[PPT] - DEFENDING DIGITAL BUSINESS AGAINST CYBER ATTACKS Presentation SAI PowerPoint Presentation

SLIDE 1

www.nviso.be

DEFENDING DIGITAL BUSINESS AGAINST CYBER ATTACKS

Presentation SAI – 21/02/2019

SLIDE 2

Our Agenda

1

Demo time

2

Threat actor groups

3

Nation states

4

Hacktivism

5

Organized cyber crime

6

The bad competitor

7

The Internet of Things and the risks

SLIDE 3

I am one of the partners at NVISO where I am responsible for a part of our Cyber Resilience Service Line. Together with my team I assist clients in developing and delivering secure network environments and applications.

Tim Beyens

SLIDE 4

I am a security consultant at NVISO, where I mainly focus on DFIR (Digital Forensics & Incident Response) and Red Team Testing engagements.

Sasja Reynaert

SLIDE 5

Demo time

SLIDE 6

Demo time

An eye opening trip into an intrusion

SLIDE 7

Threat actors

Who are they and why are you their target?

SLIDE 8

Different threat actors – Different threats

Not all threat actors operate in the same way as such we need to adapt our prevention / detection / response strategy

SLIDE 9

Threat actors

www.nviso.be | 9

Who are the typical threat actors behind cyber attacks? What is their motivation / what is the ultimate goal?

SLIDE 10

Threat actors

www.nviso.be | 10

SLIDE 11

Threat actors

www.nviso.be | 11

Who are the typical threat actors behind cyber attacks?

Nation state actors

Actors sponsored and backed by a Nation State

Hacktivist groups

Actors with a political agenda

Organized cyber crime

Actors driven by profits engaged in cyber criminality

Malicious insiders and competitors

Actors operating from inside your organization or in the name

f one of your competitors

SLIDE 12

Threat actors

www.nviso.be | 12

Confidentiality Availability Integrity

SLIDE 13

Threat actors

www.nviso.be | 13

A simple exercise…

SLIDE 14

Nation state actors

An advanced threat actor

SLIDE 15

Nation state actors

Government X wants insights into the actions of certain individuals in Company Y
Obtain sensitive information
Motivation for attacks can be anything (Political, Strategical, Financial, etc.)
Lots of resources and skills => advanced attacks
They use an Advanced Persistent Threat (ATP) to stealthily exfiltrate data

www.nviso.be | 15

Who, what, why?

SLIDE 16

Nation state actors

www.nviso.be | 16

Some Examples….

SLIDE 17

Advanced Persistent Threat (APT)

www.nviso.be | 17

What happened?

An APT is an advanced and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time.

FireEye M-Trends: Beyond the breach

The above illustrations highlight two interesting statistics:

In EMEA, the median number of days before detection of an intrusion is 106 days

(2017);

An average of 47% of breaches are discovered by external parties

47%

f breaches

discovered by externals

SLIDE 18

Advanced Persistent Threat (APT)

www.nviso.be | 18

How to prevent, detect, respond?

Better get serious about cyber security: Advanced attacks require a high level of maturity to identify, protect, detect, respond and recover from cyber attacks. If your organization is a target for advanced attackers, you would need to implement a proper security management system based on an internationally recognized standard.

SLIDE 19

Hactivists

In the crosshairs of hacktivists

SLIDE 20

Hacktivists

They are usually motivated by a political agenda
Hacktivists would like to see Company X out of business
If they can’t provide their service for some time => their reputation will be damaged
They typically launch a DDOS attack to disrupt services delivery

www.nviso.be | 20

Who, what, why?

SLIDE 21

(Distributed) Denial of Service

www.nviso.be | 21

What happened?

An attack that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

DDoS attacks take down your systems

SLIDE 22

Hacktivists

http://www.digitalattackmap.com/

www.nviso.be | 22

Some Examples

SLIDE 23

(Distributed) Denial of Service

www.nviso.be | 23

How to prevent, detect, respond?

Have a (D)DOS mitigation

plan ready

Secure network

infrastructure

Scalable and resilient

network architecture

Monitor incoming traffic
Specialized protection

and detection tools and services

Follow the mitigation

plan

Specialized mitigation

tools and services

Be conscious: it may be a

smoke screen

Prevent Detect Respond

SLIDE 24

(Distributed) Denial of Service

www.nviso.be | 24

How to prevent, detect, respond?

Prevent Detect Respond

SLIDE 25

Organized cyber crime

Show me the money

SLIDE 26

Organized Cyber Crime

www.nviso.be | 26

Some Examples….

TO ADD.

SLIDE 27

Organized Cyber Crime

www.nviso.be | 27

Some Examples….

TO ADD.

The past year we have seen ‘ransomware’ attacks

f a whole other scale and with other motivations.

SLIDE 28

Organized cyber crime

Cyber criminals want to make money
Data is important for businesses => losing all data = catastrophically
Infect computers of Company X with Ransomware
More data is taken hostage => More likely to be payed ransom money (if victim not prepared/protected)

www.nviso.be | 28

Who, what, why?

Your computer files have been encrypted. _

SLIDE 29

Ransomware

www.nviso.be | 29

What happened?

A type of computer crime which sees computers or data hijacked and a fee demanded to give them back to their owners.

SLIDE 30

Ransomware

www.nviso.be | 30

How to prevent, detect, respond?

Keep systems up to date
Do no run under admin if

not required

Raise awareness for

phishing emails

Backup
Anti-ransomware

software

Suspicious file extensions
Many files being

renamed

Restore from backup
Snapshot still

unencrypted data

Assess and improve

protection

Prevent Detect Respond

SLIDE 31

Threat Hunting

www.nviso.be | 31

Sysmon

SLIDE 32

Internet of Things and the risks

SLIDE 33

IoT Security

https://www.youtube.com/watch?v=BnAHfZWPaCs www.nviso.be | 38

What if it goes bad?

https://www.youtube.com/watch?v=BnAHfZWPaCs

SLIDE 34

The Internet of Things (IoT)

www.nviso.be | 39

What is it?

The Internet of things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data. Each thing is uniquely identifiable through its embedded computing system but is able to inter-operate within the existing internet infrastructure.

SLIDE 35

The Internet of Things (IoT)

www.nviso.be | 40

Are there new risks?

Securing an IoT appliance means securing an entire

ecosystem. The increased

complexity introduces more room for error and vulnerabilities.

SLIDE 36

IoT Security

www.nviso.be | 41

A word of caution

SLIDE 37

The Internet of Things (IoT)

www.nviso.be | 42

What can you do?

Before buying an appliance, look for known vulnerabilities

SLIDE 38

The Internet of Things (IoT)

www.nviso.be | 43

What can you do?

Don’t expose the appliance on the internet

SLIDE 39

The Internet of Things (IoT)

www.nviso.be | 44

What can you do?

Shodan Demo

SLIDE 40

The Internet of Things (IoT)

www.nviso.be | 45

What can you do?

Think twice Be careful about what you throw out

SLIDE 41

Questions?

SLIDE 42

www.nviso.be

Thank You

for your interest in NVISO! Would you like to know more ? Let's get in touch!

+32 (0)2 318 58 31 info@nviso.be