The Current State of Cyber Security and

idleheadedceleryMobile - Wireless

Dec 10, 2013 (3 years and 10 months ago)

65 views

The Current State of Cyber Security and
How to Defend Your Data


Jacob Kelley


Our History


Our Services & Solutions


The act of manipulating people to accomplish goals that may
or may not be in the “target’s” best interest


Example


Your child uses social engineering to get you to buy
a toy they want


Or


A hacker gets you to plug a USB device into your PC


Social Engineering is a tactic that is widely used by
hackers/attackers to gain access to systems


By exploiting our inherent proclivity for kindness, attackers
use our own nature against our best interests


Imagine you find a thumb drive laying around in the office or
parking lot


What do you do?




Common hacker tools now have infrastructure
exploits


Secure infrastructure devices exist


but are they
patched?


Brazil blackouts spur hacking

fears


Anchorage traffic signs hacked


Stuxnet
/
Natanz

disruption









Hacktivism is politically motivated hacking


Recently, hacktivism has seen a drastic
increase in volume and visibility


Hacktivists

responsible for 58% of all data stolen in
2011


In 2011 alone,
hacktivists

stole 100 million records,
almost twice as much data as was stolen by
financially motivated cyber criminals


Conduct a Google search for “Anonymous HB
Gary” to see how damaging hacktivism can
become


Gary McKinnon “hacked” NASA by logging on
with default (read:no) password









President Obama confirmed Stuxnet was
developed by US and Israel


Iran claims USAF drone rootkit/
keylogger

was theirs


Plan X


DARPA’s cyber warfare project









FBI ranks Cyber Attacks as third
g
reatest
t
hreat to
the U.S. behind
n
uclear
w
ar and WMDs (weapons
of mass destruction)


Over 10 Million Cyber Attacks daily


Cyber Attacks up 93% in 2011


Due to Cyber Criminals using “attack Kits”


Cyber Attacks could
p
aralyze
t
he
n
ation


2012
Leon Panetta Secretary of Defense report










An ounce of prevention is worth a pound of cure”


Australian government has provided excellent free
advice


See Australia’s 35 Strategies to Mitigate Cyber
Intrusions


4 Basic strategies prevent over 90% of
intrusions


Application Whitelisting, Patching OS, Patching 3
rd

Party Software, Limiting Admin Privileges


Free Security Websites
-

NIST, US
-
CERT, SANS, etc…


NSA Manageable Network Plan


SANS


Free security resources


20 Critical Security Controls


Free Security Templates




Follow basic security best practices


Routine penetration testing, vulnerability
assessment and review


Social Engineering


training, policies,
procedures, and prevention/protection


Critical Infrastructure


one
-
way data flow,
disaster recovery, backup configurations


Hacktivism


SQL injection prevention/code
review,
DDoS

prevention, network infrastructure
planning, user education


Cyber Warfare


see social engineering above




*Social Engineer Toolkit:
https://www.trustedsec.com/downloads/social
-
engineer
-
toolkit/

*More Information about social engineering:
http://www.social
-
engineer.org/

*Iron key product available:
https://www.
ironkey
.com/

*CNN Report on Cyber Warfare:
http://www.cbsnews.com/2100
-
18560_162
-
5555565.html

*McAfee predicts high profile attacks:
http://www.zdnet.com/blog/btl/mcafee
-
predicts
-
more
-
high
-
profile
-
targeted
-
attacks
-
in
-
2012/65883

*Anchorage signs hacked:
http://community.adn.com/adn/node/161662

*Hacker tools to attack infrastructure:
http://blog.alexanderhiggins.com/2012/04/05/critical
-
infrastructure
-
exploits
-
packaged
-
hacker
-
tools
-
113881

*Anonymous attacks against HB Gary:
http://www.thetechherald.com/articles/After
-
dealing
-
with
-
Anonymous
-
HBGary
-
Federals
-
CEO
-
resigns

*Gary McKinnon hacks:
http://www.guardian.co.uk/law/2012/sep/16/britain
-
us
-
extradition
-
menzies
-
cambpell

*USAF Drone Gets Hacked:
http://www.wired.com/dangerroom/2011/12/iran
-
drone
-
hack
-
gps/

*Obama Confirms Stuxnet:
http://www.nytimes.com/2012/06/01/world/middleeast/obama
-
ordered
-
wave
-
of
-
cyberattacks
-
against
-
iran.html?pagewanted=all

*
Cyber Attacks FBI Ranks Third Behind Nuclear War and WMD’s:

http://www.tgdaily.com/security
-
features/40861
-
fbi
-
ranks
-
cyber
-
attacks
-
third
-
most
-
dangerous
-
behind
-
nuclear
-
war
-
and
-
wmds

*Cyber Attacks Nearly Double in 2010:

http://
techzwn.com/2011/04/cyberattacks
-
nearly
-
doubled
-
in
-
2010
-
symantc
-
report

*10 Million Daily Cyber Attacks:
http://www.forbes.com/2010/08/06/internet
-
government
-
security
-
technology
-
cio
-
network
-
cyber
-
attacks.html

*5.5 Billion Cyber Attacks in 2011:
http://www.information
-
management.com/news/cyber
-
attack
-
Symantec
-
spam
-
malware
-
10022411
-
1.html

*Panetta Report:
http://www.businessweek.com/news/2012
-
10
-
12/cyberattacks
-
could
-
become
-
as
-
destructive
-
as
-
9
-
11
-
panetta

*35
Strategies to Mitigate Cyber Intrusions:
http://www.dsd.gov.au/infosec/top
-
mitigations/top35mitigationstrategies
-
list.htm

*NSA Manageable Network Plan:
http://www.nsa.gov/ia/_files/vtechrep/ManageableNetworkPlan.pdf

*SANS Templates:
http://www.sans.org/security
-
resources/policies/

*SANS Critical Security Controls:
http://www.sans.org/critical
-
security
-
controls/

*
Social Engineering paper:
http://
essay.utwente.nl/59233/1/scriptie_B_Oosterloo.pdf

*Checkpoint study on
mobile devices:
http://
www.checkpoint.com/downloads/products/check
-
point
-
mobile
-
security
-
survey
-
report.pdf




*Android growth outpacing Apple in 2012:

http
://
www.insidemobileapps.com/2012/09/06/android
-
surges
-
as
-
ios
-
slows
-
comparing
-
the
-
growth
-
of
-
android
-
to
-
ios/

*Iran set to take legal action in response to Stuxnet:

http
://www.haaretz.com/news/diplomacy
-
defense/iran
-
threatens
-
to
-
counter
-
cyber
-
warfare
-
with
-
legal
-
action
-
1.458486

*TED talk about Stuxnet:
http
://www.youtube.com/watch?v=CS01Hmjv1pQ

*Slide 3 image credit:
https
://www.trustedsec.com/downloads/social
-
engineer
-
toolkit
/

*Slide 4 image credit
:
http://www.flickr.com/photos/thewildernesssociety/216020173/

*Slide 5
image credit:

http
://bringingforthworldequality.wordpress.com/2011/09/28/anonymous
-
what
-
do
-
they
-
actually
-
support
-
who
-
are
-
they
-
really
-
working
-
for
/

*Slide 8 image Credit:
http://edmahoney.wordpress.com/2010/01/13/cyber
-
war
-
home
-
theater/

*Slide 10 image Credit:
http://www.eci.com/blog/237
-
network
-
security
-
threats
--
best
-
practices
-
for
-
hedge
-
funds.html

*
Brazillian

blackouts:
http://www.foreignpolicyjournal.com/2009/11/15/brazils
-
next
-
battlefield
-
cyberspace/

*Hacktivism statistics:
http
://money.cnn.com/2012/03/22/technology/hacktivists
-
verizon
-
data
-
breach
-
report/

*Smartphone
sales outpace PCs:
http://mashable.com/2012/02/03/smartphone
-
sales
-
overtake
-
pcs
/





PLEASE VISIT OUR BOOTH


We want to meet you!