Control Risks 1
Today's Speakers From Control Risks
Control Risks 3 Luke Fardell James Lythe Shaun Flint Consultant Associate Director Associate Director Cyber Protect Digital Forensics Crisis Management
Global Cyber Security trends
Control Risks 5 Global cyber security compliance trends during COVID-19 Africa Asia South America South Africa is China established a developing COVi-ID. Cyber security and nationwide telecom data Given that privacy privacy legislation is still analysis platform with laws are in evolving. Infrastructure is several contact tracing development there is not as resilient which led apps. No consent for concern that personal to Colombia withdrawing personal data collection information may not its contact tracing app from individuals when it is be properly protected and now looking to use a for public security during the pandemic. Google and Apple purposes. solution. Australia COVIDSafe App. Concern regarding Europe function creep, with North America In the UK, an app information being used has been for other law Some state-level Middle East developed using a enforcement purposes. effort. There is a decentralized UAE has concern over the system due to developed three complex use of concerns the tracing apps. cryptography previous trial app Limited information infrastructure did not about how the apps developed by Apple meet privacy and protect data. and Google which security needs to be tested. requirements.
Control Risks 6 Update on cyber attacks exploiting the pandemic Share of attack vector of organised operations since Count of organised COVID related January operations since January 2020 Phishing and spearphishing 40 35 Drive-by compromise 30 Remote services 25 20 Malicious app 15 10 Brute force 5 Denial of service 0 0% 10% 20% 30% 40% 50% 60% Percentage of attacks by threat actor category Geographic spread of organised operations since January 39% Cybercriminal 5% Nation-state 3% Other Cyber activist 53%
Control Risks 7 Recent Attack Vectors Since March 2020 the following attack vectors have been observed during Control Risks Cyber Response Cases Enterprise equipment in home environment misconfiguration False sense of security phishing Perimeter misconfiguration Huge email chain campaign – Qakbot/Dopplepaymer Remote Desktop Protocol (RDP) access Webserver compromise through vulnerable 3 rd party application Website defacement through Server Side T emplate Injection
Control Risks 8 Typical Attack Timeline Lateral Movement to test credentials and scope Attacker external Deploy the ransomware access and data reconnaissance, phishing and confirm its success campaign or brute force Scan the Network to attempts Exfiltrate a dataset obtain high value targets Elevate privileges to obtain local or domain Craft Ransomware script using scan results admin account Attacker gains a foothold inside the network and sets Disable Anti-Virus up persistence mechanism and communication channel
Most Common Attack Vectors
Control Risks 10 Scenario Pandos Chicken are not getting enough customers They want to steal the secret recipe from their rivals Nan’s Chicken Nan’s Chicken have a very secure network, previous attempts have failed. Pandos identify that Nan’s Chicken get their chickens from ‘Dave the chicken farmer’ Obtain a Shell in the Nan’s Chicken network There is no greater objective….
Control Risks 11 Attack Path Dave the Nan’s Pandos Farmer Chicken 03 02 01 Secret_Recipe.txt Chicken
Control Risks 12 Hack Dave’s email Reconnaissance Website Companies House Google Facebook Twitter Instagram
Control Risks 13 Dave’s Website
Control Risks 14 Email Dave
Control Risks 15 Obtain Credentials for Dave’s Gmail Trick Dave into entering his credentials into a fake google webpage.
Control Risks 16
Control Risks 17
Control Risks 18 We use Dave’s email account Craft a payload to beacon back to our infrastructure Set up infrastructure Use Dave’s email to send the payload Wait for reverse TCP connection
Control Risks 19 Recap
Control Risks 20 Capabilities of the Reverse TCP connection Read and Edit documents Upload/download files Execute binaries Privilege escalation Network scanning Clear event logs Search for files Open Webcam Screenshots
Control Risks 21
Control Risks 22
Control Risks 23 RDP Brute Force Externally facing systems with RDP access Remote scans of networks to identify systems Username often visible Password brute force attack mounted until access gained
Control Risks 24
Control Risks 25 Exfiltration of Data Exfiltration methods observed Archiving of files for exfil RDPClip – Copy and pasting through remote session Mailbox syncing using stolen credentials Staging on Webserver for external download SMB shares Meterpreter Session over HTTPS FTP.exe
Remote Crisis Management
Control Risks 27 Managing cyber risk remotely Awareness Home Corporate Corporate Comms Segregation Virtual Private Network Training Multi Factor Authentication Change Default Settings Phishing Simulation Gateway Filtering Update Devices Tech Talks Audit and Logging Dialogue with IT Teams
Control Risks 28 Three areas of focus for cyber crisis management Companies are actively reviewing and changing their strategic approach to resilience, to bring clarity to uncertainty. We’ve outlined three of the common themes below Leadership People Intelligence ▪ ▪ ▪ How can leaders improve the speed How can people become a more Which risks need to be monitored and and response of decision making integrated part of the resilience what triggers are needed ▪ ▪ How can risk specialists help improve framework How can the situation be understood ▪ strategic decision making How can we enable employees to work and communicated to key stakeholders ▪ ▪ How can leaders educate themselves flexibly while maintaining well-being and How do we make our cyber contingency about the risks security plans agile and mobile ▪ ▪ ▪ Knowing when to call a crisis What skills do employees need to Who are the experts we need to call develop
Control Risks 29 A final thought - developing resilience Don’t go back to normal, go back to better
Control Risks 30 Q&A Please type your questions here
controlrisks.com
Recommend
More recommend
