cyber threats and federally funded cyber resources
play

Cyber Threats and Federally-funded Cyber Resources Eugene Kipniss - PowerPoint PPT Presentation

Jan 05, 2024 •547 likes •911 views

Cyber Threats and Federally-funded Cyber Resources Eugene Kipniss State, Local, Tribal, or Territorial Government Entity 2 Why SLTT Governments? Criminals look for data... and governments have a lot of it! 3 TLP: WHITE 3 CBA 6 CBA 4

  1. Cyber Threats and Federally-funded Cyber Resources Eugene Kipniss

  2. State, Local, Tribal, or Territorial Government Entity 2

  3. Why SLTT Governments? Criminals look for data... and governments have a lot of it! 3 TLP: WHITE

  4. 3 CBA 6 CBA 4 2018 NCSR Findings Preview reported a CBA maturity scores (3.33) CBA In 2018. both the state and Local governments continue Tribal governments continue In 2018 the tribal peer group local peer groups reported a to report lower overall to report lower overall 48% increase in decrease in overall maturity maturity scores (3.44) than than overall maturity. (-1% for the state peer group their state counterparts both their state and local and -4% for the local peer (4.70). counterparts. group). This is a reversal of the trend that was reported in 2016 and 2017. where the state and local peer groups reported an increase in 4 2 1 3 overall maturity (3% and 10% respectfully). 2 hain CBA 1 In 2018, S upply C S tate, local and tribal peer In 2018,88% of the 33 All peer groups continue to groups continue to report sub-sector peer groups identify the same top five was added to the Identify overall scores that fall below reported scores below the security concerns over the function of the NIST the recommended minimum recommended minimum past four years: Cybersecurity Framework maturity level (5). maturity level. The following and NCS R question set. • Lack of sufficient funding* sub-sector peer groups met The state and local peer • Increasing sophistication 5 the minimum maturity: groups scored lowest in of threats the supply chain category • Associations • Lack of documented within the identify function. • S tate Hnance/ Revenue processes • S tate Information • Emerging technologies Technology • Inadequate availability of • S tate Museum cybersecurity professionals 8 5 7 6 * In 2018, ire saw a shift one security concern. CBA in the order the top five 5 security concerns were 8 ranked. Lack of sufficient 7 funding became the number 4

  5. Top 10 Malware 2018 January 2018 February 2018 March 2018 April 2018 May 2018 June 2018 Kovter Kovter Kovter Kovter Kovter WannaCry ZeuS ZeuS WannaCry WannaCry Emotet Emotet Emotet NanoCore Emotet Emotet ZeuS Kovter CoinMiner Redyms ZeuS ZeuS Redyms ZeuS NanoCore Mirai CoinMiner NanoCore TinyLoader Mirai Xtrat CoinMiner Gh0st CoinMiner CoinMiner Cerber Redyms WannaCry NanoCore Gh0st NanoCore NanoCore WannaCry Emotet Ursnif Qarallex Gh0st CoinMiner Mirai Gh0st Mirai Latentbot WannaCry Gh0st Gh0st Latentbot Xtrat Redyms Mirai Cerber July 2018 February 2018 September 2018 October 2018 November 2018 December 2018 Emotet Kovter Emotet Emotet WannaCry WannaCry Kovter Emotet WannaCry Kovter Emotet ZeuS ZeuS ZeuS Kovter ZeuS ZeuS Emotet NanoCore CoinMiner ZeuS WannaCry Kovter Kovter Cerber WannaCry CoinMiner NanoCore CoinMiner Qakbot Gh0st NanoCore NanoCore Gh0st Mirai Samsam CoinMiner Mirai Gh0st CoinMiner NanoCore Gh0st Trickbot Gh0st Mirai Mirai Gh0st Mirai WannaCry Cerber Trickbot Ursnif Smoke Loader Brambul Xtrat Ursnif AZORult Smoke Loader Ursnif CoinMiner 5 TLP: WHITE

  6. October November Dropped December January February March Top 10 Malware - Initiation Vectors October November Multiple December January February March October November TLP: WHITE Malspam December January February March October November Network December January February March October Malvertisement November December January February March 6

  7. BEC: CEO Compromise Example Date: From an Executive FROM: CEO TO: Finance Department To Finance SUBJECT: Question Are you available? Wire transfer needs to go out.Also what is the balance of General Funding Account? Let me know when you are ready. Don’t call. Im in a meeting. Formatting error Sense of urgency Social Engineering Sent from my iPhone 7 TLP: WHITE

  8. Ransomware malware that blocks access to a system, device, or file until a ransom is paid; commonly demand that the victim pays $200 - $1,000 in bitcoins, gift cards, etc. Ransomware Cryptos Lockers Wipers Extortion 1. Lockers – blocks access to files or the system 2. Cryptos – encrypts files 3. Wipers – erases files; no recovery 8 TLP: WHITE

  9. Emotet •Emotet is the single most destructive piece of malware currently affecting state, local, tribal, and territorial (SLTT) governments in the U.S. •Highly infectious due to worm-like capabilities •Infostealer •Modular •Business continuity disaster •Potential data breach 9 TLP: WHITE

  10. TrickBot •Modular banking trojan that targets user financial information and acts as a dropper for other malware. – Man-in-the-browser attacks – Continuously releasing new modules/versions – Malspam campaigns or dropped – Some modules abuse SMB Protocol for lateral movement https://www.cisecurity.org/white-papers/security-primer-trickbot/ 10 TLP: WHITE

  11. Cryptocurrency Miners Malware: Infection Vectors: • CoinMiner – TOP 10 • Malspam •Coinhive • EternalBlue •WannaMine • Exploit Kits •Dark Test • Worms •BrowseAloud • Tech Support Scam • Plugins • Masquerading as Windows/system files, Fake AV, apps • Fileless malware • Infecting: Windows, Mac, smartphones, smartTVs, SCADA systems 11 TLP: WHITE

  12. Insider Crypto-mining 12 TLP: WHITE

  13. Theft of Cryptocurrency Theft of Currency and Wallets SIM Swapping/Jacking Joel Ortiz and the $5 Million SIM heist • Attacker does recon of social media etc. • Next they contact the mobile carrier • Socially engineer a SIM re-issue or change • Reset email accounts using phone verification • Intercept all communication – including 2FA! 13 TLP: WHITE

  14. Hoax Extortion Schemes Emails can include user’s: • Names • Passwords SAMPLE EMAIL TEXT Subject: <username> - <password> • Emails I'm aware, <password> , is your pass word. You do not know me and you are most likely wondering why you are getting this e-mail, correct? • Telephone numbers In fact, I actually placed a malware on the adult videos (porno) web site and guess what, you visited this site to experience fun (you know what I mean). While you were watching video clips, your browser initiated operating as a RDP (Remote Desktop) that has a key logger which provided me accessibility to your display and web cam. Immediately after that, my software gathered all of your contacts from your Messenger, Facebook, and email. Spoofing the victim’s email What exactly did I do? I made a double-screen video. 1st part displays the video you were viewing (you've got a fine taste lol . . .), and next part displays the recording of your cam. What should you do? Well, I believe, <extortion amount> is a reasonable price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google). BTC Address: <address> (It is cAsE sensitive, so copy and paste it) 14 TLP: WHITE

  15. Employee Mistakes 15 TLP: GREEN

  16. Why care? - Employee Mistakes 16 TLP: GREEN

  17. Who We Serve 50 State Governments State, >5,500 Local Governments Local, Tribal, and Territorial 6 Territorial Governments Governments 81 Tribal Governments 79 DHS-recognized Fusion Centers K-12 School Districts, Intermediate Units Law Enforcement, Cities, Public Authorities Local Governments 950 K-12 School Districts across US Any Public Organizations 17 TLP: WHITE

  18. How to access MS-ISAC resources • Register for the MS-ISAC’s services here: https://learn.cisecurity.org/ms-isac-registration • The MS-ISAC Stakeholder Engagement team will provide you with next steps: • Register your HSIN account • Submit public IPs, domains, and subdomains • Register for an MCAP account • Add additional staff to your account 18 TLP: WHITE

  19. 24 x 7 Security Operations Center Central location to report any cybersecurity incident • Support: – Network Monitoring Services – Research and Analysis • Analysis and Monitoring: – Threats – Vulnerabilities – Attacks • Reporting: – Cyber Alerts & Advisories To report an incident or – Web Defacements request assistance: – Account Compromises – Hacktivist Notifications Phone : 1-866-787-4722 Email : soc@cisecurity.org 19 TLP: WHITE

  20. Computer Emergency Response Team • Incident Response (includes on-site assistance) • Network & Web Application Vulnerability Assessments • Malware Analysis • Computer & Network Forensics • Log Analysis • Statistical Data Analysis To report an incident or request assistance: Phone : 1-866-787-4722 Email : soc@cisecurity.org 20 TLP: WHITE

  21. Monitoring of IP Range & Domain Space IP Monitoring Domain Monitoring • IPs connecting to • Notifications on malicious C&Cs compromised user credentials, open • Compromised IPs source and third • Indicators of party information compromise from • Vulnerability the MS-ISAC Management network monitoring Program (VMP) (Albert) • Web Profiler • Notifications from • Port Profiler Spamhaus Send domains, IP ranges, and contact info to: soc@cisecurity.org 21 TLP: WHITE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats to small businesses 3. Cyber Recovery Insurance Y our presenters Anne Jackson Sarah Morton Gary Hibberd Sales Director, Lorega Sales and

342 views • 31 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel

652 views • 30 slides
Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N , M A S S A C H U S E T T S J U N E 4 , 2 0 12 Antitrust Notice 2 The Casualty Actuarial Society is committed to adhering strictly to the

577 views • 26 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig picture The asymmetric nature of the Internet The current state of cyber underground Our current approach UNCLASSIFIED 7 Software Integrity Denial

388 views • 18 slides
Do You See What I See? Navigating Human &amp; Cyber Threats at the Workplace The views expressed

Do You See What I See? Navigating Human &amp; Cyber Threats at the Workplace The views expressed

Do You See What I See? Navigating Human &amp; Cyber Threats at the Workplace The views expressed by us are not representative of the City of Charlotte. OUTLINE INTRODUCTIONS HUMAN THREATS CYBER THREATS QUESTIONS INTRODUCTIONS

445 views • 25 slides
Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Overview Cyber Threat Overview Cyber-enabled Fraud Types of Cyber-enabled Fraud Business Email Compromise

796 views • 47 slides
Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities

Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities

Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities Executive Order Number 8 Identify high risk cyber security issues facing COV. Provide advice and recommendations to secure COV networks,

449 views • 20 slides
Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda New Cybernetic Global Order Cyber threats. The present and future threat scenarios. The scenario in Brazil. Final

617 views • 46 slides
The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana Wagemann Director of Sales, Darktrace Evolving Threats in a New Business Landscape Outsourced IT, SaaS, cloud, virtual, supply chain, IoT Not just data

412 views • 15 slides
Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib

Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib

Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib Dr. Zahri Yunos Presentation Outline 1. Our Service: CyberDEF (Cyber Defence) 2. Our R&amp;D Product: CMERP (Coordinated Malware Eradication &amp;

605 views • 25 slides
Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced Persistent Threats (APT) Cybercriminals, Exploits and Malware Denial of Service attacks (DDoS) Domain name hijacking Corporate

347 views • 13 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET -

SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET -

SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET - Enhancing Cyber Resilience Relation to NCSRA II SARNET | October 5th 2016 CYBER THREATS ARE EVOLVING Key trends Cyber Cyber Cyber Magnitude of

153 views • 13 slides
Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee

Seminar Series Industrial Cyber Threats and Future Planning Robert M. Lee Twitter: @RobertMLee Email: rlee@dragos.com Web: www.dragos.com Agenda Where We Are Selected Case Studies in Cyber Attacks Where Were Heading

424 views • 24 slides
Flood Vulnerability Assessment: Contributions of the Bogardi/Birkmann/Cardona (BBC) framework

Flood Vulnerability Assessment: Contributions of the Bogardi/Birkmann/Cardona (BBC) framework

Flood Vulnerability Assessment: Contributions of the Bogardi/Birkmann/Cardona (BBC) framework Zeinab Rezaee Ardestani, Pete Fisher, Heiko Balzter Department of Geography, University of Leicester, Leicester, England, LE1 7RH Email: zr12@le.ac.uk,

83 views • 7 slides
Vitaliy N. Katsenelson, CFA Director of Research / Portfolio Manager Investment Management

Vitaliy N. Katsenelson, CFA Director of Research / Portfolio Manager Investment Management

Vitaliy N. Katsenelson, CFA Director of Research / Portfolio Manager Investment Management Associates, Inc. 1 Chinese analysis can be divided into three periods: 1. Pre-crisis 1998-2008 Late-Stage Growth Obesity 2. During crisis 2008

516 views • 20 slides
Audited 2017FY Results Presentation: Transcript of the GMD/CEOs Presentation and Closing Remarks

Audited 2017FY Results Presentation: Transcript of the GMD/CEOs Presentation and Closing Remarks

Audited 2017FY Results Presentation: Transcript of the GMD/CEOs Presentation and Closing Remarks Good day everyone and thank you for joining us on this call. Ladies and gentlemen, permit me to start todays presentation with a brief overview

418 views • 5 slides
Challenges Regarding IP Core Functional Reliability. Melanie Berg 1 , Kenneth LaBel 2 1.AS&amp;D

Challenges Regarding IP Core Functional Reliability. Melanie Berg 1 , Kenneth LaBel 2 1.AS&amp;D

Challenges Regarding IP Core Functional Reliability. Melanie Berg 1 , Kenneth LaBel 2 1.AS&amp;D in support of NASA/GSFC Melanie.D.Berg@NASA.gov 2. NASA/GSFC Kenneth.A.LaBel@NASA.gov 1 To be presented by Melanie Berg at the Microelectronics

409 views • 20 slides
CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October

CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October

CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October 2019 (01416) What is CYBER? A fully functional Electronic Health Record system, that is a tool for providers to make the maintenance of youth

736 views • 59 slides
Schroders PLC Interim 2013 Results Analyst Presentation Michael Dobson Chief Executive So good

Schroders PLC Interim 2013 Results Analyst Presentation Michael Dobson Chief Executive So good

Schroders PLC Interim 2013 Results Analyst Presentation Michael Dobson Chief Executive So good morning everybody. Thank you for joining us. I'm going to run through the highlights. Richard Keers, our recently appointed Chief Financial

384 views • 23 slides
Full year results 2017 26 February 2018 Agenda Summary Financial results Business

Full year results 2017 26 February 2018 Agenda Summary Financial results Business

Texas Rangers Baseball Stadium (Dallas Cowboys Stadium in background) Dallas Keller Group plc Full year results 2017 26 February 2018 Agenda Summary Financial results Business update Outlook Questions and answers 2 2 2017

750 views • 52 slides
IMPROVEMENT DURING SECOND QUARTER LEADS TO WINTER RESULTS SIMILAR THAN PREVIOUS YEAR INVESTORS

IMPROVEMENT DURING SECOND QUARTER LEADS TO WINTER RESULTS SIMILAR THAN PREVIOUS YEAR INVESTORS

IMPROVEMENT DURING SECOND QUARTER LEADS TO WINTER RESULTS SIMILAR THAN PREVIOUS YEAR INVESTORS PRESENTATION JUNE 2017 Forward-looking Statements THIS PRESENTATION CONTAINS CERTAIN FORWARD-LOOKING STATEMENTS WITH RESPECT TO THE CORPORATION.

511 views • 34 slides

More recommend