Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
WHOSE HACK is it ANYWAY
Old school Identity Hacks IRS Scam
Easy like Friday Morning Apple Facetime bug
Smart and Discreet British Airways Hack Homograph Attack – Unicode Characters
State SponsoredRansomware - WannaCry/NotPetya/Stuxnet
Futuristic (or is it)Wireless Carjacking
Homograph Attack
Homograph attack is a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters.
Try opening this website on Chrome 58 (and earlier) or any version of Firefox
https://xn‐‐80ak6aa92e.com/
Homograph Attack
Looks perfectly valid , however examining the certificate reveals something else
Punycode is a way to represent Unicode within thelimited character subset of ASCII used for Internet hostnames. This allows the display of internationalizeddomain names (IDNs) in languages that don’t use theLatin alphabet .For example the Punycode domain “xn‐‐bcher‐kva.ch“ will show up in your browser as“Bücher.ch“.
Browsers have mechanisms in place to limit IDNhomograph attacks, however the mechanism fails ifevery characters is replaced with a similar character froma single foreign language. The domain "аррӏе.com",registered as "xn–80ak6aa92e.com", bypasses the filterby only using Cyrillic characters
Traditional Security Layers -
Network PerimeterNetwork Perimeter
Internal Network
Hosts
Applications
Data
Network Perimeter
Internal Network
Hosts
Applications
Data
Additional Security Layers -
Network PerimeterGovernance, Policies , Procedures & Awareness
Governance, Policies , Procedures & Awareness
Environmental & Physical Security
Network Perimeter
Internal Network
Hosts
Applications
Data
Cyber Kill Chain MethodologyPHASE Detective Controls Preventive Controls
Reconnaissance Firewall , Perimeter Security
IPS, APT
Malware Analysis
SIEM configuration
Web Application Firewall
Endpoint Detection and Response
Audit Logs/File Integrity
DLP/UTM
SOC Effectiveness
Red team/Blue team exercises
Security Awareness
Network Segregation
Trust Zones
Systematic Patching
Sandboxing
Privilege Management
Weaponization
Delivery
Exploitation
Installation
C&C
Actions on Objective
Building Resilience – a few pointers
Identification of Entry/Exit Points Internet Public facing applications/IP’sWireless Integration with ‘Trusted’ parties Cloud integration
Network & Infrastructure Asset Inventory Controls Network Access Controls Minimum Baseline Security Configuration Administrative privileges control Patching Endpoint Detection & Response Credential Management Encryption ( data at rest) Email Controls (Spoofing/Spearphishing)
Building Resilience – a few pointers
End User Controls Endpoint Detection & Response Centralized Identity Management Credential Management Internet Access/ Email Access Employee Separation
Security Awareness Computer Based Training/Learning Acceptable Use Spot Awareness – Screensavers/Corporate Communication Information Security Newsletter
And lastly TEST, TEST and TEST and then TEST , TEST and TEST again !!!