Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY DREAMS AND NIGHTMARES

Published byFanny Widjaja Modified over 5 years ago

Similar presentations

Presentation on theme: "SECURITY DREAMS AND NIGHTMARES"— Presentation transcript:

1 SECURITY DREAMS AND NIGHTMARES
Alex Holden CISO - Hold Security, LLC

2 Who Am I? IT Professional Security Researcher Hacker Hunter

3 Threat Intelligence Staying ahead of hackers
6,600,000,000 stolen credentials recovered 4,000,000,000 botnet logs collected 100,000,000 financial records recovered 5,000,000 site compromises identified

4 My Resume

5 Terminology Internet - Intended to be Public
Deep Web - Intended to be Private Dark Web - Intended to be Hidden

6 Dark Web Components Spam Weapons Viruses Cash Out Verification 0days
Drugs Denial of Service Social scams ID Theft Industrial Espionage (dating) Hacktivism Ransomware Defacement Phishing Injects Botnet Crypting Cyber Warfare Hijacking Hacking Shop & Drop Impersonations

7 When You Do Security Right, Does Anyone Notice?
JP Morgan Breach 2014 Breach full impact never disclosed $250,000,000 budget allocated toward security No major incidents since United Airlines Changed authentication system to combat mass abuse Bug bounty program One of least preferred brands by hackers

8 Practical Example Medical Company X Embraced Cloud
Embraced DevOps Culture Serious Approach to Incidents Hackathons and Blame-Free Bug Bounties Security Liaisons Throughout the Business

9

10 What Happened? July 29, 2017 – Discovery Struts2 exploit 6 week delay
PANIC!

11 What Went Wrong? Single point of failure – struts 2?
No one watched on the inside? Stealing tons of data goes unnoticed?

12 What Else is Wrong? No consent data aggregation
Protection offered insufficient and self-serving No recourse Long term damage

13 How Secure is Equifax? admin

14

15 Yahoo! Breached – What Happened?
Timing 3 billion accounts breached Secondary services Actors Data Victims

16 Yahoo! Breached – What Happened?
2014 Breach Recap State-sponsored actors 500 million records stolen Who has the data? Victims

17 Late Disclosures Breach disclosures in 2016 and what to expect in 2017? Stale data can still be useful Threat landscape change

18 Who Did This? Hackers profile Their intentions Their next steps

19 What Did Russians Really Hack?

20 What Do We Know About the Russian Hackers?
Culture forced into hacking Collaborative learning structure Monetizing at any cost Perceived enemies

21 Hackers View of Us War of stereotypes
“I’m fighting a holy war against the West… They drive their Rolls Royces and go home to their million-dollar houses, while people here are struggling. I will never harm my fellow Slavs; but America, Europe, and Australia deserve it.” - aqua (jabberzeus)

22 Russian State Sponsored Hacking
Covert Techniques Targets Information Exchange Intelligence Use

23 Russian Activists Motivation Past Targets Stake in US Elections
Group Goals

24 Security Human Intelligence + AI
Early stages of AI awareness Fear of making mistakes Not fully leveraged existing tools AI advances in prediction and response Learning curves

25 What Do We Do? We will make mistakes!
Learning from your mistakes as an art form Embrace Risk Management *DLC – path of constant improvement

26 aholden@HoldSecurity.com or www.holdsecurity.com
THANK YOU! Please contact us at: or

Download ppt "SECURITY DREAMS AND NIGHTMARES"

Similar presentations

Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
My Name is Todd Davis My Social Security # is 457-55-5462 www.jsmokey.com/wsb 337-794-4893.

My Name is Todd Davis My Social Security # is
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Security on Web 2.0 Krasznay Csaba. Google Search Trends.

Security on Web 2.0 Krasznay Csaba. Google Search Trends.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Cyber Attacks Response of the Criminal Law Margus Kurm State Prosecutor Office of the Prosecutor General of Estonia.

Cyber Attacks Response of the Criminal Law Margus Kurm State Prosecutor Office of the Prosecutor General of Estonia.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
PRIVACY IN COMPUTING BY: Engin and Will. WHY IS PRIVACY IMPORTANT? They can use your computer to attack others (money, revenge) They can use your computer.

PRIVACY IN COMPUTING BY: Engin and Will. WHY IS PRIVACY IMPORTANT? They can use your computer to attack others (money, revenge) They can use your computer.
‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.

‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information.

INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information.
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Similar presentations

Ads by Google