introduction to cyber threats current status perspectives
play

Introduction to Cyber Threats: current status, perspectives and - PDF document

Oct 18, 2022 •142 likes •617 views

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda New Cybernetic Global Order Cyber threats. The present and future threat scenarios. The scenario in Brazil. Final

  1. Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda • New Cybernetic Global Order • Cyber threats. • The present and future threat scenarios. • The scenario in Brazil. • Final Considerations. 2 1

  2. Intro • This is about: – IT governance. – Strategy. – Preparation • I mean, this is about geopolitics . 3 2010 2009 2012 Contemporaneidade 2013 “Few if any contemporary computer security controls have prevented a [red team] from easily accessing any information sought.” “The almost obsessive persistence of serious penetrators is astonishing.” “Espionage over networks can be cost-efficient, offer nearly immediate results, and target specific locations ... insulated from risks of internationally embarrassing incidents” “The market does not work well enough to raise the security of computer systems at a rate fast enough to match the apparent growth in threats to systems. “ 4 2

  3. 2010 2009 2012 Contemporaneidade 2013 “Few if any contemporary computer security controls have prevented a [red team] from easily accessing any information sought.” “The almost obsessive persistence of serious penetrators is astonishing.” “Espionage over networks can be cost-efficient, offer nearly immediate results, and target specific locations ... insulated from risks of internationally embarrassing incidents” “The market does not work well enough to raise the security of computer systems at a rate fast enough to match the apparent growth in threats to systems. “ 5 Contemporaneidade “Few if any contemporary computer security controls have 1979 prevented a [red team] from easily accessing any information sought.” 1988 “The almost obsessive persistence of serious penetrators is astonishing.” “Espionage over networks can be cost-efficient, offer 1988 nearly immediate results, and target specific locations ... insulated from risks of internationally embarrassing incidents” “The market does not work well enough to raise the security of 1991 computer systems at a rate fast enough to match the apparent growth in threats to systems. “ 6 3

  4. 7 Fotos crédito: “ Rising from the Underground : - By Damien Thorn Originally appeared in Nuts & Volts Magazine, March 1994. 8 4

  5. 1984 Lex Luthor (Vincent Louis Gelormine) – “ Legion of Doom ” ( LoD ) Phiber Optik (Mark Abene) Erik Bloodaxe (Chris Goggans) – “ Masters of Deception ” ( MoD ). 1984 ~ 1991 1990 AT&T Outage 15 jan 1990 • Operation Sundevil • 15 cities USA. – 9 may 1990 . – Strikes LoD & MoD . 5

  6. 1998 29 Dec 1998 Legions of the Underground ( LoU ) declares a cybernetic war against Iraq and China. 1998 12 6

  7. 1998 7 Aug 1998 Dar es Salaam (Tanzania) Nairobi (Kenya) 1999 7 jan 1999 – http://bit.ly/Hqp9Oq LoU’s decive. 7

  8. …. “ The signatories to this statement are asking hackers to reject all actions that seek to damage the information infrastructure of any country. DO NOT support any acts of "Cyberwar ”. Keep the networks of communication alive. They are the nervous system for human progress.” Signed (07-Jan-1999): 2600 http://www.2600.com/ Chaos Computer Club http://www.ccc.de/ Cult of the Dead Cow http://www.cultdeadcow.com/ !Hispahack http://hispahack.ccc.de/ L0pht http://www.l0pht.com/ Phrack http://www.phrack.com/ Pulhas http://p.ulh.as/ Toxyn http://www.toxyn.org/ Several members of the Dutch Hackers Community (contact Rop Gonggrijp, rop@xs4all.nl) Seven Cyber { conflicts; events; facts } 1. Cuckoo’s Egg (1986) 2. Morris Worm (1988) 3. Eligible Receiver and Solar Sunrise (1997, 1998) 4. Moonlight Maze (2000+) 5. Buckshot Yankee (2008) 6. Operation Aurora (2009) 7. Stuxnet (2009) 16 8

  9. Cuckoo’s Egg (1986) 17 Cuckoo’s Egg (1986) • Clifford Stoll – Lawrence Berkeley National Lab (CA) • Tracks and hunts Markus Hess. – West Germany – Hanover • Hess had been engaged for some years in selling the results of his hacking to the KGB. • Only DoJ paid attention • http://en.wikipedia.org/wiki/The_Cuckoo's_Egg 18 9

  10. Morris Worm (1988) • Robert T. Morris Jr. – Cornell University – Hints 6.000 hosts on ARPANET. – 1o. Internet Worm. – http://en.wikipedia.org/wiki/Morris_worm 19 Eligible Receiver (1997) • An U.S. Govmt. NIEX – No-Notice Interoperability Exercise Program • Red Team gains root access to over 36 government networks. – U.S. Pacific Command computer systems as well as power grids and 911 systems in nine major U.S. Cities • http://en.wikipedia.org/wiki/Eligible_Receiver_97 20 10

  11. Solar Sunrise (1988) • February 1998: US DoD networks were attacked using a well-known vulnerability in UNIX-based computer system. • The attackers probed servers to see if the vulnerability existed. – Exploited the vulnerability and entered the system; planted a program to gather data; and then returned later to collec that. – 2 California High School students were arrested and pled guilty. – Their mentor, an 18 year-old Israeli, was also arrested and indicted . – http://en.wikipedia.org/wiki/Ehud_Tenenbaum 21 Moonlight Maze (1998 - … ) • U.S. officials accidentally discovered a pattern of probing of computer systems at The Pentagon , NASA , US Dept. of Energy, private universities, and research labs that. • Had begun in March 1998 and had been going on for nearly two years. • http://en.wikipedia.org/wiki/Moonlight_Maze 22 11

  12. Buckshot Yankee (2008) • USB flash drive infected by a foreign intelligence agency was left in the parking lot of a Department of Defense facility at a base in the Middle East . • Laptop computer that was attached to United States Central Command . • http://en.wikipedia.org/wiki/2008_cyberattack_on_United_State 23 Operation Aurora (2009) • Cyber attack conducted by advanced persistent threats such as the Elderwood Group based in Beijing, China , with ties to the People's Liberation Army. – The attack began in mid-2009 and continued through December 2009. • http://en.wikipedia.org/wiki/Operation_Aurora 24 12

  13. Stuxnet (2009) • Designed to attack Siemens software running on a Windows OS. • Stuxnet almost ruined one-fifth of the Iranian nuclear centrifuge by spinning out of control while simultaneously replaying the recorded system. • We will see this in details, following... 25 New Cybernetic Global Order 26 13

  14. New Cybernetic Global Order • Since early 2008 we had some important events that changed the way we deal with and understand cyber threats: – Conficker (2008/2009) – Stuxnet (2010) – DuQu (2011) – Flame (2012) 27 New Cybernetic Global Order 28 14

  15. The Waters Divided How and when the things started changing 2010 2001 2011 … 2012 … 29 The Waters Divided The first turning point 2010 2001 2011 … 2012 … 30 15

  16. Before 2001 … • Hacking was just accessible to small groups . • Ideology, knowledge and way of life of technical community, geeks, academy … – It was very restrict. – It was little about money and profit . • It was more about activism and curiosity . – But it was changing … 31 Why 2001 ? • 2001 is the first turning point in Brazil. • December 2001: first integrated banking malware system . • Criminals also used an intricate net of both : hacked accounts and people. 32 16

  17. 2001 web bank malware • The malware had little sophistication . – But laundering and crime process was quite complex. • Tracking laundered money was very difficult. • Law enforcement had small resources. – The gang started operating in the city of Parauapebas in Pará State. • It was the first time we saw organized crime operating over the Internet in Brazil. 33 First counter operations in Brazil • After these Paraupebas events, they spread all over the country. • First operations by law enforcement against organized cybercrime in Brazil: – Operation Cash Net (2001), – Operation Cavalo de Tróia I (2003), – Operation Cavalo de Tróia II (2004), – Operation Pegasus e Pegasus II (2005). 34 17

  18. About 10 years without anything really new • This scenario continued by almost 10 years, – Steadily increasing criminal activities . • The Internet security scenario was the same around the world: – the more money comes into the net, more criminal activities. • But, until there , it was only about money … 35 The Waters Divided The 2 nd turning point 2010 2001 2011 … 2012 … 36 18

  19. What changed around 2010 ? The end of “announced death” • Until around 2010, when a serious security problem appears (like a worldwide worm attack) it was always a announced death . – It means: the security community had already warned about the problem, and the vulnerability had been previously and openly disclosed, i.e. a “zero day” was announced. • It’s something like: “ Hei, I warned you! ” 37 So, what did change? A lot of things changed through the 2000- 2010 decade. Simple: There are no more warnings ! • But not only this … – To discuss the new scenario, let’s use Stuxnet malware , as an example to show the waters division and the change point. 38 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig picture The asymmetric nature of the Internet The current state of cyber underground Our current approach UNCLASSIFIED 7 Software Integrity Denial

388 views • 18 slides
CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats to small businesses 3. Cyber Recovery Insurance Y our presenters Anne Jackson Sarah Morton Gary Hibberd Sales Director, Lorega Sales and

342 views • 31 slides
International Perspectives to Technological Voter Registration Threats Dr. Beata

International Perspectives to Technological Voter Registration Threats Dr. Beata

International Perspectives to Technological Voter Registration Threats Dr. Beata Martin-Rozumilowicz IFES Director for Europe and Eurasia Background Cyber threats have become an increasing concern since at least the mid-2000s. This has

332 views • 12 slides
Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N , M A S S A C H U S E T T S J U N E 4 , 2 0 12 Antitrust Notice 2 The Casualty Actuarial Society is committed to adhering strictly to the

577 views • 26 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
CURRENT STATUS OF THREATS TO THE HAMLYNS MONKEY AND ITS BAMBOO HABITAT IN NYUNGWE NATIONAL

CURRENT STATUS OF THREATS TO THE HAMLYNS MONKEY AND ITS BAMBOO HABITAT IN NYUNGWE NATIONAL

Research seminar at CoEB, Huye Date: 28 Feb 2018 ASSESSMENT OF CONSERVATION EFFORTS, INCENTIVES, AND THE CURRENT STATUS OF THREATS TO THE HAMLYNS MONKEY AND ITS BAMBOO HABITAT IN NYUNGWE NATIONAL PARK, RWANDA Project leader: Methode

217 views • 17 slides
Do You See What I See? Navigating Human & Cyber Threats at the Workplace The views expressed

Do You See What I See? Navigating Human & Cyber Threats at the Workplace The views expressed

Do You See What I See? Navigating Human & Cyber Threats at the Workplace The views expressed by us are not representative of the City of Charlotte. OUTLINE INTRODUCTIONS HUMAN THREATS CYBER THREATS QUESTIONS INTRODUCTIONS

445 views • 25 slides
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel

652 views • 30 slides
The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana Wagemann Director of Sales, Darktrace Evolving Threats in a New Business Landscape Outsourced IT, SaaS, cloud, virtual, supply chain, IoT Not just data

412 views • 15 slides
Lynx in Washington Current Status and Potential Threats Benjamin Maletzke | Carnivore Biologist

Lynx in Washington Current Status and Potential Threats Benjamin Maletzke | Carnivore Biologist

Lynx in Washington Current Status and Potential Threats Benjamin Maletzke | Carnivore Biologist Historical Records of Lynx in Washington State Listed as Threatened in 1993 Recovery Plan 2001 No take or harassment Management

461 views • 18 slides
c cientific The Hessian Module omputing Current status and future perspectives

c cientific The Hessian Module omputing Current status and future perspectives

c cientific The Hessian Module omputing Current status and future perspectives Reference: J. Abate, C. Bischof, A. Carle, L. Roh: Algorithms and Design for a Second- Order Automatic Differentiation Module Int. Symposium on Symbolic

453 views • 24 slides
Current Distribution, Status, and Threats of Canada Lynx in Montana and Wyoming John Squires,

Current Distribution, Status, and Threats of Canada Lynx in Montana and Wyoming John Squires,

Current Distribution, Status, and Threats of Canada Lynx in Montana and Wyoming John Squires, Rocky Mountain Research Station, Missoula, MT Basis of Assessment - Montana: a) Lynx Research Program at RMRS initiated in 1998 b) Captured and

734 views • 60 slides
Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities

Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities

Commonwealth of Virginia Cyber Commission First Year Report Threats and Opportunities Executive Order Number 8 Identify high risk cyber security issues facing COV. Provide advice and recommendations to secure COV networks,

449 views • 20 slides
Current status and perspectives of NMs for space weather Rolf B utikofer University of Bern,

Current status and perspectives of NMs for space weather Rolf B utikofer University of Bern,

Current status and perspectives of NMs for space weather Rolf B utikofer University of Bern, Switzerland High Altitude Research Stations Jungfraujoch and Gornergrat ESWW 2016, 14-18 November 2016, Oostende, Belgium Neutron monitors (NMs) I

837 views • 18 slides
Perspectives & Opportunities Status VINCORION Key take aways Sales process on track Feb 18

Perspectives & Opportunities Status VINCORION Key take aways Sales process on track Feb 18

Dr. Stefan Traeger & Hans-Dieter Schumacher Perspectives & Opportunities Status VINCORION Key take aways Sales process on track Feb 18 Sep 18 Jan 19 Jul 19 Jul 19 Current status: non- binding LOIs received, management

241 views • 11 slides
Clean Energy Transition In Vietnam: Current Status and Perspectives Presenter: VU XUAN NGUYET

Clean Energy Transition In Vietnam: Current Status and Perspectives Presenter: VU XUAN NGUYET

Clean Energy Transition In Vietnam: Current Status and Perspectives Presenter: VU XUAN NGUYET HONG Senior Consultant, Vietnam UNU-WIDER Development Conference, Helsinki 13-15, September 2018 Contents Vietnams context toward

542 views • 16 slides
Study to assess the potential for enhanced private participation in the maritime and air

Study to assess the potential for enhanced private participation in the maritime and air

Study to assess the potential for enhanced private participation in the maritime and air transport sectors in Africa Monday 11 June 2012 Steer Davies Gleave 28-32 Upper Ground London, SE1 9PD +44 (0)20 7910 5000 www.steerdaviesgleave.com 1

458 views • 28 slides
15th Sha'ban - Birth of Imam Al Mahdi (as) Aamal for Night of 15th Shaban It is advisable to stay

15th Sha'ban - Birth of Imam Al Mahdi (as) Aamal for Night of 15th Shaban It is advisable to stay

15th Sha'ban - Birth of Imam Al Mahdi (as) Aamal for Night of 15th Shaban It is advisable to stay awake during this full night in prayer as it has many rewards Ahadith has confirmed that as for one who spends this whole night with acts of

469 views • 19 slides
translocality in Africas urban archipelagos Loren B Landau University of Oxford &

translocality in Africas urban archipelagos Loren B Landau University of Oxford &

Precarity, temporality, & translocality in Africas urban archipelagos Loren B Landau University of Oxford & University of the Witwatersrand loren.landau@qeh.ox.ac.uk London School of Economic | 5 February 2020 Diepsloot Extension

358 views • 32 slides
Urban Growth 2 Growth in Electricity Use (2001-2011) 3 (Kennedy et al. 2015) Modeling Urban

Urban Growth 2 Growth in Electricity Use (2001-2011) 3 (Kennedy et al. 2015) Modeling Urban

Estimating the Energy Use and CO 2 Emissions of the Worlds Cities Shweta Singh 1,2 and Chris Kennedy 3 1. Agricultural & Biological Engineering, Purdue University, USA 2. Environmental & Ecological Engineering, Purdue University, USA

761 views • 32 slides
INDEPTH Model Life Tables 2.0 INDEPTH Working Group on All-Cause Mortality Samuel J. Clark,

INDEPTH Model Life Tables 2.0 INDEPTH Working Group on All-Cause Mortality Samuel J. Clark,

Outline Introduction Data Mortality Model Clustering Model Life Tables Discussion INDEPTH Model Life Tables 2.0 INDEPTH Working Group on All-Cause Mortality Samuel J. Clark, Momodou Jasseh, Sureeporn Punpuing, Eliya Zulu, Ayaga Bawah,

1.13k views • 88 slides
Economic Trends in Internet Exchanges Version 1.1 January 2005 Bill Woodcock Packet Clearing

Economic Trends in Internet Exchanges Version 1.1 January 2005 Bill Woodcock Packet Clearing

Economic Trends in Internet Exchanges Version 1.1 January 2005 Bill Woodcock Packet Clearing House Why am I giving this talk? Why am I, an engineer, giving a talk on economics? IXes are just Ethernet switches. The engineering is easy.

694 views • 45 slides
Human Capital and Industrial Development in Africa Keijiro Otsuka Professor of Development

Human Capital and Industrial Development in Africa Keijiro Otsuka Professor of Development

AfDB Pre-TICAD7 Knowledge Event Human Capital and Industrial Development in Africa Keijiro Otsuka Professor of Development Economics, Kobe University September 26, 2018 Contents Part I: Development Paths of Industrial Clusters Part II:

477 views • 30 slides
Trapping the Lion AfricaConnect 1 and 2 Cathrin Stver, GANT WACREN Conference 2016, Dakar,

Trapping the Lion AfricaConnect 1 and 2 Cathrin Stver, GANT WACREN Conference 2016, Dakar,

Trapping the Lion AfricaConnect 1 and 2 Cathrin Stver, GANT WACREN Conference 2016, Dakar, Senegal The pan-European GEANT network 2 Looking back to 2008 A quick recap! - AfricaConnect1 5 years of preparation! Contract Duration

450 views • 19 slides

More recommend