1 Today's Speakers From Control Risks Control Risks 3 Luke - - PowerPoint PPT Presentation

1 today s speakers
SMART_READER_LITE
LIVE PREVIEW

1 Today's Speakers From Control Risks Control Risks 3 Luke - - PowerPoint PPT Presentation

Dec 14, 2022 470 likes •804 views

Control Risks 1 Today's Speakers From Control Risks Control Risks 3 Luke Fardell James Lythe Shaun Flint Consultant Associate Director Associate Director Cyber Protect Digital Forensics Crisis Management Global Cyber Security trends

slide-1
SLIDE 1

1

Control Risks

slide-2
SLIDE 2

Today's Speakers

From Control Risks

slide-3
SLIDE 3

3

Control Risks

Luke Fardell Associate Director Digital Forensics Shaun Flint Consultant Cyber Protect James Lythe Associate Director Crisis Management

slide-4
SLIDE 4

Global Cyber Security trends

slide-5
SLIDE 5

5

Control Risks

Global cyber security compliance trends during COVID-19

North America

Some state-level

  • effort. There is a

concern over the complex use of cryptography infrastructure developed by Apple and Google which needs to be tested.

South America

Cyber security and privacy legislation is still

  • evolving. Infrastructure is

not as resilient which led to Colombia withdrawing its contact tracing app and now looking to use a Google and Apple solution.

Europe

In the UK, an app has been developed using a decentralized system due to concerns the previous trial app did not meet privacy and security requirements.

Africa

South Africa is developing COVi-ID. Given that privacy laws are in development there is concern that personal information may not be properly protected during the pandemic.

Australia

COVIDSafe App. Concern regarding function creep, with information being used for other law enforcement purposes.

Asia

China established a nationwide telecom data analysis platform with several contact tracing

  • apps. No consent for

personal data collection from individuals when it is for public security purposes.

Middle East

UAE has developed three tracing apps. Limited information about how the apps protect data.

slide-6
SLIDE 6

6

Control Risks

Update on cyber attacks exploiting the pandemic

Geographic spread of organised operations since January

0% 10% 20% 30% 40% 50% 60% Denial of service Brute force Malicious app Remote services Drive-by compromise Phishing and spearphishing

Share of attack vector of organised operations since January

5 10 15 20 25 30 35 40

Count of organised COVID related

  • perations since January 2020

53% 39% 5% 3%

Percentage of attacks by threat actor category

Cybercriminal Nation-state Other Cyber activist

slide-7
SLIDE 7

7

Control Risks

Since March 2020 the following attack vectors have been observed during Control Risks Cyber Response Cases  Enterprise equipment in home environment misconfiguration  False sense of security phishing  Perimeter misconfiguration  Huge email chain campaign – Qakbot/Dopplepaymer  Remote Desktop Protocol (RDP) access  Webserver compromise through vulnerable 3rd party application  Website defacement through Server Side T emplate Injection

Recent Attack Vectors

slide-8
SLIDE 8

8

Control Risks

Typical Attack Timeline

Attacker gains a foothold inside the network and sets up persistence mechanism and communication channel Attacker external reconnaissance, phishing campaign or brute force attempts Elevate privileges to obtain local or domain admin account Scan the Network to

  • btain high value targets

Craft Ransomware script using scan results Deploy the ransomware and confirm its success Exfiltrate a dataset Lateral Movement to test credentials and scope access and data Disable Anti-Virus

slide-9
SLIDE 9

Most Common Attack Vectors

slide-10
SLIDE 10

10

Control Risks

Pandos Chicken are not getting enough customers They want to steal the secret recipe from their rivals Nan’s Chicken Nan’s Chicken have a very secure network, previous attempts have failed. Pandos identify that Nan’s Chicken get their chickens from ‘Dave the chicken farmer’

Scenario

Obtain a Shell in the Nan’s Chicken network There is no greater objective….

slide-11
SLIDE 11

11

Control Risks

Attack Path

Pandos

01

Dave the Farmer

02

Secret_Recipe.txt

Nan’s Chicken

03

Chicken

slide-12
SLIDE 12

12

Control Risks

Hack Dave’s email

Reconnaissance  Website  Companies House  Google  Facebook  Twitter  Instagram

slide-13
SLIDE 13

13

Control Risks

Dave’s Website

slide-14
SLIDE 14

14

Control Risks

Email Dave

slide-15
SLIDE 15

15

Control Risks

 Trick Dave into entering his credentials into a fake google webpage.

Obtain Credentials for Dave’s Gmail

slide-16
SLIDE 16

16

Control Risks

slide-17
SLIDE 17

17

Control Risks

slide-18
SLIDE 18

18

Control Risks

 Craft a payload to beacon back to our infrastructure  Set up infrastructure  Use Dave’s email to send the payload  Wait for reverse TCP connection

We use Dave’s email account

slide-19
SLIDE 19

19

Control Risks

Recap

slide-20
SLIDE 20

20

Control Risks

Capabilities of the Reverse TCP connection

 Read and Edit documents  Upload/download files  Execute binaries  Privilege escalation  Network scanning  Clear event logs  Search for files  Open Webcam  Screenshots

slide-21
SLIDE 21

21

Control Risks

slide-22
SLIDE 22

22

Control Risks

slide-23
SLIDE 23

23

Control Risks

RDP Brute Force

Externally facing systems with RDP access  Remote scans of networks to identify systems  Username often visible  Password brute force attack mounted until access gained

slide-24
SLIDE 24

24

Control Risks

slide-25
SLIDE 25

25

Control Risks

Exfiltration of Data

Exfiltration methods observed  Archiving of files for exfil  RDPClip – Copy and pasting through remote session  Mailbox syncing using stolen credentials  Staging on Webserver for external download  SMB shares  Meterpreter Session over HTTPS  FTP.exe

slide-26
SLIDE 26

Remote Crisis Management

slide-27
SLIDE 27

27

Control Risks

Corporate Comms Training Phishing Simulation Tech Talks

Managing cyber risk remotely

Segregation Multi Factor Authentication Gateway Filtering Audit and Logging Virtual Private Network Change Default Settings Update Devices Dialogue with IT Teams Awareness Corporate Home

slide-28
SLIDE 28

28

Control Risks

Three areas of focus for cyber crisis management

▪ Which risks need to be monitored and what triggers are needed ▪ How can the situation be understood and communicated to key stakeholders ▪ How do we make our cyber contingency plans agile and mobile ▪ Who are the experts we need to call ▪ How can people become a more integrated part of the resilience framework ▪ How can we enable employees to work flexibly while maintaining well-being and security ▪ What skills do employees need to develop ▪ How can leaders improve the speed and response of decision making ▪ How can risk specialists help improve strategic decision making ▪ How can leaders educate themselves about the risks ▪ Knowing when to call a crisis

Leadership People Intelligence

Companies are actively reviewing and changing their strategic approach to resilience, to bring clarity to uncertainty. We’ve outlined three of the common themes below

slide-29
SLIDE 29

29

Control Risks

A final thought - developing resilience

Don’t go back to normal, go back to better

slide-30
SLIDE 30

30

Control Risks

Q&A

Please type your questions here

slide-31
SLIDE 31

controlrisks.com