DOCSLIB.ORG

Nation-A Cyber Security Strategy Developed by Joshua Fatehnia 4Th May 2018 Version 1 Ref 113524

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Nation-A Cyber Security Strategy Developed by Joshua Fatehnia 4Th May 2018 Version 1 Ref 113524 q Nation-A Cyber Security Strategy Developed by Joshua Fatehnia 4th May 2018 Version 1 ref 113524 Contents 1. Introduction ............................................................................................................................ 2 1.1. Cyber Warfare ................................................................................................................ 3 2. Vision ....................................................................................................................................... 5 2.1. Threats ............................................................................................................................ 5 2.2. Vulnerabilities ................................................................................................................ 7 3. Response ............................................................................................................................... 13 3.1. Cooperative Involvement ........................................................................................... 13 3.2. Prosecution and Forensic Computing ....................................................................... 13 3.3. Training and Education ............................................................................................... 15 3.4. Government Assurance ............................................................................................... 15 3.5. Redundancy Options ................................................................................................... 16 4. Defence Plan Implementation ........................................................................................... 17 4.1. Banking and Finance ................................................................................................... 17 4.1.1. Attack Types and Recommendations ............................................................... 20 4.2. Public Transportation ................................................................................................. 22 4.2.1. Recommendations & Mitigations ....................................................................... 24 4.3. National Health Services ............................................................................................ 26 4.3.1. Mitigations ............................................................................................................ 27 4.4. Public Utilities ............................................................................................................. 29 4.4.1. Mitigations ............................................................................................................ 31 4.5. Government Services .................................................................................................. 32 4.5.1. Recommendations ............................................................................................... 33 5. The Tallinn Manual .............................................................................................................. 36 6. Development ........................................................................................................................ 37 6.1. Further Documents ...................................................................................................... 38 7. References ............................................................................................................................ 40 1 | Page 1. Introduction Nation-A Cyberspace breaks down all physical communication barriers, allowing users to share information over a network no matter the distances between them, this type of virtual environment was not designed with security as it’s forefront in the early stages, as the growing capabilities of cyber developed no one could possibly have imagined that this method of data transportation could be used for negative impacts. With the increasingly popular use of digital infrastructures in today’s society for the convenience of day to day operations, security is becoming a top priority for citizens and organizations, managing the risks involved in the development of new products and services improves the confidentiality, integrity, and accessibility of data, which is one of the top goals for many organizations operating on the internet. This Cyber strategy has been published to outline and protect the functioning of national and international foundations, promoting a secure, resilient, and sustainable pathway for the economic values of this nation, whilst doing so, ensure the Confidentiality, Integrity and Accessibility of all user data ensuring the social well- being of the public. National security and resiliency is not just the protection of government intellectual property but the protection of organizations operating within the nation, this plan will also act as a guidance paper for private originations to better protect themselves against an attack. The UK Government has recently stated that organizations who control critical computer system infrastructures shall be fined up to £17m if they do not have efficient and sufficient cyber security defences, within the strategy, critical sectors have been identified and shall ensure organizations operating within these sectors have the relevant information sustainably to secure themselves. (HMGOV-B, 2018) 2 | Page 1.1. Cyber Warfare Cyber Warfare is a new term that has been established prior to the actual credited use of this type of warfare, it involves the utilisation of offensive and defence operations targeting opponent information systems and networks. There are many different motives that are behind cyber-attacks, but typically these are placed into 3 different categories, Espionage, Sabotage and Propaganda, and although there are plenty of more motivations that can be identified for a cyber-attack, these are the 3 that are defined for international and political movements against a whole nation state. (LILY HAY NEWMAN 2018) Using online visitation tools such as Norsecorp and FireEye [Fig 1], it can be seen that there are multiple Cyber-attacks happening simultaneously in real-time all around the world, the image below also represents the top 5 targeted industries within the last 30 days. [Figure 1] Visualizing the amount of attacks that take place on a daily basis, demonstrates the threat that cyber-attacks can have on an infrastructure, it also becomes very challenging to differentiate what constitutes as an ‘act of war’ under within ‘Cyber- Warfare’ territory, attacks that are politically motivated by another state may indicate hostile activity but, with cases like Stuxnet, if no responsibility it taken by the 3 | Page actuating party then it becomes difficult to shift the blame onto another state, this is where documents like the Tallinn Manual come in to un-blur the lines between the two. 4 | Page 2. Vision Our overall objective is to support national security and enable a well-functioning, self-sustaining society. The outcome from this strategy is to have a viable plan and solution for those who wish to compromise national security within the next 4 years, protection of the fundamental pillars responsible for the functioning of society need to be protected to protect the nation dynamically, the number of organizations that reported they have suffered a security breach in the past year had risen from 25%, where 7/10 of these attacks involved a virus, spyware or malware. (DR REBECCA KLAHR, 2016) The primary missions are to - Defend all critical network, system, and information infrastructures - Prepare the nation’s capabilities to be able to defend against a sizable cyber- attack from foreign actuators. - Provide support and training to civilian personal to bolster awareness and to provide early learners program for the development of future generation. 2.1. Threats There are many potential threats that have proved to have different dynamics for attack, therefore certain groups and individuals need to be identified in order to prepare for effective defence against them. (HMGOV, 2016) - Cyber Criminals, one of the most common and broadest threat identities to have, the main objective or desired outcome for this group is to develop types of malware or viruses to hack and steal sensitive data for financial gain or to deliberately cause damage to systems in aid of their personal goals. Certain security defence mechanisms have been devised to mitigate some of the within [4] the defence implantation section of this report. - State and State Sponsored attacks, this involves the penetration of a network with motives for political, diplomatic, technological, commercial, and strategic advantage, with primary focuses on government, defence, finance, energy and telecommunication sectors (HMGOV, 2016) . This type of threat is highly regarded as ‘cyber-warfare’, due to the initiation of the attack commonly 5 | Page belonging to foreign sources. Typically, attacks with this motive have been state sponsored, examples such as the Stuxnet worm, which managed to infiltrate Iran’s nuclear infrastructure and sabotage their Nuclear operations, was suspected to be carried out by US and Isreali operatives, however it has not been confirmed by either party so cannot be regarded as an ‘act of war’. (Schmitt, 2013) (Caso, 2014) - Terrorists, the war against terrorism is nothing new, expectedly, terrorism is become more sophisticated and advanced retrospective with new developments in technology, although traditional terror methods still need to be addressed,
Load more

Recommended publications
  • Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G
    IJRECE VOL. 7 ISSUE 2 (APRIL- JUNE 2019) ISSN: 2393-9028 (PRINT) | ISSN: 2348-2281 (ONLINE) Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G. Student, 2 Senior Faculty, 3Senior Faculty SOE, ADYPU, Lohegaon, Pune, Maharashtra, India1 IT, iNurture, Bengaluru, India2,3 Abstract - Malicious Software is Malware is a dangerous of RATs completely and prevent confidential data being software which harms computer systems. With the increase leaked. So Dan Jiang and Kazumasa Omote researchers in technology in today’s days, malwares are also increasing. have proposed an approach to detect RAT in the early stage This paper is based on Malware. We have discussed [10]. TROJAN, RAT, ROOTKIT in detail. Further, we have discussed the adverse effects of malware on the system as III. CLASSIFICATION well as society. Then we have listed some trusted tools to Rootkit vs Trojan vs Rat detect and remove malware. Rootkit - A rootkit is a malicious software that permits a legitimate user to have confidential access to a system and Keywords - Malware, Trojan, RAT, Rootkit, System, privileged areas of its software. A rootkit possibly contains Computer, Anti-malware a large number of malicious means for example banking credential stealers, keyloggers, antivirus disablers, password I. INTRODUCTION stealers and bots for DDoS attacks. This software stays Nowadays, this world is full of technology, but with the hidden in the computer and allocates the remote access of advantages of technology comes its disadvantages like the computer to the attacker[2]. hacking, corrupting the systems, stealing of data etc. These Types of Rootkit: malpractices are possible because of malware and viruses 1.
    [Show full text]
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts
    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
    [Show full text]
  • Sophos Enterprise Console Help Product Version: 5.5 Contents About Sophos Enterprise Console
    Sophos Enterprise Console Help product version: 5.5 Contents About Sophos Enterprise Console...........................................................................................................1 Guide to the Enterprise Console interface.............................................................................................. 2 User interface layout..................................................................................................................... 2 Toolbar buttons..............................................................................................................................2 Dashboard panels......................................................................................................................... 4 Security status icons..................................................................................................................... 5 Navigating the Endpoints view......................................................................................................6 Computer list icons........................................................................................................................7 Filter computers by the name of a detected item.........................................................................8 Find a computer in Enterprise Console........................................................................................ 9 Navigating the Update managers view......................................................................................... 9 Getting
    [Show full text]
  • Remove Tags.Bkrtx.Com Pop-Up Ads from Internet Explorer, Firefox Or Google Chrome
    JUNE 22, 2014 STEP 1: AdwCleaner STEP 2: Junkware Removal Tool STEP 3: Malwarebytes Anti-Malware Free STEP 4: HitmanPro STEP 5: (OPTIONAL) Remove the browser extension redirect from Internet Explorer, Firefox and Google Chrome STEP 1: Remove redirect from Internet Explorer, Firefox and Google Chrome with AdwCleaner The AdwCleaner utility will scan your computer and web browser for the tags.bkrtx.com malicious files, browser extensions and registry keys, that may have been installed on your computer without your knowledge. 1. You can download AdwCleaner utility from the below link. ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner to your computer) 2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run. 3. When the AdwCleaner program will open, click on the Scan button as shown below. AdwCleaner will now start to search for the tags.bkrtx.com malicious files that may be installed on your computer. 4. To remove the tags.bkrtx.com malicious files that were detected in the previous step, please click on the Clean button. 5. AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button.
    [Show full text]
  • Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome
    Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome Browser toolbars have been around for years, however, in the last couple of months they became a huge mess. Unfortunately, lots of free software comes with more or less unwanted add-ons or browser toolbars. These are quite annoying because they may: Change your homepage and your search engine without your permission or awareness Track your browsing activities and searches Display annoying ads and manipulate search results Take up a lot of (vertical) space inside the browser Slow down your browser and degrade your browsing experience Fight against each other and make normal add-on handling difficult or impossible Become difficult or even impossible for the average user to fully uninstall Toolbars are not technically not a virus, but they do exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program. Generally speaking, toolbars are ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer, Firefox and Chrome, and distributed through various monetization platforms during installation. Very often users have no idea where did it come from, so it’s not surprising at all that most of them assume that the installed toolbar is a virus. For example, when you install iLivid Media Player, you will also agree to change your browser homepage to search.conduit.com, set your default search engine to Conduit Search, and install the AVG Search-Results Toolbar.
    [Show full text]
  • Clean Slow Windows PC / Laptop from Spyware, Malware, Viruses, Worms and Trojans - Anti-Malware Program Arsenal
    Walking in Light with Christ - Faith, Computing, Diary Articles & tips and tricks on GNU/Linux, FreeBSD, Windows, mobile phone articles, religious related texts http://www.pc-freak.net/blog Clean slow Windows PC / Laptop from Spyware, Malware, Viruses, Worms and Trojans - Anti-Malware Program Arsenal Author : admin Malware Bytes is a great tool to clean a PC in a quick and efficient way from Malware / Spyware that wormed while browsing infectious site on the internet. But sometimes PCs that has to be fixed are so badly infected with Spyware, Malware and Viruses that even after running Malware Bytes on boot time, left Work or Viruses do automatically download from the Internet or have been polymorphically renamed to a newer one that escapes Malware Bytes badware database and heroistics. Such problematic PCs are usually unmaintained user PCs whose Anti-Virus procetion with Nod32 or Kaspersky licensing has long expired leaving the PC without any mean of protection / PCs with removed Firewall / AV Program (due to Virus or Malware Infection) or on Computers which were used actively to download Cracked Programs, Games - by small kids or PCs used for watching heavily Porn (by teenagers). Here is a List of Top Iseful FreeWare anti-Malware softwares, you can use in combination with MalwareBytes to (Clean) / Fix a Windows PC that is in almost unsolvable state (and obviously needs re-install) but contains too much software either obsolete or hard (time wasting) to configure: Below anti-malware goodies helps in "Resurrecting" even the worst infected PC, so I believe every Win Admin should know them well and in computer clubs and university Windows computer networks with Internet it is recommended to check computers at least once a year ..
    [Show full text]
  • Hitmanpro.Alert Test Tool Manual
    Getting Started HitmanPro.Alert Getting Started 1.1 Page 1 1 Introduction HitmanPro.Alert is a solution that provides real-time protection for home and business PCs to guard against prevalent and zero-day software exploits, drive-by downloads, crypto-ransomware, online fraud, espionage and identity theft. It protects your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware solutions. 2 Install Prerequisites to Install HitmanPro.Alert Before installing HitmanPro.Alert, make sure that the target PC meets the following prerequisites: 5 MB disk space, 20 MB recommended Any 32-bit (x86) or 64-bit (x64) processor, Intel® Core™ i3, i5 or i7 recommended One of the following operating systems: Operating System 32-bit (x86) 64-bit (x64) Microsoft Windows XP with Service Pack 3 (SP3) Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8.1 Microsoft Windows 10 HitmanPro.Alert Getting Started 1.1 Page 2 Install HitmanPro.Alert 1. Download the software, hmpalert.exe: http://www.hitmanpro.com/downloads The single installation file is designed for both 32-bit and 64-bit versions of Windows. 2. Make sure you are connected to the internet and run the HitmanPro.Alert installation file, hmpalert.exe. The install dialog appears: 3. Place a checkmark in the checkbox in front of I accept the Terms of Use. 4. Click on the large INSTALL button at the bottom of the window to start installation. 5. On Windows Vista, Windows 7, Windows 8.1 and Windows 10, a User Account Control dialog may appear. Select Yes. 6.
    [Show full text]
  • Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation White Paper
    White Paper Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation White Paper Authors: Claudiu Cobliș - Security Researcher, Cyber Threat Intelligence Lab Cristian Istrate - Security Researcher Tech Lead, Cyber Threat Intelligence Lab Cornel Punga - Security Researcher, Cyber Threat Intelligence Lab Andrei Ardelean - Security Researcher, Cyber Threat Intelligence Lab [2] White Paper Foreword For more than a decade, adware has helped software creators earn money while bringing free applications to the masses. Headliner games and applications have become widely available to computer and mobile users the world over, with no financial strings attached. This contract between the developer and the consumer, however, is governed by third parties –the advertisers – the entities that absorb the product’s cost in exchange for user-generated information and behavior. Enter the adware era. While generating untold revenue for the companies that run these programs, adware has witnessed constant improvements over the years in both data collection and resilience to removal. The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user. This whitepaper details an extremely sophisticated piece of spyware that has been running covertly since early 2012, generating revenue for its operators and compromising the privacy of its victims. One of the perks of identifying a new strain of malware is getting to name it. We called this adware family “Zacinlo”, after the final payload, although this might not be the most appropriate name for such a complex piece of code.
    [Show full text]
  • Automated Malware Analysis Report for Hitmanpro Universal Crack (64
    ID: 40923 Sample Name: HitmanPro Universal Crack (64 bit).exe Cookbook: default.jbs Time: 05:18:12 Date: 25/12/2017 Version: 20.0.0 Table of Contents Table of Contents 2 Analysis Report 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Signature Overview 6 AV Detection: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 Persistence and Installation Behavior: 6 Data Obfuscation: 6 Spreading: 6 System Summary: 6 HIPS / PFW / Operating System Protection Evasion: 7 Anti Debugging: 7 Malware Analysis System Evasion: 7 Language, Device and Operating System Detection: 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus Detection 8 Initial Sample 8 Dropped Files 8 Domains 8 Yara Overview 8 Initial Sample 8 PCAP (Network Traffic) 8 Dropped Files 8 Memory Dumps 8 Unpacked PEs 8 Joe Sandbox View / Context 8 IPs 9 Domains 9 ASN 9 Dropped Files 9 Screenshot 9 Startup 10 Created / dropped Files 10 Contacted Domains/Contacted IPs 10 Contacted Domains 10 Contacted IPs 10 Static File Info 10 General 10 File Icon 11 Static PE Info 11 General 11 Entrypoint Preview 11 Data Directories 12 Sections 12 Resources 13 Imports 13 Network Behavior 13 Copyright Joe Security LLC 2017 Page 2 of 14 Code Manipulations 13 Statistics 13 System Behavior 13 Analysis Process: HitmanPro Universal Crack (64 bit).exe PID: 3256 Parent PID: 2948 13 General 13 File Activities 13 File Created 14 File Written 14 Disassembly 14 Code Analysis 14 Copyright Joe Security LLC 2017 Page 3 of 14 Analysis Report Overview General
    [Show full text]
  • Sophos Enterprise Console Help
    Sophos Enterprise Console help Product version: 5.5 Contents 1 About Sophos Enterprise Console ..........................................................................................6 2 Guide to the Enterprise Console interface...............................................................................7 2.1 User interface layout...................................................................................................7 2.2 Toolbar buttons...........................................................................................................7 2.3 Dashboard panels.......................................................................................................9 2.4 Security status icons.................................................................................................10 2.5 Navigating the Endpoints view..................................................................................11 2.6 Computer list icons...................................................................................................12 2.7 Filter computers by the name of a detected item......................................................13 2.8 Find a computer in Enterprise Console....................................................................14 2.9 Navigating the Update managers view.....................................................................15 3 Getting started with Sophos Enterprise Console...................................................................16 4 Setting up Enterprise Console................................................................................................18
    [Show full text]
  • Malware Removal Guide for Windows
    www.selectrealsecurity.com Malware Removal Guide for Windows Last Updated: October 1, 2012 – View HTML version © 2011 Brian Meyer This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware. Disclaimer: This malware removal guide is intended to be used as a self-help guide. It is not a substitute for professional malware removal. I recommend that you back up all your important data before attempting to perform the malware removal process. In the event of a system failure, you will be able to restore your data. Do not back up any system files, programs (.exe), or screensavers (.scr) because they may be infected with malware. How do I back up my data? Note: 1. In some cases, the only way to remove malware is to reformat and reinstall Windows. 2. This guide will continue to be updated, so please check back often. – Latest Updates 3. If you have any questions or comments about this guide, please contact me at: [email protected] Contents - Preparation for Removal - Removal Process - Step 1 - Scan for and Remove Rootkits - Step 2 - Scan for and Remove Malware - Step 3 – Online Malware Scan - After the Removal Process - Fix Post-Disinfection Problems - Get Expert Analysis - Can't Boot Into Windows or Safe Mode? - Conclusion www.selectrealsecurity.com Preparation for Removal Note: If you are having problems downloading files, download the files in this guide on another computer, and then transfer them to the infected computer with a CD or USB flash drive.
    [Show full text]
  • Ransomware Crypto
    April 2016 Volume 14 Issue 4 Protecting against Tomorrow’s Malware Attacks Today The Rise of Malicious Documents The Practice of Malware Protection for Commercial Banking The Hotel Industry Has a PoS Malware Problem Evolving Ransomware Crypto lockerRANSOMWARE MALWARE THREAT EVOLUTION Table of Contents DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY Feature 14 CryptoLocker By Carl Saiyed – ISSA member, Greater Spokane Chapter This article discusses CryptoLocker ransomware, how it works, how it happens, and most importantly what enterprises can do to protect themselves above and beyond IDS/IPS and antivirus systems. Articles 28 The Practice of Malware Protection for 19 Protecting against Tomorrow’s Malware Commercial Banking Attacks Today By Sergey Tikhonov and Miroslava Bondarenko – ISSA members, Russia By Guy Bunker – ISSA member, UK Chapter The variety of attacks against enterprise networks This article discusses why cybersecurity organizations is undergoing rapid development. In this article we need to rethink how they protect against the next wave will describe some protection practices performed of malware attacks and information-borne threats. by an in-house information security team in a small 24 The Rise of Malicious Documents commercial bank. By Didier Stevens – ISSA member, Belgian Chapter 37 The Hotel Industry Has a PoS Malware The author discusses the increasing use of embedded Problem active content—macros, scripts, executables—in malicious Office docs and pdfs designed to fly under By Andy Green the radar of email and antivirus scanning tools. Hotels are increasingly becoming victims of point- of-sale data breaches, falling prey to the same PoS malware that have been plaguing big retailers for years.
    [Show full text]