to critical information infrastructure
play

to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, - PowerPoint PPT Presentation

Sep 02, 2023 •143 likes •519 views

Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn Building the Digital Keystone State Sponsored Attacks Political Warfare

  1. Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn

  2. Building the Digital Keystone State Sponsored Attacks Political Warfare Multi-stage-Attack AI Botnets Email Compromise Social Engineering Supply Chain Attack APT Groups ATM Fraud IoT Malware CIIP Attacks Commercial Espionage Crypto-jacking ICO/Smart Contract Attack www.keystone.tn

  3. Building the Digital Keystone Industrial Projection This is how ICS/OT people see it www.keystone.tn

  4. Building the Digital Keystone Hacker Projection This is how Hacker looks at is www.keystone.tn

  5. Building the Digital Keystone OT - real-life convergence Critical infrastructure is a part of society. And now, it is fully convergence Modern OT: • ICS/SCADA • Telecom • Transportation • IoT Business process is not limited by ICS/SCADA. Around you can see lot of accompanying technology which help to operate business process and brings new threats! www.keystone.tn

  6. Building the Digital Keystone Taking the Challenge BEFORE NOW Threat Model for separate ICS Threat Model for ALL industries!  Challenging  Is it possible? www.keystone.tn

  7. Building the Digital Keystone Security Threats landscape Today’s reality on Critical Infrastructures & Enterprises www.keystone.tn

  8. Building the Digital Keystone Industrial and Energy sector www.keystone.tn

  9. Building the Digital Keystone By January 2016 more than 150 000 of industrial systems were found to be accessible through the Internet. Among them, about 15 000 are vulnerable with a high risk level Most of these components were accessible via HTTP, Fox, Modbus, and BACnet , and in most Time to patch cases, a dictionary password was used for authentication. vulnerabilities Cutting Sword of Mexican Pemex Justice attacked suffered from STUXNET DUQU Saudi Aramco targeted attack 2012 2014 2010 2011 www.keystone.tn

  10. Building the Digital Keystone Key risks for ICS Modes of attack The Impacts and Cyber systems may be subject to consequences unauthorized access through Successful cyber attacks could result in: various means: • Utilities interruption • remotely, via the Internet, or • Plant sabotage / shutdown unsecured telecom networks. • Production disruption • at close hand, through direct • Threats to safety contact with infrastructure (e.g. • Economic loss through a USB port). • Reputational damage • locally, through unauthorized • Loss of real-time monitoring and access to physical infrastructure, or control insider threat • Potential to cause death and injury (infiltration). www.keystone.tn

  11. Building the Digital Keystone Network access Corporate network SCADA network HMI Modbus Gateway Teleworking SCADA Internet Modbus TCP Wireless TCP/IP Modem Remote RTU/PLC maintenance Field units RTU/PLC RTU/PLC www.keystone.tn

  12. Building the Digital Keystone Attack vectors Entry points Corporate network Final targets Intermediate targets Attack vectors SCADA network HMI Modbus Gateway Teleworking SCADA Internet Modbus TCP Wireless TCP/IP Modem Remote RTU/PLC maintenance Field units RTU/PLC RTU/PLC www.keystone.tn

  13. Building the Digital Keystone Typical network Modbus, TCP/IP DNP3, OPC, S7, EtherCAT, FL-net, etc. www.keystone.tn

  14. Building the Digital Keystone Exposed and vulnerable • 100% of tested SCADA networks are exposed to Internet/Corporate network Network equipment/firewalls misconfiguration • MES/OPC/ERP integration gateways • HMI external devices (Phones/Modems/USB Flash) abuse • VPN/Dialup remote access • • 90% of tested SCADA can be hacked with Metasploit Standard platforms (Windows, Linux, QNX, BusyBox , Solaris…) • Standard protocols (RCP, CIFS/SMB, Telnet, HTTP…) • Standard bugs (patch management, passwords, firewalling, application • vulnerabilities) www.keystone.tn

  15. Building the Digital Keystone Train hacking www.keystone.tn

  16. Building the Digital Keystone ETCS level2 Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn

  17. Building the Digital Keystone GSM-R: signaling and telemetry Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn

  18. Building the Digital Keystone OpenBTS MitM/Jamming/Replay Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station www.keystone.tn

  19. Building the Digital Keystone When you connect to the Internet – the Internet connects to you Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn

  20. Building the Digital Keystone Passenger attacking the infrastructure Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station Onboard www.keystone.tn

  21. Building the Digital Keystone Attacks from the Internet Computer Based Interlocking RBC RBC GSM-R MMI Fixed Eurobalise to peripherals: signals, point Plain Line machines, etc. Data GSM-R ETCS Onboard GSM-R Fixed Eurobalise Station www.keystone.tn

  22. Building the Digital Keystone More hacking on ICS to come www.keystone.tn

  23. Building the Digital Keystone Telcos Critical Infrastructure Threats www.keystone.tn

  24. Building the Digital Keystone www.keystone.tn 2 4

  25. Building the Digital Keystone Main threats of 2018 Predicted threats of 2019 and beyond AI used against the industry • IoT attacks on the rise • Uneducated overreliance on cloud • 5G threats • Quantum and the Public Key Infrastructure (PKI) • www.keystone.tn

  26. Building the Digital Keystone Attacker IT network Traffic SS7 Attacker Attacker Attacker OAM Internet GRX/IPX Remote support Attacker LTE Wi-Fi Gateway PS Core SMS-C A MSC WiMAX PON DSL MSC HLR VLR Femto IMS B Attacker Billing CS Core UTRAN www.keystone.tn

  27. Building the Digital Keystone www.keystone.tn

  28. Building the Digital Keystone www.keystone.tn

  29. Building the Digital Keystone Financial Sector www.keystone.tn

  30. Building the Digital Keystone www.keystone.tn

  31. Building the Digital Keystone Misconfiguration Unpatched vulnerabilities Lack of encryption CBS End-of-life systems Lack of assessment Attack vectors GRH Weak authentication and Web access control Weak filtering Portal www.keystone.tn Lack of awareness Employee errors

  32. Building the Digital Keystone OLB: Critical Threats Theft of funds by an Theft of funds authorized user by an external attacker Access to DBMS or OS Theft of funds 5% 10% Access to payment card data 25% Access to private 15% Theft of funds by an information of certain authorized user clients Access to users’ personal data Access to business secrets OLB denial of service Compromise of business secrets and/or client privacy Access to DBMS or OS 15% Access to business secrets 30% Access to DBMS or OS OLB information security threats www.keystone.tn

  33. Building the Digital Keystone SWIFT attack case (2016) US$81 million Lazarus group could have made off with $1 billion www.keystone.tn

  34. Building the Digital Keystone APT: Carbanack case ― Spear phishing  Old vulnerabilities exploitation, ― Remote command execution (screenshot capture while accessing sensitive web application, cookies theft, etc.) ― Install a RAT (Ammyy Admin ) for lateral attacks to access the banking accounts processing systems, A billion-dollar APT ― On the target, the attacker record the screen activities to get familiar with procedures and banking workflow via the stolen data. ― These information is used to steal money via SWIFT network. www.keystone.tn

  35. Building the Digital Keystone Blackbox, jackpotting “Black box attack”: unauthorized cash withdrawal is possible with a cheap and popular computer. The credit-card sized and fast programmable device can be easily hidden inside an ATM. Sometimes it can be plugged even outside an ATM. USB-based microcontroller – the most HIDden jackpotting device www.keystone.tn

  36. Building the Digital Keystone Gouvernement Healthcare Other critical sectors Transport Mass Media www.keystone.tn

  37. Building the Digital Keystone Merci pour votre attention é é www.keystone.tn

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual

Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual

Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual workshop 17 - 19 Oct 2013, IISc, Bangalore Presentation Outline Government Cyber Security Architecture CII Overview & Definitions Critical

517 views • 20 slides
Critical Information Infrastructure July 15 th 96 American president signed Executive Order

Critical Information Infrastructure July 15 th 96 American president signed Executive Order

6/21/2012 Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs 2012 Workshop on Cyber Security and Global Affairs and Global Security Forum UPC Barcelona Jun.

216 views • 9 slides
Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno Overeinder Wednesday, July 3, 13 The initial question Critical infrastructure sectors What is the network level representation of the critical

392 views • 24 slides
Big data in critical infrastructure: Production and failover infrastructure in DWD's central data

Big data in critical infrastructure: Production and failover infrastructure in DWD's central data

Big data in critical infrastructure: Production and failover infrastructure in DWD's central data management Daniel Lee, German Weather Service (DWD) TI12b Sep. 2015 Agenda 1. DWD's goals 2. Operational systems 3. Technical

556 views • 52 slides
Broadband Infrastructure is Critical Infrastructure Jeff Sobotka VP & State Broadband

Broadband Infrastructure is Critical Infrastructure Jeff Sobotka VP & State Broadband

Broadband Infrastructure is Critical Infrastructure Jeff Sobotka VP & State Broadband Director Definition: Broadband is defined as networks of deployed telecommunications equipment and technologies necessary to provide high-speed

268 views • 15 slides
Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security Centre (NCSC) This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation.

197 views • 8 slides
Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing

Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing

Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the tools and information to help in

467 views • 18 slides
Infrastructure critical to growth, but continent hampered by limited stocks and high costs

Infrastructure critical to growth, but continent hampered by limited stocks and high costs

Infrastructure critical to growth, but continent hampered by limited stocks and high costs Infrastructure contributed about one percentage point of Africas recent growth spurt Improving all countries infrastructure to level of Mauritius

624 views • 34 slides
Critical Resilient Interdependent Infrastructure Systems and Processes David Tipper , Professor

Critical Resilient Interdependent Infrastructure Systems and Processes David Tipper , Professor

TeleNeT Program Critical Resilient Interdependent Infrastructure Systems and Processes David Tipper , Professor Graduate Telecommunications and Networking Program School of Computing and Information University of Pittsburgh

524 views • 13 slides
Health Information Technology: a Critical Means to an Even More Critical End Mary Jo Deering,

Health Information Technology: a Critical Means to an Even More Critical End Mary Jo Deering,

Health Information Technology: a Critical Means to an Even More Critical End Mary Jo Deering, Ph.D. Beijing, China August 2010 Information is the life blood of medicine and health information technology is its circulatory system. Sir

576 views • 31 slides
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Kevin Stine National Institute of Standards and Technology Executive Order 13636:

128 views • 11 slides
The cybersecurity dimension of critical [energy] infrastructure it appears that someone found

The cybersecurity dimension of critical [energy] infrastructure it appears that someone found

The cybersecurity dimension of critical [energy] infrastructure it appears that someone found remote access and started tripping breakers. - Scadasec commentator 2015-12-26 Vytautas Butrimas Views expressed in this presentation

376 views • 15 slides
Critical infrastructure, interconnected risks, and resiliency. Why wo(men) should care? FABRIKAM

Critical infrastructure, interconnected risks, and resiliency. Why wo(men) should care? FABRIKAM

Critical infrastructure, interconnected risks, and resiliency. Why wo(men) should care? FABRIKAM RESIDENCES A little bit about me I identify as South-Asian woman from Mumbai, India. I started off in my computer career as a data entry

997 views • 55 slides
Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

S T A T D E Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive Software O H F C F R I A C E E S University Research Initiative Program O E F R N L A A V Welcome to the 3 rd

318 views • 14 slides
Broadband: The Critical Infrastructure for Sustainable Prosperity connect > enable >

Broadband: The Critical Infrastructure for Sustainable Prosperity connect > enable >

Broadband: The Critical Infrastructure for Sustainable Prosperity connect > enable > transform Broadband is the principal tool to address our top societal challenges. Some call it a utility, a civic right. National Applications Energy/

884 views • 13 slides
Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent

Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent

FOR OFFICIAL USE ONLY Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG) March 11, 2013 FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Agenda 12:30

217 views • 20 slides
Institutional Investor Information Pack Meeting a Sapphire Future January 2017 Corporate

Institutional Investor Information Pack Meeting a Sapphire Future January 2017 Corporate

Altech Chemicals Limited (ASX:ATC) Company Presentation Institutional Investor Information Pack Meeting a Sapphire Future January 2017 Corporate Snapshot Trading information Share price performance (last 12 months) Volume (m) Price

348 views • 21 slides
First Quarter Results 2010 27 April 2010 Safe harbor Non-GAAP measures and management estimates

First Quarter Results 2010 27 April 2010 Safe harbor Non-GAAP measures and management estimates

First Quarter Results 2010 27 April 2010 Safe harbor Non-GAAP measures and management estimates This presentation contains a number of non-GAAP figures, such as EBITDA and free cash flow. These non-GAAP figures should not be viewed as a

697 views • 67 slides
GTC EUROPE 2017 Mehmet TUN (Mech. Eng. M.Sc.) 10-12 Oct, Munich SUMMARY 2 GTC EUROPE 2017,

GTC EUROPE 2017 Mehmet TUN (Mech. Eng. M.Sc.) 10-12 Oct, Munich SUMMARY 2 GTC EUROPE 2017,

1 FNSS Savunma Sistemleri A.S. Proprietary Information. The information contained in this document is FNSS Savunma Sistemleri A.S. proprietary information and is disclosed in confidence. It is the property of FNSS Savunma Sistemleri A.S: and shall

967 views • 72 slides
PRODUCT OVERVIEW Electric Water Heater ES 15 High quality products for ES 10 ES 30 F1

PRODUCT OVERVIEW Electric Water Heater ES 15 High quality products for ES 10 ES 30 F1

PRODUCT OVERVIEW Electric Water Heater ES 15 High quality products for ES 10 ES 30 F1 decentralised preparation hot water A3 10 l Durable decarbonized enameled steel tank Volume between 10 l .. 100 l Magnesium rod for

291 views • 6 slides
The Migration to NGN and the Evolution of IP Interconnection J. Scott Marcus: Department

The Migration to NGN and the Evolution of IP Interconnection J. Scott Marcus: Department

The Migration to NGN and the Evolution of IP Interconnection J. Scott Marcus: Department Manager, NGN and Internet Economics TU Berlin INFRADAY 6 October 2007 0 The Evolution of IP Interconnection: An economic perspective - Lessons from the

730 views • 50 slides
IRANS CAPITAL MARKETS THE FUTURE IS BRIGHT DECEMBER 2017 A SSET M ANAGEMENT AND P RIVATE E

IRANS CAPITAL MARKETS THE FUTURE IS BRIGHT DECEMBER 2017 A SSET M ANAGEMENT AND P RIVATE E

IRANS CAPITAL MARKETS THE FUTURE IS BRIGHT DECEMBER 2017 A SSET M ANAGEMENT AND P RIVATE E QUITY WHAT WE DO 2 G RIFFON C APITAL OVERVIEW What do we do Griffon Capital is an Asset Management and Private Equity group focused solely on the

283 views • 27 slides
in interference experiments Izabella Lovas EQP seminar 2014.12.01. References Dissertation

in interference experiments Izabella Lovas EQP seminar 2014.12.01. References Dissertation

Full statistics of density ripples in interference experiments Izabella Lovas EQP seminar 2014.12.01. References Dissertation of Adilet Imambekov Schumm et al., Nature Physics 1, 57 (2005) Hadzibabic et al., Nature 441, 1118

365 views • 18 slides
2018 1MORE PRODUCT ROADMAP 2018 ROADMAP Dual Driver TWS Triple BT BT IE iBFree 2 Gaming

2018 1MORE PRODUCT ROADMAP 2018 ROADMAP Dual Driver TWS Triple BT BT IE iBFree 2 Gaming

2018 1MORE PRODUCT ROADMAP 2018 ROADMAP Dual Driver TWS Triple BT BT IE iBFree 2 Gaming Fashionable BT ANC IE Hi-Fi Outdoor Speaker Speaker VRX VR Young VR Fit Penta Driver Fashionable IE Fashionable OE Fashionable BT Fashionable

450 views • 20 slides

More recommend