attacks
Total
> $5000 Bn
Cost of
global
cyber
crime
Today
2013
Almost all attacks/attack-types can be traced back to
the exploiting of individuals who have volunteered
vital info by falling victim to scams, spams/trickery,
bribery, corruption, blackmail, honeypots…
Social engineering is one of the most powerful tools to be
widely exploited by the ‘Dark Side’ - and the approach
can span to dumb and very obvious to the highly
sophisticated and hard to detect
C Y B E R C R I M E
A b r i d g e d h i s t o r y a n d c o s t
Banking Malware
Crypto-Currency Attacks
Bitcoin Wallet Stealer
Device & Account Hijacking
RansomeWare
EPoS Attack
Fake News
Propaganda
Social Engineering
DoS, DDoS
Infected eMail
RansomeWare
Identity Theft
DNS Attack
BotNets
Site Sabotage
SQL Attack
Spam
Identity Theft
Phishing
Trojan
Worms
Virus
1997
2004
2007
Estimated
>>1000 Bn
Attacks
Total
> $5000 Bn
Cost of
global
cyber
crime
Today
2013
Almost all attacks/attack-types can be traced back to
the exploiting of individuals who have volunteered
vital info by falling victim to scams, spams/trickery,
bribery, corruption, blackmail, honeypots…
Social engineering is one of the most powerful tools to be
widely exploited by the ‘Dark Side’ - and the approach
can span to dumb and very obvious to the highly
sophisticated and hard to detect
W
a
tch
som
e
crim
e
hEist
spy
m
ov
ies
rea
d
detectiv
e
n
ov
els
k
eep
up
w
ith
security
dev
elopm
en
ts
To
get
a
grip
on
deception
rea
d
on
m
a
gic
a
n
d
m
a
gicia
n
s
w
a
tch
som
e
rela
ted
m
ov
ies
S e g u e : S t u x n e t
S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e
Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r
O n l y i n t e r e s t e d i n M S O S
H u n t e r K i l l e r S p e c i e s
2 0 1 0
A t t a c k
N e v e r
A t t r i b u t e d
C I A - M o s s a d
P r i m a r y S u s p e c t s
G e n e r a l S p e c i e s
f o r S a l e o n D a r k W e b
c y b e r a t t a c k
P r i m a r y M o t i v a t i o n s J a n 2 0 1 9
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/
Prime Motivation
Making $$$$
Prime Motivation
Trade Secrets
Military
Security
Prime Motivation
Political, Commercial
and Social Change
Prime Motivation
Domination and
TakeOver
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/
c y b e r a t t a c k
P r i m a r y Ta r g e t s a s o f J a n 2 0 1 9
M y F o r e c a s t
T h e n u m b e r O n e f o r 2 0 2 0
A target rich opportunity:
• A wealthy technophobic organisation and customers
• Processes, protocols and methodologies well known
• Millions of people involved with dispersed offices
• Multiple points of access PSTN, VOIP, Network+
• Staff trained to help customers BIG and small
++++
• Many possible attack modes: Phishing, Whaling,
Malware, Man-in-the-Middle, Insider, Contractor,
bribery, corruption, coercion
C Y B E R At ta c k e r s
R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s
Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Almost all attacks/attack-types can be
traced back to human fallibility and
ambition exploitation
C Y B E R At ta c k e r s
R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s
Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Almost all attacks/attack-types can be
traced back to human fallibility and
ambition exploitation
Short
Game
Low
Gain
Medium
Game
Medium
Gain
Long
Game
Massive
Gain
Sophistication
Investment
Complexity
ROI
S tat u s Q u o
C y b e r C r i m e E c o n o m y
E A S Y E N T R Y 1
M o s t l y v e r y p o o r p r o t e c t i o n
B e h i n d t h e
F i r e W a l l
i n o n e
s m a l l
s t e p
N o P a s s w o rd s
E a s y P a s s w o r d s
F a c t o r y D e f a u l t
E A S Y E N T R Y 2
M o s t l y v e r y p o o r p r o t e c t i o n
E A S Y M o n e y
L o w c o s t h u m a n / ro b o t a t t a c k s
P h i s h i n g
E x p o n e n t i a l G r o w t h
Criminals are in a race against security teams
looking to shut them down
Security teams report phishing URLs
regularly, but some criminals use web hosts/
domains that ignore reports
Most kits have a short life, and the phishing
window is growing smaller
H i g h l y s u c c e s s f u l / p r o f i t a b l e ;
a n d v e r y e a s y t o a u t o m a t e f o r
T X T a n d s p e e c h
P h i s h i n g
E x p o n e n t i a l G r o w t h
o f S p e c i e s s e e s a ra p i d
S h o r t e n i n g L i f e t i m e s
Days to Deactivation
Cumulative%ofKitsDeactivated
25%
50%
75%
100% Cumulative % of kits deactivated
0 40 80 120 160 200
P h i s h i n g
E x p o n e n t i a l I n n o v a t i o n
Akamai
S E G U E
P h i s h i n g D e m o
D E F E N CE I N D U S T R Y
W h e n a c u s t o m e r b e c o m e s a n e n e m y
Kill Switch
Disable Signal
Destruct Command
Assume Control Portal
Information/Data Gathering
O F F T H E R EC O R D
A l m o s t n o t h i n g i s a s i t a p p e a r s
m a l w a r e
A ‘c o m m e rc i a l ’ s a m p l e
Cerber – Malicious email file affecting system OS - steals user’s info to extort money
RaaS – (Ransomware-as-a-Service) Hackers make money by selling/using this product
Emotet – Originally a banking Trojan, but evolved as a full-scale Bot threat.
Botnets – Used for DDOS attacks, SPAM distribution, data stealing, self organising
Crypto-mining Malware – Distributed computing for cryptojacking - using your FLOPs
D D o S T y p e s
T h e m a i n a t t a c k c h a ra c t e r i s t i c s
Volumetric: Consumes network, service, link bandwidth to create congestion/paralysis
TCP State Exhaustion: Kills core routers, firewalls & application servers - services unusable
Application Layer: Target websites, databases & app services. Perhaps the most sophisticated
/stealthy - very difficult to detect using common flow-based monitoring
https://www.scss.tcd.ie/publications/theses/diss/2018/TCD-SCSS-DISSERTATION-2018-046.pdf
DDoS Deception
I s t h i s t h e m a i n a c t - o r n o t ?
Not So Obvious: Distraction to
conceal more sinister activities?
DDoS Defence
J u s t o n e c o m m e r c i a l o f f e r
W H AT W E D E T E C T
P o s s i b l y j u s t t h e t i p o f a n i c e b e r g !
We need to start looking below the surface
of obviousness for the hidden sophistication
of the many stealth attacks that we suspect
are happening that we cannot see!
Ransomeware
Phishing
Crypto-WalletDoD/DDoS
SQLi // XSS
Man-in-The Middle
URL Spoofing
Cloaking
Malware
Covert Plant
Visitors
Insiders
Outsiders
Alongsiders
Customers
Contractors
WiFi
Tunnels
Implants
Malware
Networks
Diversions
Brute Force
Decoys
V i ta l M e a s u r e r s
M i n i m a l t o M a x i m a l S e c u r i t y
P h y s i c a l S e c u r i t y
S t r o n g P a s s w o r d s
F i r e W a l l , P N , V P N
M a l w a r e P r o t e c t i o n
S t r o n g E n c r y p t i o n
G e n e r a P u b l i c K e y
A u t h e n t i c a t i o n
C e r t i f i c a t i o n
( N F a c t o r, M P a t h )
P e n e t r a t i o n D e t e c t i o n
a t K e y I n t e r f a c e P o i n t s
B e h a v i o u r a l A n a l y s i s o f
N e t , M a c h i n e s , P e o p l e
M o n i t o r f o r a l l P r e - C u r s o r
E v e n t I n d i c a t o r s
C r e a t e / J o i n I n f o r m a t i o n
S h a r i n g N e t w o r k s a c r o s s
t h e i n d u s t r y
P h y s i c a l M e a s u r e r s
M i n i m a l t o M a x i m a l S e c u r i t y
S e c u r e E n t r y S i t e & B u i l d i n g
D u p l i c a t e d /
T r i p l i c a t e d
P o w e r / F i b r e
B r e a k F r e e
P o w e r w i t h
B a t t e r i e s
G e n e r a t o r s
2 / 3 U t i l i t i e s
S u p p l y S i t e
5 0 k m f r o m
a n y A i r p o r t
V i ta l M e a s u r e r s
T h e m i n i m a l s e c u r i t y p r o t e c t i o n
failures
C o m m o n M o d e
O n e r o a d i n
a n d o u t i s n o t
a g o o d i d e a !
F o c u s e d
M e a s u r e r s
T e c h n i c a l S e c u r i t y
F o c u s e d
M e a s u r e r s
T e c h n i c a l S e c u r i t y
A i r L o c k
S t r i p D o w n
A u t h o r i s e d
E n t r y O n l y
G e n e r a l
A c c e s s
O p e n
L i m i t e d
A c c e s s
Z o n e d
T i m e d
C a m e r a s
H e a t S e n s o r s
M o t i o n S e n s o r s
L o c a t i o n P r o x i m i t y S e n s o r s
I n v i s i b l e X - X L a s e r B e a m s
S e g u e
S t a g e L e f t
O f f T h e R e c o r d P l a y T i m e
I d o n o t r e c o m m e n d y o u t r y a n y
o f t h i s - i t i s a l l a p a r t o f m y
p e r s o n a l m i s s i o n t o m a k e t h e
w o r l d a s a f e r p l a c e
Hobbies !
W e i r d / C r a z y ?
- A i r l i n e s e c u r i t y
- P u b l i c t a r g e t s
- B r e a k i n g i n
- S o c i a l d a t a
+ + + +
Tunnel Vision
T h e a t t a c k e r s f r i e n d
“ E n d r u n n i n g s y s t e m s
i s d e f i n i t e l y o n e o f
m y f a v o u r i t e s ”
Airport Security
S o m e o f t h i s i s l e g i t i m a t e
C a r e l e s s
L o n d o n i s a s a f e c i t y !
I was working in London
and stopped for a coffee
break in Soho…
Soho
C a r e l e s s
L o n d o n i s a s a f e c i t y !
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what my
mobile phone could see as he booted up !
Coffee Shop Protocol
• Sit as far back from the door as possible ;
ideally with no one to the rear or the sides
• Check for overhead cameras
• Do not wear identifying insignia of any kind
• Do not boot up to an identifying company,
country, government, agency badge
• Check and be aware N, E, S, W
LOUD & RUDE
There is always a price to pay !
The group next to my colleague
had just chanced upon the perfect
name for their new company.
So he bought the domain name and
all the variants before they had
completed their meeting!
O p P o r t u n i s t
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
O p P o r t u n i s t
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal Affairs Advisor
DAY 2: Pass Card as a member of staff
O p P o r t u n i s t
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal Affairs Advisor
DAY 2: Pass Card as a member of staff
I Was Invited to Test a
Companies Revised Security
My way in was to simply massage my security
pass from visitor to employee
I then played the role of an old boy not really
up to the modern world of IT and so many
wonderfully kind people came forward to help
me access networks, rooms and facilities
My secret? Wear a suite and a tie & look very
respectable…everyone knows that hackers
wear hoodies!
G O T O
R e s o u r c e s 4 U
petercochrane.com
Broadcom/Symantic Crowdstrike
Cisco, IBM
Akamai Varonis
Gartner, Aon, UKGov DDCMS. MimeCast
BitSight,TrendMicro, FCA Juniper, RAND, Kaspersky
Things that Think want to Link
and
Things that Link want to Think
F I N - Q & A ?
www.petercochrane.com

Contenu connexe

Tendances

CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
 
ICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote:  Evolving Network Security & ResilienceICTON 2020 KeyNote:  Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & ResilienceUniversity of Hertfordshire
 
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamCYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamUniversity of Hertfordshire
 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingUniversity of Hertfordshire
 
Project Management & Innovation
Project Management & InnovationProject Management & Innovation
Project Management & Innovationmade4gov
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a NetworkJonas Altman
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
AWS Seminar Series 2015 Melbourne
AWS Seminar Series 2015 MelbourneAWS Seminar Series 2015 Melbourne
AWS Seminar Series 2015 MelbourneAmazon Web Services
 

Tendances (20)

Voip realities and realisations
Voip realities and realisations Voip realities and realisations
Voip realities and realisations
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
 
TRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSTRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESS
 
MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and Execution
 
Surveillance society
Surveillance societySurveillance society
Surveillance society
 
The Automation of Everything
The Automation of EverythingThe Automation of Everything
The Automation of Everything
 
The Scientific Method
The Scientific MethodThe Scientific Method
The Scientific Method
 
ICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote:  Evolving Network Security & ResilienceICTON 2020 KeyNote:  Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & Resilience
 
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamCYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
 
Its My Data Not Yours!
Its My Data Not Yours!Its My Data Not Yours!
Its My Data Not Yours!
 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by Thinking
 
Managing cyber security
Managing cyber securityManaging cyber security
Managing cyber security
 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence Mathematically
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
 
Industry 4.0 Imperatives 工业4.0势在必行
Industry 4.0 Imperatives   工业4.0势在必行Industry 4.0 Imperatives   工业4.0势在必行
Industry 4.0 Imperatives 工业4.0势在必行
 
Engineering Reliability and Resilience
Engineering Reliability and ResilienceEngineering Reliability and Resilience
Engineering Reliability and Resilience
 
Project Management & Innovation
Project Management & InnovationProject Management & Innovation
Project Management & Innovation
 
Thinking like a Network
Thinking like a NetworkThinking like a Network
Thinking like a Network
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress Developers
 
AWS Seminar Series 2015 Melbourne
AWS Seminar Series 2015 MelbourneAWS Seminar Series 2015 Melbourne
AWS Seminar Series 2015 Melbourne
 

Similaire à Cyber Security in a Fully Mobile World

Internet of Things - Introduction
Internet of Things - IntroductionInternet of Things - Introduction
Internet of Things - IntroductionPrem Kumar Badri
 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing AttackJune Park
 
#Productivity - {S:01 Ep:03}
#Productivity - {S:01 Ep:03} #Productivity - {S:01 Ep:03}
#Productivity - {S:01 Ep:03} Dimitar Danailov
 
Blockchain. The silent revolution.
Blockchain. The silent revolution.Blockchain. The silent revolution.
Blockchain. The silent revolution.AURACHAIN
 
Nuno Job - what's next for software - ANDdigital tech summit
Nuno Job - what's next for software - ANDdigital tech summitNuno Job - what's next for software - ANDdigital tech summit
Nuno Job - what's next for software - ANDdigital tech summitGreta Strolyte
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Managing Technical Debt - WordCamp Orlando 2017
Managing Technical Debt - WordCamp Orlando 2017Managing Technical Debt - WordCamp Orlando 2017
Managing Technical Debt - WordCamp Orlando 2017Chad Windnagle
 
Case studies and work samples from the portfolio of Michael Darius
Case studies and work samples from the portfolio of Michael DariusCase studies and work samples from the portfolio of Michael Darius
Case studies and work samples from the portfolio of Michael Dariusroses/foundation
 
Introducing the Unified Cloud - Sean Bruton
Introducing the Unified Cloud - Sean Bruton Introducing the Unified Cloud - Sean Bruton
Introducing the Unified Cloud - Sean Bruton Hostway|HOSTING
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPRTransUnion
 

Similaire à Cyber Security in a Fully Mobile World (20)

Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real
 
Internet of Things - Introduction
Internet of Things - IntroductionInternet of Things - Introduction
Internet of Things - Introduction
 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing Attack
 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
 
#Productivity - {S:01 Ep:03}
#Productivity - {S:01 Ep:03} #Productivity - {S:01 Ep:03}
#Productivity - {S:01 Ep:03}
 
Blockchain. The silent revolution.
Blockchain. The silent revolution.Blockchain. The silent revolution.
Blockchain. The silent revolution.
 
2040 oneGove
2040 oneGove2040 oneGove
2040 oneGove
 
Nuno Job - what's next for software - ANDdigital tech summit
Nuno Job - what's next for software - ANDdigital tech summitNuno Job - what's next for software - ANDdigital tech summit
Nuno Job - what's next for software - ANDdigital tech summit
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
 
Digital Destinies
Digital DestiniesDigital Destinies
Digital Destinies
 
People the biggest cyber risk
People the biggest cyber riskPeople the biggest cyber risk
People the biggest cyber risk
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Managing Technical Debt - WordCamp Orlando 2017
Managing Technical Debt - WordCamp Orlando 2017Managing Technical Debt - WordCamp Orlando 2017
Managing Technical Debt - WordCamp Orlando 2017
 
Case studies and work samples from the portfolio of Michael Darius
Case studies and work samples from the portfolio of Michael DariusCase studies and work samples from the portfolio of Michael Darius
Case studies and work samples from the portfolio of Michael Darius
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Introducing the Unified Cloud - Sean Bruton
Introducing the Unified Cloud - Sean Bruton Introducing the Unified Cloud - Sean Bruton
Introducing the Unified Cloud - Sean Bruton
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
 

Plus de University of Hertfordshire (14)

Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & Opportunities
 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics -  Laws Embracing Our UniverseThermodynamics -  Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our Universe
 
Applied Science - Engineering Systems
Applied Science - Engineering SystemsApplied Science - Engineering Systems
Applied Science - Engineering Systems
 
IoT Yet to Come
IoT Yet to ComeIoT Yet to Come
IoT Yet to Come
 
The Scientific Meme
The Scientific Meme The Scientific Meme
The Scientific Meme
 
Uncanny Valley and Human Destiny
Uncanny Valley and Human DestinyUncanny Valley and Human Destiny
Uncanny Valley and Human Destiny
 
Society 5.0: A Vital Symbiosis
Society 5.0: A Vital SymbiosisSociety 5.0: A Vital Symbiosis
Society 5.0: A Vital Symbiosis
 
Cyber Portents and Precursors
Cyber Portents and PrecursorsCyber Portents and Precursors
Cyber Portents and Precursors
 
Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?
 
THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS
 
Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
 
Cyber Security - Becoming Evil
Cyber Security - Becoming EvilCyber Security - Becoming Evil
Cyber Security - Becoming Evil
 
Industry 4.0 and Sustainability
Industry 4.0 and SustainabilityIndustry 4.0 and Sustainability
Industry 4.0 and Sustainability
 

Dernier

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 

Dernier (20)

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 

Cyber Security in a Fully Mobile World

  • 1. Prof Peter Cochrane OBE p e t e r c o c h r a n e . c o m U D P I P S I P TC P RT P D C H P D N S P N V P N L A N W A N W I F IP S T N W L A N 3 G 4 G 5 G 6 G ? ? B l u e To o t h F T T X V D S L VO I P I o T I 4 . 0 A I V M O 4 G C LO U D S A M P S A C T S B O D F L A G I N L E O P I N P o C N A P P o P P OT S S ATC o m RO W A F C C O D E C C AT VAT M DT M F E IR P F M D P S K CYBER Security In a fully mobile world
  • 2. D A N G E R O U S E P O C H C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d “ We h a v e n e v e r k n o w n s o v e r y m u c h a n d u n d e r s t o o d s o l i t t l e”
  • 3. D A N G E R O U S E P O C H C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d “ We h a v e n e v e r k n o w n s o v e r y m u c h a n d u n d e r s t o o d s o l i t t l e” 2 0 2 0 I n f o r m a t i o n 6 0 Z B M o b i l e s > 1 4 B n I o T D e v i c e s > 2 5 B n C o n n e c t i o n s > 5 0 B n G l o b a l F i b r e > 1 Tm Tr a f f i c / D a y > 5 E B Internet traffic 2025 >17.5 ExaBytes/Day 2020 >5.3 ExaBytes/Day 2015 > 1.7 ExaBytes/Day 2000 < 0.3 ExaBytes/Day 1 Exa =109 GBytes
  • 4. RESUME R e a l i t y 2 0 2 0 Attacks are escalating The Dark Side is winning There are no silver bullets People are the biggest risk The attack surface is increasing Attacker rewards are on the up All our security tools are reactive Cyber disruption costs are growing Companies do not collaborate/share Attackers operate an open market More of the same but better & faster will not change the game… …we have to think anew - to get out of the box and do something very different !
  • 5. Infrastructures Web Resources PoS + ATMs Peripherals Users IoT Mobiles Pcs Tablet Wearables Targets Transport IT Retail Crypto££ Telecom ++++ c y b e r A t t a c k A c o n n e c t e d / n e t w o r k e d w o r l d Malware False ID Social Engineering Hacking Web Probes DDoS Software Adulteration Finance Gov Health Care Education Industry Commerce Services Hospitality VictimsTools
  • 6. Infrastructures Web Resources PoS + ATMs Peripherals Users IoT Mobiles Pcs Tablet Wearables Targets Transport IT Retail Crypto££ Telecom ++++ c y b e r A t t a c k A c o n n e c t e d / n e t w o r k e d w o r l d Malware False ID Social Engineering Hacking Web Probes DDoS Software Adulteration Finance Gov Health Care Education Industry Commerce Services Hospitality VictimsTools We are all on (a) l i s t ( s ) & r a t e d a s t a r g e t s S o o n e r o r l a t e r w e w i l l a l l t a k e a h i t ( o r t w o ) M u c h o f o u r p e r s o n a l d a t a i s f o r s a l e !
  • 7. H E A D L I N E S B i g g e r t h a n U K G D P ! “ W e a r e l o s i n g t h i s w a r h a n d s d o w n ”
  • 8. https://www.varonis.com/blog/cybersecurity-statistics/ A t t a c k C a t a l o g u e W e f a c e a r a p i d l y c h a n g i n g l a n d s c a p e ! “ I t i s e s s e n t i a l t o m a k e a c y b e r t h r e a t r e v i e w a d a i l y r o u t i n e b y c o n t i n u a l l y t a p p i n g t h e r i c h v e i n o f r e p o r t s a n d h e a d l i n e n e w s a v a i l a b l e t o t h e d e f e n c e c o m m u n i t y ” https://go.crowdstrike.com/crowdstrike-global-threat-report-2020.html https://www6.gemalto.com/ppc/dtr/global https://www.accenture.com/gb-en/insights/cyber-security-index https://solutionsreview.com/endpoint-security/key-findings-the-check- point-2020-cyber-security-report/
  • 9. R a n s o m e w a r e % o f o r g a n i s a t i o n s r e p o r t i n g a t t a c k s
  • 11. P e r s i s t e n t C r i s i s Anti-phase cyclic actions correlate with events Company/Institutions/Gov/Industry Status Surveys remain almost static year- on-year and show little sign of improvement despite the growing number and type of attack plus reputational damage
  • 12. T H E B I G G E S T R I S K A t t a c k m o d e s d e p e n d o n p e o p l e f a i l s !
  • 13. J O E P U B L I C T h e O L D a t r i s k g r o u p
  • 14. J O E P U B L I C T h e O L D a t r i s k g r o u p Status User Attitude I just want to use it: I can’t/don’t want to know or understand any of the detail - so don’t touch it, don’t change anything, you might break it, just fix the problem and let me carry on as normal! Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP BOTNET Zip Outdated Old OS - never updated Very Few - never updated Simple and Weak What ? No Idea? Whats That? None I use my phone line Wide Open ??? Blanklook - Don’t care Very hard to help at risk group in need of expert/ Family Help
  • 15. Young Family B o r n & l i v e w i t h t e c h
  • 16. Young Family B o r n & l i v e w i t h t e c h Status User Attitude We all need to be IT literate and fully understand the opportunities/risks - child protection is a must and how/where to get help Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Sufficient /Reasonable New(ish) OS - auto-updated Many - auto-updated Strong(ish)/Browser Created Two Factor Built into OS Protection Built into OS Cloud fundamental to set up Best Deal ADSL/VDSL/Fibre Supplier Strong Password Firewall + Child Protection May have Norton or similar Parents capable and protective kids are eager beavers
  • 17. H O M E W O R K E R A w a r e a n d C y b e r - w o r r i e d
  • 18. H O M E W O R K E R A w a r e a n d C y b e r - w o r r i e d Status User Attitude I am a professional and my job depends upon my IT literacy: I need to fully understand the opportunities and risks and I need contracted support Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Encryption VPN Good <3 years old OS - auto-updated Many - auto-updated Strong/Browser Created 2 Factor + PIN/Fingerprint Built into OS + Additional App(s) Protection inside OS + App(s) Cloud +Several (>1) HDs Best ADSL/VDSL/Fibre Speed Strong Password FireWall and Malware Protection Norton or similar +++ Not the norm but able Sometimes
  • 19. M o b i l e w o r k e r Cyber over confident should be worried
  • 20. M o b i l e w o r k e r Cyber over confident should be worried Status User Attitude I am a professional road warrior and my job depends upon me being on the ball and self sufficient & I have to be aware of physical and cyber security Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Encryption VPN Good <3 years old OS - auto-updated Many - auto-updated Strong/Browser Created 2 Factor + PIN/Fingerprint Built into OS + Additional App(s) Protection inside OS + App(s) Cloud(x2) + Several (>2) HDs Best ADSL/VDSL/Fibre Speed Strong Password Random Sites FireWall and Malware Protection Norton or similar +++ Normal Mode Normal Mode
  • 21. S M E / S ta r t u p D e f e n d i n g a d i s p a r a t e g r o u p
  • 22. S M E / S ta r t u p D e f e n d i n g a d i s p a r a t e g r o u p Added Complexity There are no IT standards and/or codes of practice everyone works on the move using their personal IT and an array of platforms and apps People are working from Home, Office, Hotels, Airports, Coffee Shops with ad hoc networking with a wide range of data and apps The attack opportunities are amplified but so are the complications of navigating multiple locations, device and OS types along with a diverse spread of Apps Fledgling companies eventually die or grow up and this model does not scale to deal with the a large number of customers and the increased security requirements - in short: processes, contingencies and staff training plus a deal of uniformity are a must ! Status User Attitude A group of professionals dedicated to the creation of a successful company - from a variety of backgrounds with years of IT user experience and awareness Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Encryption VPN IT Support Excellent Random mix of personal devices Multiple OS - auto-updated Many - auto-updated Strong/Browser Created 2 Factor + PIN/Fingerprint Built into OS + Additional App(s) Protection inside OS + App(s) Cloud(x3) + Many (>??) HDs Best ADSL/VDSL/Fibre Strong Password Fixed & Mobile FireWall and Malware Protection An Array of Products + Services Normal Mode Normal Mode Some Specialisms eg web site
  • 23. M e d i u m B i G C o m p a n y A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s L a r g e C o m p a n y Cyber over confident should be worried
  • 24. M e d i u m B i G C o m p a n y A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s L a r g e C o m p a n y Cyber over confident should be worried ITs not my bag THE IT DEPT Take care of all this/w ho cares IT and Security never eat their ow n dog food do theY EVEN care IT and Security never look at or try to do your job
  • 28. D A N G E R O U S E P O C H We h a v e n e v e r s e e n a n y t h i n g l i k e t h i s !
  • 29. P r i m e t a r g e t s F a v o u r i t e c y b e r a t t a c k s e c t o r s $ $
  • 30. V U L N E R A B I L I T I E S T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e
  • 31. V U L N E R A B I L I T I E S T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e People Always The Biggest Risk!
  • 32. P H I S H I N G D E M O O h s o v e r y e a s y f o r t h e s k i l l e d
  • 34. S P O O F E R S B i g g e s t f r o n t c o m p a n i e s
  • 35. I M P E R S O N A T I O N F a k e I D c a l l c e n t r e s u p p o r t a t t a c k s
  • 36. C h a l l e n g e T h i s l i s t e x p a n d s y e a r l y
  • 37. Malicious Code inserted into visitor browsers Gains Access to sensitive data c y b e r A t t a c k S y s t e m W i d e O p p o r t u n i t y Po i n t s
  • 38. R I S K P R O F I L E T h e b i a s f o l l o w s t h e p e o p l e
  • 39. R I S K P R O F I L E T h e b i a s f o l l o w s t h e p e o p l e “ T h e b u l k o f n a t i o n a l a n d i n t e r n a t i o n a l n e t w o r k s a r e p h y s i c a l l y d i f f i c u l t to access: the level of e n c r y p t i o n r e n d e r s i t i m p o s s i b l e t o access any useful i n f o o r d a t a” W e n o w e x a m i n e t h i s i n d e t a i l
  • 40. PRIMARY security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN Network Services Reseller with direct routing Inherently Secure Fibre PN/VPN
  • 41. PRIMARY security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN Network Services Reseller with direct routing Inherently Insecure Wired & Wireless Inherently Secure Fibre PN/VPN Strong Encryption Hidden VPN & Routings What is actually in this Cloud?
  • 42. p a r t i a l v i e w 1 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually in this Cloud?
  • 43. p a r t i a l v i e w 1 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually in this Cloud? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
  • 44. p a r t i a l v i e w 2 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l How is the Network Configured?
  • 45. p a r t i a l v i e w 2 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l How is the Network Configured? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
  • 46. S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ?
  • 47. S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ? In h er en tly s ec u r e in th e ex tr em e iff d es ig n ed w ell a n d d eta il is k ep t s ec r et
  • 48. Cable 3 D i v e r s i t y M u l t i - C a b l e s P a t h s
  • 49. Cable 8 Cable 6 Cable 3 D i v e r s i t y M u l t i - C a b l e s P a t h s
  • 50. Cable 8 Cable 6 Cable 3 D i v e r s i t y M u l t i - C a b l e s P a t h s A d d s r es ilien c e to a w h o les a ler n etw o r k a n d is a v er y effec tiv e d efen c e a g a in s t D D O S A tta c k s
  • 51. Cable 8 Cable 6 Cable 3 A d d r e s s i n g M u l t i - C a b l e P a t h s / R o u t i n g Radically Different For Each Layer Password Format Different by Layer
  • 52. Cable 8 Cable 6 Cable 3 A d d r e s s i n g M u l t i - C a b l e P a t h s / R o u t i n g Radically Different For Each Layer Password Format Different by Layer A d d s r es ilien c e A n d A N ex tr a la y er o f s ec u r ity fo r a tta c k er s if th ey g et th is d eep
  • 53. Cable 8 Cable 6 Cable 3 Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! S p o o f i n g G h o s t C a b l e s P a t h s
  • 54. Cable 8 Cable 6 Cable 3 d ilu tes th e effo r ts a n d r es o u r c es o f th e d a r k s id e a n d Fr u s tr a tes th eir D es ig n s to G a in a c c es s Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! S p o o f i n g G h o s t C a b l e s P a t h s
  • 55. Cable 3 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
  • 56. Cable 8 Cable 6 Cable 3 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
  • 57. Cable 8 Cable 6 Cable 3 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners A s o f th e c r ea tio n o f th is p r es en ta tio n n o k n o w n a tta c k h a s b een s u c c es s fu l a g a in s t th is d efen c e
  • 58. TH E BIG PICTUR E O p t i c a l F i b r e C a b l e N e t S p i n e
  • 59. TH E BIG PICTUR E O p t i c a l F i b r e C a b l e N e t S p i n e O v er 4 30 u n d er s ea c a b les n o w c o n n ec t th e p la n et a n d c a r r y 99.999% o f a ll tr a ffic
  • 60. EU - Nth America O p t i c a l F i b r e C a b l e s 2 0 1 9
  • 61. EU - Nth America O p t i c a l F i b r e C a b l e s 2 0 1 9 C A B LE FA ILS A R E R A R E a n d m a in ly c a u s ed b y h u m a n in ter v en tio n tr a w ls a n c h o r s p lu s tid a l a c tio n
  • 62. UK - North America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
  • 63. UK - North America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s
  • 64. UK - North America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s in w a r tim e it is n o t u n u s u a l fo r c a b les to b e a ta r g et if th ey c a n b e lo c a TED TH EN TH EY M A Y B E C U T
  • 65. PRIMARY Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms
  • 66. PRIMARY Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available
  • 67. PRIMARY Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available N o n O b v io u s g a t ew a y g h o s t in g /d u p lic a t io n P lu s s p lit fib r e c a b le feed s c a n b e u s ed t o in c r ea s e s ec u r it y Ex t en s iv e u s e o f en c r y p t io n 12 8 /2 5 6 / 5 12 k ey s p lu s p u b lic k ey fo r c o n t r o l a n d s ig n a llin g
  • 68. COULD THIS HAPPEN W o u l d i t i n a l l l i k e l i h o o d w o r k ? The media just love this scenario… but undersea cables are 1000s of time less vulnerable than satellites!
  • 69. AND THIS ? B a d c a b l e d e s i g n !
  • 70. PRIMARY Security 3 Ra n d o m i s a t i o n o f b y t e s a n d ro u t i n g Impossible to fully imitate the complex randomness in action…so this will have to suffice !!
  • 71. R I S K P R O F I L E T h e b i a s f o l l o w s t h e p e o p l e “ T h e b u l k o f t h e l o c a l l o o p / l a s t m i l e i s e x p o s e d a n d p h y s i c a l l y e a s y to access: the equipment, copper, fibre, and wireless links are open to attack” W e n o w e x a m i n e t h e l a s t m i l e
  • 72. “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 1 : COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
  • 73. “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 1 : COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t 1 23 4 5 6 7 8
  • 74. COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 1 2
  • 75. COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e
  • 76. COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 3 4 3 5 5 5 5 5
  • 77. COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 6
  • 78. COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t H e r e i s t h e h a r d w a r e 2 : 7
  • 79. Why would anyone do this for a few ££ an hour, or is there hidden value add that we are not seeing? Stealing all that personal data is often the bigger prize! MUCH EASIER W i t h a h i g h R O I Gangs generally hired in and exploited by big crime! Sold on or delivered to far more capable exploiters…
  • 80. UP THE VALUE 100s of hack tutorials on-line A naked mobile device is one price A live mobile device with all the log-in and personal data accessible is a much better deal !
  • 81. PASSWORD & PACKET SNIFFERS A v i t a l b r e a k i n t o o l a v a i l a b l e o n t h e D a r k N e t F r e e o r a v a i l a b l e t o p u r c h a s e T i m e t o c r a c k a p a s s w o r d = M i n u t e s - H o u r s E m u l a t i n g h a r d w a r e c a n c o s t k i t + s o f t w a r e a n d i s h a r d ! Password Sniffer: An App that scans and records passwords on a computer or network interface. It inspects all incoming and outgoing network traffic and records any instance of a data packet that contains a password. Over a period of time it can build up a complete ID, MAC Address, Password et al record
  • 82. STUDENT WARNING I d o n o t re c o m m e n d e n t e r i n g t h i s d o m a i n , BU T i t i s t h e o n l y re a l wa y o f a p p re c i a t i n g t h e f u l l p o t e n t i a l - S O i f yo u d o d e c i d e t o h a ve l o o k , t h e n : 1) Use an old machine/fake ID in a coffee shop 2) Have your camera, mic, tracking turned off 3) Make sure all location service options are off 4) Employ security (Norton et al) throughout 5) Only have a single app (TOR) installed 6) DO NOT complete any transactions 7) Reveal no personal info whatsoever 8) Factory reset machine when done 9) Security scan machine on boot RECOMMENDATION: Enter, take a look, get a taste, get out
  • 83. TORching infrastructure 5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9 I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y 3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s
  • 84. TORching infrastructure 5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9 I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y 3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s This is the pow er of ignorance w rit large belief paranoia and a lack of any basic education 3 4 5G save lives day on day and these fools do not know that they are killing people
  • 85. Segue: Demo P u b l i c K e y M a d e O b v i o u s
  • 86. L e ss o n s F r o m H i s to r y
  • 87. L e ss o n s F r o m H i s to r y F e n c e F e n c e + M o u n d W a l l + M o u n d W a l l + M o u n d + D i t c h W a l l + M o u n d + M o a t W a l l ( s ) + M o u n d + K e e p + M o a t + + + + + + W a l l ( s ) + M o u n d + K e e p + M o a t + H i d d e n D i t c h + O b s t a c l e s + + + + + + C a s t l e i n a C a s t l e !
  • 88. S lo w e vo l u t i o n T h e e n e m y i s m o b i l e & a g i l e E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !
  • 89. S lo w e vo l u t i o n T h e e n e m y i s m o b i l e & a g i l e I r o n A g e N a p o l e o n E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e ! Does this not look like the recent history of cyber defence w ith layer on layer of fixed/static defences And w e are still building them in the form of bunkers at even vaster expense
  • 90. And after > 2000 years of evolution, what comes next? WA L L S D O N ’ T W O R K B u t w e k e e p b u i l d i n g t h e m ! And w e are still building them and they are still ineffective and very expensive
  • 91. W H At D I D W E L E A R N ! C o n c e n t r i c d e f e n c e l a y e r s w o r k ( i s h ) ? N o t s o i f t h e y a r e : F i x e d U n c h a n g i n g U n r e s p o n s i v e S l o w t o e v o l v e L a c k i n t e l l i g e n c e P o o r l y m a i n t a i n e d O p e r a t e i n i s o l a t i o n N o t w h o l l y i n t e g r a t e d N o t f u l l y a n t i c i p a t o r y H u b L A N S w i t c h C P E H u b L A N S w i t c h C P E I S P C L O U D ( s ) S e c u r i t y a t e v e r y l a y e r h a s t o b e d y n a m i c & a d a p t a b l e
  • 92. Assessment S e c t o r R e a l i t y 2 0 2 0 Attacks escalating Our exposure is growing Attackers are winning the war Attacker get richer by the year Our defences are not 100% effective We need to collaborate and share all We are largely disorganised and underinvesting People remain our single biggest attack risk All our security tools are reactive & mostly outdated Best market model appears to be the airline industry
  • 93. Assessment S e c t o r R e a l i t y 2 0 2 0 Attacks escalating Our exposure is growing Attackers are winning the war Attacker get richer by the year Our defences are not 100% effective We need to collaborate and share all We are largely disorganised and underinvesting People remain our single biggest attack risk All our security tools are reactive & mostly outdated Best market model appears to be the airline industry We present an easy and very attractive Opportunity for cyber hackers and/or criminals
  • 94. Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric
  • 95. Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric
  • 96. Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric Flying is generally the safest mode transport globally as a result of this model Cyber security is in need of something very similar if it is ever to migrate out of The victim mode
  • 97. • No transgressions • Work up to the limit • Keep within the spirit & word • Our responsibility to keep up to date • Seek legal advice on latitude • Special dispensations may be possible • National security/intelligence may help • In general the Buck ends with you ! C o n s t r a i n t s O u r f r e e d o m s a r e l i m i t e d Legal system Codes of practice Ethical principles Moral responsibilities
  • 98. THE Potential Nightmare We h a v e n o r e a l e v i d e n c e o f w h o c a n d o w h a t !
  • 99. The eNemy Innovates fast T h i n g s l i k e t h i s p o p u p a l m o s t w e e k l y !
  • 100. A t t a c k T y p e s W i t h a g r o w i n g s p e c i e s c a t a l o g u e R e a l T i m e D e l a y e d O p e n & O b v i o u s I n v i s i b l e S t e a l t h R e a d i l y o r E v e n t u a l l y I d e n t i f i a b l e D i f f i c u l t o r I m p o s s i b l e t o I d e n t i f y Disguised H i d d e n M a y o r m a y not (ever) be d i s c o v e r e d
  • 101. A t t a c k T y p e s W i t h a g r o w i n g s p e c i e s c a t a l o g u e R e a l T i m e D e l a y e d O p e n & O b v i o u s I n v i s i b l e S t e a l t h R e a d i l y o r E v e n t u a l l y I d e n t i f i a b l e D i f f i c u l t o r I m p o s s i b l e t o I d e n t i f y Disguised H i d d e n M a y o r m a y not (ever) be d i s c o v e r e d Sophisticated criminal group technology Rogue/nation state espionage OR WEAPONISED Rogue/nation state espionage OR WEAPONISED Hacker/groups conventional techniques
  • 102. D e f e n c e e s s e n c e S p e e d o f d e t e c t i o n , r e s p o n s e & a d a p t a t i o n 1) Our own passivity is the biggest danger 2) The attacker agility and innovation our biggest challenge 3) Attackers have the first mover advantage & get to choose everything 4) Human defenders cannot be vigilant and prepared 24 x 365 year-on-year 5) Situational awareness is key & rooted in Data/Information gathering/analysis 6) Machines, AI, Machine Learning are key to solving (4 & 5) and giving us the edge 7) The application of anticipatory techniques is still in its infancy and needs investment! 8) Disparate companies, groups and government almost all the components we need 9) It is essential that these resources (8) are brought to bear and integrated with (5 -7) 8) We might just win this war, but not without changing the way we think and operate!
  • 103. M I N D S E T S A d i f f e re n t p e r s p e c t i ve https:// www.y outube. com/ watch? v=X7rh ovBK_e A Audio Book https://www.youtube.com/watch?v=X7rhovBK_eA Written 5th C BC Most important points: Information matters and an educated guess is better than a gut decision Generals should be adept at the "military calculus" of accounting for anything and everything that could affect the outcome of a battle
  • 104. M I N D S E T S P r o v o c a t i v e s t i m u l a t i o n More Quotes by famous generals and philosophers https://bit.ly/2VVJ6Hm More Quotes by Sun Tzu https://bit.ly/2VVJ6Hm BEST Quotes by Sun Tzu https://bookroo.com/quotes/the-art-of-war “The supreme art of war is to subdue the enemy without fighting” “To know your enemy you must become your enemy”
  • 105. 1) There is always a threat 2) It is always in a direction you’re not looking 3) Perceived risk/threat never equals reality 4) Nothing is ever 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual risk 7) You need two security groups - defenders and attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind Security Laws I m m u t a b l e S i n c e 1 9 9 0
  • 106. Security Laws I m m u t a b l e S i n c e 1 9 9 0 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending them 13) Hackers are smarter than you - they are younger! 14) Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally defines the outcome
  • 107. p a r A D O X 1 Wa r G a m e s a n d D e f e n c e “The military play all day and occasionally go to war” “We are ay war every day and never play”
  • 108. pA r A D O X 2 N o re t a l i a t o r y d e f e n c e BY and large w e know w ho the attackers are and w here they reside but opt to do nothing the enem y have sim ply adopted our technologies and used them as w eapons against us
  • 109. T o S u r v i v e We n e e d t o b e c o m e u n i t e d “Failure the greatest teacher is”
  • 110. T o S u r v i v e We n e e d t o b e c o m e u n i t e d Well Funded R&D Global Sharing Culture Tools, Tech & Info Sharing Proactive Defence Strategies Skills & Expertise Cooperation Fast to Respond to/Report Threats Cooperative Creativity Engage in Workable Legislation Help Formulate Law Frameworks Virtualised Every Aspect of Cyber Defence Formulate a Rapid Attack/Punitive Responses “The Art of War read you must”
  • 111. C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $5000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypots… Social engineering is one of the most powerful tools to be widely exploited by the ‘Dark Side’ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect
  • 112. C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $5000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypots… Social engineering is one of the most powerful tools to be widely exploited by the ‘Dark Side’ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect W a tch som e crim e hEist spy m ov ies rea d detectiv e n ov els k eep up w ith security dev elopm en ts To get a grip on deception rea d on m a gic a n d m a gicia n s w a tch som e rela ted m ov ies
  • 113. S e g u e : S t u x n e t S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r O n l y i n t e r e s t e d i n M S O S H u n t e r K i l l e r S p e c i e s 2 0 1 0 A t t a c k N e v e r A t t r i b u t e d C I A - M o s s a d P r i m a r y S u s p e c t s G e n e r a l S p e c i e s f o r S a l e o n D a r k W e b
  • 114. c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security Prime Motivation Political, Commercial and Social Change Prime Motivation Domination and TakeOver
  • 115. https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ c y b e r a t t a c k P r i m a r y Ta r g e t s a s o f J a n 2 0 1 9
  • 116. M y F o r e c a s t T h e n u m b e r O n e f o r 2 0 2 0 A target rich opportunity: • A wealthy technophobic organisation and customers • Processes, protocols and methodologies well known • Millions of people involved with dispersed offices • Multiple points of access PSTN, VOIP, Network+ • Staff trained to help customers BIG and small ++++ • Many possible attack modes: Phishing, Whaling, Malware, Man-in-the-Middle, Insider, Contractor, bribery, corruption, coercion
  • 117. C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Effort Extremely Profitable Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Influence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Effort Political Influencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation
  • 118. C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Effort Extremely Profitable Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Influence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Effort Political Influencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation Short Game Low Gain Medium Game Medium Gain Long Game Massive Gain Sophistication Investment Complexity ROI
  • 119. S tat u s Q u o C y b e r C r i m e E c o n o m y E A S Y E N T R Y 1 M o s t l y v e r y p o o r p r o t e c t i o n B e h i n d t h e F i r e W a l l i n o n e s m a l l s t e p N o P a s s w o rd s E a s y P a s s w o r d s F a c t o r y D e f a u l t
  • 120. E A S Y E N T R Y 2 M o s t l y v e r y p o o r p r o t e c t i o n
  • 121. E A S Y M o n e y L o w c o s t h u m a n / ro b o t a t t a c k s
  • 122. P h i s h i n g E x p o n e n t i a l G r o w t h Criminals are in a race against security teams looking to shut them down Security teams report phishing URLs regularly, but some criminals use web hosts/ domains that ignore reports Most kits have a short life, and the phishing window is growing smaller H i g h l y s u c c e s s f u l / p r o f i t a b l e ; a n d v e r y e a s y t o a u t o m a t e f o r T X T a n d s p e e c h
  • 123. P h i s h i n g E x p o n e n t i a l G r o w t h o f S p e c i e s s e e s a ra p i d S h o r t e n i n g L i f e t i m e s Days to Deactivation Cumulative%ofKitsDeactivated 25% 50% 75% 100% Cumulative % of kits deactivated 0 40 80 120 160 200
  • 124. P h i s h i n g E x p o n e n t i a l I n n o v a t i o n Akamai
  • 125. S E G U E P h i s h i n g D e m o
  • 126. D E F E N CE I N D U S T R Y W h e n a c u s t o m e r b e c o m e s a n e n e m y Kill Switch Disable Signal Destruct Command Assume Control Portal Information/Data Gathering
  • 127. O F F T H E R EC O R D A l m o s t n o t h i n g i s a s i t a p p e a r s
  • 128. m a l w a r e A ‘c o m m e rc i a l ’ s a m p l e Cerber – Malicious email file affecting system OS - steals user’s info to extort money RaaS – (Ransomware-as-a-Service) Hackers make money by selling/using this product Emotet – Originally a banking Trojan, but evolved as a full-scale Bot threat. Botnets – Used for DDOS attacks, SPAM distribution, data stealing, self organising Crypto-mining Malware – Distributed computing for cryptojacking - using your FLOPs
  • 129. D D o S T y p e s T h e m a i n a t t a c k c h a ra c t e r i s t i c s Volumetric: Consumes network, service, link bandwidth to create congestion/paralysis TCP State Exhaustion: Kills core routers, firewalls & application servers - services unusable Application Layer: Target websites, databases & app services. Perhaps the most sophisticated /stealthy - very difficult to detect using common flow-based monitoring https://www.scss.tcd.ie/publications/theses/diss/2018/TCD-SCSS-DISSERTATION-2018-046.pdf
  • 130. DDoS Deception I s t h i s t h e m a i n a c t - o r n o t ? Not So Obvious: Distraction to conceal more sinister activities?
  • 131. DDoS Defence J u s t o n e c o m m e r c i a l o f f e r
  • 132. W H AT W E D E T E C T P o s s i b l y j u s t t h e t i p o f a n i c e b e r g ! We need to start looking below the surface of obviousness for the hidden sophistication of the many stealth attacks that we suspect are happening that we cannot see! Ransomeware Phishing Crypto-WalletDoD/DDoS SQLi // XSS Man-in-The Middle URL Spoofing Cloaking Malware Covert Plant Visitors Insiders Outsiders Alongsiders Customers Contractors WiFi Tunnels Implants Malware Networks Diversions Brute Force Decoys
  • 133. V i ta l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y P h y s i c a l S e c u r i t y S t r o n g P a s s w o r d s F i r e W a l l , P N , V P N M a l w a r e P r o t e c t i o n S t r o n g E n c r y p t i o n G e n e r a P u b l i c K e y A u t h e n t i c a t i o n C e r t i f i c a t i o n ( N F a c t o r, M P a t h ) P e n e t r a t i o n D e t e c t i o n a t K e y I n t e r f a c e P o i n t s B e h a v i o u r a l A n a l y s i s o f N e t , M a c h i n e s , P e o p l e M o n i t o r f o r a l l P r e - C u r s o r E v e n t I n d i c a t o r s C r e a t e / J o i n I n f o r m a t i o n S h a r i n g N e t w o r k s a c r o s s t h e i n d u s t r y
  • 134. P h y s i c a l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y S e c u r e E n t r y S i t e & B u i l d i n g D u p l i c a t e d / T r i p l i c a t e d P o w e r / F i b r e B r e a k F r e e P o w e r w i t h B a t t e r i e s G e n e r a t o r s 2 / 3 U t i l i t i e s S u p p l y S i t e 5 0 k m f r o m a n y A i r p o r t
  • 135. V i ta l M e a s u r e r s T h e m i n i m a l s e c u r i t y p r o t e c t i o n failures C o m m o n M o d e O n e r o a d i n a n d o u t i s n o t a g o o d i d e a !
  • 136. F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y
  • 137. F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y A i r L o c k S t r i p D o w n A u t h o r i s e d E n t r y O n l y G e n e r a l A c c e s s O p e n L i m i t e d A c c e s s Z o n e d T i m e d C a m e r a s H e a t S e n s o r s M o t i o n S e n s o r s L o c a t i o n P r o x i m i t y S e n s o r s I n v i s i b l e X - X L a s e r B e a m s
  • 138. S e g u e S t a g e L e f t O f f T h e R e c o r d P l a y T i m e I d o n o t r e c o m m e n d y o u t r y a n y o f t h i s - i t i s a l l a p a r t o f m y p e r s o n a l m i s s i o n t o m a k e t h e w o r l d a s a f e r p l a c e
  • 139. Hobbies ! W e i r d / C r a z y ? - A i r l i n e s e c u r i t y - P u b l i c t a r g e t s - B r e a k i n g i n - S o c i a l d a t a + + + +
  • 140. Tunnel Vision T h e a t t a c k e r s f r i e n d “ E n d r u n n i n g s y s t e m s i s d e f i n i t e l y o n e o f m y f a v o u r i t e s ”
  • 141. Airport Security S o m e o f t h i s i s l e g i t i m a t e
  • 142. C a r e l e s s L o n d o n i s a s a f e c i t y ! I was working in London and stopped for a coffee break in Soho… Soho
  • 143. C a r e l e s s L o n d o n i s a s a f e c i t y ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what my mobile phone could see as he booted up ! Coffee Shop Protocol • Sit as far back from the door as possible ; ideally with no one to the rear or the sides • Check for overhead cameras • Do not wear identifying insignia of any kind • Do not boot up to an identifying company, country, government, agency badge • Check and be aware N, E, S, W
  • 144. LOUD & RUDE There is always a price to pay ! The group next to my colleague had just chanced upon the perfect name for their new company. So he bought the domain name and all the variants before they had completed their meeting!
  • 145. O p P o r t u n i s t Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting
  • 146. O p P o r t u n i s t Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff
  • 147. O p P o r t u n i s t Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff I Was Invited to Test a Companies Revised Security My way in was to simply massage my security pass from visitor to employee I then played the role of an old boy not really up to the modern world of IT and so many wonderfully kind people came forward to help me access networks, rooms and facilities My secret? Wear a suite and a tie & look very respectable…everyone knows that hackers wear hoodies!
  • 148. G O T O R e s o u r c e s 4 U petercochrane.com Broadcom/Symantic Crowdstrike Cisco, IBM Akamai Varonis Gartner, Aon, UKGov DDCMS. MimeCast BitSight,TrendMicro, FCA Juniper, RAND, Kaspersky
  • 149. Things that Think want to Link and Things that Link want to Think F I N - Q & A ? www.petercochrane.com