SecureWorld Seattle Vulnerability Mgmt Nov 11 2015
Cyber Crime Seminar Jan 2015
1. Cyber Security 2014
Update
Kevin J. Murphy, CISSP,
CISM, CGEIT
January 12, 2015
http://www.linkedin.com/pub/kevin-murphy/5/256/863
2. Agenda
Cyber Crime
Cyber Warfare
Government Help
Discussion
Note: Intelligence verses Evidence
6/19/2015 2
3. Cyber Threats - Definitions
Cyber Crime
$$$ Motivated- Credit cards, bank
accounts
Non $$$ - Denial of Service (DDOS)
APT = Nation State Espionage
Steal your Intellectual Property
Cyber war = Destructive
Geopolitical Conflict
Economic Attack
Element of modern warfare
6/19/2015 3
4. 2014 Cyber Crime Attacks
Banking Data Breaches
2014 Verizon Data Breach Investigations
Report analyzed 1,367 data-loss
incidents last year, they found that 465
were financial institutions
Data Breach Losses Top More Than 78
Million Records to Date in 2014
6/19/2015 4
6. 2014 Cyber Crime Attacks
Retail Data Breaches
Point of Sale (POS) system
vulnerabilities
Reporting requirements under GLB Act
Some of the victims
Target, Home Depot, Michaels, Neiman
Marcus, Jimmy Johns, Staples, Dairy
Queen, PF Chang’s, etc. etc.
Analysis?
Look at your 3rd Party attack vectors
Understand your POS vendors security
Plans6/19/2015 6
8. 2014 Cyber Crime Attacks
Home Depot – a different nuance
Credit card’s were offered for sale on a
website that traffics in stolen card data
Cards presented as:
"American Sanctions”
"European Sanctions”
Analysis?
Cyber Crime is now Geopolitical
6/19/2015 8
9. 2014 Cyber Crime Attacks
Sony– Nation States enter Cyber Crime
N Korea - Denial of Service to achieve a
political agenda
Someone counterattacks N Korea
Analysis:
When does a cyber attack become an act
of war?
No international agreement
What is a legal response to a nation-state
attack on a public company?
6/19/2015 9
10. 2014 Cyber Crime Attacks
Sony–Analysis:
Does Sony have a legal right to
counterattack?
The US Dept. of Defense has the
Constitutional charter to provide for the
common defense
Can the DoD defend US companies?
War was traditionally between nation
states until recently:
Taliban
ISIS
Cyber Warfare
6/19/2015 10
11. Cyber warfare is dangerous
Potential for huge economic impact
Geopolitically motivated
No cold-war type “rules”
No international agreement
Anonymous attacks have no limits
and pose little risk to the attacker
6/19/2015 11
12. Welcome to the Internet World
Low barriers to entry.
Any country willing to invest in a modern
data center and to train its staff can join in
this high tech world of modern espionage.
13. Welcome to the Internet World
The speed, accuracy, and volume of
internet-based intelligence collected by
foreign intelligence organizations has
increased almost exponentially compared
to the previous Cold War methods.
The cost and risk associated with this
method is dramatically lower than that of
the Cold War.
Low-cost, low-risk ,and high-return
espionage is very lucrative
14. Cyber War verses the Cold
War model
No Détente.
Anonymity—nation states that can operate
in the cyber world with anonymity will also
act far more aggressively and destructively
if the attack cannot be attributed to any
particular actor.
This creates a very dangerous and
potentially very destructive cyber
battlefield of anonymous attackers.
15. 3rd world Cyber attacks
Syrian Electronic Army
6/19/2015 15
What did they learn by this reaction?
17. Understanding Your Attacker
China gets the most press about APT
mainly because its methods of attack seem
to indicate that they really don’t care that
you know they are attacking you.
After all, what can you do about it?
Eventually all industrialized nations will
have some sort of capability as a
necessary part of competing in a global
world.
18. The Legal Landscape
International laws or agreements will not stop
APTs. It is just too lucrative and everyone is
doing it.
Physical attack = physical evidence
APT attacks leave a great deal of “reasonable doubt”
to attribute to the attacker
Legal Extradition—If you have evidence, cases
can only be reliably brought upon an attacker in
your own country.
It is unlikely that you will be able to take legal
action against a state-sponsored attack group or
a nation itself.
19. Legal Landscape
Legal rulings in both the US and the EU
The major software and hardware vendors must share
data about their products so the competitive
landscape remains fair for all vendors and to preserve
consumer choice.
Some software vendors must document all operating
system APIs and have the API technical details
available for use by application -layered products
including competing products.
What was designed to benefit consumers through free
market competition has also provided potential attackers
with a wealth of information about your systems technical
details.
20. Government Help
Governments only have three tools to help:
Intelligence on the threat
The legal process
Diplomacy
Counter Attack?
21. Government Help
Intelligence on the Threat:
Intelligence on the threat is limited until an
attack has actually occurred. That is a bit after
the fact to protect the enterprise.
Diplomacy:
Cyber espionage is just too lucrative for the
attacking governments to come to any global
agreement to limit it.
23. Resources
Books
Economics & Strategies of Data Security, Daniel Geer Jr.
http://www.amazon.com/Economics-Strategies-Data-Security-
DANIEL/dp/B001LZM1BY
Papers
2014 Data Breach Investigations Report
http://www.verizonenterprise.com/DBIR/2014/
The Inevitability of Failure: The Flawed Assumption of Security in Modern
Computing Environments, Peter A. Loscocco, Stephen D. Smalley,
Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell;
National Security Agency
http://www.windowsecurity.com/whitepapers/The_Inevitability_of_Failure
_The_Flawed_Assumption_of_Security_in_Modern_Computing_Environ
ments_.html
Contact Me:
http://www.linkedin.com/pub/kevin-murphy/5/256/863
6/19/2015 23
Editor's Notes
Russian Political Sympathizers? Cyber Crime is now Geopolitical
Russian Political Sympathizers? Cyber Crime is now Geopolitical
Russian Political Sympathizers? Cyber Crime is now Geopolitical