Understanding the First Line of Defense in Cyber Security Troy Wilkinson, CISSP CEO – Axiom Cyber Solutions

Just being connected to the internet makes any company interesting to cyber criminals. Any company connected to the internet is a resource that can be exploited by criminals because of the data it holds. Phil Huggins, VP of Security Science - Stroz Friedberg

Emerging Threats Phishing Ransomware Distributed Denial of Service (DDoS) Attacks Internet of Things (IoT) Intellectual Property Theft State Sponsored Cyber Espionage

Emerging Threats

Emerging Threats – Ransomware In 2016 there was a 6000% spike in Ransomware Attacks December 2016 - IBM Security

WannaCry Leveraged a Microsoft Vulnerability Patch was released in March but many organizations hadn’t updated yet. 200,000 infected computers in 1 week $4 Billion in damages so far.

Emerging Threats – Ransomware Hollywood Presbyterian Medical Center in Southern California acknowledged paying a $17,000 ransom in February 2016 to regain control of its systems after an attack after two-weeks of having critical systems offline. “You have just 7 days to send us the Bitcoin or we will remove your private keys and it’s impossible to recover your files.” Leaders of the L.A. Community College decided to pay the $28,000 ransom.

Ransomware Delivery Mechanisms

Ransomware Prevention is a Layered Approach Backup technology is crucial to protecting critical data. On site, off site, and hybrid cloud solutions. Endpoint protection. Antivirus / Antimalware Endpoint Detection and Response (white list / black list) Network Monitoring and SIEM The enterprise immune system. Behavioral analytics and correlation. Next Generation Firewall with layered integration. Looking for ransomware communication protocols. Behaviors, Heuristics, Signatures, Rules, Protocols, etc.

Case Study: Private Education Facility School hit with ransomware that locked down systems Good Backups - 8 hour data recovery efforts Post Incident Analysis Parents learned of incident due to downtime Reputational Damage Current infrastructure did not protect against ransomware Installed ransomware endpoint and edge protection

Emerging Threats: Sophisticated Phishing Schemes

Today’s phishing schemes have a much higher success rate.

More targeted, more sophistication, more success. Very few, if any spelling errors. Highly targeted. Generally an assistant or administrator. Sense of urgency. Repercussions if not handled quickly. Looks and feels legitimate. Hackers have canvassed the situation carefully to coincide with real world events.

Phishing prevention. Educate employees, train them, test them. Software and cloud services companies. Use updated anti-spam filters for the company email. Use blacklist technology to block URLs (links)

Case Study: Casino/Hotel Hacked Malware introduced onto Hotel payment kiosks compromising credit card information. (Segmentation) POS taken offline temporarily. Casino/Hotel payment operations impacted. Implemented Network Monitoring.

Case Study: Investment Firm Investment Firm was cut off from bank after suspicious activity was detected originating from their network MSSP brought in for analysis Discovered out-of-date antivirus solutions (freeware) Discovered edge protection was outdated and not patched Employee had been phished, opening up a direct link to hackers command & control network Solution Implemented Managed Edge Protection Updated & Managed Endpoint Protection

Emerging Threats: IoT

What is the IoT, and why should I care? Smart, connected devices in homes, businesses and cars. Everything from lightbulbs, access doors, printers, CCTV, RFID cards and so on. Present unique challenges to security and BC/DR. Typically can’t protect with traditional means. (Agentless) Can be the entry point for access to your business. Security was a second thought in the design phase. (go to market)

Devices Everywhere! Gartner research estimates there were 6.8 billion IoT devices online in 2016 and climbing to 20 billion by 2020. IoT is the new battlefield for cybersecurity. Hackers are racing to find zero days while security professionals are racing to patch against them. There is no security standard for development.

Boundaries disappear, everything is connected.

IoT Security Requires Multi-tiered Approach Assume out of the box, the device is not secure. If there is a way to change default username and/or password, change it. (sometimes there isn’t) Keep an accurate inventory of all devices on your network. Through software tools, constantly scan for new devices. A constantly updated NGFW is required to prevent hackers leveraging IoT vulnerabilities to gain access to your network. The enterprise immune system. Network monitoring and behavioral analysis to detect IoT compromises early.

Case Study: University Attacked 5000 IoT devices at an unnamed University turned against itself in DDoS attack Connected coffee machines and soda vending machines launched a DNS amplification attack against the University’s infrastructure. It took weeks to identify and begin remediation. Students were complaining about slow network speeds which lead to the discovery.

Cyber Attack Response Preparation Monitor & Detect & Analyze Containment/Eradication & Recovery Post Incident Analysis/Documentation

Cybersecurity Fundamentals Endpoint Protection – Updated, Monitored, Managed Edge Protection – Updated, Monitored, Managed Network Monitoring Backup, Backup, Backup Redundancy – Eliminating Single Points of Failure

In Conclusion In today’s world, cyber security is a crucial part of any business. We must understand the importance of annual assessments and following good cyber guidelines. We must understand the consequences of failing to respect the threat posed by hackers and attackers. Even the largest businesses can be forced out of business after a cyber attack. (Target was forced to pay $291M in a settlement for breach) We must at least implement the fundamentals in a “best effort” to stop intrusions and data breaches.

Troy Wilkinson Axiom Cyber Solutions troy.wilkinson@axiomcyber.com LinkedIn: Troy Wilkinson, CISSP Twitter: @Troy_Wilkinson www.axiomcyber.com