The contents of this presentation contain Booz Allen Hamilton proprietary and or confidential business information. This document is not for public consumption and is not to be disclosed to third parties without the prior written consent of Booz Allen.

OUR PERSPECTIVE ON CYBERSECURITY THREATS

Trends and 2018 Predictions

OCTOBER 2018 - PHILIPPINE S

Booz Allen Hamilton ASEAN

1This document is confidential and intended solely for the client to whom it is addressed.

Mr. Angelo Roxas

Managing Director ASEAN

Angelo provides senior leadership in the Singapore office. His focus is to define and implement the cyber strategy and consulting capabilities in the ASEAN region.

Prior to Booz Allen, Angelo was the co-head of technology for the Barclays Investment bank in Asia Pacific, responsible for the delivery of transformation programmes and governance in the region. During his 11 years with Barclays.

Prior to Barclays, Angelo was a management consultant in London working as an IT strategist and programme manager providing consulting services to private and government sector clients, working across multiple geographies, including Europe, the Middle East and the Americas.

Angelo is a co-founder and advisor to a number of start-up companies and social enterprises and is the former President of the University of Penn and Wharton alumni club of Singapore.

https://www.boozallen.com/ markets/ international/ southeast - as ia.htm l

Email: Roxas_Angelo@bah.comPh: +65 9234 9948

100+OFFICES

WORLDWIDE

Asia HQ in Singapore

Locations

23,000+CONSULTANTS &TECHNOLOGISTS

5,000+ cyber experts and consultants

Workforce

All MajorINDUSTRIES

SERVED

Comprehensive cyber footprint across markets

Energy and Environment

PublicSector

Defense andIntelligence

Telecom-munication

FinancialServices

Transport

Health

Clients

70 of the world’s 100 largest companies

400+ of the Fortune 500

1st to receive Cyber Incident Response Assistance Accreditation from the NSA

10 global cybersecurity networks for global threat intelligence

Impact

Thought Leadership$100 MN+ INVESTMENT IN STRATEGIC

INNOVATION SINCE 2013

Active publisher of intellectual capital for cyber, digital, predictive intelligence,

and analytics

Ranked first on Vault’s 2016 list of “Best Consulting Firms”

We are a longstanding strategy and technology consultancy with deep experience in cybersecurity, digital, and analytics

Key Business Areas, Track Record, and Partners

2This document is confidential and intended solely for the client to whom it is addressed.

Founded in

1914

Coined the term

Management Consulting

The world’s oldest

international strategy and technology consulting

firm with USD $5.4B in

revenue for FY16

Cybersecurity has expanded from the server room to the boardroom with implications for both business and IT executives

The Evolving Cyber Landscape

Sources: Wall Street Journal, Ponemon Institute, Booz Allen analysis

3This document is confidential and intended solely for the client to whom it is addressed.

Levels of evolution

Time

1980s – 2000sLimited Impact

2000 – 2010Growing Ubiquity

Today+Wide Spread Impact and

Board-Level Accountability

• Attacks continue to increase in frequency and complexity, requiring more oversight

• High-visibility attacks with widespread impact increase the challenges that Boards face

• C-suite executives are increasingly held responsible for both the

technical and public response

• Limited technology use minimizes the impact of attacks and Board responsibility to deal with them

• Companies become increasingly dependent on IT systems

• Numerous personal and business

devices provide multiple avenues for attack

As companies expand the use of technology, Financial Services sectors are increasingly involved in managing technology risk

Increasing Business Impact of Cyber Attacks

Source: Booz Allen analysis

4This document is confidential and intended solely for the client to whom it is addressed.

Yesterday’s CIO and IT Department

Have my network administrators patched and updated our network firmware?

Should we check unaffected hardware as well?

Have we closed all other known vulnerabilities?

Have we patched software both across our major network nodes and end points?

CEO

BOD

IT Dept

Operations

Today’s Corporate Board

What vulnerabilities are represented by our use of automation and technologies that support different business operations?

How do we communicate externally about a cyber attack?

How do we minimize potential regulatory repercussions or fines?

What legal obligations should we anticipate?

Are we impacted by our partnerships with third-parties?

Business Ops

Security

Finance

IT Dept

IR

PR

Gov Affairs

Compliance

Litigation

Export

Contracts

Op RM

Other

Fin RM

CEO

BOD

Risk MgmtOperationsComms Legal

Marginally Impacted Somewhat Impacted Medium to High-Impact Highly Impacted

Recent Cyber Attacks in Financial Services

2017

US$143 million US customers’ information stolen including personal data such as social security numbers

Equifax patched the security vulnerability and provided free credit report freeze for affected customers

2017

5,400 AXA customer’s information was stolen including phone numbers, insurance policy numbers and date of birth

AXA has taken remedial actions to secure their health portal

2016

US$81 million transferred from Bangladesh Bank’s account with New York Fed to the Philippines

SWIFT intensified the efforts for the Customer Security Programme

2015

US$12 million transferred money to accounts in Hong Kong, Dubai, New York and Los Angeles

SWIFT became alarmed by the patterns of cyber attacks on the network

Globally, Financial Services is among the most targeted with an increasing number of high-profile, sophisticated intrusions

Financial Services and Cyber Attacks

Cyber Attacks by Industry Vertical

10

11

11

14

16

27

73

93

109

113

124

201

239

296

471

Trade

Manufacturing

Utilities

Healthcare

Retail

Administrative

Public

Professional

Information

Education

Accommodation

Real Estate

Transportation

Entertainment

Finance

Source: Verizon 2017 Data Breach Investigations Report – Top 15 Verticals based on the Number of Breaches, Open source

NON-EXHAUSTIVE

Bangladesh Bank

The list goes on… and these are just the high-profile publicized attacks

This document is confidential and intended solely for the client to whom it is addressed.

In the APAC region, there are existing legislation laws and governing bodies on Cybersecurity…

Oversight of cybersecurity in the APAC region

Sources: Baker Mckenzie, Asia Pacific Guide to Data Protection

6This document is confidential and intended solely for the client to whom it is addressed.

Yemen

Vietnam

Uzbekistan

U.A.E.

Turkmenistan

Turkey

Thailand

Tajikistan

Syria

Sudan

Sri Lanka

Somalia

Madagascar

Singapore

Saudi Arabia

Qatar

Philippines

Australia

Palau

Pakistan

Oman

Nepal

Mongolia

MalaysiaMalaysia

Lebanon

Laos

Kyrgyzstan

Kuwait

South Korea

North Korea

Kenya

Jordan

Japan

Israel

Iraq

Iran

Indonesia

Indonesia

India

Georgia

Ethiopia

Eritrea

Egypt

Dijbouti

Cyprus

Comoros

China

Cambodia

Myanmar (Burma)

Brunei

Bhutan

Bangladesh

Azerbaijan

Armenia

Afghanistan

Taiwan

Timor Leste (East Timor)

Cyber Security Agency (CSA)

Malaysian Communications and Multimedia Commission and Cybersecurity Malaysia

Cybersecurity Administration of China (CAC)

Office of Cybercrime (OCC)

Ministry of Communication and Informatics/National

Cyber and Encryption Agency

(BSSN)

NON-EXHAUSTIVE

…however, growing threats such as Crypto-currency, ATM and malware attacks are tackling banks in Financial Services Sector

Financial-related cyber crimes throughout the APAC region

Source: MMC - APAC Cyber Risk in Asia Pacific, Reuters, Straits times

7This document is confidential and intended solely for the client to whom it is addressed.

Vietnam

Thailand

Sri Lanka

Singapore

Philippines

Australia

Palau

Nepal

MalaysiaMalaysia

Laos

Indonesia

Indonesia

India

China

Cambodia

Myanmar (Burma)

Brunei

Bhutan

Bangladesh

Taiwan

Timor Leste (East Timor)

Hong Kong

USD$81 Million were stolen from Bangladesh bank using

stolen SWIFT credentials

Malware were installed onto the ATM network to steal

USD$2.6 Million

USD$72 Million worth of Bitcoin was stolen from

Bitfinex exchange

3.2 Million debit cards were compromised due to malware

on the ATM network

USD$350k was stolen from 18 ATMs by an individual with a

Ripper Malware ATM card

NON-EXHAUSTIVE

We predict the following cybersecurity developments over the year of 2018

Predictions from the 2018 Foresights Report

Source: Booz Allen analysis

8This document is confidential and intended solely for the client to whom it is addressed.

Attackers will use updates of popular software to infect

corporate customers

Threat actors will utilize software development

toolkits as a vector of compromise

Cryptocurrencies will be used to skirt sanctions and

launder ill-gotten funds

An increase in states hiring

mercenary hackers and wielding their expertise against

adversaries

An increase in cyber attacks on

industrial control systems (ICS)

1

2

3

4

5

Global Prediction #1: Attackers will use updates of popular software to infect corporate customers

Petya’s Legacy: Hijacking Software Updates to Target Corporate Customers

Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Booz Allen analysis

9This document is confidential and intended solely for the client to whom it is addressed.

• Attackers could compromise a small software provider and use their software updates to attack larger companies downstream

• In essence, they’d be carrying out a small attack to enable a far larger one

What is this about?

• Attackers compromised the update server for a popular Ukrainian tax software called M.E.Doc, sending out poisoned updates that led to the NotPetya outbreak

• Suspected nation-state sponsored hackers compromised CCleaner with the aim of carrying out cyber espionage against various technology and telecommunications firms that used it, including SingTel

Examples

• Companies will continue to be a key target of criminal groups seeking to steal client information and implant ransomware

• System administrators need to constantly monitor developments in the industry to ensure that updates are safe

How will this affect business?

Global Prediction #2: Threat actors will utilize software development toolkits as a vector of compromise

One-stop Shop for Mass Compromise

Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Booz Allen analysis

10This document is confidential and intended solely for the client to whom it is addressed.

• Software libraries and software development kits (SDK) are essentially plug-and-play components that speed development

• These are particularly difficult to patch quickly without disrupting service to web server applications like Apache and WordPress

What is this about?

• The compiler malware XcodeGhost was packaged into an iOS development library for use by Chinese iOS/OS X developers, aiming to collect information on devices

• In March 2017, 132 Android apps on the Google Play store were found to be infected with malicious Iframes from infected Android development platforms

Examples

• In supporting both clients and developers, companies will continue to use these user-friendly and highly customizable tools

• Companies will have to be more proactive at screening the software libraries and development kits their services use

How will this affect business?

Global Prediction #3: Cryptocurrencies will be used to skirt sanctions and launder ill-gotten funds

Evading Scrutiny and Busting Sanctions with Cryptocurrency

Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Recorded Future, Booz Allen analysis

11This document is confidential and intended solely for the client to whom it is addressed.

• Cryptocurrencies offer a lifeline to states and individuals cut off from international financial markets, lending, and lines of credit

• These high-risk agents are able to use cryptocurrencies to perform banned activities with greater ease than before

What is this about?

• In December 2017, North Korea was publicly blamed by the Trump administration for launching the malware WannaCry to gain Bitcoin for the Kim regime

• In August 2017, North Korea emptied its three Bitcoin wallets and converted them to Monero, presumably to enhance the concealment of any future transactions

Examples

• Companies will see more stringent Know Your Customer (KYC), Anti-money Laundering (AML), and Counter-terrorism Financing (CTF) regulations

• Such additional regulation will result in increasing the cost of compliance

How will this affect business?

Global Prediction #4: An increase in states hiring mercenary hackers and wielding their expertise against adversaries

Outsourcing Hackers

Sources: Gizmodo, Black Hat, Palo Alto Networks, Securelist, Reuters, Fortune, Booz Allen analysis

12This document is confidential and intended solely for the client to whom it is addressed.

• Hiring foreign cyber mercenaries is significantly faster than the years needed to develop homegrown cyber attack talent

• Increasingly, nation states see cyber attacks as a foreign policy tool to disrupt the operations of competitors and adversaries

What is this about?

• The OilRig espionage campaign and the Qatar News Agency breach both allegedly involved contract foreign hackers

• The Bahamut campaign’s geographically varied target set suggests that one group supported multiple countries’ espionage programs

Examples

• As governments struggle to identify the source/motive of cyber attacks, businesses are often left to defend themselves

• In addition, as governments compete for scarce cyber talent, companies can expect cyber talent to become more expensive

How will this affect business?

Global Prediction #5: We predict an increase in cyber attacks on industrial control systems (ICS)

Attacking and Monetizing Access to ICS

Sources: KrebsonSecurity, Wired, CNN, Booz Allen analysis

13This document is confidential and intended solely for the client to whom it is addressed.

• ICS are integral to a wide variety of key processes, including manufacturing, server farms, shipping, and agricultural processes

• ICS are therefore profitable targets for ransom, or by state-backed actors targeting them to disrupt their operations

What is this about?

• Stuxnet was used to attack centrifuges at Iran’s Natanz uranium enrichment plant, causing centrifuges to fail at an unprecedented rate

• The U.S. Department of Homeland Security demonstrated a controlled hacking into a replica of a power plant's control system, dubbed “Aurora”, resulting in the physical destruction of the generator

Examples

• As automated operations often use ICS, companies developing or utilizing automation are now increasingly vulnerable to attack

• Companies need to expand their cybersecurity awareness, to ensure endpoints are secured and develop contingency plans

How will this affect business?

Thank You