Threa eat & & Vulner erabili lity M Managem ement: W - - PowerPoint PPT Presentation

threa eat vulner erabili lity m managem ement w wher ere
SMART_READER_LITE
LIVE PREVIEW

Threa eat & & Vulner erabili lity M Managem ement: W - - PowerPoint PPT Presentation

Mar 07, 2024 357 likes •560 views

Threa eat & & Vulner erabili lity M Managem ement: W Wher ere e do y o you r ou ran ank? Ryan Wakeham Sr. Director, Strategic Solutions AGENDA The Threat Landscape Case Study Top 5 Questions to Ask Yourself

slide-1
SLIDE 1

Threa eat & & Vulner erabili lity M Managem ement: W Wher ere e do y

  • you r
  • u ran

ank?

Ryan Wakeham

  • Sr. Director, Strategic Solutions
slide-2
SLIDE 2

 The Threat Landscape  Case Study  Top 5 Questions to Ask Yourself  Threat & Vulnerability Management (TVM) Program Approach  Get Started

2

AGENDA

slide-3
SLIDE 3
slide-4
SLIDE 4

4

THE THREAT LANDSCAPE

slide-5
SLIDE 5

Malware, discovered in 2010, that specifically targeted Programmable Logic Controllers (PLC)

Smart cyberweapon targeting industrial infrastructure

Infect Windows OS using 4 0-day vulnerabilities

Seeks out Siemens Step 7 software in order to propagate to Siemens PLCs

Payload only targets very specific SCADA configurations

Periodically modifies attached variable frequency drives resulting in changes in motor speed

Contained a PLC rootkit that masked the changes it made by falsifying status information

5

STUXNET – A CASE STUDY

slide-6
SLIDE 6

 Probably developed by nation state actors (highly likely Israel & USA)

 In-depth knowledge of industrial processes  Burning of four 0-days indicates a high desire for success  Development estimates up to 30k hours (30 people over 6 months) – largest malware effort

in history

 Self-destruct and other safeguards in code

 Results

 Appeared to target an air-gapped uranium enrichment facility in Iran  Physically damaged up to 1,000 centrifuges  Set Iran’s nuclear program back several years

6

STUXNET – A CASE STUDY

slide-7
SLIDE 7

7

MORE RECENT ICS ATTACKS

201 2014

Havex

  • ICS malware designed to harvest data, likely for future

attacks

  • Targeted companies in Europe and USA

201 2015

BlackE ckEnergy

  • Malware used to attack Ukrainian power distribution

companies

201 2016

Industroyer er

  • ICS malware specifically designed to attack Ukrainian

electric grid

201 2017

TRITO TON

  • Malware framework targeting ICS / safety systems in order

to disrupt, degrade, or destroy industrial processes

slide-8
SLIDE 8

Power grids

Conventional and nuclear power plants

Healthcare

Water, sewage, and other utilities

HVAC

Processing and refining

Oil and gas

Public transportation

Airports and seaports

WHAT IS AT RISK FROM ICS ATTACKS?

slide-9
SLIDE 9

 ICS/SCADA targeted attacks are representative of other malicious activity  Regardless of your industry, the threats are real  Unlike state-sponsored cyberwarfare, cybercriminals are typically opportunistic  Cybercriminals are becoming more productive

 Proliferation of known vulnerabilities & exploits  Improved hacking skills  Increased effectiveness of automated toolsets

 Security is still often an afterthought in system development  How can your TVM program protect your organization?

9

HOW THIS IMPACTS YOU

slide-10
SLIDE 10

HOW PREPARED ARE YOU TO RE RESPOND T TO TH THESE TH THREATS?

slide-11
SLIDE 11

 Do you have methods defined for reviewing and determining actions needed for technical

vulnerabilities when they become known? And do you have capabilities to ensure these processes are working as designed?

 Do you have infrastructure and application vulnerability risk acceptance and tracking

capabilities? And do you ensure the “right” people within the organization are handling risk decisions?

 Do you have established Threat Intelligence and Incident Response capabilities? And are they

aligned with a comprehensive Threat and Vulnerability Management Program?

 Do you have an established SDLC process inclusive of security requirements, checkpoints, and

testing?

 Do you conduct Business Impact Analyses to evaluate the criticality of applications and

infrastructure with well-defined ownership of and accountability for all information assets?

11

TOP 5 QUESTIONS TO ASK YOURSELF

slide-12
SLIDE 12

12

MEASURE YOUR MATURITY

Low High Maturity Level

# OF ORGANIZATIONS

Threat & Vulnerability Management Maturity

× Lack of asset / configuration

  • mgmt. processes

× No Threat Intel integration with

  • Vuln. / Patch mgmt.

× No defined processes for evaluating technical vulnerabilities × Inability to effectively react to incidents  Clear picture of the organizations most critical assets  Well-defined (repeatable) process to respond to threats  Mature capabilities for evaluating technology risks and plans for action  Formal risk management processes in place – right stakeholders involved

slide-13
SLIDE 13

13

COMMON CHALLENGES

TIM IME DISC ISCONNECTED TO TOOLS SE SECURIT ITY TO TOOLS & & MATURITY PAR ARTNER NERSHIP AMONGST ST TEAM AMS SENIOR L OR LEVEL L AWAR AREN ENESS RE RESOU OURCES

slide-14
SLIDE 14

14

WHERE RE D DO Y O YOU OU GO FR GO FROM H HERE RE?

slide-15
SLIDE 15

15

INCIDENT RESPONSE THREAT INTELLIGENCE

TECHNOL NOLOG OGY PE PEOPL PLE PROCES ESS

TECHNICAL TESTING CONFIG MGMT SOFTWARE / DEV SEC ASSET MGMT VULN / PATCH MGMT

RECOMMENDED TVM PROGRAM COMPONENTS

slide-16
SLIDE 16

16

MEASURE THE RESULTS

slide-17
SLIDE 17

 First reported on Sunday (April 2) by Brian Krebs; story still developing  In August, 2017, security researcher Dylan Houlihan found vulnerability on panerabread.com

Exposed millions of customer loyalty records (name, email & physical address, DOB, CC last 4)

Reported to Panera Bread’s director of information security

Panera claimed to be working on a fix  Eight months later, the records were still available and could be crawled and indexed Asked whether he saw any indication that Panera ever addressed the issue he reported in August 2017 until today, Houlihan said no. “No, the flaw never disappeared,” he said. “I checked on it every month or so because I was pissed.”  Further investigation showed that there may have been close to 40 million customer records

exposed

17

BONUS CASE STUDY: PANERA BREAD

https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/

slide-18
SLIDE 18

 Review your responses to our initial 5 questions  Compare your TVM program to the framework

 Do you have these elements in place?  How well do you think they are working?  What are you missing?

 Based on the framework

 Identify immediate needs / quick wins

 Assign responsibility for the overall TVM program  If your program is at a high level of maturity:

 Conduct more thorough analysis using the framework  Determine how effectively components are really working

18

GET STARTED

TVM CHECKLIST  Resources  Plan  Time allocated  Measurement  Budget  Executive sponsorship

slide-19
SLIDE 19

Thank you!

Ryan Wakeham

  • Sr. Director, Strategic Solutions

612-455-6977 RYAN@NETSPI.COM WWW.NETSPI.COM

19