How to Think Like a Hacker: Lessons Learned & Best Practices - - PowerPoint PPT Presentation
How to Think Like a Hacker: Lessons Learned & Best Practices Jointly hosted by: PRESENTERS BRIAN KIRK ANNIE BRINK DIRECTOR BUSINESS DEVELOPMENT Digital Operations Digital Operations And Cybersecurity And Cybersecurity Direct:
Jointly hosted by:
ANONYMOUS
INTERNATIONAL Hacktivist / Activist Internet Vigilante
ANNIE BRINK
Direct: 864.242.2685 Annie.Brink@elliottdavis.com
BUSINESS DEVELOPMENT Digital Operations And Cybersecurity
BRIAN KIRK
Direct: 864.242.2606 Brian.Kirk@elliottdavis.com
DIRECTOR Digital Operations And Cybersecurity
i
i
Recreational
resources
Criminal
capabilities
Hacktivist
emotionally committed
Organized Crime
resources and capabilities
syndicates
IP theft
State Sponsored
secrets, industrial espionage
resources
threats
INCREASING RESOURCES AND SOPHISTICATION The expansion of attacker types, their resources, and their sophistication
i
i
i
A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid Ransomware Attack through corporate email systems on individuals who have access and means to conduct fraudulent financial transactions Business Email Compromise Incident where information is stolen or taken from an Office 365 email system without the knowledge or authorization of the system’s
O365 Data Breach
i
linked to COVID-19 - ZDNET.COM
800% reported cyber crimes to their divisions – entrepreneur.com
security threat. - thenextweb.com
cybersecurity problems?
i
think they are a target for cybercrime
is limited, and security is an overall fraction because…
(and rightfully so)
methods to prevent them
i
i
Fake finance server placed online with known software vulnerabilities +2 hours Automated bot discovers and scans system + 2 days Hacker returns to remove system data +15 seconds Automated bot exploits known vulnerabilities + 5 mins Automated bot traverses system, catalogs data, and goes quiet
Live Security Test Performed in Late 2018 Attacks are initially driven through automated ‘bots’ which either automate spam messages or scan the internet for vulnerabilities and carry out large portions of cyber attacks without any human interaction.
i
i
i
Starting in late 2019, a hybrid variety of cyber attack has emerged, in which traditional ransomware tactics are combined with data exfiltration. Attackers notify their victims that if they fail to pay the ransom demand, not only will data on the infected systems remain encrypted, but the attackers will expose highly sensitive data to the public as well.
i
The only way to know that exfiltrated data is safe from misuse is to know that it was protected by strong, persistent encryption before it was exfiltrated. Encryption isn't a complete answer—firewalls, antimalware, and then some, will continue to be necessary—but by locking down its highest- value data in advance, an organization can protect itself against the worst consequences of this emerging threat.
i
Bogus Invoice Scheme From Third Party High Ranking Executive Scheme Internal Email Account Compromise
i
Define what risks are acceptable to your organization: A risk assessment is a non- technical consideration that most organizations overlook when considering
risk to profitability. Develop an Incident Response Plan (and test it): One area often overlooked by many
cyber, etc.). The risks associated with many cybersecurity threats can be mitigated by having a mature Incident Response Plan that meets a recovery time pre-approved by executive management.
i
Secure your backups: Do you think Garmin had a backup? Of course they did. Make sure you have an OFFLINE backup…tape or cloud….something attackers can’t reach if they gain administrative access to your network. Develop a ‘Defense in Depth’ strategy: If you spend much time with cybersecurity professionals, you will often hear the term “defense in depth”. This terminology is used to define a process where organizations do not trust one technology, control, or even IT provider to secure their organization. Test your team: Trust but verify is a well known mantra in the security industry. You should trust your information technology team but verify they are protecting your
i
i
i
Reconnaissance Active Scanning Exploitation Post Exploitation Reporting
Example Tools Key Capabilities
i
OSINT reports are useful as they give your company insight into the types and amounts of information that has been gathered and stored on the Internet about your organization. The review is performed without directly engaging the Customer network or systems, utilizing a range of effective open source gathering tools to collect information. The goal
to identify security vulnerabilities against an organization.
base since credential reuse can result in data breaches, system compromises, and loss of data.
network and hosts, along with unauthorized routes into the target network.
This material was used by Elliott Davis during an oral presentation; it is not a complete record of the discussion. This presentation is for informational purposes and does not contain or convey specific advice. It should not be used or relied upon in regard to any particular situation or circumstances without first consulting the appropriate advisor. No part of the presentation may be circulated, quoted, or reproduced for distribution without prior written approval from Elliott Davis.