Security Trends and Threats Affecting Innovations in Technology

Meet Andrew 𝒜𝓃𝒹𝓇𝑒𝓌 𝒟𝑒𝓇𝒷𝑜𝒷𝑒𝓃 Sr. Director, Head of Global Security Operations Over 15 Years of Security Experience Specializing in Security Operations, Incident Response, and Computer Forensics B.S. System & Network Administration – Bellevue University MBA – Cornell University 2

Current Threat Landscape Impacting Financial Community Cybercriminal Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware and cryptojacking. Nation-State Attackers intent on gaining intellectual property or conducting espionage. Attackers are usually advanced and persistent- an attacker will gain a foothold within a target’s network and remain there for months and even years. Advanced Persistent Threat (APT) An attack in which an unauthorized person gains access to a network and remains undetected for a long period of time. The intention of an APT attack is often to steal data rather than cause damage to a network or organization. Insider Threat Internal users who ignore Information Security policies and unknowingly grant access to potential threats. Hacktivist Attackers who aim to promote a social or political cause. Could be tied to collectives and triggered by current events. The goal of these attackers is typically to cause disruption (e.g., bring down a web site).

Current Threat Landscape – Today’s Discussion Cybercriminal Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware. Nation-State Attackers intent on gaining intellectual property or conducting espionage. Attackers are usually advanced and persistent- an attacker will gain a foothold within a target’s network and remain there for months and even years. Advanced Persistent Threat (APT) An attack in which an unauthorized person gains access to a network and remains undetected for a long period of time. The intention of an APT attack is often to steal data rather than cause damage to a network or organization. Insider Threat Internal users who ignore Information Security policies and unknowingly grant access to potential threats. Hacktivist Attackers who aim to promote a social or political cause. Could be tied to collectives and triggered by current events. The goal of these attackers is typically to cause disruption (e.g., bring down a web site). Cybercriminal Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware and CRYPTOJACKING

Why Are Attackers Using Cryptojacking? Cryptojacking Overview “Cryptojacking is a form of cyber attack in which a hacker hijacks a target's processing power in order to mine cryptocurrency on the hacker's behalf.” Why Are Attackers Using Cryptojacking? Money: This falls in line with many other types of cyber attacks traditionally seen. Low Risk of Getting Caught: Businesses are reluctant to pursue attackers because data is NOT taken or destroyed. Cryptojacking Definition | Investopedia https://www.investopedia.com/terms/c/cryptojacking.asp#ixzz5KUTh4y4M

Traditional Cyber Attacks vs Cryptojacking Similarities Several exploitation techniques and vectors of attack (e.g. phishing, malware, exploiting existing app vulnerabilities) Attack payloads may involve installation of software on a compromised system Goal is to make money off the exploit Differences Cryptojacking makes it easier for a bad actor to turn an exploit into money. No need to find and sell stolen data. Could mine servers or clients of affected services (Download vs Drive-by) Cryptojacking is a safer for bad actors as some currencies, such as Monero, can provide anonymity Depending on environment and attack, it may be harder to detect cryptojacking without proper controls in place.

Traditional Cyber Attacks vs Cryptojacking Traditional Attacks Cryptojacking Attacks

The Good and Bad News Good News: Due to cyber incidents trending towards cryptojacking attacks, attackers are less interested in sensitive data, which needs to be found and sold, and are more focused on using your hardware resources. This type of behavior leads to reduced chances of customer data compromise, brand damage control, or expensive legal situations. Bad News: Even though cryptojacking attacks may not often result in situations where a company may be fined for data loss, these type of attacks can potentially cost companies as much as or more than a traditional attack. Hardware usage translated to $$ amount (wear and tear) Affect services on compromised hardware Cloud environment: Scalable and charge for usage

Impact to Innovations in Technology Cloud Services Smartphone Ecosystems Internet of Things Personal Assistant Devices (Amazon, Google)

Cryptojacking Impact to Cloud Services

Cloud Services – Dynamic Scaling

Cloud Services – Dynamic Scaling

Cloud Services – Dynamic Scaling

Cryptojacking Impact to Cloud Services

Cryptojacking Impact to Cloud Services

Cryptojacking Impact to Cloud Services

Cryptojacking Impact to Cloud Services

Cryptojacking Impact to Cloud Services

Cryptojacking Impact to Cloud Services

Cryptojacking Impact to Cloud Services http://www.eweek.com/security/crypto-mining-malware-rising-fast-hackers-increasingly-targeting-cloud

Cryptojacking Smart Phones https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-hiddenminer-android-malware-can-potentially-cause-device-failure/

Cryptojacking Smart Phones http://www.infosecisland.com/blogview/25130-Crypto-Mining-Malware-Attacks-on-iPhones-Up-400-Report.html

Cryptojacking Impact to Smart Phones Thank you for mining Cryptocurrency on my behalf!

Potential Effects of Smartphone Cryptojacking 67.3% of U.S. Citizens Have A Smartphone In 2018, it is estimated the total number of smartphone users will grow to more than 230 million users in the U.S. alone What happens if .5% of U.S. smartphone users were infected with cryptojacking malware: $460k/month USD Calculation based on 1.15 million infected users capable of mining $0.40 per day Source: www.statista.com

Cryptojacking Internet of Things (IoT) https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-targeting-iot-being-offered-in-the-underground/

Cryptojacking Personal Devices https://www.2-spyware.com/android-crypto-mining-malware-is-targeting-amazon-devices#ref-3!

Why Should You Care? Symantec Threat Intelligence report stated cryptojacking attacks increased by 8500% in 2017, and according to many sources, it has overtaken Ransomware as the preferred form of cyber attack due to its low barrier of entry and ability to easily turn a profit. With cryptocurrency’s growth in popularity in 2017 and the ability to offer anonymity with some coins, its use in cyber attacks continues to increase.

What Can you Do – Cloud Services Patch/Vulnerability Management The code needs to be introduced into the environment some way Monitor for Zero Day vulnerabilities in your environment Performance Management and Monitoring Allows detection of abnormal resource usage, which may be indicative of a cryptojacking attack CPU, Memory, New Processes Behavior Analysis Monitoring for abnormal behavior or actions on a system such as suspicious downloads, installations, system commands or processes can help detect potential cryptojacking attacks Increase in traffic to particular sites Network Segmentation and Security Controls Proper network and security controls can reduce the likelihood of successful exploitation and help limit the number of compromised systems in the event of a successful attack

What Can You Do – Smart Phones Deploy Whitelisting MDM Solution to Monitor Installed Applications Only allow applications specifically reviewed and evaluated for business purposes only Perform Website Monitoring/Blocking on Mobile Devices Block access to malicious, unknown, and unauthorized business related websites Implement Mobile Device Threat Detection Have company devices monitored for malicious code/activity Monitor for high CPU usage on mobile devices

What Can You Do – IoT/Personal Assistant Devices Network Segmentation and Security Controls Segment IoT devices away from the production network Monitor for increased in network activity from IoT networks Whitelist Required Sites/Destinations Only Conduct an assessment of the sites/destinations required to be accessed by the device Only allow the known good/expected sites Third-party skills servers for Alexa should be only approved by individual basis Physically Secure Device If Possible Do not allow non-permitted users to conduct unauthorized actions on the device

Thank you!