Upload
richard-stiennon
View
217
Download
0
Embed Size (px)
Citation preview
8/7/2019 Surviving Cyber War2011
1/17
IT-Harvest Confidential
Surviving Cyber War
Richard StiennonChief Research AnalystIT-Harvest
Blog: ThreatChaos.comtwitter.com/stiennon
8/7/2019 Surviving Cyber War2011
2/17
IT-Harvest Confidential
Blog: www.ThreatChaos.com
twitter.com/cyberwar
8/7/2019 Surviving Cyber War2011
3/17
IT-Harvest Confidential
Threathierarchy is a time line!
Information Warfare
CyberCrime
Hactivism
Vandalism
Experimentation
8/7/2019 Surviving Cyber War2011
4/17
8/7/2019 Surviving Cyber War2011
5/17
IT-Harvest Confidential
Chinese Thinking
Wang Qingsong, Modern Military-Use High Technology, 1993 Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High
Tech Conditions1994 Li Qingshan, New Military Revolution and High Tech War, 1995 Wang Pufeng, InformationWarfare and the Revolution in Military
Affairs, Beijing: 1995; Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the
New Military Revolution,1996; Li Qingshan, New Military Revolution and High Tech War, 1995 Dai Shenglong and Shen Fuzhen, Information Warfare and
Information Security Strategy, 1996
Shen Weiguang, On New War 1997
8/7/2019 Surviving Cyber War2011
6/17
IT-Harvest Confidential
Goal: Information Dominance
The degree of information superiority that allows the
possessor to use information systems and capabilities toachieve an operational advantage in a conflict or to control
the situation in operations short of war, while denyingthose capabilities to the adversary.
-Field Manual 100-6 Information Operations,
August1996.
8/7/2019 Surviving Cyber War2011
7/17
IT-Harvest Confidential
Cyber Defense Conditions
Cyber DefCon 5. Travel warnings. Governments issuewarnings about protecting data when travelling to foreignnations.
Cyber DefCon 4. Nation states probe each others networks forvulnerabilities.
Cyber Defcon 3. Wide spread information theft with intent tomine industrial as well as military and geo-political secretinformation.
Cyber DefCon 2. Targeted attacks against a nations militaryand government installations. Loss of critical data, collateral
damage. Cyber DefCon 1. Nation to nation attacks are malicious with
intent to destroy communication infrastructure and disablebusiness processes including financial markets.
8/7/2019 Surviving Cyber War2011
8/17
IT-Harvest Confidential
Custom Trojans, tools of the trade
Michael Haephrati shows us how.
8/7/2019 Surviving Cyber War2011
9/17
IT-Harvest Confidential
Ch
ina knowsT
rojans In the UK, the Home Office has warned about a spate of
attacks in recent months involving e-mail Trojans. "We havenever seen anything like this in terms of the industrial scale of
this series of attacks," said Roger Cumming, director ofNISCC
8/7/2019 Surviving Cyber War2011
10/17
8/7/2019 Surviving Cyber War2011
11/17
IT-Harvest Confidential
Ghost Net
1,200 computers including ministry and NATO machines
Looking for attribution
Attacks on the office of the Dalai Lama
A special purpose botnet.
8/7/2019 Surviving Cyber War2011
12/17
IT-Harvest Confidential
Joint Strike Fighter
8/7/2019 Surviving Cyber War2011
13/17
IT-Harvest Confidential
Project Aurora
Social networks used as vectorsto target Google employees.Zero-day vulnerability in IE.
Result
Loss of customer dataLoss of source code
8/7/2019 Surviving Cyber War2011
14/17
IT-Harvest Confidential
Cyber sabotage: Stuxnet
Step 7 software DLL
Rootkit
DLLoriginal
Programmable Logic Controller
New data blocks added
s7otbxdx.dll s7otbxsx.dll
8/7/2019 Surviving Cyber War2011
15/17
IT-Harvest Confidential
Surviving Cyber War for every
organization Same rules apply, only more so. As threats multiply,
investment is needed.
Appoint a cyber security commander
Defense in depth against multiple adversaries Complete network protection (UTM) Beaconing detection
End point whitelisting
DdoS defense is the ultimate engagement with the enemy.
8/7/2019 Surviving Cyber War2011
16/17
IT-Harvest Confidential
UTM
is first line of defense
Deny all except that which is explicitly allowed
Connect policy to users
Block malware from URL's, email, Skype, Facebook
Prevent data exfiltration (DLP)
Detect, alert, and block beaconing
8/7/2019 Surviving Cyber War2011
17/17
IT-Harvest Confidential
Blog: www.threatchaos.com
email: [email protected]
Twitter: twitter.com/cyberwar