WHAT’S OUR OBLIGATION? Instructor Course WHY SHOULD I…?? Legal Lives Depend Fiduciary on it! Privacy Ethical - Patriotic Instructor Course Instructor Course GLOBAL ATTACKS • Cyber crime will cost 6 trillion annually by 2021 • It will be more profitable than the global drug trade • Cyber defense spending will be 1 Trillion within the next 4 years • There will be 3.5 million UNFILLED Cyber Security Jobs by 2021 • Ransomware alone is estimated to cost 11.5 billion in 2019 https://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html Instructor Course A MASSIVE PROBLEM http://allnewspipeline.com/images/cna1.jpg http://media4.s-nbcnews.com/j/newscms/2015_31/1148606/150730-nsa-cyber-map-jhc-1407_cde28ac585ec2df79ff3cb20f7bb4559.nbcnews-ux-2880-1000.jpg Instructor Course LOSS OF CRITICAL TECHNOLOGY? Chinese Hackers Steal Sensitive Data on U.S. Subs and Missiles from Military Contractor, Report Says • 614 gigabytes of submarine communications data and information about Sea Dragon “an underwater technology that the Defense Department has described as introducing a “disruptive offensive capability”” • It is believed that China’s Ministry of State Security, or MSS is responsible • It was reported that the data was on an unclassified network as officials say the data “could be considered classified and was highly sensitive” • “Former Navy officer and NSA analyst John Schindler, writing for the Observer, highlights the loss of cryptographic information used in submarine communications.” He likens the theft to the Allied compromise of the German Enigma cipher that led to the sinking of German U-boats in World War II http://fortune.com/2018/06/10/chinese-hackers-steal-sensitive-data-us-military/ Instructor Course LOSS OF CRITICAL TECHNOLOGY? Chinese Hackers Steal Dozens of Critical Military Designs for Weapons Systems Dozens of designs for highly sensitive systems were stolen in 2013 such as: • The Advanced Patriot missile system • The Navy's Aegis ballistic missile defense systems • The F/A-18 fighter jet • The V-22 Osprey • The Black Hawk helicopter • The F-35 Joint Strike Fighter http://fortune.com/2018/06/10/chinese-hackers-steal-sensitive-data-us-military/ Instructor Course EVEN LAW ENFORCEMENT NEEDS TO WORRY? Let’s look at some examples: • April 2018: Iberia Parish, Louisiana Sheriff’s infected with Ransomware • October 2017: Pulaski County Jail cameras hacked • February 2017: Licking County Sheriff’s Network, Websites and local computers offline • May 2018: Securus prison phone and location tracking company hacked • Feb 2018: LAPD Twitter account hacked • April 2018: Arizona Road Sign Hacked • June 2017: Multiple Florida County sites hacked • August 2011: Antisec hacks more than 70 small town LEs • March 2017: Warren County Sheriff’s Hacked Instructor Course The Villains? Parties and Tactics, Across Industries: Verizon 2017 Data Breach Investigations Report Instructor Course But my Password is Complicated! The Wi-Fi Pineapple enables anyone to steal data on public Wi-Fi networks. It captures traffic coming across the network…yes including clear text passwords. Instructor Course But no Really…my Password is Super Complicated! Instructor Course But My People Are Great! • 99 percent said they feel responsible for data • 21 percent of healthcare employees write down their user names and passwords near their computer • 18 percent are willing to sell their access or confidential data to an unauthorized outsider • Average expectation was $500-$1000 • About 25% of employees know someone in their organization who has already acted on this • Employees are absolutely a HUGE part of the problem Instructor Course Instructor Course Instructor Course Project Shine (SHodan INtelligence Extraction) Bob Radvanovsky and Jake Brodsky of Infracritcal used a special search engine known as SHODAN to search the globe for devices running Industrial Control Systems exposed to the public Internet. They identified 460,000 IPs before they handed the database to the DOD and who then reduced the number to under 25,000 critical Industrial Control Systems. That total is now believed to be over 2,000,000. Shodan searched TCP/UDP port numbers such as: • 23 (Telnet) • 443 (HTTPS) • 161 (SNMP) • 80 (HTTP) • 21 (FTP) Instructor Course Industrial Control Incidents Count Total >750 Malicious >250 Targeted >100 (of the 250+) Loss of View/Loss of Control >300 Injury/Deaths >50 (>1,000 people) Equipment Damage >100 Environmental Damage >50 Operational Impact >450 Financial Impact >$30B Instructor Course What are ICS-unique Cyber Threats • Not just the network • Cyber-physical • Persistent Design Vulnerabilities not APT • Want control of the process not denial-of-service Gap in protection of the process – eg, Aurora Compromise of the measurement – eg, HART vulnerability Compromise design features of the controller – eg, Stuxnet Instructor Course Industrial Controls • Impacts ranged from significant discharges to significant equipment damage and deaths • Affects all industries • Very few ICS-specific cyber security technologies, training, and policies • >2,000,000 ICS devices directly connected to the Internet (and counting) Instructor Course Instructor Course Instructor Course A Syrian group compromised an un-named water company’s computers. The Hack involved: • Unpatched Web Vulnerabilities • Phishing • SQL Injection • Obtaining Credentials for the AS400 that were stored on a front-end Web server • Changing flow and mixture settings • Changes were discovered by alerts and the flows and mixtures were corrected But what if…they also made changes to the sensors that triggered the alerts? Would the result have been different? https://www.theregister.co.uk/2016/03/24/water_utility_hacked/ Instructor Course Yes. Your system is likely attached to the network! Instructor Course DATA CENTERS ARE VULNERABLE! • “Control system network vulnerabilities include the use of standardized cyber vulnerable communications protocols such as Modbus/TCP, BACnet and SNMP. These protocols have been demonstrated to be vulnerable to cyberattacks and, in the case of Modbus, there are simply no security features built into the protocol at all. Hardware vulnerabilities include the Aurora vulnerability and Uninterruptible Power Supplies (UPSs).” • “The Aurora demonstration proved there could be physical damage from an attack though the operators were blind because the attack was not see from the SCADA system. An actual Aurora event affected a data center when the data center experienced multiple Aurora events over a multi-day span.” • The very recent attack reportedly took down the UPSs and Chillers and therefore the entire datacenter for an extended period. https://www.controlglobal.com/blogs/unfettered/data-centers-have-been-damaged-and-they-are-not-being-adequately-cyber-secured/ Instructor Course So what’s the point you ask? • Don’t rely on facility Security Technology • Don’t assume live security will catch a determined actor • You MUST encrypt where possible Instructor Course PHYSICAL MANAGEMENT IS CRITICAL Instructor Course Drones Are a Physical and Logical Threat The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Instructor Course In 2016, researchers in Israel flew a UAS outside of an office building and were able to compromise smart lightbulbs installed within the building using equipment attached to the UAS. The researchers were able to perform over-the-air firmware updates to take control of the lightbulbs at a range of 350 meters. In 2015, researchers in Singapore attached a smartphone holding applications to a UAS to detect printers with unsecured wireless connections. The researchers flew the UAS outside an office building, had the phone pose as the printer, and tricked nearby computers to connect to the phone instead of the printer. When a user sent a document for printing, the phone intercepted the document and sent a copy to the researchers using a 3G or 4G connection. Instructor Course Let’s Look At Spreading Entity Killers • AKA: CryptoWall, Crypto Locker, Reveton, Locky, Petya, NotPetya, CryptoMix, Shark CryptoMix • Extortion–Blackmail - Shaming • IT Hostage (Needing Rescue) – I T Hostage Rescue ™) Instructor Course https://upload.wikimedia.org/wikipedia/commons/8/84/National_Security_Agency_headquarters%2C_Fort_Meade%2C_Maryland.jpg Instructor Course NSA & CIA HACKS AND TOOLS RELEASED • NSA Thieves - Shadow Brokers • Tools from Equation Group (US, Australia, Britain, Israel, &…?) • Team Equation is believed to be behind Regin (espionage) & Stuxnet (sabotage) • AV firms documented 500+ related malware infections in 42 countries • Designed to control Routers and Firewalls • Now packaged to target additional assets • Malware, zero day, private exploits, and hacking tools (most avoiding traditional security methods) Instructor Course SAMPLE OF NEARLY 100 TOOLS THOUGHT TO BE CIA NSA & CIA Hacks and Tools Released • SparrowHawk – Keylogger intended for use across multiple architectures and Unix-based platforms • Terodactyl – A “custom hardware solution to support media copying” • DerStarke – Boot-level rootkit implant for Apple computers • GyrFalcon – Tracks the client of an OpenSSH connection and collects password, username and connection data • SnowyOwl – Uses
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages51 Page
-
File Size-