DOCSLIB.ORG

40 John Titmus-Crowdstrike.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
40 John Titmus-Crowdstrike.Pdf 4th Annual Information Security Conference for the Financial Sector ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING, HOW IT CAN HELP YOU WITH THE LATEST THREATS JOHN TITMUS, DIRECTOR & STRATEGY ADVISOR - CROWDSTRIKE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. John Titmus - In security for over 16 years with strategic security knowledge gained in both global industry and government agencies. - Director and Strategy Advisor at CrowdStrike - Provides strategic advise as a trusted advisor - Helps prevents organisations from being breached WE SEE 2 INTRUSIONS EVERY HOUR… 24 hours a day, 7 days a week! Around 1440 Intrusions a month! CURRENT LANDSCAPE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Sept 2015 agreement reached with China and US, UK, Germany & members of G20 agree to stop malicious cyber operations for commercial gain. We have tracked reduced level of targeted intrusion activity by China- CHINESE TARGETED based actors against private sector in INTRUSION G20 . “Traditional espionage” targets that did OPERATIONS not violate the 2015 agreement were unaffected by this reduction. SUCCESS FOR CYBER . Greater reliance on contractors for ESPIONAGE China’s offensive cyber ecosystem AGREEMENTS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WHICH ONE IS THE ORIGINAL China's newest warplane, the J‐20 stealth fighter US military's F‐22 Raptor 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE TRICKLE DOWN EFFECT 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WANNACRY RANSOMWARE The Move to Malware-Free Attacks VOODOO BEAR - Avoid detection by antivirus, IDS, next-gen firewalls, etc. - Avoid exploiting vulnerabilities or installing malware - Look like a typical IT admin - Leverage legitimate processes - More stealthy, more effective 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ECRIME GOES CORPORATE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. RECENT ECRIME TRENDS - Ransomware and ETERNALBLUE impact eCrime ecosystem - SPAMBots lead in malware distribution over exploit kits - CrowdStrike supports takedown of Kelihos botnet - CVE-2017-0199 exploit spreads rapidly 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MARKET PRICING - Ransomware as a Service: $20-$100 (USD) - Dragon ~$20 - Brickr ~$80 - Jigsaw ~$90 - Trojan prices: $15-$5,000 - Ovidiy = 15$ - Z = $50-$100 (depends on options) - KINS = $5,000 - Exploit Kits: - Several thousand dollars/month - BPS: - Hundreds of dollars /month 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ADVERSARY WORLD MAP IRAN CHINA Charming Kitten Magic Kitten RUSSIA Cutting Kitten Rocket Kitten Berserk Bear Fancy Bear Anchor Panda Numbered Panda Aurora Panda Override Panda Boulder Bear Team Bear Comment Panda Pale Panda Cozy Bear Venomous Bear Dagger Panda Pirate Panda PAKISTAN Energetic Bear Voodoo Bear Deep Panda Pitty Panda Dizzy Panda Putter Panda Mythic Leopard Dynamite Panda Predator Panda Eloquent Panda Putter Panda Emissary Panda Radio Panda NORTH KOREA Foxy Panda Sabre Panda CRIMINAL Gibberish Panda Samurai Panda Silent Chollima Goblin Panda Spicy Panda Boson Spider Gothic Panda Stalker Panda Carbon Spider Hammer Panda Stone Panda Hound Spider ACTIVIST Hurricane Panda Temper Panda Indrik Spider Curious Jackal Impersonating Toxic Panda Magnetic Spider Panda Turbine Panda Mimic Spider Deadeye Jackal Karma Panda Union Panda Pizzo Spider Extreme Jackal Keyhole Panda Violin Panda Shark Spider INDIA Lotus Panda Vixen Panda Static Spider Gekko Jackal Viceroy Tiger Maverick Panda Wet Panda Wicked Spider Ghost Jackal Nightshade Panda Wicked Panda Wold Spider Zombie Spider Shifty Jackal DATA AS A WEAPON What’s already happened has happened 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CHANGING THE GAME IN CYBERSECURITY 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. HOW DO WE KNOW THIS? Billions/Day Peak Events Average Events 60 Per Second Per Second >1.04M >593K 50 40 Data Processed Per Day Events Per Day 30 >50 TB >58.7B 20 10 Stored in Stored in TG Apollo/Hadoop 0 CrowdStrike WhatsApp Apple SnapChat Facebook Twitter 1.79 PB 3.57 PB (Events) (Messages) (Messages) (Video (Likes) (Tweets) Views) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 2 GAME CHANGERS: GRAPH AND ARTIFICIAL INTELLIGENCE PROCESS EXECUTES PROCESS DELETES BACKUPS PROCESS CALLS ENCRYPTION ROUTINE PROCESS ENUMERATES FILE SYSTEM 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. The Future of Security Is Graph 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. IS THE BANK BEING ROBBED? PERSON PERSON OPENS THE PERSON PERSON WALKS OPERATES VAULT LEAVES THE AROUND THE OUTSIDE STEALTHILY BANK WITH OF THE BANK – DISGUISES THE MONEY CHECKING ENTRY/EXIT THEMSELVES PERSON GETS INTO CAR AND PERSON DRIVES OFF ENTERS PERSON THE BANK EVADES/DISABLE PERSON CARRIES S THE CAMERAS MONEY OUT FROM THE VAULT THE THIRD WAVE OF AI THE POWER OF AI IS PREDICTIVE 2014 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NEXT STEPS: PUTTING THE PIECES TOGETHER 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. YOUR VIEW OF THE WORLD MAY SEEM CHAOS FREE REALITY CAN BE DECEIVING 2017 CROWDSTRIKE,2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INC. ALL RIGHTS RESERVED. CYBER THREAT INTELLIGENCE IS CRUCIAL IN HELPING STOP BREACHES EXTERNAL FEEDS PROCESS PEOPLE IDS SNORT / LOGS SURICATA YARA COMMON EVENT MALWARE PACKET FORMAT DETECTION CAPTURE rd DATA 3 PARTY 3rd PARTY VT VISUALIZATION TOOLS FEED 1 FEED 2 PROXY PLUS SIEM MANY OPEN SOCIAL OTHERS SOURCE APIs MEDIA ... FEEDS SOURCES INTERNAL FEEDS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. YOUR TEAMS NEED TO ANSWER THE QUESTION • Does ‘X’ effect our environment? • What is the RISK to us? • What is the IMPACT? • What ACTION needs to be taken? • Could our BRAND RECOVER from this incident… 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CONFIDENTLY AND ACCURATELY • Provide ACTIONABLE information • CONTEXT • RISK to the business • EVIDENCE • APPROPRIATE PROCESS • TIMELINE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Identified attack vectors have included spear phishing for credentials theft and computer network exploitation, physical insertion of surveillance hardware, and others. In both the espionage and the criminal spaces, various sectors are assessed to be ALL SECTORS ARE uniquely exposed on two technical fronts: hardware and software. VULNERABLE TO . IoT devices, controller, terminals etc. CYBER ATTACKS potentially vulnerable to physical or remote attack across the supply chain. Systems dependency - single point of failure SUCCESS FOR CYBER in most situations. ESPIONAGE AGREEMENTS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. USE (REAL) INTELLIGENCE THE TAKEAWAYS Not every adversary group is created equal. Intel‐Driven Response Groups have differing skills, resources, and capabilities. Must be real-time or near real-time focused on IOAs GOOD PROCESS Sweeping just for IOCs is a losing proposition. Hunt – based on your intelligence Visibility – DVR for the endpoint Information not data mountains TECHNOLOGY Use forward looking technology and don’t operate in the rear view mirror Integrated layers of defense FUNDING CEO and Boards tend to fund projects where attribution is clear. Use intelligence to create an actionable programe 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. .
Load more

Recommended publications
  • Crowdstrike Global Threat Intel Report
    TWO THOUSAND FOURTEEN CROWDSTRIKE GLOBAL THREAT INTEL REPORT www.crowdstrike.com TWO THOUSAND FOURTEEN CROWDSTRIKE GLOBAL THREAT INTEL REPORT INTRODUCTION .........................................................................4 Table of KEY FINDINGS ............................................................................7 STATE OF THE UNION .............................................................9 Contents: NOTABLE ACTIVITY ............................................................... 13 Criminal ................................................................................ 13 State ...................................................................................... 19 Hacktivist/Nationalist ............................................................. 25 2014 Zero-Day Activity ........................................................... 34 Event-Driven Operations ......................................................... 39 KNOW THE ADVERSARY ....................................................49 Effect of Public Reporting on Adversary Activity ........................ 49 HURRICANE PANDA .................................................................50 GOTHIC PANDA ..........................................................................55 Overview of Russian Threat Actors ........................................... 57 2015 PREDICTIONS.................................................................61 CONCLUSION ........................................................................... 73 2 Introduction Intelligence
    [Show full text]
  • Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure
    CYBER THREAT ANALYSIS | Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure By Insikt Group® CTA-IR-2020-0409 CYBER THREAT ANALYSIS | IRAN Recorded Future’s Insikt Group® is conducting ongoing research on the organizations involved in Iran’s cyber program. This report serves to provide greater insight into the major military and intelligence bodies involved in Iran’s offensive cyber program. Although offensive cyber capabilities include domestic attacks, we researched those organizations with declared international missions. Due to the secretive nature of some organizations and lack of verifiable information, we incorporated competing hypotheses to adhere to industry analytic standards. For the purposes of this research, we investigated the Islamic Revolutionary Guard Corps (IRGC), including the Basij, as well as the Ministry of Intelligence and Security (MOIS), and the Ministry of Defense and Armed Force Logistics (MODAFL). Although the report suggests links between a select number of advanced persistent threat (APT) groups and certain intelligence organizations, we are unable to conclusively assign them to specific agencies due to gaps in information about each group. The sources for our research primarily include intelligence surfaced in the Recorded Future® Platform, industry research released by Symantec, FireEye, ClearSky, and PaloAlto, among others, and open source news reports. Executive Summary While the Iranian cyber program remains at the forefront of Tehran’s asymmetric capabilities, its intelligence apparatus is colored by various dysfunctions and seemingly destabilizing traits. In particular, the politicization of its various intelligence agencies and ensuing domestic feuds have reportedly polarized officer-level rank and file throughout the various security crises of the Islamic Republic.
    [Show full text]
  • Iranian Cyber-Activities in the Context of Regional Rivalries and International Tensions
    CSS CYBER DEFENSE PROJECT Hotspot Analysis: Iranian cyber-activities in the context of regional rivalries and international tensions Zürich, May 2019 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Iranian cyber-activities in the context of regional rivalries and international tensions Authors: Marie Baezner © 2019 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group Myriam Dunn Cavelty, Deputy Head for Research and Teaching, Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie (2019): Hotspot Analysis: Iranian cyber-activities in context of regional rivalries and international tensions, May 2019, Center for Security Studies (CSS), ETH Zürich. 1 Iranian cyber-activities in the context of regional rivalries and international tensions Table of Contents 1 Introduction 4 2 Background and chronology 5 3 Description 9 3.1 Attribution and actors 9 Iranian APTs 9 Iranian patriotic hackers 11 Western actors 12 3.2 Targets 12 Iranian domestic targets 12 Middle East 12 Other targets 13 3.3 Tools and techniques 13 Distributed Denial of Service (DDoS) attacks 13 Fake personas, social engineering and spear phishing 13
    [Show full text]
  • Cyber Threat Data Model and Use Cases Final Report
    CAN UNCLASSIFIED TA-35—Cyber Threat Data Model and Use Cases Final Report Dr. Antoine Lemay International Safety Research (ISR) Prepared by: ISR 38 Colonnade Road North Ottawa, Ontario Canada K2E 7J6 Contractor's document number: ISR Report 6099-01-03 Version 2.0 PSPC Contract Number: W7714-156105-T35 Technical Authority: Melanie Bernier, Defence Scientist Contractor's date of publication: September 2017 Defence Research and Development Canada Contract Report DRDC-RDDC-2017-C290 November 2017 CAN UNCLASSIFIED CAN UNCLASSIFIED IMPORTANT INFORMATIVE STATEMENTS The information contained herein is proprietary to Her Majesty and is provided to the recipient on the understanding that it will be used for information and evaluation purposes only. Any commercial use including use for manufacture is prohibited. Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada, but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it.
    [Show full text]
  • WEBSITE SECURITY THREAT REPORT 2016 Contents
    FULL REPORT WEBSITE SECURITY THREAT REPORT 2016 Contents The Symantec™ Global Intelligence Network 03 • Simple but effective 34 • Web connected applications 36 WSTR introduction increasingly threatened Websites are still vulnerable to attacks leading 04 What’s in a botnet? 37 to malware and data breaches Malvertising 38 Comprehensive website security 04 Notable events in 2015 05 On the client side 39 Key takeaways 05 Smartphones and mobile devices 39 Moving to stronger authentication 06 • One phone per person 39 Reasons for hope 07 • Cross-over threats 39 • Android attacks become more stealthy 42 2015 in numbers • Android users under fire with phishing 42 The state of play 08 and ransomware Slipping through the cracks 09 • Apple iOS users now more at risk than ever 42 The insider threat 10 Protecting mobile devices 42 Money, money, money 10 Looking ahead 43 The underground economy and 14 Email and communications threats 43 law enforcement • Email abuse 43 • Business in the cyber shadows 14 • Spam 44 • Booming business 14 • Phishing 44 • They can run, but they can’t hide 14 • Email malware 44 • Reducing the risk 15 • Email encryption 46 • Bypassing encryption: 46 It’s not just about the device or the network – communications attacks Targeting the individual behind the computer • Email security advice 46 Trust no one 16 Looking ahead 46 Secrets and lies 17 Computers, cloud computing and IT infrastructure 47 Mistaken identity 18 • Cloud and virtualised systems 48 Put your money where your mouse is 18 • Cloud vulnerabilities 48 Chipping away
    [Show full text]
  • HAVELSAN Siber Güvenlik Bülteni
    SİBER GÜVENLİK PANORAMA 2015 Türkiye adına her seviyede ders çıkarılacak siber güvenlik olayları HAVELSAN Aylık Siber Güvenlik Bülteni, Mart 2016 HAVELSAN, Türk Silahlı Kuvvetlerini Güçlendirme Vakfı’nın bir kuruluşudur. Siber Güvenlik Panorama 2015 TAKDİM 2015 yılında siber güvenlik ile ilgili büyüklü küçüklü çok sayıda siber saldırı meydana geldi. Bu saldırılardan bir kısmı gerek ülkemizde, gerekse dünyada ön plana çıkarken bazıları da bir kenarda unutuldu. Teknik kapsamlı olanlar da dâhil özellikle ülkemiz basın ve yayın organlarının, siber saldırıların genellikle sadece belirli türde olanlarına bilindik bir gözle baktığını ve aşina olunan söylemlerle aktardığını söylemek pek yanlış olmaz. Bu bakış açısıyla sunulan olayların, vatandaşa yönelik çoğunlukla yetersiz ve kısmen yanıltıcı tesirinin altını çizmek gerekmektedir. Ancak bunun da ötesinde, günlük haberler içinde sunulan siber uzaydaki olayların, ülkemizin çeşitli kamu ve özel iş kollarında çalışan kişiler ve özellikle karar mercilerinin siber saldırıların neler olabileceği ve ne gibi tesirlere yol açacağı konusunda sağlam bir fikir sahibi olmasına bir katkı sunmadığı açıktır. Son on yılda gittikçe çeşitlenen, artan ve çok büyük boyutlara ve kapsama erişen siber saldırıların doğru ve kapsamlı bir şekilde sunulması ile Türkiye’deki karar mercilerinin ve topyekûn ülkemizin değerli iş gücünün, çalıştığı kurumlarının ve kendilerinin ne gibi siber tehditlere maruz kalabileceği konusunda ışık tutulacağını düşünüyoruz. Bu bültende sunulan panorama ile gerçekleşen siber olaylardan haberdar
    [Show full text]
  • Iran and the Soft War for Internet Dominance
    Iran and the Soft War for Internet Dominance Claudio Guarnieri & Collin Anderson1 Black Hat USA, August 2016 Table of Contents Introduction Campaigns and Actors Infy Cleaver (Ghambar) ​ ​ Rocket Kitten Sima End Note Acknowledgements Appendix Summary Over the past decade, the Islamic Republic of Iran has been targeted by continual intrusion campaigns from foreign actors that sought access to the country's nuclear facilities, economic infrastructure, military apparatus, and governmental institutions for the purpose of espionage and coercive diplomacy. Concomitantly, since the propagandic defacements of international communications platforms and political dissident sites conducted by an organization describing itself as the "Iranian Cyber Army" beginning in late 2009, Iranian actors have been attributed in campaigns of intrusions and disruptions of private companies, foreign government entities, domestic opposition, regional adversaries and international critics. While Iran maintains strong technical universities2 and an extraordinarily active defacement community,3 the country has not invested in its capacity for Internet­based espionage to the same degree as its traditional geopolitical rivals, and is less able to seek capabilities abroad from 1 Contact: Claudio ([email protected], PGP: 7359 D880) and Collin ([email protected], PGP: FAFB F2FA) 2 Sharif University of Technology for example is an internationally recognized engineering school. https://www.timeshighereducation.com/world­university­rankings/sharif­university­of­technology 3 Ashiyane Digital Security Team and other defacement groups have commonly held positions in the leaderboard of Zone­H and are attributed with thousands of defacements. http://www.zone­h.org/stats/notifierspecial Iran and the Soft War for Internet Dominance Guarnieri & Anderson companies such as Hacking Team or Finfisher due to its pariah status.
    [Show full text]
  • Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2
    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense
    [Show full text]
  • Potential Risks for the Pharmaceutical Sector
    Epidemiology Labs | Threat Intelligence Report Potential risks for the pharmaceutical sector Date: April 6 (update) Version: 2.0 TLP: White Authors: OSINT Unit – Part of the Orange Cyberdefense Epidemiology Lab www.orangecyberdefense.com Orange Cyberdefense © 2020 Epidemiology Lab Abstract – Pharmaceutical Sector Status Level 2 : potential risk Date of the report February 28, 2020 Report modification (new elements) April 6, 2020 Version 2.0. Target Sectors Pharmaceutical Hacker Groups / Family Winnti Umbrella APT 41 APT 10 Blacksturgeon Suspected state actors Mostly China Iran Geopolitical context Increased interest in the biopharmaceutical industry credited to threat actors likely related to/sponsored by Chinese government organisations Hypothetical Risks on Business Several business lines could be concerned by risks (see Lines Relationships the table p. 28) Abstract Pharmaceutical companies are a prime target for hackers, whether they are interested in intellectual property or sensitive data. Different pharmaceutical companies have been affected by cyberattacks over the last few years, but the goals, targets and methods employed vary. Some are collateral damage, others are infected for spying or ransom. Regardless of the attack, the consequences can be disastrous for the company. Among the hacker groups targeting the pharmaceutical industry, Chinese actors seem the more active and dangerous for the sector. All appear to have links with the Chinese state. APT41 seems particularly dangerous at that time. However, there are no hacker groups known to specifically target the pharmaceutical industry. The recent Chinese interest in the biopharmaceutical industry has to be highlighted. Different U.S. government organisations have underlined the fact that biopharmaceutical companies were among the favourite industries of Chinese hacker groups looking to steal trade secrets, and that increasing Chinese investments in the U.S.
    [Show full text]
  • The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales
    The most dangerous cyber nightmares in recent years Halloween is the time of year for dressing up, watching scary movies, and telling hair-raising tales. Events in recent years have kept companies on high alert. Every day we are seeing an increase in cyberattacks carried out by organized hacker organizations. In a matter of seconds, these threats can destabilize large corporations, stealing large quantities of money and personal data, as well shake the very foundations of entire world powers. Have a look at some of the most terrifying attacks of recent years. 2010 2011 2012 Operation Aurora RSA SecurID Stratfor A series of cyberattacks carried out RSA suffered a security breach as a Publication and dissemination of worldwide, targeting 34 companies, result of a cyberattack that sought internal emails exchanged between including Google. The attack was details about its SecureID system. personnel of the private intelligence perpetrated by a group of Chinese espionage agency Stratfor, as well as hackers. PlayStation Network emails exchanged with clients of the firm. 77 million accounts were Australian Government compromised and blocked PS3 and DDoS attacks, carried out by the PlayStation Portable users from Linkedin online community Anonymous, accessing the service for 23 hours. The passwords of nearly 6.5 million against the Australian Government. user accounts were stolen by Russian cybercriminals. Operation Payback An attack coordinated jointly against opponents of Internet piracy. 2013 2014 Cyberattack in South Korea Celebrity photos Cyber networks of major South 500 private photographs of several Korean banks and television celebrities, mostly women, were networks were shut down in an placed on 4chan and subsequently alleged act of cyber warfare.
    [Show full text]
  • Mcafee Strategic Intelligence/Shamoon 2 Frequently Asked Questions
    ANNOUNCEMENT FAQ McAfee Strategic Intelligence/Shamoon 2 Frequently Asked Questions Q. What is the news? activity of a nation-state actor. Taken together, this A. McAfee has linked a series of cyber-attacks in new series of Shamoon cyber espionage campaigns Saudi Arabia to a common malicious actor rather are significantly larger, well-planned, well-resourced, than to individual cyber gangs in the region. and coordinated at a level beyond the limited McAfee Strategic Intelligence researchers have capacity of disparate independent hacker gangs. released evidence that a series of cyber-attacks Q. How can McAfee make these claims? targeting the Persian Gulf and, specifically, Saudia McAfee Strategic Intelligence surveyed the evolution Arabia between 2012 and the present are the work A. of Shamoon-based attacks, from the 2012 attacks of hacker groups supported and coordinated by a on the Persian Gulf energy sector, to the latest common malicious actor, and not the random efforts campaigns in Saudia Arabia in 2016 and 2017. of a variety of individual cyber gangs in the region. McAfee found commonalities between the Shamoon The latest Shamoon campaigns go beyond a malware samples, tactics and even infrastructure few targets in energy, to many in other critical used in these attacks: sectors that run Saudi Arabia. Whereas earlier Shamoon campaigns targeted a relatively small ■ The new attacks used 90% of the original code number of energy sector organizations to disrupt from the 2012 attacks the operations of the region’s critical industry, the ■ The macro code used in the latest spear-phishing new attacks are focused on a greater number of campaign was also used in the attacks launched organizations in the energy, government, financial by Rocket Kitten in Spring 2016 services and critical infrastructure sectors of Saudi Arabia to disrupt that entire country.
    [Show full text]
  • Hacking Nation-State Relationships: Exploiting the Vulnerability of the Liberal International Order
    Fordham University DigitalResearch@Fordham Senior Theses International Studies Spring 5-16-2020 Hacking Nation-State Relationships: Exploiting the Vulnerability of the Liberal International Order Ray Marie Tischio Follow this and additional works at: https://fordham.bepress.com/international_senior Part of the International and Area Studies Commons Hacking Nation-State Relationships: Exploiting the Vulnerability of the Liberal International Order Ray Marie Tischio [email protected] International Studies: Global Affairs Track Fordham University Class of 2020 Thesis Advisor: Christopher Toulouse [email protected] Seminar Advisor: Dotan Leshem [email protected] ABSTRACT This thesis explores the implications of nation-state cyberwarfare and cyber conflict in the context of geopolitics and international studies. The emergence of nation-state cyber conflict has increased in frequency and severity in the last decade. In order to investigate what renders cyberwarfare a new and unique challenge to specific geopolitical climates and international systems at large, research on state-level cyber conflict within bilateral relationships—all of which cyber activity is significantly prevalent—is presented in the following three case studies: US- China, US-Iran, and US-Russia. Findings of these three case studies are used in subsequent analysis to articulate the specific ways in which state cyber conflict differs from conventional state kinetic warfare. Finally, after characterizing cyber conflict and the new challenges it presents to geopolitics, these defining qualities are situated into the current debate surrounding the deterioration of the liberal international order. I conclude that nation-state cyberwarfare exploits the postwar interconnected transparency of liberalism, and fundamentally challenges the continuity of US hegemony and the liberal order.
    [Show full text]