th the abc bcs of of ics th threat act ctiv ivit ity y
play

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou - PowerPoint PPT Presentation

Aug 18, 2023 •687 likes •874 views

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast Before we get started - The

  1. Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast

  2. Before we get started… - The webinar is being recorded - The recording will be sent out in a few days - Please submit questions using the Q&A feature - All attendee phones are muted - Let’s meet our speakers!

  3. Meet Meet our our Spea peaker ers Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast

  4. Threat Group Names are Everywhere

  6. What does this mean?

  7. Diamond Model of Intrusion Analysis Source: diamondmodel.org

  8. Diamond, Kill Chain, ATT&CK

  9. Activity Groups Source: diamondmodel.org

  10. Activity Group Lifecycle Analytic Problem Feature Redefinition Selection Analysis Creation Growth Source: diamondmodel.org

  11. Activity Groups Source: diamondmodel.org

  12. Behavior, Behavior, Behavior Detection Mitigation Detect classes of threats Mitigate whole classes of threats Detect behaviors, not things Define and control the physics Have 100s of detections, not millions Mitigate Strategically not Tactically

  13. Activity Group Families AGF 1 AG 1 AG 4 AG 2 AGF 2 AG 3 AG 5 Source: diamondmodel.org

  14. Attribution Activity Groups are not equivalent to attribution ICS threat environments are too complex for a simple attribution model Soft Attribution is not Hard Attribution

  15. Some Dragos Activity Groups https://www.dragos.com/threat-activity-groups/

  16. Q& Q&A Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast

  17. Th Thank You! Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AF T E R-SCHOOL ACT IVIT IE S OF F E R E D AT L F T SCIENCE ACT IVIT IE S

AF T E R-SCHOOL ACT IVIT IE S OF F E R E D AT L F T SCIENCE ACT IVIT IE S

AF T E R-SCHOOL ACT IVIT IE S OF F E R E D AT L F T SCIENCE ACT IVIT IE S IMAGINAT ION INVE ST IGAT ION (Gr ade 1 Gr ade 5) Stude nts te st the ir fo re nsic skills a s the y b e c o me supe r sle uths in o ur de

319 views • 8 slides
Nanot echnol ogy Act ivit ies Nanot echnol ogy Act ivit ies in K or ea in K or ea Hee-Gook Lee

Nanot echnol ogy Act ivit ies Nanot echnol ogy Act ivit ies in K or ea in K or ea Hee-Gook Lee

Nanot echnol ogy Act ivit ies Nanot echnol ogy Act ivit ies in K or ea in K or ea Hee-Gook Lee President LG Electronics, Inc. CONTENTS I. Nanotechnology in Korea National Programs Industry Academia NTRA II. Summaries 1

277 views • 8 slides
T HE PROSPE CT IVIT Y OF T HE PROSPE CT IVIT Y OF WE ST E RN NGAMIL AND WE ST E

T HE PROSPE CT IVIT Y OF T HE PROSPE CT IVIT Y OF WE ST E RN NGAMIL AND WE ST E

T HE PROSPE CT IVIT Y OF T HE PROSPE CT IVIT Y OF WE ST E RN NGAMIL AND WE ST E RN NGAMIL AND By Ma nfre d Ma rx By Ma nfre d Ma rx DIAMONDS AND BASE ME T AL S DIAMONDS AND BASE ME T AL S BOT SWANA RE SOURCE CONF

435 views • 18 slides
Atsuto Suzuki 1 in 2007 2 Quest for Quest for Unifying International Linear Collider

Atsuto Suzuki 1 in 2007 2 Quest for Quest for Unifying International Linear Collider

Atsuto Suzuki 1 in 2007 2 Quest for Quest for Unifying International Linear Collider Birth-Evolution Matter and Force ILC of Universe Scie cientific ic A Act ctiv ivit ities Lepton CP Asymmetry Beyond Standard Physics

657 views • 33 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
HE AVY ME T AL DE POSIT ION MONIT ORING ACT IVIT IE S IN MAL AYSIAN ME T E OROL

HE AVY ME T AL DE POSIT ION MONIT ORING ACT IVIT IE S IN MAL AYSIAN ME T E OROL

Asia Pac ific Me r c ur y Monitor ing Ne twor k (APMMN) Wor kshop 22 23 June 2015 Minamata, Japan HE AVY ME T AL DE POSIT ION MONIT ORING ACT IVIT IE S IN MAL AYSIAN ME T E OROL OGICAL DE PART ME NT (ME T MAL

670 views • 23 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
30 Years 30 rs of His History ry and Future re Pers rspect ctiv ives of Superco rconduct

30 Years 30 rs of His History ry and Future re Pers rspect ctiv ives of Superco rconduct

IEEE/CSC & ESAS SUPERCONDUCTIVITY NEWS FORUM (global edition), February 2018. Plenary presentation PL6-INV was given at ISS 2017, December 13-15, 2017, Tokyo, Japan. 30 Years 30 rs of His History ry and Future re Pers rspect ctiv ives

510 views • 47 slides
Sale les Pre resentatio ion for Matts Mega Mart Object ctiv ives By the end of this

Sale les Pre resentatio ion for Matts Mega Mart Object ctiv ives By the end of this

Sale les Pre resentatio ion for Matts Mega Mart Object ctiv ives By the end of this lesson, you will be able to: Apply Theme to presentation Change a table to a form Export Word outline to Use the top 10 filter PowerPoint

411 views • 5 slides
Ne NetBouncer uncer: A : Act ctiv ive D e Device and ice and Link Failure Lo Li

Ne NetBouncer uncer: A : Act ctiv ive D e Device and ice and Link Failure Lo Li

Ne NetBouncer uncer: A : Act ctiv ive D e Device and ice and Link Failure Lo Li Localization in Data Ce Center r Netw twork orks Presented by Akash Kulkarni Problems that may occur in Data Center Routing misconfigurations

670 views • 22 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Just t Tran ansition sition A W A Worker er Per erspe spect ctiv ive 1 ITUC, ETUC and

Just t Tran ansition sition A W A Worker er Per erspe spect ctiv ive 1 ITUC, ETUC and

Just t Tran ansition sition A W A Worker er Per erspe spect ctiv ive 1 ITUC, ETUC and t d the e Just Transit itio ion Cen entre The International Trade Union Confederation represents more than 200 million workers worldwide in

424 views • 16 slides
Pushin ing productiv ivit ity boundarie ies of f Micr icrosoft ft Dynamic ics 365!

Pushin ing productiv ivit ity boundarie ies of f Micr icrosoft ft Dynamic ics 365!

Pushin ing productiv ivit ity boundarie ies of f Micr icrosoft ft Dynamic ics 365! SmartBar Navigation and Customize to fit personal Dynamics 365 requirements Cus Customize Quick Vie Qu View & Cou Count Navig igate Adopt

270 views • 5 slides
IM IMPROVING A SOUNDING ROCKET TECHNOLOGY DEMONSTRATOR FOR STUDENT EXPERIMENTAL ACT CTIV

IM IMPROVING A SOUNDING ROCKET TECHNOLOGY DEMONSTRATOR FOR STUDENT EXPERIMENTAL ACT CTIV

IM IMPROVING A SOUNDING ROCKET TECHNOLOGY DEMONSTRATOR FOR STUDENT EXPERIMENTAL ACT CTIV IVITIES Filippo Trevisi Nimbus Project, CISAS (University of Padova), Italy SSEA, 11/12/2015 1/15 Nimbus Project Founded in 2012 by three students

438 views • 15 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
ABC: A Cryptocurrency-Focused Threat Modeling Framework Ghada Almashaqbeh 1 , Allison Bishop 1,2 ,

ABC: A Cryptocurrency-Focused Threat Modeling Framework Ghada Almashaqbeh 1 , Allison Bishop 1,2 ,

ABC: A Cryptocurrency-Focused Threat Modeling Framework Ghada Almashaqbeh 1 , Allison Bishop 1,2 , Justin Cappos 3 1 Columbia, 2 Proof Trading, 3 NYU CryBlock 2019, Paris, France Outline Background. Motivation. The ABC framework.

1.25k views • 26 slides
Outline Integer overflow debrief CSci 4271W Development of Secure Software Systems Code

Outline Integer overflow debrief CSci 4271W Development of Secure Software Systems Code

Outline Integer overflow debrief CSci 4271W Development of Secure Software Systems Code auditing Day 4: Auditing and Threat Modeling 1 Stephen McCamant Threat modeling University of Minnesota, Computer Science & Engineering Integer

313 views • 4 slides
Lecture 2 - Security Overview CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 2 - Security Overview CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 2 - Security Overview CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

195 views • 19 slides
Lecture 01 The Security Mindset Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 01 The Security Mindset Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 01 The Security Mindset Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Adapted from Michael Baileys ECE 422 About Me 2012 Ph.D. from UC San Diego in CS 20122015 Assistant Research Professor

417 views • 29 slides
Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist, Trideum, Huntsville,

Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist, Trideum, Huntsville,

IT 2 EC 2020 IT 2 EC Extended Abstract Template Presentation/Panel Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist, Trideum, Huntsville, United States Abstract This paper addresses both the Digital Twin Approach and

55 views • 3 slides
CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1 Instructor: Deian

CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1 Instructor: Deian

CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1 Instructor: Deian Stefan deian+cse127@cs.ucsd.edu Office Hours: Fri 9-10am TA: Sunjay Cauligi scauligi@eng.ucsd.edu Office Hours: Thu 7-8pm TA: Evan

982 views • 63 slides
Lecture 9: Discrete-Time Fourier Transform Mark Hasegawa-Johnson ECE 401: Signal and Image

Lecture 9: Discrete-Time Fourier Transform Mark Hasegawa-Johnson ECE 401: Signal and Image

Review DTFT DTFT Properties Examples Summary Lecture 9: Discrete-Time Fourier Transform Mark Hasegawa-Johnson ECE 401: Signal and Image Analysis, Fall 2020 Review DTFT DTFT Properties Examples Summary Review: Frequency Response 1

396 views • 38 slides
1A88F Push-Open with Silent Soft-Closing Specifications Undermount Slide for Face Frame Cabinet

1A88F Push-Open with Silent Soft-Closing Specifications Undermount Slide for Face Frame Cabinet

Undermount Slides www.kingslide.com 1A88F Push-Open with Silent Soft-Closing Specifications Undermount Slide for Face Frame Cabinet Length: 305 / 381 / 457 / 533mm (16mm) 12" / 15" / 18" / 21" Travel: Full

383 views • 4 slides

More recommend