Disclaimer ! The%presenta6on%itself,%and%the%views% - - PDF document

disclaimer
SMART_READER_LITE
LIVE PREVIEW

Disclaimer ! The%presenta6on%itself,%and%the%views% - - PDF document

Jan 20, 2023 324 likes •452 views

What%remains?%What%are%(really)%new? June%13,%2013 Shin%Adachi,% CISSP,&CISM,&CISA,&PMP Lead%Security%Analyst,%NTT%I CoChair,%Educa6on%Commi8ee,%FIRST NTT%Innova7on%Ins7tute,%Inc. %Forum%of%Incident%Response%and%Security%Teams

slide-1
SLIDE 1

What%remains?%What%are%(really)%new?

June%13,%2013

Shin%Adachi,%CISSP,&CISM,&CISA,&PMP

CoChair,%Educa6on%Commi8ee,%FIRST

%Forum%of%Incident%Response%and%Security%Teams

Lead%Security%Analyst,%NTT%I³

NTT%Innova7on%Ins7tute,%Inc.

2

Disclaimer

! The%presenta6on%itself,%and%the%views%

and%opinions%expressed%by%the%presenter% therein%do%NOT%reflect%those%of%his%any% affilia6ons%at%all.

! NONE%of%such%affilia6ons%above%thereof%

assumes%any%legal%liability%or% responsibility%for%the%presenta6on.

slide-2
SLIDE 2

Who%am%I?

! Shin%Adachi,%CISSP,%CISM,%CISA,%PMP

✴ Team%Representa7ve%in%the%Americas%for%NTTDCERT ✴ CoChair,%FIRST%Educa7on%CommiHee ✴ FIRST%Program%CommiHee,%for%four%consecu6ve%terms%of%five ✴ U.S.%NIST%Cloud%Compu7ng%Program%Working%Groups ✴ CloudCERT%Working%Group,%Cloud%Security%Alliance

✤Spoke%at:

! FIRST,%Liberty%Alliance,%Kantara%Ini6a6ve,%ITUWT%SG%13,%APEC%

TEL%eSecurity,%and%other%private%mee6ngs%and%conferences.

  • CISSP:&Cer)fied&Informa)on&Systems&Security&Professional&(ISC)²
  • CISM:&Cer)fied&Informa)on&Security&Manager&(ISACA)
  • CISA:&Cer)fied&Informa)on&Systems&Auditor&(ISACA)
  • PMP:&Cer)fied&Project&Management&Professional&(PMI)

4

Special Publication 500-293 (Draft)

US Government Cloud Computing Technology Roadmap

Volume II Release 1.0 (Draft)

Useful Information for Cloud Adopters

Lee Badger, Robert Bohn, Shilong Chu, Mike Hogan, Fang Liu, Viktor Kaufmann, Jian Mao, John Messina, Kevin Mills, Annie Sokol, Jin Tong, Fred Whiteside and Dawn Leaf

NIST Cloud Computing Program Information Technology Laboratory

page&80

NIST US Government Cloud Computing Tec

Interagency, Academic, Standards Organi Shin Adachi, GICTF- Global Inter-Cloud Techno Gabriel Akisanmi, KPMG LLP

Source:%NIST%Special%Publica6on%500W293

slide-3
SLIDE 3

5

Source:(h*p://kantaraini2a2ve.org/confluence/display/eGov/eGovernment+Implementa2on+Profile+of+SAML+V2.0+H+Contributors !

<%This%page%is%inten6onally%blank.%>

6

slide-4
SLIDE 4

Cuckoo’s%Egg

7

Source:%hHp://www.amazon.com/CuckoosDEggDTrackingDComputerDEspionage/dp/1416507787

Cuckoo’s%Egg

! ....eventually%realized%that%the%unauthorized%user%was%a%hacker%

who%had%acquired%root%access%to%the%LBL%system%by%exploi6ng%a% vulnerability%in%the%movemail%func6on%of%the%original%GNU% Emacs. Source:%Wikipedia:%h8p://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg Authen6ca6on% breach%here Authoriza6on%breach%and% Privilege%escala6on%here Vulnerability% Exploita6on%here

slide-5
SLIDE 5

Cuckoo’s%Egg

! Published%in%1989

! Story%on%August%1986

9 9 8

Source:%Wikipedia:%h8p://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg

!48%%

  • verall

10 Overall Small Large 8% 34% 44% 48% 9% 47% 36% 41% 9% 19% 62% 55% Unknown Brute force Use of backdoor or C2 Use of stolen creds

Figure 23: Variety of hacking actions

Source:%Figure%23%on%page%34,%Verizon%2013%DATA%BREACH%INVESTIGATION%REPORT%

!55%%

Large%Organiza6ons

In%2012

Use%of%Stolen%Creden6als

slide-6
SLIDE 6

Compromised%Targets

11 11

Source:%Figure%36%on%page%46,%Verizon%2013%DATA%BREACH%INVESTIGATION%REPORT%

Figure 36: Variety of compromised data

Overall Small Large 24% 38% 61% 21% 48% 65% 29% 34% 57% Internal Credentials Payment

!38%%

  • verall

!48%%

Small%Organiza6ons

Creden6als%right%aier% Payment%Data

How%smart%enough%are%we?

!Linkedin:%6.5%M? !eHarmony:%1.5%M? !Last.fm: !IEEE:%saved%passwords%in%plain%text(!?)

12

Sources: hCp://blog.linkedin.com/2012/06/06/linkedinKmemberKpasswordsKcompromised/ hCp://blogs.wsj.com/cio/2012/06/06/linkedinKpasswordKbreachKillustratesKendemicKsecurityKissue/ hCp://www.eharmony.com/blog/2012/06/06/updateKonKcompromisedKpasswords/ hCp://ar)cles.la)mes.com/2012/jun/06/business/laKfiKtnKeharmonyKhackedKlinkedinK20120606 hCp://www.last.fm/passwordsecurity hCp://ieeelog.com/

slide-7
SLIDE 7

13

Open%Data

How%about%

“Opened%Data”?

14

slide-8
SLIDE 8

Example%#1

15

Source:%Wikileaks

Example%#2

16

Source:%Bloomberg%News,%Twi8er

slide-9
SLIDE 9

Example%#3

17

! Total&75GB&data&(compressed&to&8.2GB)&stolen& ! Ini@al&intrusion:&August&13,&2012 ! Discovered&by&vic@m:&October&18,&2012 ! Total&44&systems&compromised ! One&(1)&system&with&backdoor&malware&installed ! Three&(3)&systems&had&database&backups&or&files&

stolen

! One&(1)&system&sent&data&out&for&the&aRacker ! 39&systems&accessed&by&the&aRacker ! 33&UNIQUE&malicious&soXware&and&u@li@es

Example%#3%(con6nued)

18

Source:

[1]%hHp://www.youtube.com/watch?v=7OV6TZHZKqg&

[2]hHp://www.bankinfosecurity.com/stolenDpasswordDledDtoDsouthDcarolinaDtaxDbreachDaD5309/opD1

! 3.8&Million&SSNs,&none&of&them&encrypted[1] ! In&addi@on,&1.9&Million&dependents’%[1] ! 700,000Z&Business&Tax&filers&informa@on%[1] ! 3.3&Million&Bank&Account&Numbers%[1] ! 5,000&“expired”&Credit&card&numbers%[1] ! US$12&Million&for&iden@ty&protec@on&services&[2]

slide-10
SLIDE 10

Relying%on%others

19

Figure 44: Discovery methods

Overall Small Large <1% 1% 1% 1% 1% 1% 1% 3% 4% 5% 7% 8% 9% 24% 34%

341

1% 1% 1% 1% 2% 2% 4% 6% 14% 10% 35% 23%

186

1% 1% 2% 4% 4% 1% 9% 7% 5% 1% 7% 7% 52%

102

Monitoring service (Ext) IT audit (Int) Incident response (Int) HIDS (Int) Fraud detection (Int) Log review (Int) NIDS (Int) Financial audit (Int) Reported by user (Int) Unknown Actor disclosure (Ext) Law enforcement (Ext) Customer (Ext) Fraud detection (Ext) Unrelated party (Ext) Financial Espionage Other

Source:%Figure%44%on%page%54,%Verizon%2013%DATA%BREACH%INVESTIGATION%REPORT%

20

!

<%This%page%is%inten6onally%blank.%>

slide-11
SLIDE 11

Lessons%we%can%learn

! Authen7ca7on%&%Authoriza7on%as%aHack%targets

๏ Regardless&of&the&aRack&vectors%[old,%new,%or%emerging] ๏ Important&Iden@ty&and&Access&Management&(IAM)& ๏ Need&broad&considera@on:

! Enrollment,%Lifecycle,%Creden6al,%Key,%and%Iden6ty%Management%for%

authen6ca6on,%Access%control%and%A8ribute%management%for%authoriza6on,%Level%

  • f%iden6ty%or%authen6ca6on%assurance,%monitoring%suspicious%behaviors,%policy%

enforcement,%Circuit%breaker,%etc.

! Opened%Data,%No%thank%you!

๏ Governments&as&aRrac@ve&aRack&targets

! Governments%have%more%personal%informa6on%than%others ! Poor%IAM%helps%government%resources%compromised.

21

! Communica6ng%with%others

  • Expand&our&capability&to&learn&from&those&trusted

! to&share&something&with&them ! to&learn&something&from&them ! to&no@fy,&and&to&be&no@fied&appropriately

! Do%what%we%CAN%do%NOW!

! before%excuses%or%something%new

22

Lessons%we%can%learn

slide-12
SLIDE 12

QUESTIONS?

23

!Catch%me%here%today. !Catch%me%next%week%at%FIRST%

Educa6on%Commi8ee%or%FIRST% Annual%Conference%at%Conrad% Hilton%Bangkok.

and(all(of(you(here! ขอบคุณมาก%Thank%you%very%much!

24

Karen%Chang Chair,%BAWG