View
3
Download
0
Category
Preview:
Citation preview
2/25/2019
1
The Rise of Nation State Counterintelligence and Cyber
Threats
SSA Darren Mott
Birmingham Division
RISK = Threats x Vulnerability
1
2
2/25/2019
2
The Evolution of the Cyber Threat
Late 80s-Mid 90s – Nuisance attacks and online-enabled fraud
Mid 90s – Early 2000s – Mischievous intrusions and the rise of botnets and Denial of Service Attacks
Mid to late 2000s – Beginning of nation state attacks and the explosion of data and financial theft.
2010 to current – Hybrid attacks, nation-state backed attacks/economic espionage, targeting of non-traditional computers.
4
In 2018 What are the Cyber Threats?
3
4
2/25/2019
3
Current Examples of Threat Complexity
High Profile Intrusions
• Historical Data Breaches
5
6
2/25/2019
4
High Profile Intrusions
2018 CyberSecurity Stats• IoT attacks up 600% over 2017
• Ransomware up 350% annually
• Microsoft Office products make up 38% of malicious file extensions.
• 61% of breach victims are companies with less than 1000 employees
• Average cost of malware attack for a business is $2.4 million
• Damage related to cybercrime is projected to hit $6 Trillion by 2021.
• Source: Varonis @ https://blog.varonis.com/cybersecurity-statistics/
7
8
2/25/2019
5
What are hackers looking for?
Criminal Hackers• Personal Information
• Passwords
• Usernames
• Email addresses
• Social Media Accounts
Intelligence Services• Personal Information
• Passwords
• Usernames
• Email addresses
• Social Media Accounts
• Vulnerabilities to Exploit
• Networks to “persist” in
• Cyber tradecraft enables traditional crimes:• Financial Theft• Child Pornography• Drug Trafficking• Extortion (Ransomware)
•Business Email Compromise
• Phishing/Whaling• Domestic Abuse
1010
Criminal Cyber Threats
9
10
2/25/2019
6
Nation State CI/Cyber Threats• Nation states utilize cyber tradecraft to engage
in the following activity:• Espionage• PII Theft
• Theft of economic/proprietary information
• Reconnaissance• Asset Development• Proliferation• Warfare planning• Academic Research
• Targeting of all Public and Private sector companies
• US Technological Advantage is shrinking
11
Trivia Question:
• Who was the first true American spy?
• A) Nathan Hale
• B) Benedict Arnold
• C) Benjamin Church
11
12
2/25/2019
7
Dr. Benjamin Church• “Chief Physician and Director General” of the Medical Service of the Continental Army
• Member of Boston’s Sons of Liberty
• Motive: Deeply in debt
• Tradecraft used:• Cipher letter (in code)• Cutouts
• Arrested in October 1775• Supplying information to British as early as February 1775. • Battles of Lexington and Concord were April 19, 1775
Espionage is all‐encompassing
• In the 1980s a KGB spy was recorded telling a Cuban counterpart that the USSR only needed three generals to defect to win the cold war.
• General Electric• General Motors• General Dynamics
13
14
2/25/2019
8
15
16
2/25/2019
9
Lockheed Martin F‐35B Lightning II
Shenyang J‐31
17
18
2/25/2019
10
Northrop Grumman X‐47B
Unmanned Combat Air
Vehicle (UCAV)
Chinese LijianSharp Sword
UCAV
19
20
2/25/2019
11
21
22
2/25/2019
12
Northrop Grumman MQ‐8 Fire Scout unmanned helo
Chinese SVU‐200 Flying Tiger unmanned helo
23
24
2/25/2019
13
General Atomics MQ‐1 Predator UAV
Chengdu Wing Loong “Pterodactyl”
UAV
25
26
2/25/2019
14
Anatomy of an Intrusion
28
27
28
2/25/2019
15
2/25/2019
So Where are we headed?
• The Private Sector, Academia, and the FBI need to be prepared for the following risk vectors:• The rise of mobile devices as the primary computer platform of choice• The rise of the Internet of Things and their vulnerabilities• Advances in encryption• Targeting of vulnerable sectors• Use of HUMINT tradecraft to enable cyber tradecraft and vice versa• The lack of advance in human nature
29
30
2/25/2019
16
Concerns and Risks for all Sectors
• Business Email Compromise
• Criminal actors will target vulnerable and previously untargeted sectors.
• Foreign Intelligence Services are becoming a greater threat than criminal organizations.• Advanced Persistent Threats• Cozy Bear/Fancy Bear• Pick a country…….
• Most intrusion STILL begin with a spearphishing email.
The Future
Artificial Intelligence
Self-Driving Cars
Embedded Medical Devices
BlockChain Technology
Technology to be named later!
31
32
2/25/2019
17
Points to Note
• Data Breaches are not slowing down (neither is spending on cybersecurity).
• Nobody expects to be a victim.
• If you call us it's too late, if we call you it’s very bad.
• Identify your crown jewels and protect them!
• Think of your employees your first line of defense. Educate them!
• 90 percent of Intrusions start with a spear phished email.
• Nation state actors are hiding their activity among more easily recognized criminal cyber activity.
Protection from Risks
• Multi-factor authentication• https://twofactorauth.org/
• Use a VPN (especially when traveling)
• Companies should invest in development and deployment of Risk Management Frameworks, Threat Analysis, and enhanced employee education. (NIST, COBIT 5, ISO 27001)
33
34
2/25/2019
18
Basic Cybersecurity Principles
• Think before you click/act
• Separate passwords for business critical accounts. Specifically use a random string of words for your passwords.
• Patch and update software and Operating Systems
• Backup everything
• Every organization needs to have a plan, not just IT security but a counterintelligence plan.
36
Legal Banner/Computer Use Agreement
Network Topography Maps
List of Network Devices
Incident Logs (security, host, IDS, web, database)
Archived Network Traffic
Proper Access Control
Business Continuity Planning
Disaster Recovery Procedures
Security/responsibility training for employees
Maintain regular backups of sensitive data
Create an emergency response protocol for incidents
Contract with a reputable company for incident response
Develop a working relationship with law enforcement before incidents occur.
Incident Preparedness
35
36
2/25/2019
19
Social Networks, aka Web 2.0
WEB 2.0 Stats• The number of internet users worldwide in 2018 is 4.021 billion, up 7 percent year-on-year
• The number of social media users worldwide in 2018 is 3.196 billion, up 13 percent year-on-year
• The number of mobile phone users in 2018 is 5.135 billion, up 4 percent year-on-year
• THIS IS A LOT OF TARGETS!
Source: https://www.smartinsights.com/social-media-marketing/social-media-strategy/new-global-social-media-research/
37
38
2/25/2019
20
Ideal Exploitation Platform
• • Social networks have intrinsic properties that make them ideal to be exploited by an adversary:
• Difficult to police: very large and distributed user base • Trust network: clusters of users sharing the same social interests
developing trust with each other • Platform openness for developing applications that are attractive the
general users who will install them• Foreign Intelligence Services are mining these networks for information
Social Networking = Data Leakage
• The SN value proposition is information sharing• Unfortunately we give out too much information• Information can be obtained by simple searching
• Facebook• Information is not always reserved for friends• Family members can be source of data leakage• Applications are attack vectors
• Twitter• Followers = Huge pool of victims• Limited policing
• Linkedin• Are all your “Links” secured?
39
40
2/25/2019
21
As an example
• “It took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!) the second was somewhat harder, the question was “where did you meet your spouse?”
WAY Too Much Information (or compromised account)
41
42
2/25/2019
22
WARNING
Questions?
SSA Darren J. MottDjmott@fbi.gov256-885-3680www.Linkedin.com/in/darrenmott
Thank You
43
44
Recommended