Cyber Security in a Fully Mobile World

Cyber Security in a Fully Mobile World
Prof Peter Cochrane OBE p e t e r c o c h r a n e . c o m U D P I P S I P TC P RT P D C H P D N S P N V P N L A N W A N W I F IP S T N W L A N 3 G 4 G 5 G 6 G ? ? B l u e To o t h F T T X V D S L VO I P I o T I 4 . 0 A I V M O 4 G C LO U D S A M P S A C T S B O D F L A G I N L E O P I N P o C N A P P o P P OT S S ATC o m RO W A F C C O D E C C AT VAT M DT M F E IR P F M D P S K CYBER Security In a fully mobile world
D A N G E R O U S E P O C H C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d “ We h a v e n e v e r k n o w n s o v e r y m u c h a n d u n d e r s t o o d s o l i t t l e”
D A N G E R O U S E P O C H C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d “ We h a v e n e v e r k n o w n s o v e r y m u c h a n d u n d e r s t o o d s o l i t t l e” 2 0 2 0 I n f o r m a t i o n 6 0 Z B M o b i l e s > 1 4 B n I o T D e v i c e s > 2 5 B n C o n n e c t i o n s > 5 0 B n G l o b a l F i b r e > 1 Tm Tr a f f i c / D a y > 5 E B Internet traffic 2025 >17.5 ExaBytes/Day 2020 >5.3 ExaBytes/Day 2015 > 1.7 ExaBytes/Day 2000 < 0.3 ExaBytes/Day 1 Exa =109 GBytes
RESUME R e a l i t y 2 0 2 0 Attacks are escalating The Dark Side is winning There are no silver bullets People are the biggest risk The attack surface is increasing Attacker rewards are on the up All our security tools are reactive Cyber disruption costs are growing Companies do not collaborate/share Attackers operate an open market More of the same but better & faster will not change the game… …we have to think anew - to get out of the box and do something very different !
Infrastructures Web Resources PoS + ATMs Peripherals Users IoT Mobiles Pcs Tablet Wearables Targets Transport IT Retail Crypto££ Telecom ++++ c y b e r A t t a c k A c o n n e c t e d / n e t w o r k e d w o r l d Malware False ID Social Engineering Hacking Web Probes DDoS Software Adulteration Finance Gov Health Care Education Industry Commerce Services Hospitality VictimsTools
Infrastructures Web Resources PoS + ATMs Peripherals Users IoT Mobiles Pcs Tablet Wearables Targets Transport IT Retail Crypto££ Telecom ++++ c y b e r A t t a c k A c o n n e c t e d / n e t w o r k e d w o r l d Malware False ID Social Engineering Hacking Web Probes DDoS Software Adulteration Finance Gov Health Care Education Industry Commerce Services Hospitality VictimsTools We are all on (a) l i s t ( s ) & r a t e d a s t a r g e t s S o o n e r o r l a t e r w e w i l l a l l t a k e a h i t ( o r t w o ) M u c h o f o u r p e r s o n a l d a t a i s f o r s a l e !
H E A D L I N E S B i g g e r t h a n U K G D P ! “ W e a r e l o s i n g t h i s w a r h a n d s d o w n ”
https://www.varonis.com/blog/cybersecurity-statistics/ A t t a c k C a t a l o g u e W e f a c e a r a p i d l y c h a n g i n g l a n d s c a p e ! “ I t i s e s s e n t i a l t o m a k e a c y b e r t h r e a t r e v i e w a d a i l y r o u t i n e b y c o n t i n u a l l y t a p p i n g t h e r i c h v e i n o f r e p o r t s a n d h e a d l i n e n e w s a v a i l a b l e t o t h e d e f e n c e c o m m u n i t y ” https://go.crowdstrike.com/crowdstrike-global-threat-report-2020.html https://www6.gemalto.com/ppc/dtr/global https://www.accenture.com/gb-en/insights/cyber-security-index https://solutionsreview.com/endpoint-security/key-findings-the-check- point-2020-cyber-security-report/
R a n s o m e w a r e % o f o r g a n i s a t i o n s r e p o r t i n g a t t a c k s
P e r s i s t e n t C r i s i s Anti-phase cyclic actions correlate with events Company/Institutions/Gov/Industry Status Surveys remain almost static year- on-year and show little sign of improvement despite the growing number and type of attack plus reputational damage
T H E B I G G E S T R I S K A t t a c k m o d e s d e p e n d o n p e o p l e f a i l s !
J O E P U B L I C T h e O L D a t r i s k g r o u p
J O E P U B L I C T h e O L D a t r i s k g r o u p Status User Attitude I just want to use it: I can’t/don’t want to know or understand any of the detail - so don’t touch it, don’t change anything, you might break it, just fix the problem and let me carry on as normal! Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP BOTNET Zip Outdated Old OS - never updated Very Few - never updated Simple and Weak What ? No Idea? Whats That? None I use my phone line Wide Open ??? Blanklook - Don’t care Very hard to help at risk group in need of expert/ Family Help
Young Family B o r n & l i v e w i t h t e c h
Young Family B o r n & l i v e w i t h t e c h Status User Attitude We all need to be IT literate and fully understand the opportunities/risks - child protection is a must and how/where to get help Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Sufficient /Reasonable New(ish) OS - auto-updated Many - auto-updated Strong(ish)/Browser Created Two Factor Built into OS Protection Built into OS Cloud fundamental to set up Best Deal ADSL/VDSL/Fibre Supplier Strong Password Firewall + Child Protection May have Norton or similar Parents capable and protective kids are eager beavers
H O M E W O R K E R A w a r e a n d C y b e r - w o r r i e d
H O M E W O R K E R A w a r e a n d C y b e r - w o r r i e d Status User Attitude I am a professional and my job depends upon my IT literacy: I need to fully understand the opportunities and risks and I need contracted support Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Encryption VPN Good <3 years old OS - auto-updated Many - auto-updated Strong/Browser Created 2 Factor + PIN/Fingerprint Built into OS + Additional App(s) Protection inside OS + App(s) Cloud +Several (>1) HDs Best ADSL/VDSL/Fibre Speed Strong Password FireWall and Malware Protection Norton or similar +++ Not the norm but able Sometimes
M o b i l e w o r k e r Cyber over confident should be worried
M o b i l e w o r k e r Cyber over confident should be worried Status User Attitude I am a professional road warrior and my job depends upon me being on the ball and self sufficient & I have to be aware of physical and cyber security Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Encryption VPN Good <3 years old OS - auto-updated Many - auto-updated Strong/Browser Created 2 Factor + PIN/Fingerprint Built into OS + Additional App(s) Protection inside OS + App(s) Cloud(x2) + Several (>2) HDs Best ADSL/VDSL/Fibre Speed Strong Password Random Sites FireWall and Malware Protection Norton or similar +++ Normal Mode Normal Mode
S M E / S ta r t u p D e f e n d i n g a d i s p a r a t e g r o u p
S M E / S ta r t u p D e f e n d i n g a d i s p a r a t e g r o u p Added Complexity There are no IT standards and/or codes of practice everyone works on the move using their personal IT and an array of platforms and apps People are working from Home, Office, Hotels, Airports, Coffee Shops with ad hoc networking with a wide range of data and apps The attack opportunities are amplified but so are the complications of navigating multiple locations, device and OS types along with a diverse spread of Apps Fledgling companies eventually die or grow up and this model does not scale to deal with the a large number of customers and the increased security requirements - in short: processes, contingencies and staff training plus a deal of uniformity are a must ! Status User Attitude A group of professionals dedicated to the creation of a successful company - from a variety of backgrounds with years of IT user experience and awareness Tech Awareness Technology Software Apps Passwords Authentication Firewalls Malware Back-Up BroadBand WiFi ISP Security Encryption VPN IT Support Excellent Random mix of personal devices Multiple OS - auto-updated Many - auto-updated Strong/Browser Created 2 Factor + PIN/Fingerprint Built into OS + Additional App(s) Protection inside OS + App(s) Cloud(x3) + Many (>??) HDs Best ADSL/VDSL/Fibre Strong Password Fixed & Mobile FireWall and Malware Protection An Array of Products + Services Normal Mode Normal Mode Some Specialisms eg web site
M e d i u m B i G C o m p a n y A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s L a r g e C o m p a n y Cyber over confident should be worried
M e d i u m B i G C o m p a n y A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s L a r g e C o m p a n y Cyber over confident should be worried ITs not my bag THE IT DEPT Take care of all this/w ho cares IT and Security never eat their ow n dog food do theY EVEN care IT and Security never look at or try to do your job
CATALOGUES OF PASSW ORDS FOR SALE ON THE DARK W EB
D A N G E R O U S E P O C H We h a v e n e v e r s e e n a n y t h i n g l i k e t h i s !
P r i m e t a r g e t s F a v o u r i t e c y b e r a t t a c k s e c t o r s $ $
V U L N E R A B I L I T I E S T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e
V U L N E R A B I L I T I E S T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e People Always The Biggest Risk!
P H I S H I N G D E M O O h s o v e r y e a s y f o r t h e s k i l l e d
S P O O F E R S B i g g e s t f r o n t c o m p a n i e s
I M P E R S O N A T I O N F a k e I D c a l l c e n t r e s u p p o r t a t t a c k s
C h a l l e n g e T h i s l i s t e x p a n d s y e a r l y
Malicious Code inserted into visitor browsers Gains Access to sensitive data c y b e r A t t a c k S y s t e m W i d e O p p o r t u n i t y Po i n t s
R I S K P R O F I L E T h e b i a s f o l l o w s t h e p e o p l e
R I S K P R O F I L E T h e b i a s f o l l o w s t h e p e o p l e “ T h e b u l k o f n a t i o n a l a n d i n t e r n a t i o n a l n e t w o r k s a r e p h y s i c a l l y d i f f i c u l t to access: the level of e n c r y p t i o n r e n d e r s i t i m p o s s i b l e t o access any useful i n f o o r d a t a” W e n o w e x a m i n e t h i s i n d e t a i l
PRIMARY security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN Network Services Reseller with direct routing Inherently Secure Fibre PN/VPN
PRIMARY security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN Network Services Reseller with direct routing Inherently Insecure Wired & Wireless Inherently Secure Fibre PN/VPN Strong Encryption Hidden VPN & Routings What is actually in this Cloud?
p a r t i a l v i e w 1 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually in this Cloud?
p a r t i a l v i e w 1 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually in this Cloud? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
p a r t i a l v i e w 2 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l How is the Network Configured?
p a r t i a l v i e w 2 C o m p a n i e s d o n ’ t d i v u l g e d e t a i l How is the Network Configured? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ?
S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ? In h er en tly s ec u r e in th e ex tr em e iff d es ig n ed w ell a n d d eta il is k ep t s ec r et
Cable 3 D i v e r s i t y M u l t i - C a b l e s P a t h s
Cable 8 Cable 6 Cable 3 D i v e r s i t y M u l t i - C a b l e s P a t h s
Cable 8 Cable 6 Cable 3 D i v e r s i t y M u l t i - C a b l e s P a t h s A d d s r es ilien c e to a w h o les a ler n etw o r k a n d is a v er y effec tiv e d efen c e a g a in s t D D O S A tta c k s
Cable 8 Cable 6 Cable 3 A d d r e s s i n g M u l t i - C a b l e P a t h s / R o u t i n g Radically Different For Each Layer Password Format Different by Layer
Cable 8 Cable 6 Cable 3 A d d r e s s i n g M u l t i - C a b l e P a t h s / R o u t i n g Radically Different For Each Layer Password Format Different by Layer A d d s r es ilien c e A n d A N ex tr a la y er o f s ec u r ity fo r a tta c k er s if th ey g et th is d eep
Cable 8 Cable 6 Cable 3 Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! S p o o f i n g G h o s t C a b l e s P a t h s
Cable 8 Cable 6 Cable 3 d ilu tes th e effo r ts a n d r es o u r c es o f th e d a r k s id e a n d Fr u s tr a tes th eir D es ig n s to G a in a c c es s Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! S p o o f i n g G h o s t C a b l e s P a t h s
Cable 3 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
Cable 8 Cable 6 Cable 3 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
Cable 8 Cable 6 Cable 3 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners A s o f th e c r ea tio n o f th is p r es en ta tio n n o k n o w n a tta c k h a s b een s u c c es s fu l a g a in s t th is d efen c e
TH E BIG PICTUR E O p t i c a l F i b r e C a b l e N e t S p i n e
TH E BIG PICTUR E O p t i c a l F i b r e C a b l e N e t S p i n e O v er 4 30 u n d er s ea c a b les n o w c o n n ec t th e p la n et a n d c a r r y 99.999% o f a ll tr a ffic
EU - Nth America O p t i c a l F i b r e C a b l e s 2 0 1 9
EU - Nth America O p t i c a l F i b r e C a b l e s 2 0 1 9 C A B LE FA ILS A R E R A R E a n d m a in ly c a u s ed b y h u m a n in ter v en tio n tr a w ls a n c h o r s p lu s tid a l a c tio n
UK - North America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
UK - North America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s
UK - North America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s in w a r tim e it is n o t u n u s u a l fo r c a b les to b e a ta r g et if th ey c a n b e lo c a TED TH EN TH EY M A Y B E C U T
PRIMARY Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms
PRIMARY Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available
PRIMARY Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available N o n O b v io u s g a t ew a y g h o s t in g /d u p lic a t io n P lu s s p lit fib r e c a b le feed s c a n b e u s ed t o in c r ea s e s ec u r it y Ex t en s iv e u s e o f en c r y p t io n 12 8 /2 5 6 / 5 12 k ey s p lu s p u b lic k ey fo r c o n t r o l a n d s ig n a llin g
COULD THIS HAPPEN W o u l d i t i n a l l l i k e l i h o o d w o r k ? The media just love this scenario… but undersea cables are 1000s of time less vulnerable than satellites!
AND THIS ? B a d c a b l e d e s i g n !
PRIMARY Security 3 Ra n d o m i s a t i o n o f b y t e s a n d ro u t i n g Impossible to fully imitate the complex randomness in action…so this will have to suffice !!
R I S K P R O F I L E T h e b i a s f o l l o w s t h e p e o p l e “ T h e b u l k o f t h e l o c a l l o o p / l a s t m i l e i s e x p o s e d a n d p h y s i c a l l y e a s y to access: the equipment, copper, fibre, and wireless links are open to attack” W e n o w e x a m i n e t h e l a s t m i l e
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 1 : COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 1 : COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t 1 23 4 5 6 7 8
COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 1 2
COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e
COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 3 4 3 5 5 5 5 5
COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t “ L e t m e e x p l a i n / t e l l y o u h o w , b u t I a m n o t g o i n g t o d o c u m e n t i t ” H e r e i s t h e h a r d w a r e 6
COPPER & FIBRE ACCESS H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t H e r e i s t h e h a r d w a r e 2 : 7
Why would anyone do this for a few ££ an hour, or is there hidden value add that we are not seeing? Stealing all that personal data is often the bigger prize! MUCH EASIER W i t h a h i g h R O I Gangs generally hired in and exploited by big crime! Sold on or delivered to far more capable exploiters…
UP THE VALUE 100s of hack tutorials on-line A naked mobile device is one price A live mobile device with all the log-in and personal data accessible is a much better deal !
PASSWORD & PACKET SNIFFERS A v i t a l b r e a k i n t o o l a v a i l a b l e o n t h e D a r k N e t F r e e o r a v a i l a b l e t o p u r c h a s e T i m e t o c r a c k a p a s s w o r d = M i n u t e s - H o u r s E m u l a t i n g h a r d w a r e c a n c o s t k i t + s o f t w a r e a n d i s h a r d ! Password Sniffer: An App that scans and records passwords on a computer or network interface. It inspects all incoming and outgoing network traffic and records any instance of a data packet that contains a password. Over a period of time it can build up a complete ID, MAC Address, Password et al record
STUDENT WARNING I d o n o t re c o m m e n d e n t e r i n g t h i s d o m a i n , BU T i t i s t h e o n l y re a l wa y o f a p p re c i a t i n g t h e f u l l p o t e n t i a l - S O i f yo u d o d e c i d e t o h a ve l o o k , t h e n : 1) Use an old machine/fake ID in a coffee shop 2) Have your camera, mic, tracking turned off 3) Make sure all location service options are off 4) Employ security (Norton et al) throughout 5) Only have a single app (TOR) installed 6) DO NOT complete any transactions 7) Reveal no personal info whatsoever 8) Factory reset machine when done 9) Security scan machine on boot RECOMMENDATION: Enter, take a look, get a taste, get out
TORching infrastructure 5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9 I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y 3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s
TORching infrastructure 5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9 I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y 3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s This is the pow er of ignorance w rit large belief paranoia and a lack of any basic education 3 4 5G save lives day on day and these fools do not know that they are killing people
Segue: Demo P u b l i c K e y M a d e O b v i o u s
L e ss o n s F r o m H i s to r y
L e ss o n s F r o m H i s to r y F e n c e F e n c e + M o u n d W a l l + M o u n d W a l l + M o u n d + D i t c h W a l l + M o u n d + M o a t W a l l ( s ) + M o u n d + K e e p + M o a t + + + + + + W a l l ( s ) + M o u n d + K e e p + M o a t + H i d d e n D i t c h + O b s t a c l e s + + + + + + C a s t l e i n a C a s t l e !
S lo w e vo l u t i o n T h e e n e m y i s m o b i l e & a g i l e E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !
S lo w e vo l u t i o n T h e e n e m y i s m o b i l e & a g i l e I r o n A g e N a p o l e o n E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e ! Does this not look like the recent history of cyber defence w ith layer on layer of fixed/static defences And w e are still building them in the form of bunkers at even vaster expense
And after > 2000 years of evolution, what comes next? WA L L S D O N ’ T W O R K B u t w e k e e p b u i l d i n g t h e m ! And w e are still building them and they are still ineffective and very expensive
W H At D I D W E L E A R N ! C o n c e n t r i c d e f e n c e l a y e r s w o r k ( i s h ) ? N o t s o i f t h e y a r e : F i x e d U n c h a n g i n g U n r e s p o n s i v e S l o w t o e v o l v e L a c k i n t e l l i g e n c e P o o r l y m a i n t a i n e d O p e r a t e i n i s o l a t i o n N o t w h o l l y i n t e g r a t e d N o t f u l l y a n t i c i p a t o r y H u b L A N S w i t c h C P E H u b L A N S w i t c h C P E I S P C L O U D ( s ) S e c u r i t y a t e v e r y l a y e r h a s t o b e d y n a m i c & a d a p t a b l e
Assessment S e c t o r R e a l i t y 2 0 2 0 Attacks escalating Our exposure is growing Attackers are winning the war Attacker get richer by the year Our defences are not 100% effective We need to collaborate and share all We are largely disorganised and underinvesting People remain our single biggest attack risk All our security tools are reactive & mostly outdated Best market model appears to be the airline industry
Assessment S e c t o r R e a l i t y 2 0 2 0 Attacks escalating Our exposure is growing Attackers are winning the war Attacker get richer by the year Our defences are not 100% effective We need to collaborate and share all We are largely disorganised and underinvesting People remain our single biggest attack risk All our security tools are reactive & mostly outdated Best market model appears to be the airline industry We present an easy and very attractive Opportunity for cyber hackers and/or criminals
Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric
Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric
Collaboration A i r l i n e s m o d e l 2 0 2 0 Safety record is all Embraces entire industry Every accident is investigated All incident reports are open & shared Safety communication is pilot/operator centric Industries, manufacturers, governments all committed Well organised and structured with a high level of accountability Passenger and crew safety is the single biggest concern and success metric Flying is generally the safest mode transport globally as a result of this model Cyber security is in need of something very similar if it is ever to migrate out of The victim mode
• No transgressions • Work up to the limit • Keep within the spirit & word • Our responsibility to keep up to date • Seek legal advice on latitude • Special dispensations may be possible • National security/intelligence may help • In general the Buck ends with you ! C o n s t r a i n t s O u r f r e e d o m s a r e l i m i t e d Legal system Codes of practice Ethical principles Moral responsibilities
THE Potential Nightmare We h a v e n o r e a l e v i d e n c e o f w h o c a n d o w h a t !
The eNemy Innovates fast T h i n g s l i k e t h i s p o p u p a l m o s t w e e k l y !
A t t a c k T y p e s W i t h a g r o w i n g s p e c i e s c a t a l o g u e R e a l T i m e D e l a y e d O p e n & O b v i o u s I n v i s i b l e S t e a l t h R e a d i l y o r E v e n t u a l l y I d e n t i f i a b l e D i f f i c u l t o r I m p o s s i b l e t o I d e n t i f y Disguised H i d d e n M a y o r m a y not (ever) be d i s c o v e r e d
A t t a c k T y p e s W i t h a g r o w i n g s p e c i e s c a t a l o g u e R e a l T i m e D e l a y e d O p e n & O b v i o u s I n v i s i b l e S t e a l t h R e a d i l y o r E v e n t u a l l y I d e n t i f i a b l e D i f f i c u l t o r I m p o s s i b l e t o I d e n t i f y Disguised H i d d e n M a y o r m a y not (ever) be d i s c o v e r e d Sophisticated criminal group technology Rogue/nation state espionage OR WEAPONISED Rogue/nation state espionage OR WEAPONISED Hacker/groups conventional techniques
D e f e n c e e s s e n c e S p e e d o f d e t e c t i o n , r e s p o n s e & a d a p t a t i o n 1) Our own passivity is the biggest danger 2) The attacker agility and innovation our biggest challenge 3) Attackers have the first mover advantage & get to choose everything 4) Human defenders cannot be vigilant and prepared 24 x 365 year-on-year 5) Situational awareness is key & rooted in Data/Information gathering/analysis 6) Machines, AI, Machine Learning are key to solving (4 & 5) and giving us the edge 7) The application of anticipatory techniques is still in its infancy and needs investment! 8) Disparate companies, groups and government almost all the components we need 9) It is essential that these resources (8) are brought to bear and integrated with (5 -7) 8) We might just win this war, but not without changing the way we think and operate!
M I N D S E T S A d i f f e re n t p e r s p e c t i ve https:// www.y outube. com/ watch? v=X7rh ovBK_e A Audio Book https://www.youtube.com/watch?v=X7rhovBK_eA Written 5th C BC Most important points: Information matters and an educated guess is better than a gut decision Generals should be adept at the "military calculus" of accounting for anything and everything that could affect the outcome of a battle
M I N D S E T S P r o v o c a t i v e s t i m u l a t i o n More Quotes by famous generals and philosophers https://bit.ly/2VVJ6Hm More Quotes by Sun Tzu https://bit.ly/2VVJ6Hm BEST Quotes by Sun Tzu https://bookroo.com/quotes/the-art-of-war “The supreme art of war is to subdue the enemy without fighting” “To know your enemy you must become your enemy”
1) There is always a threat 2) It is always in a direction you’re not looking 3) Perceived risk/threat never equals reality 4) Nothing is ever 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual risk 7) You need two security groups - defenders and attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind Security Laws I m m u t a b l e S i n c e 1 9 9 0
Security Laws I m m u t a b l e S i n c e 1 9 9 0 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending them 13) Hackers are smarter than you - they are younger! 14) Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally defines the outcome
p a r A D O X 1 Wa r G a m e s a n d D e f e n c e “The military play all day and occasionally go to war” “We are ay war every day and never play”
pA r A D O X 2 N o re t a l i a t o r y d e f e n c e BY and large w e know w ho the attackers are and w here they reside but opt to do nothing the enem y have sim ply adopted our technologies and used them as w eapons against us
T o S u r v i v e We n e e d t o b e c o m e u n i t e d “Failure the greatest teacher is”
T o S u r v i v e We n e e d t o b e c o m e u n i t e d Well Funded R&D Global Sharing Culture Tools, Tech & Info Sharing Proactive Defence Strategies Skills & Expertise Cooperation Fast to Respond to/Report Threats Cooperative Creativity Engage in Workable Legislation Help Formulate Law Frameworks Virtualised Every Aspect of Cyber Defence Formulate a Rapid Attack/Punitive Responses “The Art of War read you must”
C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $5000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypots… Social engineering is one of the most powerful tools to be widely exploited by the ‘Dark Side’ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect
C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $5000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypots… Social engineering is one of the most powerful tools to be widely exploited by the ‘Dark Side’ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect W a tch som e crim e hEist spy m ov ies rea d detectiv e n ov els k eep up w ith security dev elopm en ts To get a grip on deception rea d on m a gic a n d m a gicia n s w a tch som e rela ted m ov ies
S e g u e : S t u x n e t S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r O n l y i n t e r e s t e d i n M S O S H u n t e r K i l l e r S p e c i e s 2 0 1 0 A t t a c k N e v e r A t t r i b u t e d C I A - M o s s a d P r i m a r y S u s p e c t s G e n e r a l S p e c i e s f o r S a l e o n D a r k W e b
c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security Prime Motivation Political, Commercial and Social Change Prime Motivation Domination and TakeOver
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ c y b e r a t t a c k P r i m a r y Ta r g e t s a s o f J a n 2 0 1 9
M y F o r e c a s t T h e n u m b e r O n e f o r 2 0 2 0 A target rich opportunity: • A wealthy technophobic organisation and customers • Processes, protocols and methodologies well known • Millions of people involved with dispersed offices • Multiple points of access PSTN, VOIP, Network+ • Staff trained to help customers BIG and small ++++ • Many possible attack modes: Phishing, Whaling, Malware, Man-in-the-Middle, Insider, Contractor, bribery, corruption, coercion
C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Effort Extremely Profitable Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Influence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Effort Political Influencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation
C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Effort Extremely Profitable Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Influence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Effort Political Influencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation Short Game Low Gain Medium Game Medium Gain Long Game Massive Gain Sophistication Investment Complexity ROI
S tat u s Q u o C y b e r C r i m e E c o n o m y E A S Y E N T R Y 1 M o s t l y v e r y p o o r p r o t e c t i o n B e h i n d t h e F i r e W a l l i n o n e s m a l l s t e p N o P a s s w o rd s E a s y P a s s w o r d s F a c t o r y D e f a u l t
E A S Y E N T R Y 2 M o s t l y v e r y p o o r p r o t e c t i o n
E A S Y M o n e y L o w c o s t h u m a n / ro b o t a t t a c k s
P h i s h i n g E x p o n e n t i a l G r o w t h Criminals are in a race against security teams looking to shut them down Security teams report phishing URLs regularly, but some criminals use web hosts/ domains that ignore reports Most kits have a short life, and the phishing window is growing smaller H i g h l y s u c c e s s f u l / p r o f i t a b l e ; a n d v e r y e a s y t o a u t o m a t e f o r T X T a n d s p e e c h
P h i s h i n g E x p o n e n t i a l G r o w t h o f S p e c i e s s e e s a ra p i d S h o r t e n i n g L i f e t i m e s Days to Deactivation Cumulative%ofKitsDeactivated 25% 50% 75% 100% Cumulative % of kits deactivated 0 40 80 120 160 200
P h i s h i n g E x p o n e n t i a l I n n o v a t i o n Akamai
S E G U E P h i s h i n g D e m o
D E F E N CE I N D U S T R Y W h e n a c u s t o m e r b e c o m e s a n e n e m y Kill Switch Disable Signal Destruct Command Assume Control Portal Information/Data Gathering
O F F T H E R EC O R D A l m o s t n o t h i n g i s a s i t a p p e a r s
m a l w a r e A ‘c o m m e rc i a l ’ s a m p l e Cerber – Malicious email file affecting system OS - steals user’s info to extort money RaaS – (Ransomware-as-a-Service) Hackers make money by selling/using this product Emotet – Originally a banking Trojan, but evolved as a full-scale Bot threat. Botnets – Used for DDOS attacks, SPAM distribution, data stealing, self organising Crypto-mining Malware – Distributed computing for cryptojacking - using your FLOPs
D D o S T y p e s T h e m a i n a t t a c k c h a ra c t e r i s t i c s Volumetric: Consumes network, service, link bandwidth to create congestion/paralysis TCP State Exhaustion: Kills core routers, firewalls & application servers - services unusable Application Layer: Target websites, databases & app services. Perhaps the most sophisticated /stealthy - very difficult to detect using common flow-based monitoring https://www.scss.tcd.ie/publications/theses/diss/2018/TCD-SCSS-DISSERTATION-2018-046.pdf
DDoS Deception I s t h i s t h e m a i n a c t - o r n o t ? Not So Obvious: Distraction to conceal more sinister activities?
DDoS Defence J u s t o n e c o m m e r c i a l o f f e r
W H AT W E D E T E C T P o s s i b l y j u s t t h e t i p o f a n i c e b e r g ! We need to start looking below the surface of obviousness for the hidden sophistication of the many stealth attacks that we suspect are happening that we cannot see! Ransomeware Phishing Crypto-WalletDoD/DDoS SQLi // XSS Man-in-The Middle URL Spoofing Cloaking Malware Covert Plant Visitors Insiders Outsiders Alongsiders Customers Contractors WiFi Tunnels Implants Malware Networks Diversions Brute Force Decoys
V i ta l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y P h y s i c a l S e c u r i t y S t r o n g P a s s w o r d s F i r e W a l l , P N , V P N M a l w a r e P r o t e c t i o n S t r o n g E n c r y p t i o n G e n e r a P u b l i c K e y A u t h e n t i c a t i o n C e r t i f i c a t i o n ( N F a c t o r, M P a t h ) P e n e t r a t i o n D e t e c t i o n a t K e y I n t e r f a c e P o i n t s B e h a v i o u r a l A n a l y s i s o f N e t , M a c h i n e s , P e o p l e M o n i t o r f o r a l l P r e - C u r s o r E v e n t I n d i c a t o r s C r e a t e / J o i n I n f o r m a t i o n S h a r i n g N e t w o r k s a c r o s s t h e i n d u s t r y
P h y s i c a l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y S e c u r e E n t r y S i t e & B u i l d i n g D u p l i c a t e d / T r i p l i c a t e d P o w e r / F i b r e B r e a k F r e e P o w e r w i t h B a t t e r i e s G e n e r a t o r s 2 / 3 U t i l i t i e s S u p p l y S i t e 5 0 k m f r o m a n y A i r p o r t
V i ta l M e a s u r e r s T h e m i n i m a l s e c u r i t y p r o t e c t i o n failures C o m m o n M o d e O n e r o a d i n a n d o u t i s n o t a g o o d i d e a !
F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y
F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y A i r L o c k S t r i p D o w n A u t h o r i s e d E n t r y O n l y G e n e r a l A c c e s s O p e n L i m i t e d A c c e s s Z o n e d T i m e d C a m e r a s H e a t S e n s o r s M o t i o n S e n s o r s L o c a t i o n P r o x i m i t y S e n s o r s I n v i s i b l e X - X L a s e r B e a m s
S e g u e S t a g e L e f t O f f T h e R e c o r d P l a y T i m e I d o n o t r e c o m m e n d y o u t r y a n y o f t h i s - i t i s a l l a p a r t o f m y p e r s o n a l m i s s i o n t o m a k e t h e w o r l d a s a f e r p l a c e
Hobbies ! W e i r d / C r a z y ? - A i r l i n e s e c u r i t y - P u b l i c t a r g e t s - B r e a k i n g i n - S o c i a l d a t a + + + +
Tunnel Vision T h e a t t a c k e r s f r i e n d “ E n d r u n n i n g s y s t e m s i s d e f i n i t e l y o n e o f m y f a v o u r i t e s ”
Airport Security S o m e o f t h i s i s l e g i t i m a t e
C a r e l e s s L o n d o n i s a s a f e c i t y ! I was working in London and stopped for a coffee break in Soho… Soho
C a r e l e s s L o n d o n i s a s a f e c i t y ! I was working in London and stopped for a coffee break in Soho… Soho A smart young man walked in and I spotted his badge ! He sat right in front of me and this is what my mobile phone could see as he booted up ! Coffee Shop Protocol • Sit as far back from the door as possible ; ideally with no one to the rear or the sides • Check for overhead cameras • Do not wear identifying insignia of any kind • Do not boot up to an identifying company, country, government, agency badge • Check and be aware N, E, S, W
LOUD & RUDE There is always a price to pay ! The group next to my colleague had just chanced upon the perfect name for their new company. So he bought the domain name and all the variants before they had completed their meeting!
O p P o r t u n i s t Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting
O p P o r t u n i s t Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff
O p P o r t u n i s t Unintended revelations & consequences TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant DAY 1: Pass Card for an undefined meeting TRUTH ENGINES An End Game Company Peter Cochrane Internal Affairs Advisor DAY 2: Pass Card as a member of staff I Was Invited to Test a Companies Revised Security My way in was to simply massage my security pass from visitor to employee I then played the role of an old boy not really up to the modern world of IT and so many wonderfully kind people came forward to help me access networks, rooms and facilities My secret? Wear a suite and a tie & look very respectable…everyone knows that hackers wear hoodies!
G O T O R e s o u r c e s 4 U petercochrane.com Broadcom/Symantic Crowdstrike Cisco, IBM Akamai Varonis Gartner, Aon, UKGov DDCMS. MimeCast BitSight,TrendMicro, FCA Juniper, RAND, Kaspersky
Things that Think want to Link and Things that Link want to Think F I N - Q & A ? www.petercochrane.com

Check these out next

Cyber Security in a Fully Mobile World

Recomendados

Mais conteúdo relacionado

Apresentações para você(20)

Similar a Cyber Security in a Fully Mobile World(20)

Mais de University of Hertfordshire(10)

Último(20)

Cyber Security in a Fully Mobile World