ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends

Total Page:16

File Type:pdf, Size:1020Kb

ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends FINAL VERSION 1.0 ETL 2017 JANUARY 2018 www.enisa.europa.eu European Union Agency For Network and Information Security ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For queries on this paper, please use [email protected] For media enquiries about this paper, please use [email protected]. Acknowledgements ENISA would like to thank the members of the ENISA ETL Stakeholder group: Pierluigi Paganini, Chief Security Information Officer, IT, Paul Samwel, Banking, NL, Jason Finlayson, Consulting, IR, Stavros Lingris, CERT, EU, Jart Armin, Worldwide coalitions/Initiatives, International, Thomas Häberlen, Member State, DE, Neil Thacker, Consulting, UK, Shin Adachi, Security Analyst, US, R. Jane Ginn, Consulting, US, Andreas Sfakianakis, Industry, NL. The group has provided valuable input, has supported the ENISA threat analysis and has reviewed ENISA material. Their support is highly appreciated and has definitely contributed to the quality of the material presented in this report. Moreover, we would like to thank CYjAX for granting access pro bono to its cyber risk intelligence portal providing information on cyber threats and cyber- crime. Legal notice Notice must be taken that this publication represents the views and interpretations of ENISA, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Copyright Notice © European Union Agency for Network and Information Security (ENISA), 2018 Reproduction is authorised provided the source is acknowledged. ISBN 978-92-9204-250-9, ISSN 2363-3050, DOI 10.2824/967192 02 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 Table of Contents Executive Summary 7 1. Introduction 10 Policy context 11 Target audience 12 Structure of the document 12 2. Cyber Threat Intelligence and ETL 14 Cyber Threat Intelligence: State-of-Play 14 CTI Issues: An Overview 16 ENISA approaches to CTI dissemination 19 2.3.1 ETL Web App 19 2.3.2 CTI EU 21 Scope and used definitions 22 3. Top cyber-threats 23 Malware 25 3.1.1 Description of the cyberthreat 25 3.1.2 Interesting points 25 3.1.3 Trends and main statistic numbers 27 3.1.4 Top Malware threats 28 3.1.5 Specific attack vectors 29 3.1.6 Specific mitigation actions 29 3.1.7 Kill Chain 29 3.1.8 Authoritative references 30 Web-based attacks 31 3.2.1 Description of the cyberthreat 31 3.2.2 Interesting points 31 3.2.3 Trends and main statistic numbers 32 3.2.4 Specific attack vectors 33 3.2.5 Specific mitigation vectors 34 3.2.6 Kill Chain 35 3.2.7 Authoritative references 35 Web application attacks 36 3.3.1 Description of the cyberthreat 36 3.3.2 Interesting points 36 3.3.3 Trends and main statistic numbers 37 3.3.4 Top web app attacks 37 3.3.5 Specific mitigation actions 38 3.3.6 Kill Chain 38 03 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 3.3.7 Authoritative references 39 Phishing 40 3.4.1 Description of the cyberthreat 40 3.4.2 Interesting points 40 3.4.3 Trends and main statistic numbers 42 3.4.4 Top 10 Most-Clicked General Email Subject Lines 43 3.4.5 Specific mitigation actions 43 3.4.6 Kill Chain 44 3.4.7 Authoritative references 44 Spam 45 3.5.1 Description of the threat 45 3.5.2 Interesting points 45 3.5.3 Trends and main statistic numbers 46 3.5.4 Top Spam sources 47 3.5.5 Specific mitigation actions 47 3.5.6 Kill Chain 48 3.5.7 Authoritative references 48 Denial of Service 49 3.6.1 Description of the threat 49 3.6.2 Interesting points 49 3.6.3 Trends and main statistic numbers 51 3.6.4 Top 5 most dangerous DDoS attacks 52 3.6.5 Specific attack vectors 52 3.6.6 Specific mitigation actions 53 3.6.7 Kill Chain 54 3.6.8 Authoritative references 54 Ransomware 55 3.7.1 Description of the threat 55 3.7.2 Interesting points 55 3.7.3 Trends and main statistic numbers 56 3.7.4 Top 5 ransomware threats239 57 3.7.5 Specific attack vectors 58 3.7.6 Specific mitigation actions 58 3.7.7 Kill Chain 59 3.7.8 Authoritative references 59 Botnets 60 3.8.1 Description of the threat 60 3.8.2 Interesting points 60 3.8.3 Trends and main statistic numbers 61 3.8.4 Top botnets attacks 62 3.8.5 Specific attack vectors 62 3.8.6 Specific mitigation actions 62 3.8.7 Kill Chain 63 3.8.8 Authoritative references 63 Insider threat 64 04 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 3.9.1 Description of the cyberthreat 64 3.9.2 Interesting points 64 3.9.3 Trends and main statistic numbers,,368 65 3.9.4 Top IT assets vulnerable to insider attacks 65 3.9.5 Specific attack vectors 66 3.9.6 Specific mitigation actions 66 3.9.7 Kill Chain 67 3.9.8 Authoritative references 67 Physical manipulation/damage/theft/loss 68 3.10.1 Description of the cyberthreat 68 3.10.2 Interesting points 68 3.10.3 Trends and main statistic numbers 69 3.10.4 Specific mitigation actions 69 3.10.5 Kill Chain 70 3.10.6 Authoritative references 70 Data Breaches 71 3.11.1 Description of the cyberthreat 71 3.11.2 Interesting points 71 3.11.3 Trends and main statistic numbers 71 3.11.4 Top Data breaches 72 3.11.5 Specific attack vectors 73 3.11.6 Specific mitigation actions 73 3.11.7 Kill Chain 74 3.11.8 Authoritative references 74 Identity Theft 75 3.12.1 Description of the cyberthreat 75 3.12.2 Interesting points 75 3.12.3 Trends and main statistic numbers 76 3.12.4 Top 5 identity theft threat 76 3.12.5 Specific attack vectors 77 3.12.6 Specific mitigation actions 77 3.12.7 Kill Chain: 78 3.12.8 Authoritative references 78 Information leakage 79 3.13.1 Description of the cyberthreat 79 3.13.2 Interesting points 79 3.13.3 Trends and main statistic numbers 79 3.13.4 Top data leaks threats 80 3.13.5 Specific attack vectors 80 3.13.6 Specific mitigation actions 80 3.13.7 Kill Chain 81 3.13.8 Authoritative references 81 Exploit kits 82 3.14.1 Description of the cyberthreat 82 3.14.2 Interesting points 82 3.14.3 Trends and main statistic numbers 83 05 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 3.14.4 Top 10 exploit kit threats 84 3.14.5 Specific attack vectors 85 3.14.6 Specific mitigation actions 85 3.14.7 Kill Chain 86 3.14.8 Authoritative references 86 Cyber-Espionage 87 3.15.1 Description of the cyberthreat 87 3.15.2 Interesting points, 87 3.15.3 Trends and main statistic numbers 88 3.15.4 Top cyber espionage attacks 88 3.15.5 Specific attack vectors 89 3.15.6 Specific mitigation actions 89 3.15.7 Kill Chain 89 3.15.8 Authoritative references 89 Visualising changes in the current threat landscape 90 4. Threat Agents 91 Threat agents and trends 91 Top threat agents and motives 93 Threat Agents and top threats 97 5. Attack Vectors 99 Introduction 99 Attack vectors taxonomy 99 Attacking the human element 100 Web and browser based attack vectors 101 Internet exposed assets 102 Exploitation of vulnerabilities/misconfigurations and cryptographic/network/ security protocol flaws 103 Supply-chain attacks 103 Aftermath of this year’s ransomware attacks 104 6. Conclusions 107 Main cyber-issues ahead 107 Conclusions 111 06 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 Executive Summary 2017 was the year in which incidents in the cyberthreat landscape have led to the definitive recognition of some omnipresent facts. We have gained unwavering evidence regarding monetization methods, attacks to democracies, cyber-war, transformation of malicious infrastructures and the dynamics within threat agent groups.
Recommended publications
  • Identifying Threats Associated with Man-In-The-Middle Attacks During Communication Between a Mobile Device and the Back End Server in Mobile Banking Applications
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. IX (Mar-Apr. 2014), PP 35-42 www.iosrjournals.org Identifying Threats Associated With Man-In-The-Middle Attacks during Communication between a Mobile Device and the Back End Server in Mobile Banking Applications Anthony Luvanda1,*Dr Stephen Kimani1 Dr Micheal Kimwele1 1. School of Computing and Information Technology, Jomo Kenyatta University of Agriculture and Technology, PO Box 62000-00200 Nairobi Kenya Abstract: Mobile banking, sometimes referred to as M-Banking, Mbanking or SMS Banking, is a term used for performing balance checks, account transactions, payments, credit applications and other banking transactions through a mobile device such as a mobile phone or Personal Digital Assistant (PDA). Mobile banking has until recently most often been performed via SMS or the Mobile Web. Apple's initial success with iPhone and the rapid growth of phones based on Google's Android (operating system) have led to increasing use of special client programs, called apps, downloaded to the mobile device hence increasing the number of banking applications that can be made available on mobile phones . This in turn has increased the popularity of mobile device use in regards to personal banking activities. Due to the characteristics of wireless medium, limited protection of the nodes, nature of connectivity and lack of centralized managing point, wireless networks tend to be highly vulnerable and more often than not they become subjects of attack. This paper proposes to identify potential threats associated with communication between a mobile device and the back end server in mobile banking applications.
    [Show full text]
  • Iot Threats, Challenges and Secured Integration
    IoT Threats, Challenges and Secured Integration Christian Shink, p. eng., CSSLP System Engineer • Why IoT Devices? • Bot Attacks • 3 Botnets fighting over IoT Firepower • Secure IoT integration Why IoT Devices Internet of Things Internet working of physical devices, vehicles, buildings, … Devices embedded with electronics, software, sensors, actuators Network connectivity Any Path Any Service Any Network Anytime Any Business Any context Anyone Machinery Anybody Building energy Anything Management Any Device Healthcare Retail A Rapidly Growing Number of Connected Devices Copyright © 2017 Radware. All rights reserved. IoT is Highly Susceptible to Cyber Attacks IoT devices run an embedded or stripped-down version of the familiar Linux operating system. 1 Malware can easily be compiled for the target architecture, mostly ARM, MIPS, x86 internet-accessible, lots of (I)IoT and ICS/SCADA are deployed without any form of 2 firewall protection Stripped-down operating system and processing power leaves less room for security 3 features, including auditing, and most compromises go unnoticed by the owners To save engineering time, manufacturers re-use portions of hardware and software in different 4 classes of devices resulting in default passwords and vulnerabilities being shared across device classes and manufacturers Internet Security Trend report 2015 by Nexus guard: IoT is becoming a soft target for cyber-attack Copyright © 2017 Radware. All rights reserved. From the News “D-Link failed to take reasonable steps to secure its routers and IP cameras, potentially compromising sensitive consumer information” “The cameras aren’t designed to receive software updates so the zero-day exploits can’t be patched.” “We believe that this backdoor was introduced by Sony developers on purpose” Sources: 1.
    [Show full text]
  • Recent Developments in Cybersecurity Melanie J
    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
    [Show full text]
  • Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017
    Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 A SANS Whitepaper Written by John Pescatore March 2017 Sponsored by Qualys ©2017 SANS™ Institute Introduction In security, change always equates to risk. Because change is constant, being aware of the key changes that will increase risk is a critical part of being proactive in cyber security. A simple equation for risk is the following: RISK THREAT VULNERABILITY ACTION Threats are Vulnerabilities Action consists of two malicious tactics are weaknesses components: and techniques that enable • Attacks that malicious actors (external that would cause those threats to or internal) take to launch threats damage to a succeed. business. • Prevention or mitigation efforts by security teams to reduce the attack aperture or increase speed of detection In reality, security teams control only half of the “Action” parameter. We can’t determine when threats will be developed or launched, and vulnerabilities are driven by weaknesses in people and technology. People change slowly, but technology changes rapidly, and business adoption of new technologies invariably brings new vulnerabilities that enable new threats. Understanding and anticipating business demand for emerging technologies is a key element in successful security programs. With each new wave of technology, threats tend to come in three forms: denial-of- service (DoS) attacks, cyber crime and attacks by nation-states. DoS Attacks When weaknesses in new technologies are exposed (generally by experimenters, academics and hacktivists), DoS attacks are the easiest to launch. They crash systems or cause data storms that bring networks to a halt. Cyber Crime Cyber criminals and the ecosystem that supports them refine attacks to focus on approaches that can lead to revenue, most commonly by stealing information that can be resold or support account fraud.
    [Show full text]
  • The Iranian Cyber Threat
    The Iranian Cyber Threat May 2021 0 Contents Introduction .............................................................................................................................................. 2 Cyber Retaliation ..................................................................................................................................... 2 Iran’s National Security Strategy .............................................................................................................. 4 Laying the Groundwork ........................................................................................................................... 5 Structure ................................................................................................................................................... 5 Defense ................................................................................................................................................... 6 Offense .................................................................................................................................................... 6 History of Iranian Cyber Attacks and Incidents ........................................................................................... 7 The Attacks .............................................................................................................................................. 8 Iranian Cyber Army .................................................................................................................................
    [Show full text]
  • Legal Considerations
    © 2010 Cooperative Cyber Defence Centre of Excellence (CCD COE) Contact: Cooperative Cyber Defence Centre of Excellence (CCD COE) 12 Filtri Rd. 10132 Tallinn, Estonia [email protected] www.ccdcoe.org All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of CCD COE. The views, opinions, and/or findings and recommendations contained in this analysis are those of the authors and should not be construed as an official position, policy, or decision of NATO or any NATO entity. Layout, design and illustrations: Marko Söönurm ISBN: 978-9949-9040-0-6 INTERNATIONAL CYBER INCIDENTS: LEGAL CONSIDERATIONS Eneken Tikk Kadri Kaska Liis Vihul 2010 4 Contents PREFACE ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������6 INTRODUCTION TO CASE STUDIES..........................................................................................................................................................................................10 ESTONIA 2007 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������14
    [Show full text]
  • Pirates of the Isps: Tactics for Turning Online Crooks Into International Pariahs
    21st CENTURY DEFENSE INITIATIVE CyBER SECuRITy #1 July 2011 Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Noah Shachtman 1775 Massachusetts Ave., NW Washington, D.C. 20036 brookings.edu Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Noah Shachtman CyberSeCurity #1 July 2011 21st CENTURY DEFENSE INITIATIVE Acknowledgements every research paper is a group effort, no mat- My Wired.com colleagues—ryan Singel, kevin ter what it says on the byline. this project relied Poulsen, kim Zetter and David kravets—cover more on outside assistance than most. brookings the cybersecurity beat better than anyone. this Senior fellows Peter Singer and ken lieberthal paper would have been impossible without them, were the ones who convinced me to explore the and without brian krebs, master investigator of broad topic of cybersecurity. the panel they as- the online underworld. sembled gave me new insight with every meeting; my colleague allan friedman was an especially bill Woodcock, rick Wesson, Jeff Cooper, tyler invaluable tutor and remarkably generous with Moore, audrey Plonk, Jim lewis, Dmitri alpero- his time. heather Messera and robert o’brien vitch, Paul Nicholas, Jessica herrera-flannigan, provided important research and logistical sup- Jart armin, richard bejtlich, Steve Schleien, Jona- port. My research assistant, adam rawnsley, was than Zittrain and many, many others steered me tireless in his exploration of the minutiae of ev- away from my worst ideas and towards those few erything from tort law to pirate havens. not-so-bad ones. for that, i am deeply in their debt. brookings recognizes that the value it provides to any supporter is in its absolute commitment to quality, independence and impact.
    [Show full text]
  • The Cyberpeace Institute Foreword 2 Acknowledgements 5
    March 2021 The CyberPeace Institute Foreword 2 Acknowledgements 5 Part 1: Setting the Scene 7 Disclaimer Introduction 9 The opinions, findings, and conclusions and recommendations in Signposting – How to read the Report 11 this Report reflect the views and opinions of the CyberPeace Institute Key Findings 15 alone, based on independent and discrete analysis, and do not indicate Recommendations 19 endorsement by any other national, regional or international entity. Part 2: Understanding the Threat Landscape 27 The designations employed and the presentation of the material in this publication do not express any opinion whatsoever on the part of the Chapter 1 Background 29 CyberPeace Institute concerning the legal status of any country, territory, 1.1 A convergence of threats to healthcare 29 city or area of its authorities, or concerning the delimitation of its 1.2 Healthcare as a target of choice 30 frontiers or boundaries. 1.3 Cybersecurity in the healthcare sector 32 Copyright Notice Chapter 2 Victims, Targets and Impact 35 2.1 A diversity of victims – the people 36 The concepts and information contained in this document are the 2.2 A typology of targets – healthcare organizations 38 property of the CyberPeace Institute, an independent non-profit 2.3 A variety of impacts on victims and targets 41 foundation headquartered in Geneva, unless otherwise indicated within the document. This document may be reproduced, in whole or in part, Chapter 3 Attacks 51 provided that the CyberPeace Institute is referenced as author and 3.1 Disruptive attacks – ransomware’s evolving threat to healthcare 52 copyright holder. 3.2 Data breaches – from theft to cyberespionage 57 3.3 Disinformation operations – an erosion of trust 59 © 2021 CyberPeace Institute.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • The Iranian Cyber Threat
    The Iranian Cyber Threat May 2020 0 Contents Introduction ............................................................................................................................................ 1 Structure ................................................................................................................................................. 4 History of Iranian Cyber Attacks and Incidents ......................................................................................... 6 Conclusions ........................................................................................................................................... 11 Introduction In the early morning hours of January 3, 2020, Iran’s Islamic Revolutionary Guard Corps (IRGC) Quds Force commander Qassem Soleimani was killed in a U.S. drone strike that targeted his convoy immediately after landing at Baghdad’s international airport. Iranian leaders vowed “harsh retaliation” for the attack, and followed up on this threat by firing a salvo of over a dozen ballistic missiles at two Iraqi air bases housing U.S. troops in the early morning hours of January 8, wounding over 100 soldiers. While Iran has not yet taken additional major acts of revenge, it has signaled that it is likely to strike U.S. interests again at a future time of its choosing. Iran’s Supreme Leader, Ayatollah Ali Khamenei, intoned that while the ballistic missile attack represented a “slap on the face” for the U.S., “military action like this (ballistic missile) attack is not sufficient,” vowing to refuse to enter negotiations and to continue to confront the U.S. until its influence is expelled from the region. In the intervening period, Iran’s leaders have maintained a steady drumbeat of threatening rhetoric aimed at the U.S., with Soleimani’s successor, Esmail Qaani, for instance vowing to “hit his enemy in a manly fashion.” With U.S.-Iran tensions heightened, the U.S. national security apparatus has cautioned that one avenue for retaliation Iran is likely to pursue is launching offensive cyber attacks targeting the U.S.
    [Show full text]
  • User Controlled Hardware Security Anchors: Evaluation and Designs Dr David Oswald, Prof Mark Ryan, Prof Flavio Garcia the University of Birmingham
    User Controlled Hardware Security Anchors: Evaluation and Designs Dr David Oswald, Prof Mark Ryan, Prof Flavio Garcia The University of Birmingham Industry partners: HP Labs, Yubico Why Hardware Security Anchors? 2 Why Hardware Security Anchors? 3 User Controlled Hardware Security Anchors: Evaluation and Designs (1) . WP1: Evaluate the security of available security anchors and Trusted Execution Environments (more later) . WP2: Establishing secure channels between TEE and the user through … – Auxiliary devices – Platform features for secure I/O 4 User Controlled Hardware Security Anchors: Evaluation and Designs (2) . WP3: Enhancing user authentication – Basis: FIDO(2) and U2F – Addressing enrollment and revocation – Authentication policies (e.g. location, …) – Formal modelling and verification . WP4: Demonstrators – TEE implementation – Smartphone app – Authentication token 5 Evaluating the state of TEE security An overview Trusted Execution Environments in a nutshell . Main technologies at present: – Trusted Platform Module (separate chip or firmware) – Intel Software Guard eXtensions (microcode w/ HW) – AMD Platform Security Processor (separate core) – ARM TrustZone (software w/ HW support) – Apple Secure Enclave Processor (separate core, same die) . All provide some form of running code or crypto operations in isolation . Most require cooperation with the silicon/device manufacturer (to different extent) 7 Relevant attack vectors . “Classical” vulnerabilities, e.g. buffer overflows . Microarchitecture (e.g. cache timing, Spectre and
    [Show full text]
  • Training & Conferences
    WWW.ISSA - COS.ORG VOLUME 6 NUMBER 6 J U N E 2 0 1 7 Training & Conferences olleagues, Our first Security+ Exam Prep Review Seminar, held on April 1 and 8, was another Hard to believe, but we’re almost huge success – as it always is – thanks to C half-way through the year. Our the exceptional work by Susan Ross and our impressive team of volunteers has volunteer instructors. And our second dedicated much time and effort to bring a Security+ Seminar kicks off in just a few variety of events to our membership. This days! Each of these seminars provides a 12- chapter hosts a lot of amazing events, all hour comprehensive due to the efforts of our review of the CompTIA volunteers. Security+ exam material. Our first conference of A Note From Over 50 students the year, the Cyber Focus registered for these Day (CFD), was a huge Seminars! success! We had over 200 Our President We held eight people attend the one-day membership meetings, in conference, earning seven Jan, Feb, Apr, and May, continuing education units. four at lunchtime and four If you weren’t able to in the evening. If you attend CFD this year, you haven’t made it to our missed some great presen- monthly meetings, here’s tations! what you missed so far: Our Training Commit- tee held two Mini- By Ms. Colleen Murphy Airport Security, by Seminars, providing three Dr. Shawn Murray continuing education opportunities for each What Constitutes mini-seminar, with more Mini-Seminars on Reasonable Security?, by Mr.
    [Show full text]