Your SlideShare is downloading. ×
Recent cyber-attacks-akash-mahajan-presented-at-cts2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Recent cyber-attacks-akash-mahajan-presented-at-cts2011

1,207
views

Published on

There has been a rash of audacious cyber-attacks against large consumer websites and critical infrastructure assets of various countries. In this talk we will look at the technical weaknesses that …

There has been a rash of audacious cyber-attacks against large consumer websites and critical infrastructure assets of various countries. In this talk we will look at the technical weaknesses that made these possible and what really happened in these cases.

When we understand the realities behind the hype of main stream media we can truly begin to understand the challenges in securing computing infrastructure whether it is for large consumer websites (Sony) or a defence contractor (Lockheed Martin) or an actual nuclear processing plant in Iran.

Those who attend will learn what really happened in the some of the most audacious cyber-attacks and what does it mean for anyone who is tasked with protecting computing assets.

Published in: Technology, News & Politics

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,207
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Recent Cyber Attacks
    Akash Mahajan
    Presenting at CTS-2011
  • 2. Why discuss the recent attacks?
    It is always good to discuss because
    To get an idea who is vulnerable and how they are getting attacked and why.
    Because you might not realize this but there are people out to
    Steal your confidential information.
    Maybe for sharing with Wikileaks
    Teach you a lesson for some absurd reason
    Use you as a pivot to reach some other network.
  • 3. List of Attacks
    Lets look at recent and devastating attacks
    Sownage
    The online hacking of user data on Sony websites
    Stuxnet
    A high-tech computer worm written for MS Windows and specific Siemens software
    RSA SecureID
    Most popular 2-factor authentication mechanism
  • 4. Attack number 1 - Sownage
    Sony Playstation Network and others
    SQL Injection
    By Lulzsec
    Data Theft, Loss of Face, Network went down for over a month
  • 5. Attack number 2 - Stuxnet
    Against Iran's nuclear enrichment plant - Natanz
    Computer worm with 6 0days in Windows for a specific hardware PLC
    Unknown, Some experts believe this kind of sophisticated attack can only be executed by State actors like Israel and the US
    Actual physical hardware damaged. Allegedly program stalled for over 8 months
  • 6. Attack number 3 – RSA SecureID
    Against Lockheed Martin / RSA
    APT, an email sent to finance team with infected excel file.
    Unknown Hackers
    Source Code Theft, Loss of face and confidence, Paying customer at risk because RSA kept denying this
  • 7. Why Pick These Three?
    Three different types of targets
    Sony PSN is a consumer giant with about 100 million user accounts.
    Iran’s nuclear enrichment plants are critical infrastructure of a sovereign nation.
    RSA Secure ID is the market leader for security authentication products.
  • 8. What was the motive ?
    Attackers were after different things in all attacks
    Case 1 - Embarrass the company, make fun of its lack of security. Steal user info for profit.
    Case 2 -Take out the nuclear enrichment plant for delay and strategic damage without an actual physical attack
    Case 3 - Steal the code, algorithm and then go after customers who are vulnerable
  • 9. How did they do it?
    SQL Injection is the most common flaw in web applications.
    The worm was programmed to copy using USB sticks taking care of Airgaps!Difficult part is to make sure infected USB is used in the network.
    Infected file sent to accounts department. From there locate server with source code.
  • 10. Were these preventable?
    Sownage
    SQL Injection is the 1st flaw mentioned in OWASP TOP 10 critical flaws.
    Stuxnet
    Allowing USB flash drives in such a critical network place is an indicator of bad physical security.
    RSA Secure ID
    A Host Based Intrusion Prevention Software on the version control server, maybe!
  • 11. So what happens next?
    Cyber warfare is just another word for taking over computing infrastructure, accessing confidential data and using it when it makes sense strategically.
    Sometimes in the fog of (cyber) war, the enemy might seem like a bunch of 15 year olds learning to hack against your servers but it is possible that they are being controlled by someone else
  • 12. Why talk about warfare with you?
    You all know that space is where the next race for fuels is going to happen.
    Some countries realize that dominating the cyber space of another country now will help them gain competitive advantage later
    These recent cyber attacks allow us to realize
    Lot of our infrastructure is vulnerable
    While attribution is difficult, understanding that we might already be under attack is important.
  • 13. Questions?
    Any questions
    Akash Mahajan ( google me)
    Web Security Consultant, null Founderand BLR Chapter Lead (http://null.co.in)
    Twitter - @makash
    Website - http://akashm.com
    Presentations - http://www.slideshare.net/akashm
    @makash | akashm.com - That Web Application Security Guy

×