Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security – Anatomy of a Hack

Published byMarcia Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Security – Anatomy of a Hack"— Presentation transcript:

1 Cyber Security – Anatomy of a Hack
Ann Delenela Chief Security Officer Operator Training Workshop 2016

2 Learning Objectives Identify cyber security threats
Describe factors of an Advanced Persistent Threat Summarize the anatomy of a hack Identify the phases of the cyber kill chain model Identify security controls to address the cyber kill chain

3 Security Threat Landscape
Advanced Persistent Threat Anatomy of a Hack Industry Readiness

4 The Art of (Cyber) War “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War 500 BC

5 Attack Sophistication vs. Intruder Knowledge
Source: Software Engineering Institute & Carnegie Mellon

6 Security Threat Trends
Non-Tech Hacking Nation State Sponsored Hacktivists Crafted Malware Crimeware

7 Threat Landscape: Electric Utility Sector
Natural Disasters Physical Attack/ Theft Cyber Attack Insider Threat Coordinated Physical & Cyber Attack Supply Chain Compromise Pandemic Geomagnetic Disturbance Chemical/Biological/Radiation Electromagnetic Pulse Nuclear Source: The Chertoff Group

8 Advanced Persistent Threat (APT) Defined
An individual organization, nation state or even specific technology is the focus. Infiltration is not accidental. An unknown, zero day attack that has malware payloads and uses kernel rootkits and evasion-detection technologies. It doesn’t stop. It keeps phishing, plugging and probing until it finds a way in to serve malware.

9 Cyber Kill Chain® Background
Lockheed Martin’s process to explain and defensively mitigate future threats Deconstructs a hack to individual components

10

11 Step 1: Reconnaissance The attacker gathers information on the target before the actual attack starts Internet Search, Social Media Google, Wikipedia, Facebook, your webpage, etc.

12

13 Step 2: Weaponization The attacker uses an exploit and creates a malicious payload to send to the victim This step happens at the attacker side, without contact with the victim No longer requires advanced skills

14

15 Step 3: Delivery The attacker sends the malicious payload to the victim by or other means, which represents one of many intrusion methods the attacker can use Examples Phishing/ Network based attacks USBs Vendor Updates

16

17 Step 4: Exploitation Triggers the intruders’ code Targets can be
an application or operating system vulnerability an operating system feature that auto executes code users themselves

18

19 Step 5: Installation Malware Viruses Trojans Rootkits Worms Spyware Crimeware Adware Installs malware, remote access trojan or backdoor on victim system Allows the adversary to maintain persistence inside the environment Point in time within a much more elaborate attack process that may take months to operate

20

21 Step 6: Command and Control
ATTACKER BOTHERDER ZOMBIE TARGET Legend The attacker creates a command and control channel in order to continue to operate his internal assets remotely This step is relatively generic and relevant throughout the attack, not only when malware is installed 1. Attacker 4. Target 2. BotHerder 3. Zombie

22

23 Step 7: Action on Objectives
The attacker performs the steps to achieve his actual goals inside the victim’s network Elaborate active attack process that may take months Information Theft Hacker Fame/Hactivism - Defacement Extortion – Ransomware Nation State Leverage Destructive Malware

24 Cyber Kill Chain Case Study
Reconnaissance Harvest addresses, company information, etc. Weaponization Couple exploit with backdoor into deliverable payload Delivery Deliver weaponized bundle to the victim via , web, usb, etc. Exploitation Exploit vulnerability to execute code on victim system Installation Install malware on the asset Command & Control Command channel for remote manipulation of victim Actions on Objectives With “Hands on Keyboard” access, intruders accomplish their original goal Source: Lockheed Martin Cyber Kill Chain

25 Kill the Kill Chain: Security Controls
Reconnaissance & Weaponization Asset Management - Inventory systems Infrastructure & Data Security Training - Awareness & Education Delivery & Web Filtering System port control Exploitation & Installation Application Whitelisting Privileged identity management Command & Control Network Monitoring Traffic pattern analysis Actions on Intent Outbound traffic monitoring Anomaly detection

26 NERC GridEx Exercise the response to a disruptive
cyber and physical security event Table top drill using real-world scenarios Stakeholder participation and training Integration with BPS operations Government participation Integration with senior executives Interactive simulation

27 GridEx Participation Growth
GridEx II (2013) 234 organizations 2,000+ individuals GridEx I (2011) 76 organizations 420 individuals

28 GridEx III – November 18-19, 2015 Number of Registered Participants: Number of Registered Organizations:

29 GridEx III 2015 – ERCOT Region
ERCOT Region Participation 15 Entities; 41 Individuals ERCOT ISO 70 Individuals 12 Law Enforcement and Local/Federal Partners FBI Houston/Dallas/Austin TX Dept Emergency Management TX Dept Public Safety Taylor Fire Dept

30 National GridEx III Exercise Outcome
Objective 1: Exercise Crisis Response & Recovery Increased participation Increased continuing education hours earned Increased entities exercising cyber, physical and operations response Objective 2: Improve Communication Increased exercise of communications process internally and with external partners Objective 3: Identify Lessons Learned Objective 4: Engage Senior Leadership Explored information sharing between industry, public & government Explored coordination of recovery efforts

31 Future Plans: GridEx IV 2017
Expand participation of internal and external players Additional TOs, MPs Include additional external partners such as Texas Military Forces Enhance cyber and physical incident response across the ERCOT region Texas CIPWG GridEx subgroup Cross sector participation Oil/Gas, Telecom DPS Private Sector Advisory Council

32 Security and the Grizzly Bear

33 Security Trivia Questions*
B C *Provided by DHS for National Cybersecurity Awareness Month

34 Security Trivia Question #1
Who are most likely to launch successful cyber terrorist attacks against classified networks and critical infrastructure? Hackers Nation States Crackers A B C

35 Security Trivia Question #2
How many credit cards numbers were stolen in the largest known cyber theft? 160 million 90 million 215 million A B C

36 Security Trivia Question #3
What percentage of employees steal proprietary corporate data when they quit or are fired? 7% 45% 59% A B C

37 Security Trivia Question #4
Which country is the target of the highest number of Internet based attacks? China Russia US A B C

38 Security Trivia Question #5
Israel considers cyber warfare as the best tool to blunt the aggression of what Middle East neighbor? Iraq Iran Saudi Arabia A B C

39 Security Trivia Question #6
What percentages of free mobile apps capture and sell personal info from your phone? 10% 50% 30% A B C

40 Public

Download ppt "Cyber Security – Anatomy of a Hack"

Similar presentations

1 Protecting the Long Island Business Community A Public Safety Partnership.

1 Protecting the Long Island Business Community A Public Safety Partnership.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
ECE-6612 Prof. John A. Copeland 404 894-5177 Advanced Persistent Threat Material.

ECE Prof. John A. Copeland Advanced Persistent Threat Material.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.

Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Cyber Crime Tanmay S Dikshit.

Cyber Crime Tanmay S Dikshit.
Cyber Crimes.

Cyber Crimes.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.

Similar presentations

Ads by Google