threats threat agents and vulnerabilities
play

Threats, Threat Agents, and Vulnerabilities COMM037 Computer - PowerPoint PPT Presentation

Feb 26, 2024 •463 likes •1.56k views

Threats, Threat Agents, and Vulnerabilities COMM037 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2010 Week 5 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 1 / 46

  1. Threat Identification Approach Brain Storm from all Directions Use different approaches and thought processes to cover as many threats as possible. Who are your enemies? what do they want to do? what can they do? (penetration testing) What has happened in the past? to yourself to others What is your great fears? how could it come about? What could happen? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

  2. Threat Identification Approach Brain Storm from all Directions Use different approaches and thought processes to cover as many threats as possible. Who are your enemies? what do they want to do? what can they do? (penetration testing) What has happened in the past? to yourself to others What is your great fears? how could it come about? What could happen? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

  3. Threat Identification Approach Brain Storm from all Directions Use different approaches and thought processes to cover as many threats as possible. Who are your enemies? what do they want to do? what can they do? (penetration testing) What has happened in the past? to yourself to others What is your great fears? how could it come about? What could happen? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

  4. Threat Identification Approach Brain Storm from all Directions Use different approaches and thought processes to cover as many threats as possible. Who are your enemies? what do they want to do? what can they do? (penetration testing) What has happened in the past? to yourself to others What is your great fears? how could it come about? What could happen? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

  5. Threat Identification Approach Brain Storm from all Directions Use different approaches and thought processes to cover as many threats as possible. Who are your enemies? what do they want to do? what can they do? (penetration testing) What has happened in the past? to yourself to others What is your great fears? how could it come about? What could happen? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

  6. Threat Identification Approach Qualitative and Quantitative Approaches Quantitiative approaches (e.g. FAIR) measure and quantify issues prioritise mathematically Detail required to measure Qualititative approaches (e.g. ISO 27005) identify all problems no accurate assessment of severity If you start the quantitative approaches to early many threats will slip through Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

  7. Threat Identification Approach Qualitative and Quantitative Approaches Quantitiative approaches (e.g. FAIR) measure and quantify issues prioritise mathematically Detail required to measure Qualititative approaches (e.g. ISO 27005) identify all problems no accurate assessment of severity If you start the quantitative approaches to early many threats will slip through Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

  8. Threat Identification Approach Qualitative and Quantitative Approaches Quantitiative approaches (e.g. FAIR) measure and quantify issues prioritise mathematically Detail required to measure Qualititative approaches (e.g. ISO 27005) identify all problems no accurate assessment of severity If you start the quantitative approaches to early many threats will slip through Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

  9. Threat Identification Approach Qualitative and Quantitative Approaches Quantitiative approaches (e.g. FAIR) measure and quantify issues prioritise mathematically Detail required to measure Qualititative approaches (e.g. ISO 27005) identify all problems no accurate assessment of severity If you start the quantitative approaches to early many threats will slip through Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

  10. Threat Sources Outline Threat Identification 1 Threat Sources 2 WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families Vulnerability Identification 3 Closure 4 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 16 / 46

  11. Threat Sources What is a threat source? Recap Threat source or threat agent An entity with an intention and capability to cause impact Sentient adversaries — potential attackers Honest users — making mistakes Nature and random events There is a reason behind incidents Enemies with an objective of their own Nature and its random events Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 17 / 46

  12. Threat Sources Why do we identify threat sources? Why do we need to identify the threat sources? When is the threat realised? how often Understand the nature of the threat resourceful attackers or amateurs? How will a preliminary attack be exploited? blackmail? slander? further attacks? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

  13. Threat Sources Why do we identify threat sources? Why do we need to identify the threat sources? When is the threat realised? how often Understand the nature of the threat resourceful attackers or amateurs? How will a preliminary attack be exploited? blackmail? slander? further attacks? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

  14. Threat Sources Why do we identify threat sources? Why do we need to identify the threat sources? When is the threat realised? how often Understand the nature of the threat resourceful attackers or amateurs? How will a preliminary attack be exploited? blackmail? slander? further attacks? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

  15. Threat Sources Why do we identify threat sources? Why do we need to identify the threat sources? When is the threat realised? how often Understand the nature of the threat resourceful attackers or amateurs? How will a preliminary attack be exploited? blackmail? slander? further attacks? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

  16. Threat Sources WikiLeaks from Afghanistan Outline Threat Identification 1 Threat Sources 2 WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families Vulnerability Identification 3 Closure 4 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 19 / 46

  17. Threat Sources WikiLeaks from Afghanistan WikiLeaks http://www.wikileaks.org/ 77 000 military, classified documents on the war in Afghanistan late July 2010 lifted from the US military leaks from Iraq October 2010 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 20 / 46

  18. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  19. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  20. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  21. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  22. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  23. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  24. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  25. Threat Sources WikiLeaks from Afghanistan Assets Confidential information former informants potential targets of retribution future operations allowing counter-operations previous operations leading to impact on goodwill and reputation Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

  26. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  27. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  28. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  29. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  30. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  31. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  32. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  33. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  34. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  35. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  36. Threat Sources WikiLeaks from Afghanistan Relevant Threat Sources Taliban and other insurgent organisation military use of the information Freedom of Information Movements champions of the public right to information Anti-War Movements aiming to swing the public opinion about the war Other military and political enemies of the state damage the state’s military capability Who is the actual threat source? Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

  37. Threat Sources WikiLeaks from Afghanistan Vulnerabilities Staff with an agenda Extensive records in compact format walk out with an encyclopedia on a keyring Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 23 / 46

  38. Threat Sources WikiLeaks from Afghanistan Vulnerabilities Staff with an agenda Extensive records in compact format walk out with an encyclopedia on a keyring Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 23 / 46

  39. Threat Sources WikiLeaks from Afghanistan Vulnerabilities Staff with an agenda Extensive records in compact format walk out with an encyclopedia on a keyring Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 23 / 46

  40. Threat Sources The Stuxnet Worm Outline Threat Identification 1 Threat Sources 2 WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families Vulnerability Identification 3 Closure 4 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 24 / 46

  41. Threat Sources The Stuxnet Worm The Stuxnet Worm Targets industrial control systems specific types of computers from Siemens Malware, able to override the controls Chemical plants Power plants Power grids Exploits four previously unknown vulnerabilities Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 25 / 46

  42. Threat Sources The Stuxnet Worm What is a worm? Malware — Malicious Software Standalone programs do not modify other programs (as viruses do) Usually spreads over the network network congestion is a common impact Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 26 / 46

  43. Threat Sources The Stuxnet Worm The attack on Iran 60% of infections in Iran The Nuclear Plant in Bushehr compromised Iran will not reveal the extent of damage seems to have delayed the opening of the plant Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 27 / 46

  44. Threat Sources The Stuxnet Worm Who is the attack source? This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development USA and Israel China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

  45. Threat Sources The Stuxnet Worm Who is the attack source? This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development USA and Israel China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

  46. Threat Sources The Stuxnet Worm Who is the attack source? This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development USA and Israel China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

  47. Threat Sources The Stuxnet Worm Who is the attack source? This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development USA and Israel China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

  48. Threat Sources The Stuxnet Worm Who is the attack source? This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development USA and Israel China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

  49. Threat Sources The Seven Cybercriminal Families Outline Threat Identification 1 Threat Sources 2 WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families Vulnerability Identification 3 Closure 4 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 29 / 46

  50. Threat Sources The Seven Cybercriminal Families A viewpoint from Law Enforcement Dr. David Benichou at WIFS’09 in London French juge investigatoire Special advisor to the Minstry of Justice PhD in Computer Sciences Model based on field experience more than 1000 cases Qualitative rather than quantitative Real-life, rather than academic view Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 30 / 46

  51. Threat Sources The Seven Cybercriminal Families The seven families of cybercrime Seven classes of threat sources (graphics c � David Bénichou) Empirical distribution of attack profiles 100 50 0 kiddies hackers avengers LP cyberterro bandits spies population dangerousness Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 31 / 46

  52. Threat Sources The Seven Cybercriminal Families The seven families of cybercrime Adolescent amateurs script kiddies hackers Amateurs with a goal avengers legal persons Resourceful professionals Organised crime Terrorists Spies Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 32 / 46

  53. Threat Sources The Seven Cybercriminal Families The big majority Script Kiddies Clueless amateurs Use scripts created by others Trying hacks for fun No understanding of the techniques used Hackers Technically adept Obscure motivations challenge, learning, experience Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 33 / 46

  54. Threat Sources The Seven Cybercriminal Families Masked Avengers Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

  55. Threat Sources The Seven Cybercriminal Families Masked Avengers Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

  56. Threat Sources The Seven Cybercriminal Families Masked Avengers Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

  57. Threat Sources The Seven Cybercriminal Families Masked Avengers Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

  58. Threat Sources The Seven Cybercriminal Families Masked Avengers Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

  59. Threat Sources The Seven Cybercriminal Families Masked Avengers Grown up individuals with a score to settle Obvious motivation relatively easy to unmask e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

  60. Threat Sources The Seven Cybercriminal Families Legal Persons Financial motives unfair competition trade secrets Highly skilled Easy to identify — the motive is a give-away Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 35 / 46

  61. Threat Sources The Seven Cybercriminal Families The big and resourceful Spies, organised crime, and terrorists Different motivations political (spies) financial (organised crime) ideological (terrorists) All are resourceful, with solid backing few have resources on this scale the resources make serious impact possible Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 36 / 46

  62. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  63. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  64. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  65. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  66. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  67. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  68. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  69. Threat Sources The Seven Cybercriminal Families The rare and serious agents Terrorists Spies Organised Crime Backed with considerable resources money, manpower, information, backup Different objectives Ideology — Terrorists Politics — Spies Money — Organised Crime Similar dedication professionalism and clear objectives Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

  70. Threat Sources The Seven Cybercriminal Families Risk Analysis How does each family affect your risk analysis? Script Kiddies Hackers Avengers Legal Persons Terrorists Spies Organised Crime Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 38 / 46

  71. Vulnerability Identification Outline Threat Identification 1 Threat Sources 2 Vulnerability Identification 3 Closure 4 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 39 / 46

  72. Vulnerability Identification Vulnerability Identification ISO 27005:2008 Input lists of known threats assets existing controls Output a list of vulnerabilities in relation to assets, threats, and controls a list of vulnerabilities not related to any identified threat Action Identify vulnerabilities that could be exploited by the threats Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 40 / 46

  73. Vulnerability Identification Areas of vulnerabilities ISO 27005:2008 Organisation Processes and procedures Management routines Personnel Physical environment Information system configuration Hardware, software or communications equipment Dependence on external parties Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 41 / 46

  74. Vulnerability Identification Vulnerabilities and Known Threats For each threat identified Which assets are under threat? What vulnerabilities can it exploit How? What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

  75. Vulnerability Identification Vulnerabilities and Known Threats For each threat identified Which assets are under threat? What vulnerabilities can it exploit How? What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

  76. Vulnerability Identification Vulnerabilities and Known Threats For each threat identified Which assets are under threat? What vulnerabilities can it exploit How? What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

Recommend

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

357 views • 23 slides
Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE Secappdev 2007 1

Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE Secappdev 2007 1

Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE Secappdev 2007 1 UNIVERSITEIT LEUVEN Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsofts Threat

784 views • 39 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Threats and Responses 1 The Threat Environment Constantly evolving and innovative terrorist

Threats and Responses 1 The Threat Environment Constantly evolving and innovative terrorist

Canadas Maritime Security Title Goes Here Threats and Responses 1 The Threat Environment Constantly evolving and innovative terrorist and organized crime threats against marine transportation globally 200,000 km of coastline -

795 views • 12 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
Introduction What I do Research new vulnerabilities, malware, and other security threats

Introduction What I do Research new vulnerabilities, malware, and other security threats

Introduction What I do Research new vulnerabilities, malware, and other security threats Create defensive measures Evaluate security software What this talk is about Windows rootkits How they are used How they work

790 views • 54 slides
Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017

Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017

Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017 Agenda (1) Macro- and Micro-Trends Impacting Mobile (2) Vulnerabilities in the Mobile Ecosystem (3) Threat Actors and Emerging Threats (4) Mobile

244 views • 11 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda Grses Motivation imec - ESAT/COSIC, KU Leuven Threat Modeling 1. Characterize the system 2. Identify the threats 3. Threat and Risk analysis

147 views • 12 slides
Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure messages

736 views • 30 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Addressing Threats and Vulnerabilities in Critical Interconnected Systems Jon Kleinberg Cornell

Addressing Threats and Vulnerabilities in Critical Interconnected Systems Jon Kleinberg Cornell

Addressing Threats and Vulnerabilities in Critical Interconnected Systems Jon Kleinberg Cornell University Washington DC Metro Map wmata.com Power Grid Florida Power Grid (Dale et al, Xu et al) Boston, Google Maps Social Network Facebook

620 views • 30 slides
SCARC BOMB THREAT TRAINING BOMB THREATS American schools and companies receive thousands of

SCARC BOMB THREAT TRAINING BOMB THREATS American schools and companies receive thousands of

SCARC BOMB THREAT TRAINING BOMB THREATS American schools and companies receive thousands of bomb threat calls every year. Very few of these are warnings of real bombs. A large percentage of these calls prove to be hoaxes; however, all bomb

589 views • 17 slides
Com puter Security Part Tw o Previously Introduction Threat analysis Threats

Com puter Security Part Tw o Previously Introduction Threat analysis Threats

Com puter Security Part Tw o Previously Introduction Threat analysis Threats Policy Specification Design Implementation Operation and Maintenance Now Multilateral and Multilevel security Security policies

355 views • 24 slides
Purpose To help Ohio businesses fight back against data security threats. What Threat?

Purpose To help Ohio businesses fight back against data security threats. What Threat?

Purpose To help Ohio businesses fight back against data security threats. What Threat? Goal To create the best legal, technical, and collaborative cybersecurity environment possible in Ohio. Skimming

518 views • 25 slides
Programs 1 Cooperative Threat Reduction Evolved to combat emerging and global WMD threats

Programs 1 Cooperative Threat Reduction Evolved to combat emerging and global WMD threats

CBRN Capacity Building Programs 1 Cooperative Threat Reduction Evolved to combat emerging and global WMD threats Distinct approach to CBRN U.S. Department of State U.S. Department of Energy 2 The Chemical Security Program (CSP)

281 views • 16 slides
Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Introduction Insiders and Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control Help? Trust and Trustworthi- ness Access Control and Trustwor- Jason Crampton 1 Michael Huth 2 thiness 1 Information

470 views • 25 slides
MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution

680 views • 31 slides
Cyber Kill Chain Jay Chen, Ruben Ocana, Senna Alsadam, Andrew Shi Modern Security Threats

Cyber Kill Chain Jay Chen, Ruben Ocana, Senna Alsadam, Andrew Shi Modern Security Threats

Cyber Kill Chain Jay Chen, Ruben Ocana, Senna Alsadam, Andrew Shi Modern Security Threats New class of threat actors called Advanced Persistent Threat (APT) Data compromised for economic or military advancement Conventional

701 views • 32 slides
Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat

Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat

Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat Researcher at Trend Micro- research and blogger on criminal underground, persistent threats,

792 views • 44 slides
Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda New Cybernetic Global Order Cyber threats. The present and future threat scenarios. The scenario in Brazil. Final

617 views • 46 slides
Of the U.S. Nuclear Deterrent Against Emerging Threats A Presentation to the USSTRATCOM Academic

Of the U.S. Nuclear Deterrent Against Emerging Threats A Presentation to the USSTRATCOM Academic

Th The November 2019 DEFENSE TH THREAT REDUCT CTION ADVIS ISORY COMMIT ITTEE (T (TRAC) Report on Scenario-Based Planning to Maintain the Credibility Of the U.S. Nuclear Deterrent Against Emerging Threats A Presentation to the USSTRATCOM

348 views • 16 slides

More recommend