• Abstract and Figures
• Public Full-text

SAÂD KADHI, HEAD OF CERT-EU. HACK.LU 2019 / 2019-10-23 PUBLIC / TLP:WHITE DISTURBANCE THE SORRY STATE OF CYBERSECURITY AND WHAT WE CAN DO ABOUT IT v1 IN THE BEGINNING IN THE BEGINNING, A CYBERSECURITY PRODUCT WAS BORN THE ANTIVIRUS IN THE BEGINNING, IT PROTECTED US (TO SOME EXTENT) FILELESS MALWARE RANSOMWARE SLAMMER (2003) BRAIN POWELIKS (1986) (2015) WORMS AIDS (1989) ILOVEYOU (2000) REVETON (2012) CODE NIMDA RED (2001) THE ANTIVIRUS (2001) CRYPTOLOCKER (2013) CONFICKER (2008) TROJANS & RATS PETYA (2016) EGABTR (1989?) POTENTIALLY UNWANTED APPLICATIONS WANNACRY (2017) NETBUS MIMIKATZ DARKCOMET (1998) (2011) (2012) FINFISHER (2011?) IN THE BEGINNING, IT PROTECTED US (TO SOME EXTENT) FILELESS MALWARE THIS SLIDE (NOR RANSOMWARE MY LIFE) WILL SLAMMER SUFFICE TO LIST (2003) BRAIN (1986) THEM ALL POWELIKS (2015) WORMS AIDS (1989) ILOVEYOU (2000) REVETON (2012) CODE NIMDA RED (2001) THE ANTIVIRUS (2001) CRYPTOLOCKER (2013) CONFICKER (2008) TROJANS & RATS PETYA (2016) EGABTR (1989?) POTENTIALLY UNWANTED APPLICATIONS WANNACRY (2017) NETBUS MIMIKATZ DARKCOMET (1998) (2011) (2012) FINFISHER (2011?) Source: Wired HOW WE ENDED UP HERE? CYBERINSECURITY: THE COST OF MONOPOLY HOW THE DOMINANCE OF MICROSOFT’S PRODUCTS POSES A RISK TO SECURITY DAN GEER, SEP 24, 2003 THESE EXAMPLES ARE ALL TELLTALE SIGNS OF THE DOMINATING MONOCULTURE BUT… A MONOCULTURE HAS ADVANTAGES (AND THE SECURITY OF MS PRODUCTS HAS SIGNIFICANTLY AND STEADILY IMPROVED) HOWEVER, CLASS BREAKS ARE TOO COSTLY TO IGNORE CLASS BREAKS 101 TARGETS A CERTAIN COMPROMISES A PIECE OF SOFTWARE CERTAIN DEVICE COMPROMISES HUNDREDS IF NOT THOUSANDS OF DEVICES DEVICE DEVICE MONOCULTURE & STANDARDISATION DEVICE DEVICE TARGETS A WIDELY DEPLOYED PIECE OF SOFTWARE DEVICE DEVICE DEVICE DEVICE Source: Google's Project Zero CLASS BREAKS: EXAMPLES SYMANTEC ENDPOINT PROTECTION (2016) 2012-2018: GOOGLE’S PROJECT ZERO FOUND SEVERAL HIGHLY CRITICAL VULNERABILITIES IN MANY OTHER AV PRODUCTS (KASPERSKY, ESET, COMODO, TRENDMICRO, SOPHOS…) Source: The Register Source: imgflip.com FROM SUPPLY-CHAIN ATTACKS TO CLASS BREAKS COMPANY X IS A COMPROMISES TARGETS COMPANY X SUPPLIER OF COMPANY A (SECONDARY TARGET) COMPANY A (PRIMARY TARGET) Source: Reuters COMPROMISES TENS IF NOT HUNDREDS OF COMPANIES COMPANY A COMPANY B COMPANY C COMPANY D TARGETS COMPANY X COMPANY X IS A (SECONDARY TARGET) SUPPLIER OF MANY ORGS COMPANY E COMPANY F COMPANY G COMPANY H THIS IS NOT THEORETICAL 2016 ? 2019 Source: Twitter Source: Arstechnica MARCHING TOWARD FAILURE IN THE BEGINNING… INSUFFICIENT (COVER ONLY A CERTAIN CLASS OF THREATS) FAILLIBLE (FAULTY SIGNATURES, BSOD) THE ANTIVIRUS EXCELLENT VECTOR (FOR A NICE CLASS BREAK INSECURE ATTACK) (TOO MANY PARSERS, BAD CODING) WITH GROWING DIGITALISATION COMES PRODUCT PROLIFERATION UBA UEBA UTM SANDBOX 2FA NETWORK VPN ANTI-MALWARE FIREWALL (WITH DPI) NIDS THREAT FEEDS VULNERABILITY WAF THE ANTIVIRUS SCANNERS NIPS TIP ANTI-SPAM SOAR SIEM EPP PERSONAL PROXY FIREWALL (WITH DPI) DLP EDR Source: RSA Conference LIKE THE ANTIVIRUS, THESE ‘SOLUTIONS’ ARE ALL PART OF THE ATTACK SURFACE 10 Oct 2019, Source: ZDNet 7 Oct 2019, Source: thebestvpn 2019 Source: TechCrunch 2011, Source: CSOOnline … RUNNING ON TOP OF VULNERABLE PROCESSORS Source: https://meltdownattack.com Source: https://foreshadowattack.eu Source: https://zombieloadattack.com AND THEY NEED HUMANS & €€€ TO INSTALL, USE AND MAINTAIN CONFIGURE LOGGING PROPERLY (NO, IT’S NOT A FIRE & FORGET TASK) BUY THREAT FEEDS MONITOR THE HEALTH OF THE SYSTEM (ARE YOU SURE YOU ARE NOT MISSING LOGS?) BUILD AND MAINTAIN TRAIN PEOPLE USE CASES (TO USE SOME OBSCURE QUERY BUY A TIP BUY SOFTWARE LANGUAGE) BUY AN SIEM ADD-ON FOR YOUR COMPLIANCE NEEDS HIRE DATA BUY HARDWARE MAKE CLUSTERS & BACK-UPS SCIENTISTS RECRUIT SYSADMINS BUY AN INCIDENT RESPONSE PLATFORM BUY SUPPORT BUY PRO SERVICES (BECAUSE YOU NEED NEW PARSERS AND BUY PRO SERVICES YOUR EXISTING PARSERS WILL CONFIGURE ALERTS (BECAUSE THERE ARE ALWAYS ‘EDGE BREAK) (AND HOPE YOUR ANALYSTS WON’T DIE OUT OF CASES’) FALSE POSITIVE FATIGUE) HOUSTON, WE HAVE A SERIOUS LAYER 8 PROBLEM TRENDING! THE PERFECT RECIPE FOR INFOBESITY DOOM TOO FRUSTRATION (& BURNOUTS) MANY THINGS TO LEARN FEAR OF THE HUMAN MISSING OUT BRAIN IS NOT A TOO COMPUTER MANY THINGS TO DEFEND CONTINUOUS DISTRACTIONS & CONTINUOUSLY INTERRUPTIONS CHANGING TECH TOO LITTLE TIME CONTINUOUSLY TO INVESTIGATE CHANGING THREAT LANDSCAPE HANG ON APOLLO! HELP IS ON ITS WAY! NOPE, ARTIFICIAL INTELLIGENCE IS NOWHERE READY TO HELP US BREAKING DEEP NEURAL NETWORKS (DNNs) IS VERY EASY Further reading: Adversarial Reprogramming of Neural Networks, Cornell University ALGORITHMS ARE CREATED BY ‘FLAWED' HUMANS & TRAINED ON DATA OF VARYING QUALITY WHILE RUNNING ON VULNERABLE PROCESSORS Source: Nature BREAKING THE FAILURE CYCLE THERE IS NO SILVER BULLET GROWING TIME TO COMPLEXITY MARKET NO LIABILITY (USE AS-IS BUT DON’T FORGET TO PAY) (SECURITY) BUGS ARE A DIRECT BYPRODUCT OF MODERN SOFTWARE LIMITED OR DEVELOPMENT NON-EXISTENT REGULATION FLAWED VC MODEL BAD CODING PRACTICES MARKETING IS LACK OF KING TRANSPARENCY AND THINGS ARE GETTING WORSE The over-complexification of provisioning and deployment pipelines is a dangerous trend. I don't trust the layers upon layers of scripts and tools to not break randomly, and I worry the maintenance cost is getting out of hands. Yes, I'm looking at you, k8s. Source: Julien Vehent, Firefox Operations Security at @Mozilla, Author of Security DevOps http://securing-devops.com; coder & speaker. WE KNOW THE SOLUTIONS AND THEY REQUIRE COURAGE & HARD WORK ASK FOR MORE TRANSPARENCY FROM DEMAND EASY-TO-USE VENDORS & SUPPLIERS SOLUTIONS PUSHBACK! LOBBY FOR SOUND REGULATION & LIABILITY DEMAND INTEROPERABILITY LEVERAGE THE POWER OF THE CROWD EMPOWER & HELP LAW ENFORCEMENT (THOSE CRIMINALS MUST BE USE & CONTRIBUTE TO ARRESTED) FREE, OPEN SOURCE SOLUTIONS (WHEN APPLICABLE) PARTICIPATE IN VARIOUS INVEST IN PEOPLE & SKILLS COMMUNITIES & FOSTER TRUE SHARING HELP EACH OTHER OUT (SHOW ME HOW TO DO THIS & I’LL SHOW YOU HOW TO DO THAT) IDENTIFY THE CROWN JEWELS IN YOUR IMPLEMENT PROPER LEARN TO USE WHAT YOU NETWORK (YOU CAN LOSE A LEG BUT NOT A CYBER HYGIENE ALREADY HAVE HEART) (IT REALLY HELPS A LOT!) (AND STOP USING WHAT YOU DON’T NEED) THINK CONSTITUENT CREATE VALUE.

Load more

  25

Copy Link