SlideShare uma empresa Scribd logo

CyberTerrorism - A case study for Emergency Management

Ricardo Reis
Ricardo Reis

“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman

TecnologiaNegócios
1 de 37
Baixar para ler offline
Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo
Presentation Developed By: Ricardo A. Reis ricardo.areis@unifesp.br ricardo.areis@gmail.com CCO, Federal University of São Paulo For use by: The International Consortium for Organization Resilience (ICOR)
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business Cyber Terrorism is defined as: “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman of the Technolytics Institute
Cyberterrorism Prepare, Plan and Stay in Business Emergency management is defined as: “Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.” Extension Disaster Education Network (EDEN)
Cyberterrorism Prepare, Plan and Stay in Business EMERGENCY MANAGEMENT LIFE CYCLE 1 - PREVENTION/MITIGATION 2 - PREPAREDNESS 3 - RESPONSE 4 - RECOVERY
Cyberterrorism Prepare, Plan and Stay in Business  Case Study Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software. From Wikipedia, the free encyclopedia
Cyberterrorism Prepare, Plan and Stay in Business  Case Study quot;A botnet is comparable to compulsory military service for windows boxesquot; Stromberg, http://www.honeynet.org/papers/bots/
Cyberterrorism Prepare, Plan and Stay in Business  Cyberterrorism & Botnet's  Distributed Denial-of-Service Attacks  Spamming  Sniffing Traffic  Keylogging  Spreading new malware  Installing Advertisement Addons  Browser Helper Objects (BHOs)  Google AdSense abuse  Attacking IRC Chat Networks  Mass identity theft
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business quot;We have seen offers that will allow a customer to send a million emails for under $100,quot; Henry says. quot;If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement.quot;
Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION  Compliance with Security Standards ISO 27001/27002  Think in Business Continuity and IT Infrastructure Recovery  Make a Computer Security Incident Response Team  Monitor IT Infrastructure  Internet Bandwidth  DNS Services  WEB Services  EMAIL Services  Pre-Contact with external agency  Upstream ISP  Regional Computer Security Incident Response Team (CSIRT)
Cyberterrorism Prepare, Plan and Stay in Business  PREPAREDNESS  Development and practice of multi-agency coordination and incident command  Development and practice Incident Response Plan
Cyberterrorism Prepare, Plan and Stay in Business  RESPONSE  Established Incident Command  Notify CSIRT  Active Incident Response Plan  Never use 100% of your CSIRT Team  Don't stop Triage Process  Communicate Major Events
Cyberterrorism Prepare, Plan and Stay in Business  RECOVERY  If necessary active Business Recovery Plan  Document the Major Event  Communicate the end of Major Events  Update all Plans
Cyberterrorism Prepare, Plan and Stay in Business A SIMULATED ? Distributed Denied of Service Attack
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business !!! REAL LIFE !!! Distributed Denied of Service Attack
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business The main targets have been the websites of: · the Estonian presidency and its parliament · almost all of the country's government ministries · political parties · three of the country's six big news organisations · two of the biggest banks; and firms specializing in communications
Cyberterrorism Prepare, Plan and Stay in Business NUMBER’S Attacks Destination Address or owner 35 “195.80.105.107/32″ pol.ee 7 “195.80.106.72/32″ www.riigikogu.ee 36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee 2 “195.80.124.53/32″ m53.envir.ee 2 “213.184.49.171/32″ www.sm.ee 6 “213.184.49.194/32″ www.agri.ee 4 “213.184.50.6/32″ 35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance) 1 “62.65.192.24/32″ http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 21 2007-05-03 17 2007-05-04 31 2007-05-08 58 2007-05-09 1 2007-05-11 http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 17 less than 1 minute 78 1 min - 1 hour 16 1 hour - 5 hours 8 5 hours to 9 hours 7 10 hours or more http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business BOTNET’S Command and Control
Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION ( AGAIN !!!!!! )  Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies )  Make a Computer Security Incident Response Team ( Your First Response Team)  Pre-Contact with external agency  Upstream ISP  Regional (CSIRT)
Cyberterrorism Prepare, Plan and Stay in Business Questions ?
Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo

Recomendados

Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismBalvant Biradar
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceDr David Probert
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FuturePriyanka Aash
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismHiren Selani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbdul Rehman
 
Cyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_FahadCyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_Fahadaliuet
 

Recomendados

Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismBalvant Biradar
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceDr David Probert
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FuturePriyanka Aash
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismHiren Selani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbdul Rehman
 
Cyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_FahadCyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_Fahadaliuet
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismDeepak Pareek
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbhay Vijay
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismSai praveen Seva
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismKaustubhPathak11
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismanjalika sinha
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentationmerlyna
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosCommonwealth Telecommunications Organisation
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismMaria Parra
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorismloverakk187
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismYanis Mendez
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismSavigya Singh
 
1358619756 cyber terrorism
1358619756 cyber terrorism1358619756 cyber terrorism
1358619756 cyber terrorismGayatri Aryasomayajula
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismGanesh DNP
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorismbl26ehre
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismSuyash Shanker
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Tower of hanoi
Tower of hanoiTower of hanoi
Tower of hanoiIffat Anjum
 
I Mouse
I MouseI Mouse
I MouseUttej Kumar Palavai
 

Mais conteúdo relacionado

Mais procurados

Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentationmerlyna
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismGanesh DNP
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorismbl26ehre
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 

Mais procurados (20)

Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
1358619756 cyber terrorism
1358619756 cyber terrorism1358619756 cyber terrorism
1358619756 cyber terrorism
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber Terrorism
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 

Destaque

13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case Study13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case StudyRohit Rohan
 
WattzOn Whole Earth Simulator
WattzOn Whole Earth SimulatorWattzOn Whole Earth Simulator
WattzOn Whole Earth SimulatorRaffi Krikorian
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-CommerceHiep Luong
 
iMouse
iMouseiMouse
iMouseeeshak
 
Introduction to Genetic Algorithms
Introduction to Genetic AlgorithmsIntroduction to Genetic Algorithms
Introduction to Genetic AlgorithmsAhmed Othman
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)Kapil Khatiwada
 
Genetic Algorithm by Example
Genetic Algorithm by ExampleGenetic Algorithm by Example
Genetic Algorithm by ExampleNobal Niraula
 
Genetic algorithm
Genetic algorithmGenetic algorithm
Genetic algorithmgarima931
 
Genetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial IntelligenceGenetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial IntelligenceSahil Kumar
 
Sixth Sense Technology
Sixth Sense TechnologySixth Sense Technology
Sixth Sense TechnologyNavin Kumar
 
Ppt on World Of Smartphones
Ppt on World Of SmartphonesPpt on World Of Smartphones
Ppt on World Of SmartphonesPulkit Syal
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 

Destaque (20)

Tower of hanoi
Tower of hanoiTower of hanoi
Tower of hanoi
 
I Mouse
I MouseI Mouse
I Mouse
 
13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case Study13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case Study
 
WattzOn Whole Earth Simulator
WattzOn Whole Earth SimulatorWattzOn Whole Earth Simulator
WattzOn Whole Earth Simulator
 
Genetic Programming in Python
Genetic Programming in PythonGenetic Programming in Python
Genetic Programming in Python
 
Factors Influencing Knowledge Management
Factors Influencing Knowledge ManagementFactors Influencing Knowledge Management
Factors Influencing Knowledge Management
 
Organisational impacts of Knowledge Management on People, Processes, Products...
Organisational impacts of Knowledge Management on People, Processes, Products...Organisational impacts of Knowledge Management on People, Processes, Products...
Organisational impacts of Knowledge Management on People, Processes, Products...
 
i-Mouse
i-Mousei-Mouse
i-Mouse
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-Commerce
 
iMouse
iMouseiMouse
iMouse
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Introduction to Genetic Algorithms
Introduction to Genetic AlgorithmsIntroduction to Genetic Algorithms
Introduction to Genetic Algorithms
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)
 
Genetic Algorithm by Example
Genetic Algorithm by ExampleGenetic Algorithm by Example
Genetic Algorithm by Example
 
Genetic algorithm
Genetic algorithmGenetic algorithm
Genetic algorithm
 
Genetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial IntelligenceGenetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial Intelligence
 
Sixth Sense Technology
Sixth Sense TechnologySixth Sense Technology
Sixth Sense Technology
 
Ppt on World Of Smartphones
Ppt on World Of SmartphonesPpt on World Of Smartphones
Ppt on World Of Smartphones
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
 

Semelhante a CyberTerrorism - A case study for Emergency Management

Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsPuneet Kukreja
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutionsNoah Kline
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 

Semelhante a CyberTerrorism - A case study for Emergency Management (20)

Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutions
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
L123
L123L123
L123
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

CyberTerrorism - A case study for Emergency Management

  • 1. Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo
  • 2. Presentation Developed By: Ricardo A. Reis ricardo.areis@unifesp.br ricardo.areis@gmail.com CCO, Federal University of São Paulo For use by: The International Consortium for Organization Resilience (ICOR)
  • 4. Cyberterrorism Prepare, Plan and Stay in Business Cyber Terrorism is defined as: “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman of the Technolytics Institute
  • 5. Cyberterrorism Prepare, Plan and Stay in Business Emergency management is defined as: “Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.” Extension Disaster Education Network (EDEN)
  • 6. Cyberterrorism Prepare, Plan and Stay in Business EMERGENCY MANAGEMENT LIFE CYCLE 1 - PREVENTION/MITIGATION 2 - PREPAREDNESS 3 - RESPONSE 4 - RECOVERY
  • 7. Cyberterrorism Prepare, Plan and Stay in Business  Case Study Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software. From Wikipedia, the free encyclopedia
  • 8. Cyberterrorism Prepare, Plan and Stay in Business  Case Study quot;A botnet is comparable to compulsory military service for windows boxesquot; Stromberg, http://www.honeynet.org/papers/bots/
  • 9. Cyberterrorism Prepare, Plan and Stay in Business  Cyberterrorism & Botnet's  Distributed Denial-of-Service Attacks  Spamming  Sniffing Traffic  Keylogging  Spreading new malware  Installing Advertisement Addons  Browser Helper Objects (BHOs)  Google AdSense abuse  Attacking IRC Chat Networks  Mass identity theft
  • 11. Cyberterrorism Prepare, Plan and Stay in Business quot;We have seen offers that will allow a customer to send a million emails for under $100,quot; Henry says. quot;If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement.quot;
  • 12. Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION  Compliance with Security Standards ISO 27001/27002  Think in Business Continuity and IT Infrastructure Recovery  Make a Computer Security Incident Response Team  Monitor IT Infrastructure  Internet Bandwidth  DNS Services  WEB Services  EMAIL Services  Pre-Contact with external agency  Upstream ISP  Regional Computer Security Incident Response Team (CSIRT)
  • 13. Cyberterrorism Prepare, Plan and Stay in Business  PREPAREDNESS  Development and practice of multi-agency coordination and incident command  Development and practice Incident Response Plan
  • 14. Cyberterrorism Prepare, Plan and Stay in Business  RESPONSE  Established Incident Command  Notify CSIRT  Active Incident Response Plan  Never use 100% of your CSIRT Team  Don't stop Triage Process  Communicate Major Events
  • 15. Cyberterrorism Prepare, Plan and Stay in Business  RECOVERY  If necessary active Business Recovery Plan  Document the Major Event  Communicate the end of Major Events  Update all Plans
  • 16. Cyberterrorism Prepare, Plan and Stay in Business A SIMULATED ? Distributed Denied of Service Attack
  • 25. Cyberterrorism Prepare, Plan and Stay in Business !!! REAL LIFE !!! Distributed Denied of Service Attack
  • 27. Cyberterrorism Prepare, Plan and Stay in Business The main targets have been the websites of: · the Estonian presidency and its parliament · almost all of the country's government ministries · political parties · three of the country's six big news organisations · two of the biggest banks; and firms specializing in communications
  • 28. Cyberterrorism Prepare, Plan and Stay in Business NUMBER’S Attacks Destination Address or owner 35 “195.80.105.107/32″ pol.ee 7 “195.80.106.72/32″ www.riigikogu.ee 36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee 2 “195.80.124.53/32″ m53.envir.ee 2 “213.184.49.171/32″ www.sm.ee 6 “213.184.49.194/32″ www.agri.ee 4 “213.184.50.6/32″ 35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance) 1 “62.65.192.24/32″ http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 29. Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 21 2007-05-03 17 2007-05-04 31 2007-05-08 58 2007-05-09 1 2007-05-11 http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 30. Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 17 less than 1 minute 78 1 min - 1 hour 16 1 hour - 5 hours 8 5 hours to 9 hours 7 10 hours or more http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 31. Cyberterrorism Prepare, Plan and Stay in Business Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 32. Cyberterrorism Prepare, Plan and Stay in Business BOTNET’S Command and Control
  • 33. Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
  • 34. Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
  • 35. Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION ( AGAIN !!!!!! )  Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies )  Make a Computer Security Incident Response Team ( Your First Response Team)  Pre-Contact with external agency  Upstream ISP  Regional (CSIRT)
  • 36. Cyberterrorism Prepare, Plan and Stay in Business Questions ?
  • 37. Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo