O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Próximos SlideShares
What to Upload to SlideShare
Avançar
Transfira para ler offline e ver em ecrã inteiro.

1

Compartilhar

Baixar para ler offline

Fantastic Beasts and where to hide from them

Baixar para ler offline

My presentation at IT Weekend Lviv 2017. Overview of modern cyber threat agents and their modus operandi. Practical recommendations on how to be a less likely cyber threat.

Fantastic Beasts and where to hide from them

  1. 1. Fantastic Beasts and where to hide from them Vlad Styran CISSP CISA OSCP Berezha Security
  2. 2. Imminence and Inevitability of an Incident
  3. 3. 2007 “You are going to be hacked.”
  4. 4. 2017 “You have been hacked.”
  5. 5. What’s up?
  6. 6. http://b0n1.blogspot.nl/2017/05/wannacry-ransomware-picture-collection_17.html
  7. 7. Who does it?
  8. 8. How do they do it?
  9. 9. –Sid Victim “I have nothing to hide.”
  10. 10. You could lose your stuff Crypto-ransom DDoS attacks Vandalism Physical destruction # rm -rf / «…Now I’m ready to play with `regedit`.»
  11. 11. –Johny Sysadmin “Backups are for losers.”
  12. 12. Someone could steal your stuff Hacking Social engineering Doxing Insider threat Sensitive data loss ✈ Physical theft/robbery Unattended access to equipment
  13. 13. –Amy Hacker “If I can touch your computer,
 it’s no longer your computer.”
  14. 14. Someone could change your stuff Transfer money Reset passwords Register services Corrupt data Seed illegal content Spread propaganda
  15. 15. –Donald Trump “Despite the constant negative press covfefe.”
  16. 16. How they do it?
  17. 17. –Eugene Kaspersky “Internet-weapons.”
  18. 18. Phishing
  19. 19. Phishing
  20. 20. Phishing
  21. 21. Phishing
  22. 22. Targets You Your family Your friends Your clients Your suppliers Your doctor Your lawyer Everyone you trust
  23. 23. Targets
  24. 24. Targets
  25. 25. Targets
  26. 26. –Alex Stamos “Appsec is eating security.”
  27. 27. Hall of Fail Web security Mobile security Binary s/w security Data transport security S in IoT stands for security
  28. 28. What could you do?
  29. 29. Bad news Remember III? You cannot avoid being hacked.
  30. 30. Not so bad news You can try to make it harder.
  31. 31. –Boris Sverdlik “Don’t click shit.”
  32. 32. Don’t click… it Don't click shit. Formally train your staff not to click shit. Demand all your business peers formally train their staff not to click shit. Teach your spouse, your kids, your parents, your friends not to click shit. https://github.com/sapran/dontclickshit
  33. 33. Password size matters Use passphrase instead of password. MiX ChAr ReGister & 4dd 50m3 d1g1t5 Make it long. Long means 20+ chars. Remember not more than 2 passphrases:
 use a good password manager. Turn on 2FA: twofactorauth.org
  34. 34. Update software Update your stuff. Update it right after the patch is available. Turn on autoupdate wherever it’s possible. Zero-days are rare, >99% of people get hacked using known vulnerabilities.
  35. 35. Build less insecure software No, you can’t do it yourself. Hire a security pro. Security is not an option you can offer your clients. It should be thought through from the very beginning, not added up in the end. Build it in, not bolt it on!
  36. 36. Build more secure software Go to OWASP.org: there is literally no better info source on Application Security. And it’s free! Train your staff to build less vulnerable software. Use frameworks with good security record whenever possible. And never, NEVER implement your own crypto!
  37. 37. Hack yourself first Let your staff do it and hire an ethical hacker. Start a Bug Bounty Program when ready. Phish your own staff to see if they're ready to withstand modern attacks. Don’t blame them if they fail. Let them tell everyone how it happened.
  38. 38. Remember Once it becomes harder to hack the crap out of you, they will skip to the next target. Once it becomes harder to hack the crap out of all of us, they will change their tactics. Keep up with the game and know how not to become a cyber victim. The game will change. Be the one who changes it.
  39. 39. Thank you slide Thank you
  40. 40. Q&A
  • IgorBeliaiev

    Jun. 12, 2017

My presentation at IT Weekend Lviv 2017. Overview of modern cyber threat agents and their modus operandi. Practical recommendations on how to be a less likely cyber threat.

Vistos

Vistos totais

346

No Slideshare

0

De incorporações

0

Número de incorporações

3

Ações

Baixados

1

Compartilhados

0

Comentários

0

Curtir

1

×