O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Global Technologies and Risks Trends

143 visualizações

Publicada em

ISACA Asia Pacific CACS 2019

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Global Technologies and Risks Trends

  1. 1. Global Technologies and Risks Trend Charles Mok Legislative Councillor (IT) 2019-4-1 @ ISACA Asia Pacific CACS 2019
  2. 2. More devices More risks more business operations, payment, e-services via devices 2
  3. 3. How are you keeping up with the latest risks? cybercriminals have stepped up efforts to discover new vulnerabilities and exploit them 3
  4. 4. Up-and-coming in cyber risks Escalating arms race between attackers and defenders Credential stuffing Collaboration app security AI/Machine learning IoT / smart electronic devices Virtualisation Blockchain Digital identity 4 Increasingly volatile cyber security landscape: Ransomware DDoS Phishing
  5. 5. Data breach incidents growing in scale 5
  6. 6. AI-powered attack: rise in automated attacks faster attacks, harder to detect Post-exploitation (discovery and exploitation of other vulnerabilities inside) Data theft: AI-powered data search and classification Vulnerability discovery using AI tools Exploitation: quickly generate exploit variants, AI botnet 6
  7. 7. Cyber-defence: AI vs AI Security devices and systems can be trained to perform specific tasks autonomously, but also can be exploited to ⊗ train devices or systems to not apply patches or updates to a particular device ⊗ ignore specific types of applications or behaviors ⊗ not log specific traffic to evade detection 7
  8. 8. Cyber-physical attacks: The Internet of Things risk Wide open: Unsecured, never updated older devices - connected video cameras - home appliances - smartwatches built-in web server to allow for remote access and management Satori malware (variant of the notorious Mirai): continue to exploit zero-day vulnerabilities in home routers and other IoT devices driving up the sophistication, scale and speed of today’s DDoS attacks against networks and mission-critical services 8
  9. 9. Attacks targeting cryptocurrencies lending and exchange platforms ⊗ cybercriminals demand for payment in cryptocurrencies ⊗ embedding ransom messages in the attack traffic ⊗ leveraging botnets to spread cryptocurrency mining malware use of AI to perform scanning, identify vulnerabilities and launch targeted strikes 9
  10. 10. Crypto-jacking: Malwares that steal CPU processing resources More money for less risk Hackers are placing crypto mining scripts on apps, networks, and websites that run surreptitiously - through phishing-like tactics - inject a script on a website / an ad 10
  11. 11. Blockchain not ‘unhackable’ cryptocurrency and smart contract platforms at risk ⊗ More security loopholes are appearing ⊗ private data submitted to the blockchain can be monitored or pieced together ⊗ blockchain storage: susceptible to attack and loss at very large scale ⊗ “Immutable” myth busted by hacks: double-spent cryptocurrencies ⊗ Famous case: DAO attack (due to a duplicate transaction logic flaw in a smart contract implementation that lead to a large amount of money being stolen) 11
  12. 12. To counteract the latest risks, organizations will need to continue to raise the bar for cybercriminals and escalate the cost of launching an attack. 12
  13. 13. Thank you! 13 Linkedin / Twitter @charlesmok www.charlesmok.hk www.facebook.com/charlesmokoffice charlesmok@charlesmok.hk