DOCSLIB.ORG

Buy the Complete Book: Buy the Complete Book: HANDS-ON INCIDENT RESPONSE and DIGITAL FORENSICS

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Buy the Complete Book: Buy the Complete Book: HANDS-ON INCIDENT RESPONSE and DIGITAL FORENSICS Buy the complete book: www.bcs.org/books/digitalforensics Buy the complete book: www.bcs.org/books/digitalforensics HANDS-ON INCIDENT RESPONSE AND DIGITAL FORENSICS Buy the complete book: www.bcs.org/books/digitalforensics BCS THE CHARTERED INSTITUTE FOR IT BCS, The Chartered Institute for IT, champions the global IT profession and the interests of individuals engaged in that profession for the benefit of all. We promote wider social and economic progress through the advancement of information technology science and practice. We bring together industry, academics, practitioners and government to share knowledge, promote new thinking, inform the design of new curricula, shape public policy and inform the public. Our vision is to be a world-class organisation for IT. Our 70,000-strong membership includes practitioners, businesses, academics and students in the UK and internation- ally. We deliver a range of professional development tools for practitioners and employ- ees. A leading IT qualification body, we offer a range of widely recognised qualifications. Further Information BCS, The Chartered Institute for IT, First Floor, Block D, North Star House, North Star Avenue, Swindon, SN2 1FA, United Kingdom. T +44 (0) 1793 417 424 F +44 (0) 1793 417 444 www.bcs.org/contact http://shop.bcs.org/ Buy the complete book: www.bcs.org/books/digitalforensics HANDS-ON INCIDENT RESPONSE AND DIGITAL FORENSICS Mike Sheward Buy the complete book: www.bcs.org/books/digitalforensics © BCS Learning & Development Ltd 2018 The right of Mike Sheward to be identified as author of this Work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988. All rights reserved. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted by the Copyright Designs and Patents Act 1988, no part of this publication may be repro- duced, stored or transmitted in any form or by any means, except with the prior permission in writing of the publisher, or in the case of reprographic reproduction, in accordance with the terms of the licences issued by the Copyright Licensing Agency. Enquiries for permission to reproduce material outside those terms should be directed to the publisher. All trade marks, registered names etc. acknowledged in this publication are the property of their respective owners. BCS and the BCS logo are the registered trade marks of the British Computer Society, charity number 292786 (BCS). Published by BCS Learning & Development Ltd, a wholly owned subsidiary of BCS, The Chartered Institute for IT, First Floor, Block D, North Star House, North Star Avenue, Swindon, SN2 1FA, UK. www.bcs.org PDF ISBN: 978-1-78017-4211 ePUB ISBN: 978-1-78017-4228 Kindle ISBN: 978-1-78017-4235 Paperback ISBN: 978-1-78017-4204 British Cataloguing in Publication Data. A CIP catalogue record for this book is available at the British Library. Disclaimer: The views expressed in this book are of the author(s) and do not necessarily reflect the views of the Institute or BCS Learning & Development Ltd except where explicitly stated as such. Although every care has been taken by the authors and BCS Learning & Development Ltd in the preparation of the publication, no warranty is given by the authors or BCS Learning & Development Ltd as publisher as to the accuracy or completeness of the information contained within it and neither the authors nor BCS Learning & Development Ltd shall be respon- sible or liable for any loss or damage whatsoever arising by virtue of such information or any instructions or advice contained within this publication or by any of the aforementioned. Publisher’s acknowledgements Reviewers: Martin Heyde and Dale McGleenon Publisher: Ian Borthwick Commissioning Editor: Rebecca Youé Production Manager: Florence Leroy Project Manager: Sunrise Setting Ltd Cover work: Alexander Wright Picture credits: ArtOlympic Typeset by Lapiz Digital Services, Chennai, India. iv Buy the complete book: www.bcs.org/books/digitalforensics CONTENTS List of figures viii Author ix Foreword x Acknowledgements xi Glossary xii Useful websites xvi Preface xviii INTRODUCTION 1 Incident response 2 Digital forensics 4 Why both? 6 Hands-on 6 How this book fits in 7 PART 1 INCIDENT RESPONSE 9 1. UNDERSTANDING INFORMATION SECURITY INCIDENTS 11 What is an information security incident? 11 Types of incident 12 Detecting security incidents 19 Why do security incidents happen? 25 Summary 27 2. BEFORE THE INCIDENT 28 Building the incident response playbook 28 Testing the playbook 34 Incident planning and compliance 37 Forensic readiness 38 Summary 39 3. THE INCIDENT RESPONSE PROCESS 40 Identification 41 Containment 52 Eradication 57 Recovery 59 Summary 59 v Buy the complete book: www.bcs.org/books/digitalforensics CONTENTS 4. THINGS TO AVOID DURING INCIDENT RESPONSE 60 Eradication and preservation 61 An incident from an incident 67 The blame game 69 It’s not over until it’s over 70 Summary 70 5. AFTER THE INCIDENT 71 Post mortem 71 Quantify the impact 76 Forensics 79 Summary 79 6. THE BUSINESS OF INCIDENT RESPONSE 81 Request for proposal 81 The power of PR 84 Mergers and acquisitions 87 Escape the technical bubble 87 Incident response service providers 88 Summary 90 PART 2 DIGITAL FORENSICS 91 7. INTRODUCING THE DIGITAL FORENSICS INVESTIGATION 93 The investigator 94 Forensics fundamentals 96 Arriving at an investigation 100 Investigative process 100 Summary 104 8. THE LAWS AND ETHICS OF DIGITAL FORENSICS 105 Crimes without borders 105 Laws applicable to forensics 107 Ethical considerations 115 Summary 116 9. DIGITAL FORENSICS TOOLS 117 Grab bag 117 Forensic hardware 120 Forensic software 124 Summary 128 10. EVIDENCE ACQUISITION BASICS 129 The hard disk drive 129 Removable media 134 Processing disk images 135 File systems 136 Operating systems 139 Files 143 vi Buy the complete book: www.bcs.org/books/digitalforensics CONTENTS Analysis of artefacts 144 Summary 146 11. CAPTURING A MOVING TARGET 147 Incident response and digital forensics 147 Live acquisition drivers 148 Live acquisition technique 152 Order of volatility 152 Network forensics 155 Summary 158 12. MEMORY FORENSICS 160 Understanding memory devices 160 Capturing 164 Analysis 166 Summary 168 13. CLOUD FORENSICS 169 Cloud computing terminology 169 Acquisition in the cloud 171 Container forensics 177 Forensics in the cloud? 178 Summary 178 14. MOBILE DEVICE FORENSICS 179 Mobile phone terminology 179 Seizing mobile devices 182 Acquisition types and tools 184 Smartphones 186 Summary 188 15. REPORTING AND PRESENTING YOUR FINDINGS 189 Layout and content 190 Audience 194 Summary 195 16. THE HUMAN ELEMENTS OF AN INVESTIGATION 196 Victims 196 Perpetrators 201 Investigators 203 Summary 204 Index 205 vii Buy the complete book: www.bcs.org/books/digitalforensics LIST OF FIGURES Figure 1.1 A command injection vulnerability is used to expose the Linux /etc/passwd file via a web application 18 Figure 1.2 The ExtraHop wire-data analytics platform 22 Figure 1.3 AlienVault’s OSSIM product 24 Figure 2.1 An example of a simple data flow diagram 32 Figure 3.1 ThreatConnect’s TC Analyze threat intelligence tool 50 Figure 4.1 Cb Response by Carbon Black, an example of a threat-hunting tool 65 Figure 13.1 The split in responsibility between cloud service provider and customer 171 viii Buy the complete book: www.bcs.org/books/digitalforensics AUTHOR Mike Sheward CISSP, CISM, CCFP-US, CISA, HCISPP, CEH, OSCP, CHFI is Director of Information Security at Seattle-based Accolade Inc., and runs a digital investigation consultancy, Secure Being LLC. Mike has worked in information security, primarily in incident response and digital forensics roles, in both the UK and USA, and in both the public and private sectors. ix Buy the complete book: www.bcs.org/books/digitalforensics FOREWORD Industry definitions have been in place for as long as there have been industries: auto, travel, finance, fashion or technology. But when the chief executive officer (CEO) of General Motors (GM) announces that they are hiring 12,000 IT engineers, the world has clearly changed. GM is no longer just a car company – it is a technology company. And the same could be written about companies in every industry. With technology comes opportunity, innovation and efficiency. And risk. Today, information security issues are more complex than most executives have the knowledge and experience to compre- hend, in just about every industry. The reality of today’s business climate is that information security needs to be a core focus of every business, in every industry. When every company in the world is a tech- nology company, every company requires the culture of awareness created by a strong information security focus. As a co-founder of Concur and the current CEO of healthcare tech company Accolade, I’ve had the pleasure of working with Mike Sheward for nearly 10 years, and in that time we’ve watched the haphazard scramble of companies working to leverage the power of the internet, followed almost immediately by massive information security incidents that put their customers and employees at risk. Throughout it all, Mike has been an excellent advocate and practitioner of information security while at the same time acknowledging the needs of a business to continue to innovate and move with pace. Information security in today’s age requires that balance. And it also requires the ability to partner with executive management as well as with every employee in the business to create a culture of awareness and vigilance. In my experience, there is no better practitioner of those skills than Mike Sheward. The lessons outlined in this book express those skills with Mike’s trademark dry English wit and I am confident you will find them valuable. Rajeev Singh CEO, Accolade x Buy the complete book: www.bcs.org/books/digitalforensics ACKNOWLEDGEMENTS A lot of people are responsible for supporting, encouraging and allowing me to work in this field that I love so dearly.
Load more

Recommended publications
  • Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017
    Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 A SANS Whitepaper Written by John Pescatore March 2017 Sponsored by Qualys ©2017 SANS™ Institute Introduction In security, change always equates to risk. Because change is constant, being aware of the key changes that will increase risk is a critical part of being proactive in cyber security. A simple equation for risk is the following: RISK THREAT VULNERABILITY ACTION Threats are Vulnerabilities Action consists of two malicious tactics are weaknesses components: and techniques that enable • Attacks that malicious actors (external that would cause those threats to or internal) take to launch threats damage to a succeed. business. • Prevention or mitigation efforts by security teams to reduce the attack aperture or increase speed of detection In reality, security teams control only half of the “Action” parameter. We can’t determine when threats will be developed or launched, and vulnerabilities are driven by weaknesses in people and technology. People change slowly, but technology changes rapidly, and business adoption of new technologies invariably brings new vulnerabilities that enable new threats. Understanding and anticipating business demand for emerging technologies is a key element in successful security programs. With each new wave of technology, threats tend to come in three forms: denial-of- service (DoS) attacks, cyber crime and attacks by nation-states. DoS Attacks When weaknesses in new technologies are exposed (generally by experimenters, academics and hacktivists), DoS attacks are the easiest to launch. They crash systems or cause data storms that bring networks to a halt. Cyber Crime Cyber criminals and the ecosystem that supports them refine attacks to focus on approaches that can lead to revenue, most commonly by stealing information that can be resold or support account fraud.
    [Show full text]
  • Using the Audit App
    Using the Audit App Symantec CloudSOC Tech Note Tech Note — Using the Audit App Copyright statement Copyright (c) Broadcom. All Rights Reserved. Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others. Copyright © 2021 Symantec Corp. 2 Tech Note — Using the Audit App Table of Contents Introduction Opening Audit Choosing data sources Viewing and filtering audit results Viewing summary results Viewing services, users, and destinations Filtering Audit Results Search Cloud Applications by Service, Category, Tag, Risk, User, Country, and Platform Saving and loading filters Using filter multi-select Configuring your services view Tagging cloud services Creating custom tags Viewing services tagged Ignore Adding comments for services Exporting Audit results Exporting ProxySG CPL block policy files from Audit Evaluating cloud services Viewing service information Customizing service rankings BRR Scoring for Individual Applications Customizing global service ratings Creating a custom BRR profile Comparing cloud services Exporting service and usage details Use of Attribute Filters in Find and Compare Services Copyright © 2021 Symantec Corp.
    [Show full text]
  • Identifying Software and Protocol Vulnerabilities in WPA2 Implementations Through Fuzzing
    POLITECNICO DI TORINO Master Degree in Computer Engineering Master Thesis Identifying Software and Protocol Vulnerabilities in WPA2 Implementations through Fuzzing Supervisors Prof. Antonio Lioy Dr. Jan Tobias M¨uehlberg Dr. Mathy Vanhoef Candidate Graziano Marallo Academic Year 2018-2019 Dedicated to my parents Summary Nowadays many activities of our daily lives are essentially based on the Internet. Information and services are available at every moment and they are just a click away. Wireless connections, in fact, have made these kinds of activities faster and easier. Nevertheless, security remains a problem to be addressed. If it is compro- mised, you can face severe consequences. When connecting to a protected Wi-Fi network a handshake is executed that provides both mutual authentication and ses- sion key negotiation. A recent discovery proves that this handshake is vulnerable to key reinstallation attacks. In response, vendors patched their implementations to prevent key reinstallations (KRACKs). However, these patches are non-trivial, and hard to get correct. Therefore it is essential that someone audits these patches to assure that key reinstallation attacks are indeed prevented. More precisely, the state machine behind the handshake can be fairly complex. On top of that, some implementations contain extra code to deal with Access Points that do not properly follow the 802.11 standard. This further complicates an implementation of the handshake. All combined, this makes it difficult to reason about the correctness of a patch. This means some patches may be flawed in practice. There are several possible techniques that can be used to accomplish this kind of analysis such as: formal verification, fuzzing, code audits, etc.
    [Show full text]
  • Siemens Charter of Trust
    Driving security in an unsecure world MITRE Conference Harrison Wadsworth| Dec. 19, 2018 | McLean, VA USA charter-of-trust.com | #Charter of Trust Siemens in the U.S. – Our company at a glance 60+ manufacturing sites and 50,000 employees Over $5 bn in exports annually ~$40 bn invested in the U.S. in last 15 years $50 m job training programs annually $1 bn annual R&D investment Map shows Siemens’ major employment hubs 800,000 jobs linked to Siemens’ global business operations in FY15 Page 2 MITRE Conference| Harrison Wadsworth Digitalization creates opportunities and risks Page 3 MITRE Conference| Harrison Wadsworth Digitalization creates … Opportunities Connected Facilities/Plant/Site Billions of devices are being connected Billion of Devices by the Internet of Things, and are the 50.1B (2020) backbone of our infrastructure and economy Connected Systems 34.8B (2018) Connected Products 22.9B (2016) 42.1B (2019) 14.2B (2014) 8.7B (2012) IoT Inception (2009) 28.4B (2017) 0.5B (2003) 18.2B (2015) 11.2B (2013) 1988 1992 1996 2000 2004 2008 2012 2016 2020 Industroyer/Chrashoverride Heartbleed Stuxnet WannaCry … and risks AT&T Hack Morris Worm Melissa Worm ILOVEYOU Blue Boxing Exposure to malicious cyber attacks is also AOHell Cryptovirology Cloudbleed growing dramatically, putting our lives and Denial-of-service attacks sl1nk SCADA hacks Meltdown/Spectre the stability of our society at risk Level Seven Crew hack NotPetya Infineon/TPM Page 4 MITRE Conference| Harrison Wadsworth Cybersecurity is getting to be a critical factor for the success
    [Show full text]
  • ITEA Cyber Security Day Exchange on Best Practices and Challenges
    Welcome to session I Exchange on best practices and challenges ITEA cyber Security Day Exchange on best practices and challenges Dr. Eric Armengaud AVL List GmbH (Headquarters) Confidential A V L C O M P A N Y P R E S E N T A T I O N Facts and Figures Founded Employees Worldwide Of Turnover Invested in Inhouse R&D Global Footprint Years of Experience Engineers and Scientists Granted Patents in Force Represented in 26 countries 45 Affiliates divided over 93 locations 45 Global Tech and Engineering Export Quota Centers (including Resident Offices) A V L C O M P A N Y P R E S E N T A T I O N ENGINEERING SERVICES INSTRUMENTATION AND TEST ADVANCED SIMULATION SYSTEMS TECHNOLOGIES ▪ Design and development services for all elements ▪ Advanced and accurate simulation and testing ▪ We are a proven partner in delivering efficiency of ICE, HEV, BEV and FCEV powertrain systems solutions for every aspect of the powertrain gains with the help of virtualization development process ▪ System integration into vehicle, stationary or ▪ Simulation solutions for all phases of the marine applications ▪ Seamless integration of the latest simulation, powertrain and vehicle development process automation and testing technologies ▪ Supporting future technologies in areas such as ▪ High-definition insights into the behavior and ADAS and Autonomous Driving ▪ Pushing key tasks to the start of development interactions of components, systems and entire vehicles ▪ Technical and engineering centers around the globe A V L C O M P A N Y P R E S E N T A T I O N ELECTRIFICATION ADAS AND AUTONOMOUS DRIVING ZERO-IMPACT EMISSION VEHICLE ENGINEERING DATA INTELLIGENCE From road transportation to smart mobility ERTRAC, Strategic Research Agenda, Input to 9th EU Framework Programme, March 2018, www.ertrac.org Confidential / 5 Dr.
    [Show full text]
  • Principles and Practices of Cybersecurity
    Principles and Practices of Cybersecurity Christine Pommerening, Ph.D. novaturient LLC 2 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 3 novaturient LLC 4 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 5 2013-2016 • Target breach (“Citadel”) • OMB breach (China) • Anthem breach (China) • Clinton campaign hack and dump (WikiLeaks) • IoT device exploit and botnet (“Mirai”) • Dyn ISP distributed denial-of-service attack (“Mirai”) novaturient LLC 6 2017 • NSA tools release (Shadow Brokers) • Windows XP exploit ransomware (“WannaCry”) • Ukraine infrastructure attack/ransomware(“Petya”) • Cloudflare customer data leak (“Cloudbleed”) • Macron campaign hack and dump (Fancy Bear) • Equifax KBA exploit and breach (TBD) novaturient LLC 7 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 8 1960s…………………..2020s Decade Network Technology Device Development 1960s ARPANET Mainframes 1980s TCP/IP Client-Servers 1990s WWW Personal Computers 2000s Social Media Apps Wireless Devices 2010s Cloud Shared On-Demand Space 2020s IoT Autonomous Devices novaturient LLC 9 1993…………………..2018 novaturient LLC 10 This Is Us novaturient LLC 11 Overview • Problem – How bad is it? • History – How did we get into this mess? • Solution 1 – What can we do about it? • Solution 2 – What does the government do about it? novaturient LLC 12 I A M • Identity and Access Management novaturient LLC 13 I A M • What do you use? • What have others used? novaturient LLC 14 novaturient LLC 15 I A M novaturient LLC 16 I A M 1.
    [Show full text]
  • Pwc Weekly Cyber Security
    Threats and Threats and Malware Top story vulnerabilities vulnerabilities PwC Weekly Security Report This is a weekly digest of security news and events from around the world. Excerpts from news items are presented and web links are provided for further information. Malware Windows botnet spreads Mirai malware Threats and vulnerabilities Internet users urged to change passwords after Cloudbleed Threats and vulnerabilities Google’s Project Zero reveals vulnerability in Internet Explorer and Microsoft Edge Top story Crypto specialists break SHA-1 security standard Threats and Threats and Top story Malware vulnerabilities vulnerabilities Windows botnet spreads Mirai malware Security researchers from Kaspersky Lab are currently investigating the first Windows-based spreader for the Mirai malware, something that can have huge implications for companies that invested heavily in IoT. The spreader was apparently built by someone with "more advanced skills" than those that had created the original Mirai malware. This, Kaspersky Lab says, has "worrying implications for the future use and targets of Mirai-based attacks." It is richer and more robust than the original Mirai codebase, even though many of its components are "several years old." Its spreading capabilities are limited, as it can only deliver from an infected Windows host to a vulnerable Linux-powered IoT device. Even that -- if it can brute-force a remote telnet. It was also said that the author is likely Chinese- speaking, more experienced, but probably new to Mirai. "The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers.
    [Show full text]
  • Is Cloudbleed Inevitable After Heartbleed? by Taiye Lambo and Jordan Flynn September 2014
    Is Cloudbleed Inevitable After Heartbleed? By Taiye Lambo and Jordan Flynn September 2014 In the technology world, vulnerabilities and bugs are commonplace. Whether an avid hobbyist or a professional working for an organization in a technical capacity, those familiar with the technology and information security space understand that there is no avoiding the inevitable discovery of vulnerabilities and bugs that must ultimately be addressed. While some of these fixes require nothing more than a simple patch job, others necessitate significant changes in policy and process within the workplace and the cautious or discontinued use of applications on mobile devices and Internet based services. With the rise in cybersecurity attacks and the continued growth of individuals storing their sensitive information online, vulnerabilities in cyberspace represent one of the most significant concerns not just for hobbyists and professionals, but also for society as a whole. The discovery of the Heartbleed bug in April 2014 made the issue of vulnerabilities and bugs in cyberspace more evident. Fundamentally, the vulnerability allows for anyone on the Internet to read and view the personal and sensitive information of others through system memory, information meant to be protected by the SSL/TLS encryption that is used to secure the vast majority of the Internet. Compounding this issue is that Heartbleed also provides the proverbial “key to the kingdom” by making the confidential keys used to properly identify service providers, and encrypt the names and passwords of users as well as actual content itself available to the criminal, allowing them to easily spy on communications and impersonate both users and services therefore stealing sensitive data directly from them.
    [Show full text]
  • Vitzthum Senior Consultant Digitalization RC-AT DI PA [email protected] +43 (664) 88 55 21 02
    Industrial Security Frei verwendbar TITULO 1 TEXTO BASE Challenges for the Industry Productivity, Cost Pressure and Regulations • Externally caused incidents Protect through increasing connectivity Protect Productivity against • Internal misbehavior • The evolving Threat Landscape • For qualified personnel Reduce cost Costs • For essential Security Technologies Comply • Reporting Requirements Comply to regulations • Minimum Standards to • Security Know-how V4.3 Page 3 The ever-changing threat landscape Professional Hackers Vulnerabilities § § Cybersecurity laws and Internet of § § Things Regulations V4.3 Page 4 Evolution of the cyber threat landscape Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream Industroyer/Chrashoverride Cyberwar WannaCry Stuxnet Phishing Targeting Critical Morris Worm Infrastructure AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and changing and AOHell Cryptovirology Cloudbleed attackers are targeting industrial and critical Level Seven Crew hack sl1nk SCADA hacks Infineon/TPM infrastructures Denial of service attacks MJMeltdown/ Spectre V4.3 Page 5 Challenges and drivers Most critical threats to Industrial Control systems Outdated operating systems² Windows NT 4.0 30. June 2004 Industrial Control System Security Windows XP 08. April 2014 Top 10 Threats and Countermeasures1 Windows 7 14. January 2020 Windows 10 14.
    [Show full text]
  • Managing and Maintaining Implemented Security Measures Is
    for Managing and Maintaining Implemented Security Measures is Critical when Building a Cyber Defense Program Harry Brian and Florian Forster Manufacturing in America │ March 20-21, 2019 Unrestricted © Siemens 2019 Unrestricted Challenges for our Customers Productivity, Cost Pressure and Regulations • Externally caused incidents Protect through increasing connectivity Protect Productivity against • Internal misbehavior • The evolving Threat Landscape • For qualified personnel Reduce cost Costs • For essential Security Technologies Comply • Reporting Requirements Comply to regulations • Minimum Standards to • Security Know-how Unrestricted © Siemens 2019 All rights reserved. Community. Collaboration. Innovation. Page 2 V4.0 The ever-changing threat landscape Professional Hackers Vulnerabilities § § Cybersecurity laws and Internet of § § Things Regulations Unrestricted © Siemens 2019 All rights reserved. Community. Collaboration. Innovation. Page 3 V4.0 Evolution of the cyber threat landscape Digital Information Processing Digital Connectivity Digital Automation and Intelligence 1950s – 1960s 1970s 1980s 1990s 1991 1999 2000s 2010s 2015 2020s Military, governments and other Computers make their way Internet of Things, Smart The World Wide Web becomes organizations implement into schools, homes, business Mobile flexibility and autonomous systems, publicly accessible computer systems and industry Artificial Intelligence, Big Data Digital enhancement of The globe is connected Cloud computing enters the Home computer is introduced Industry 4.0 electrification and automation by the internet mainstream Industroyer/Chrashoverride Cyberwar WannaCry Stuxnet Phishing Targeting Critical Morris Worm Infrastructure AT&T Hack Blue Boxing NotPetya The threat landscape keeps growing and AOHell Cryptovirology Cloudbleed changing and attackers are targeting industrial Level Seven Crew hack sl1nk SCADA hacks Infineon/TPM and critical infrastructures Denial of service attacks Meltdown/Spectre Unrestricted © Siemens 2019 All rights reserved.
    [Show full text]
  • The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales
    The most dangerous cyber nightmares in recent years Halloween is the time of year for dressing up, watching scary movies, and telling hair-raising tales. Events in recent years have kept companies on high alert. Every day we are seeing an increase in cyberattacks carried out by organized hacker organizations. In a matter of seconds, these threats can destabilize large corporations, stealing large quantities of money and personal data, as well shake the very foundations of entire world powers. Have a look at some of the most terrifying attacks of recent years. 2010 2011 2012 Operation Aurora RSA SecurID Stratfor A series of cyberattacks carried out RSA suffered a security breach as a Publication and dissemination of worldwide, targeting 34 companies, result of a cyberattack that sought internal emails exchanged between including Google. The attack was details about its SecureID system. personnel of the private intelligence perpetrated by a group of Chinese espionage agency Stratfor, as well as hackers. PlayStation Network emails exchanged with clients of the firm. 77 million accounts were Australian Government compromised and blocked PS3 and DDoS attacks, carried out by the PlayStation Portable users from Linkedin online community Anonymous, accessing the service for 23 hours. The passwords of nearly 6.5 million against the Australian Government. user accounts were stolen by Russian cybercriminals. Operation Payback An attack coordinated jointly against opponents of Internet piracy. 2013 2014 Cyberattack in South Korea Celebrity photos Cyber networks of major South 500 private photographs of several Korean banks and television celebrities, mostly women, were networks were shut down in an placed on 4chan and subsequently alleged act of cyber warfare.
    [Show full text]
  • AV Test Security Report 2017/2018
    FACTS AND FIGURES SECURITY REPORT The AV-TEST Security Report 2 Security Status WINDOWS 6 Breakthrough of CRYPTO MINERS 11 Security Status macOS 14 Security Status ANDROID 16 Security Status INTERNET THREATS 20 Security Status IoT 23 2017/18 Test Statistics 26 FACTS AND FIGURES Malware development on a high level The AV-TEST For the year 2016, the detection systems registered declining numbers for newly developed malware, and the AV-TEST Institute predicted this trend also Security Report for the subsequent year. And it proved correct, as documented by the 2017 statistics: Last year as well, the number of newly developed malware samples remained below the numbers of the previous year – at least in the first three The number of newly developed malware quarters. In total, this decline is indeed quantifiable, but does not represent a programs remains at a consistently high level. significant change. Whereas in the year 2016, at total of 127,473,381 new malware samples were discovered, in 2017 the total still reached 121,661,167. But the stagnation registered since 2016 is The speed at which new malware is developed, and to which security systems deceiving, as it only allows for quantitative have to respond, thus declined slightly from 4.0 to 3.9 malware programs per second. statements concerning the risk status. Statements as to the dangerousness of malware Trend: malware development has doubled in circulation, as well as the damage inflicted, Since 2017, this development, however, has experienced a dramatic swing in are not reflected in these measured values. It is the opposite direction: Since October of last year, the detection systems of here, however, where the prospects are not as the AV-TEST Institute have registered practically a doubling of the monthly rates of new malware development.
    [Show full text]