No Notpetya, No Badrabbit, and No Wannacry

Total Page:16

File Type:pdf, Size:1020Kb

No Notpetya, No Badrabbit, and No Wannacry GLOBAL THREAT REPORT ADVERSARY TRADECRAFT 2019AND THE IMPORTANCE OF SPEED NO NOTPETYA, NO BADRABBIT, AND NO WANNACRY! DID ANYTHING HAPPEN IN CYBER LAST YEAR? CrowdStrike Services Cyber Intrusion WHAT IS THE GLOBAL Casebook Insights from reactive Incident response engagements involving THREAT REPORT CrowdStrike Services Falcon OverWatch Report Insights gained from A YEARLY REPORT GENERATED FROM A YEARS WORTH OF proactive threat hunting conducted in customer DATA FROM CROWDSTRIKE’SINTELLIGENCE, SERVICES, environments where Falcon is deployed FALCON OVERWATCH TEAMS AND CROWDSTRIKE’S CLOUD PLATFORM THREATGRAPH CROWDSTRIKE’S POWERFUL REPORTS ARE ENABLED BY POWERFUL INSIGHTS 3.8M PEAK EVENTS CrowdStrike Global PER SECOND Threat Report Global cyberthreat intelligence and insights 3.0M AVG EVENTS from the Falcon platform PER SECOND and OverWatch 240BILLION EVENTS A DAY SO… DID ANYTHING HAPPEN IN 2018? WE HAD: §NO NOTPETYA ☠ §NO WANNACRY " §NO BADRABBIT # 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. SO… WHAT DID HAPPEN IN 2018? 2019 GLOBAL THREAT REPORT ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED 16 BEYOND MALWARE The 2018 CrowdStrike telemetry did not show a distinct shift in the balance between malware and malware-free threats compared to 2017. CrowdStrike analysis continues to identify malware as a dominant method used by various types of attackers for initial infiltration. The ultimate methods and objectives of malware can range from deploying basic bots for use in denial-of-service campaigns, to more directed objectives such as collecting cryptocurrencies through unauthorized mining. Other more nefarious malware, such as the TrickBot banking Trojan, is used to steal login credentials to banking sites. Figure 3 compares malware and malware-free attacks from the 2018 CrowdStrike telemetry. The attack types are defined as follows: Malware attacks: These are simple use cases where a malicious file is written to disk and Falcon detects the attempt to run that file, then identifies and/or blocks it. Malware-free attacks: CrowdStrike defines malware-free attacks as those in which the initial tactic did not result in a file or file fragment being written to disk. Examples of this include attacks where code executes from memory or where stolen credentials are leveraged for remote logins using known tools. Figure 3. Global Malware vs. Malware-Free Attacks Malware-Free 40% BEYOND MALWARE IN 2018 CROWDSTRIKEDID NOT SEE A DISTINCT CHANGE IN THE USE OF MALWARE VERSUS MALWARE—FREE ATTACKS, WHEN COMPARED TO THE YEAR EARLIER. GLOBAL MALWARE VS. MALWARE-FREE ATTACKS Malware 60% 2019 GLOBAL THREAT REPORT ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED 17 2019 GLOBAL THREAT REPORT ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED 17 MALWARE-FREE ATTACKS BY INDUSTRY Notable shifts in 2018 versus 2017: The media industry jumped to the top of the charts, with approximately 80 percent malware-free attacks, versus approximately 64 percent in 2017. In addition, the technology, academic and MALWARE-FREE ATTACKS BY INDUSTRY energy sectors all saw dramatic increases in malware-free attacks in 2018. Notable shifts in 2018 versus 2017: The media industry jumped to the top of the charts, with approximately 80 percent malware-free attacks, versus approximately 64 percent in 2017. In addition, the technology, academic Figureand 4. Malware-free vs. Malware Attacks by Industry energy sectors all saw dramatic increases in malware-free attacks in 2018. Media Figure 4. Technology Malware-free vs. Malware Attacks by Industry BEYONDAcademic MALWARE Energy Media Healthcare Technology BY INDUSTRY Entertainment Academic Retail Energy Hospitality Healthcare Manufacturing Entertainment Aviation Retail Automotive Hospitality Professional Services Manufacturing Aviation Telecommunications Automotive Goverment Professional Services Financial Telecommunications Insurance Goverment Pharmaceutical Financial Oil & Gas Insurance Conglomerate Pharmaceutical 0 10 20 30 40 50 60 70 80 90 100 Oil & Gas Conglomerate 0 10 20 30 40 50 60 70 80 90 100 Malware-Free Malware Figure 4 illustrates the percentage of malware versus malware-free attacks Malware-Free Malware by industry sector. Industries at the top of this list — including media, technology and academic — tend to be more heavily targeted by malware- Figure 4 illustrates the percentage of malware versus malware-free attacks free threats and will benefit from aggressively strengthening their defenses by industry sector. Industries at the top of this list — including media, to address these more sophisticated, modern attacks technology and academic — tend to be more heavily targeted by malware- free threats and will benefit from aggressively strengthening their defenses to address these more sophisticated, modern attacks ATT&CK TECHNIQUES & TRENDS ADVERSARIES HAVE A HUGE TOOLKIT TO ENSURE SUCCESSFUL ATTACKS 2019 GLOBAL THREAT REPORT ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED 20 REGIONAL ATT&CK TECHNIQUE TRENDS CrowdStrike observed significant variations in the attacks seen in diferent regions around the globe (Figure 5). The team believes this is important, because understanding the techniques most likely to be employed in attacks against your organization can help you prioritize investments in prevention and detection resources. 2. Includes MITRE ATT&CK techniques as well as supplementary CrowdStrike Figure 7. Falcon techniques. Based on Prevalence of Attack Technique by Region2 primary reported technique only. Other Other Data from Regsvr32 Local System Indicator of Compromise Process Injection PowerShell NORTH Hidden Files LATIN AMERICA & Directories AMERICA Masquerading Malware Accessibility Features Malware Command-Line Credential Interface Dumping PREVALENCE OF ATTACK TECHNIQUE BY REGION REGIONAL ATT&CK Other TECHNIQUES & TRENDS Registry Run Keys / Other Account Start Folder Discovery Credential Dumping CROWDSTRIKEOBSERVED HIGH USAGE OF SCRIPTING Credential TECHNIQUES USED BY THREAT ACTORS WHEN TARGETING Data from Dumping EUROPE, Local System INDO- ORGANISATIONS WITHIN THE EUROPE, MIDDLE EAST AND MIDDLE EAST AFRICA. Indicator PACIFIC Sensor-based ML Scripting Command-Line of Compromise & AFRICA Interface Process Command-Line Injection Interface Malware 2019 GLOBAL THREAT REPORT ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED 20 REGIONAL ATT&CK TECHNIQUE TRENDS CrowdStrike observed significant variations in the attacks seen in diferent regions around the globe (Figure 5). The team believes this is important, because understanding the techniques most likely to be employed in attacks against your organization can help you prioritize investments in prevention and detection resources. 2. Includes MITRE ATT&CK techniques as well as supplementary CrowdStrike Figure 7. Falcon techniques. Based on Prevalence of Attack Technique by Region2 primary reported technique only. 2019 GLOBAL THREAT REPORT 20 ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED Other Other Data from Regsvr32 Local System Indicator REGIONALof Compromise ATT&CK TECHNIQUE TRENDS Process Injection CrowdStrike observed significant variations in the attacks seen in diferent regionsPowerShell around the globe (Figure 5). The team believes this is important, because understanding the techniquesNORTH most likely to be employedHidden Files in LATIN & Directories attacks against your organization can help you prioritize investments in prevention and detection resources.AMERICA AMERICA Masquerading 2. Includes MITRE ATT&CK techniques as well as supplementary CrowdStrike Figure 7. Falcon techniques. Based on Prevalence of Attack Technique by Region2 Malware primary reported technique only. Accessibility Features Malware Command-Line CredentialOther Dumping REGIONAL ATT&CK Other Interface Data from Regsvr32 Local System PREVALENCE Indicator of Compromise Process OF ATTACK TECHNIQUES & TRENDS Injection PowerShell NORTH Hidden Files LATIN TECHNIQUE AMERICA & Directories AMERICA BY REGION Masquerading Malware Other Accessibility Features Registry Run Keys / Other Account Start FolderMalware Command-Line Credential Discovery Interface Dumping Credential PREVALENCE Dumping OF ATTACK TECHNIQUE BY REGION Credential Data from Dumping EUROPE, Local System INDO- Other Registry Run Keys / Other Account Start Folder MIDDLE EAST Discovery Indicator PACIFIC Sensor-based ML Scripting Credential Command-Line Dumping of Compromise & AFRICA Credential Interface Data from Dumping EUROPE, Local System INDO- MIDDLE EAST Indicator PACIFIC Sensor-based ML Scripting Command-LineProcess Command-Line of Compromise & AFRICA InterfaceInjection Interface Process Command-Line Injection InterfaceMalware Malware DID SOMEONE SAY NATION-STATE? ! " # ! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. //IRAN HELIX KITTEN THE KITTEN TARGET + BAHRAIN FLASH KITTEN SAUDI ARABIA OP-TEMPO + TARGET + MEDIUM-HIGH MENA OP-TEMPO + STATIC KITTEN MEDIUM-LOW TARGET + EASTERN EUROPE MAGIC KITTEN CHARMING KITTEN MENA, PAKISTAN, INDIA OP-TEMPO + TARGET + TARGET + MEDIUM DISSIDENTS STRATEGIC WEB COMPROMISE OP-TEMPO + OP-TEMPO + UNKNOWN LOW 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. //NORTH KOREA(DPRK) THE CHOLLIMA 2017 2018 ed) t FINANCIAL SECTOR ATTACKS LATE FALL 2018c Banks in Nigeria Suspe ( tina s in Nigeria ALL 2018 LINKED TO STARDUST n (Suspected) k F ge r TE Ban CHOLLIMA , India A , A k Y 2018 L a SEPTEMBER 2018vices A , India r k e trusion Banco de Chile DECEMBER 2017 City Union Ban M s n Financial services y in Caribbean Y 2018 n company in Caribbeana R ed i ed) t t MAY 2018 p t Bancomext, Mexico A c DECEMBER 2017 p s TEMBER
Recommended publications
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • Retaliation by Iranian Attack Groups
    Security Brief In the Aftermath of the Assassination: Fear of Cyber- Retaliation by Iranian Attack Groups The Radiflow Cyber-research team (C) 2019 Radiflow LTD. All Rights Reserved. IN THE AFTERMATH OF THE ASSASSINATION: FEAR OF CYBER-RETALIATION BY IRANIAN ATTACK GROUPS TARGETING OT AND IT NETWORKS CYBER ATTACKS ARE LIKELY – AND THEY’RE NOT LIMITED TO IT NETWORKS One of the likely consequences of the recent tension in the Middle East is retaliatory cyber attacks against US and Western interests, possibly by Iranian-nexus groups well-known to cyber-security community – APT33, Oilrig and others. These groups are able to leverage their presence and foothold in victims’ networks to carry out disruptive cyber attacks in the form of data manipulation, disk drive wiping and such; alternately, threat actors may well attack newly-identified targets. (See also timeline of disk-drive wiping attacks, below.) Other scenarios include leaking sensitive and personal data, as in the case of Iranian- attributed cyber-espionage groups such as APT39, or DDoS attacks against government institutions, financial and other national critical systems, similar to the 2013 “Operation Ababil” attacks against US financial institutions. HACKER GROUPS (IRANIAN AND OTHER) ARE SHIFTING FROM IT TO OT While most warnings focus on attacks against IT networks, there have been clear indications that Iranian threat actors have crossed over into OT production & automation systems, including the infamous “Shamoon” attacks against Saudi and other Gulf states infrastructures (IBM X-Force has also detected a new destructive wiper called ZeroCleare, which bears similarity to the Shamoon malware, and is suspected to have been used by another Iran-based group to target national energy and industrial Middle East.) OT (ICS/SCADA/IIoT) networks are by and large much less protected and much more exposed to attacks than IT networks, especially networks with devices that hadn’t been designed with security in mind.
    [Show full text]
  • Iranian Cyber-Activities in the Context of Regional Rivalries and International Tensions
    CSS CYBER DEFENSE PROJECT Hotspot Analysis: Iranian cyber-activities in the context of regional rivalries and international tensions Zürich, May 2019 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Iranian cyber-activities in the context of regional rivalries and international tensions Authors: Marie Baezner © 2019 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group Myriam Dunn Cavelty, Deputy Head for Research and Teaching, Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie (2019): Hotspot Analysis: Iranian cyber-activities in context of regional rivalries and international tensions, May 2019, Center for Security Studies (CSS), ETH Zürich. 1 Iranian cyber-activities in the context of regional rivalries and international tensions Table of Contents 1 Introduction 4 2 Background and chronology 5 3 Description 9 3.1 Attribution and actors 9 Iranian APTs 9 Iranian patriotic hackers 11 Western actors 12 3.2 Targets 12 Iranian domestic targets 12 Middle East 12 Other targets 13 3.3 Tools and techniques 13 Distributed Denial of Service (DDoS) attacks 13 Fake personas, social engineering and spear phishing 13
    [Show full text]
  • Identifying Authorship Style in Malicious Binaries
    IDENTIFYING AUTHORSHIP STYLE IN MALICIOUS BINARIES: TECHNIQUES,CHALLENGES &DATASETS Jason Gray∗, Daniele Sgandurray, and Lorenzo Cavallaroz ABSTRACT Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse meta- information dataset of 15,660 malware labeled to 164 threat actor groups. Keywords adversarial · malware · authorship attribution · advanced persistent threats · datasets 1 Introduction Malicious software (malware) remains one of the biggest threats to organizations, and there seems no sign of this changing in the near future [114]. Identifying malware authors to a person, group or country provides evidence to analysts of the wider goals of threat actors. Furthermore, it provides a method to counter cyber attacks and disrupt the malware economy through public indictment [100, 90]. The current and only method for authorship attribution used by analysts involves prolonged analysis of the threat actor over a long duration and within different phases of the killchain [72]. Part of this process includes gathering features such as network analysis and exploitation techniques referred to as indicators of compromise as well as relying on known databases of Tactics, Techniques and Procedures (TTPs). Sometimes there exists no wider context, especially if the threat actor is unknown to the victim.
    [Show full text]
  • The Iran Cyber Panic
    January 2020 THE IRAN CYBER PANIC How Apathy Got Us Here, and What to Do Now Authored By: Parham Eftekhari, Executive Director, ICIT 1 The Iran Cyber Panic How Apathy Got Us Here, and What to Do Now January 2020 This paper would not have been possible without contributions from: • Drew Spaniel, Lead Researcher, ICIT ICIT would like to thank the following experts for their insights during the development of this paper: • John Agnello, ICIT Contributor & Chief, Analytic Capability Development Branch, United States Cyber Command • Jerry Davis, ICIT Fellow & Former CIO, NASA Ames Research Center • Malcolm Harkins, ICIT Fellow & Chief Security and Trust Officer, Cymatic • Itzik Kotler, Co-Founder & CTO at SafeBreach • Ernie Magnotti, ICIT Fellow & CISO Leonardo DRS • Luther Martin, ICIT Contributor & Distinguished Technologist, Micro Focus Copyright 2020 Institute for Critical Infrastructure Technology. Except for (1) brief quotations used in media coverage of this publication, (2) links to the www.icitech.org website, and (3) certain other noncommercial uses permitted as fair use under United States copyright law, no part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher. For permission requests, contact the Institute for Critical Infrastructure Technology. Copyright © 2020 The Institute for Critical Infrastructure Technology (ICIT) 2 Table of Contents Introduction .................................................................................................................................................. 3 How A Lack of Prioritization Led to National Panic....................................................................................... 4 Iran is Capable of a Significant Cyber Conflict – But How Far Will They Go? ............................................... 4 Iran’s Understanding of US Military Capabilities Point to Cyber Retaliation...........................................
    [Show full text]
  • Adversary Tradecraft and the Importance of Speed 2
    GLOBAL THREAT REPORT ADVERSARY TRADECRAFT 2019AND THE IMPORTANCE OF SPEED 2019 GLOBAL THREAT REPORT ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED 2 FOREWORD his year’s Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” addresses the quickening pace and increasing sophistication in adversary tactics, T techniques and procedures (TTPs) over the past year — and in particular, highlights the critical importance of speed in staying ahead of rapidly evolving threats. Last year, we introduced the concept of “breakout time” — the window of time from when an adversary first compromises an "In this year’s report, endpoint machine, to when they begin moving laterally across we were able to your network. In this year’s report, we were able to provide a provide a more more granular examination of breakout time by clocking the granular examination average speed of major nation-state actors. The report compares of breakout time by the breakout speeds of Russia, China, North Korea, Iran, and clocking the average the combined category of global eCrime actors. This and other speed of major nation- unique insights in the report can help organizations advance their state actors. The report response objectives, depending on which adversary types they compares the breakout are most likely to encounter in the year ahead. speeds of Russia, China, North Korea, The report also makes clear — in spite of some impressive Iran, and the combined indictments against several named nation-state actors — their category of global activities show no signs of diminishing. Throughout 2018, eCrime eCrime actors." and nation-state adversaries collectively upped their game.
    [Show full text]
  • North Korea, Iran & Saudi Arabia
    North Korea, Iran & Saudi Arabia Restrained in cyberspace or a- threat to international peace? By Marina Bindary Master’s Thesis - Spring 2019 Birthdate: 10.10.1989 Supervisor: Jan Lemnitzer Political Science, University of Southern Denmark Strokes: 179.122 Content Resumé ................................................................................................................................................. A 1. Introduction ................................................................................................................................... 1 1.1. Research question ............................................................................................................................. 2 1.2. Outline ............................................................................................................................................... 2 2. Literature review ............................................................................................................................ 3 2.1. Rogue states (entities) ....................................................................................................................... 3 2.2. Cyberspace (domain) ......................................................................................................................... 4 2.3. Cyber conflict and cyber war (situations) .......................................................................................... 7 2.4. Cyber power and cyber weapons (how the entities deal with the situation) ..................................
    [Show full text]
  • 1St CYBER SECURITY WORKSHOP
    1st CYBER SECURITY WORKSHOP “CYBER CAPABILITIES AND THEIR FUTURE USE: CHALLENGES AND STRATEGIC OUTLOOK ” KONRAD-ADENAUER- STIFTUNG TURKEY (KAS) in cooperation with THE CENTRE FOR ECONOMICS AND FOREIGN POLICY STUDIES (EDAM) Ankara, 04.12-06.09.2019 PANEL-1: Regional powers turn to cyber capabilities: The Case of the Middle East „The Stuxnet effect: Iran`s cyber-conflict conduct after 2010“ Kerstin Zettl, M.A. University of Heidelberg Institute of Political Science Stuxnet as the necessary cyber-„push“ to Iran? • Stuxnet became public in 2010 • Heavily disruptive malware • Alleged masterminds: USA & Israel • Target: Iranian nuclear facility in Natanz • Effect: Destruction of many thousand Source: Yahoo News photo illustration; photos: AP, Getty Images. Shutterstock centrifuges Question: How did Iran`s cyber-conflict-conduct evolve after Stuxnet? Kerstin Zettl - The Stuxnet Effect: Iran`s cyber-conflict conduct after 2010 2 Cyber-attacks attributed to Iran from 2009 to 2017 (N=58; Source: HD-CY.CON) 14 12 10 8 6 4 2 0 2009 2010 2011 2012 2013 2014 2015 2016 2017 Attack Number (Proxy; N=37) Attack Number (State; N=5)) Attack Number (Other/Unknown; N=16) Kerstin Zettl - The Stuxnet Effect: Iran`s cyber-conflict conduct after 2010 3 Mostly affected target countries Espionage (e.g. OilRig, APT33) 8 7 e.g. Operation Ababil vs. US 6 Shamoon vs. Saudi-Arabia 5 e.g. Sands Casino Hack vs. US 4 3 2 1 0 2009 2010 2011 2012 2013 2014 2015 2016 2017 USA (N=17) SAU (N=11) ISR (N=9) Other Countries Middle East (N=17) Kerstin Zettl - The Stuxnet Effect:
    [Show full text]
  • Cyberwar 27 Sept 2020
    LV Geostrategie und Geopolitik Fachbereich 1 49069 Osnabrück Cyberwar Grundlagen-Methoden-Beispiele 27.09.2020 Zusammenfassung Der Cyberwar (Cyberkrieg) ist die kriegerische Auseinandersetzung mit den Mitteln der Informationstechnologie. Dieses Arbeitspapier unternimmt eine aktuelle Bestandsaufnahme und geht auf die theoretischen und praktischen Probleme ein. In der Praxis ist der Cyberwar ein integraler Bestandteil militärischen Handelns, lässt sich jedoch nicht ganz von der Spionage trennen, da das Eindringen in und Aufklären von gegnerischen Systemen wesentlich für das weitere Vorgehen ist. Nach einem Überblick über Angriffsmethoden, Angreifer (Advanced Persistent Threats), Spionagetools, Cyberwaffen und der Cyberverteidigung liegt ein besonderes Augenmerk auf der Einordnung von Cyberangriffen (Attribution) und der Smart Industry (Industrie 4.0). Anschließend werden die Cyberwar-Strategien der USA, Chinas, Russlands und weiterer führender Akteure besprochen. Weitere Kapitel befassen sich der Künstlichen Intelligenz, der Smart Industry, smarten Systemen und biologischen Anwendungen. Cyberwar – 27.09.2020 1 apl. Prof. Dr. Dr. K. Saalbach Inhalt 1. Grundlagen ........................................................................................................... 7 1.1 Einführung ................................................................................................................ 7 1.2 Hintergrund ............................................................................................................... 7 1.3 Cyberwar
    [Show full text]
  • Book and Is Not Responsible for the Web: Content of the External Sources, Including External Websites Referenced in This Publication
    2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade T. Jančárková, L. Lindström, M. Signoretti, I. Tolga, G. Visky (Eds.) 2020 12TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT 20/20 VISION: THE NEXT DECADE Copyright © 2020 by NATO CCDCOE Publications. All rights reserved. IEEE Catalog Number: CFP2026N-PRT ISBN (print): 978-9949-9904-6-7 ISBN (pdf): 978-9949-9904-7-4 COPYRIGHT AND REPRINT PERMissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade T. Jančárková, L. Lindström, M. Signoretti, I. Tolga, G. Visky (Eds.) 2020 © NATO CCDCOE Publications NATO CCDCOE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily reflect the policy or the opinion of NATO Phone: +372 717 6800 CCDCOE, NATO, or any agency or any government. NATO CCDCOE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: [email protected] contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication.
    [Show full text]
  • 2020-Crowdstrike-Global-Threat-Report
    1 2020 GLOBAL THREAT REPORT CROWDSTRIKE GLOBAL THREAT REPORT 2020 2 FOREWORD While criminals are hose of us who have worked in cybersecurity for many years often start to think relatively predictable we’ve “seen it all.” We haven’t. This year’s CrowdStrike® Global Threat Report in their tendency to provides clear evidence of that. always choose the path T Consider the dark turn in cybercrime toward preying on schools, municipal of least resistance, the departments and our other chronically understaffed and overburdened public activities of nation- institutions. This is different from targeting large government entities and corporations, states are frequently many of whom have resigned themselves to being targeted by cyber predators and more relentless have the opportunity to try to protect themselves from that onslaught. It’s a different and sophisticated matter entirely when the targets are schoolchildren, or just ordinary people trying to — and as a result, go about their daily lives. more challenging for This merciless ransomware epidemic will continue, and worsen, as long as the practice cyberdefenders. remains lucrative, and relatively easy and risk-free. We’ve developed a platform designed to stop ransomware for our customers, and we’ve worked hard to make it easy and affordable — even for budget-constrained institutions like our public school systems. As more organizations around the world deploy next-generation platforms like CrowdStrike Falcon® that can prevent these threats, the criminal element will be forced to redirect its efforts elsewhere. While criminals are relatively predictable in their tendency to always choose the path of least resistance, the activities of nation-states are frequently more relentless and sophisticated — and as a result, more challenging for cyberdefenders.
    [Show full text]
  • Cyberwar 27 Sep 2020
    Geostrategy and Geopolitics Department 1 49069 Osnabrueck Cyber war Methods and Practice 27 Sep 2020 Summary Cyberwar (Cyber war, Cyber Warfare) is the military confrontation with the means of information technology. This paper presents the current state and deals with the theoretical and practical problems. In practice, cyberwar is an integral part of military action, but cannot be completely separated from espionage, since the intrusion into and reconnaissance of target systems is essential for further action. After an overview of attack methods, attackers (Advanced Persistent Threats), spy tools, cyber weapons and cyber defense, a particular focus is on the attribution of cyber-attacks and the Smart Industry (Industry 4.0). Afterwards, the cyberwar strategies of the US, China, Russia and further leading actors will be discussed. Further chapters present Artificial Intelligence, Smart Industry, smart devices and biological applications. Cyber war 27 Sep 2020_English 1 apl. Prof. Dr. Dr. K. Saalbach Table of Contents 1. Fundamentals ....................................................................................................... 7 1.1 Introduction ............................................................................................................... 7 1.2 Background ............................................................................................................... 7 1.3 Cyberwar Definition ................................................................................................. 9 1.4 Cyberwar and Espionage
    [Show full text]