While each fraudster specializes in a different practice, those that participate in the various interactions in the fraudster underground share the following: – Intent – Each fraudster has two main intentions—to make as much money as possible and avoid capture. These are the two characteristics that can be universally applied to every individual fraudster. – Means – Both knowledge and tools can be characterized as the means that allow a criminal to commit acts of fraud. While the means used to commit fraud may differ by the individual fraudster, they all share this common characteristic. By allowing fraudsters to communicate, share best practices and trade tools, the underground serves as a conduit that fosters the continued growth of online fraud and provides a direct impact on the means each fraudster has at his disposal to launch an attack. The underground provides fraudsters with access to the knowledge and tools needed to commit fraud and the ability to purchase or trade services for whatever he is missing. – Target – Every fraudster has a target. A target may be as narrow as a single financial institution or as wide as “U.S. merchants.” Even fraudsters who are not involved in actual cashout activities have certain targets. For example, a fraudster that sells “dumps” may sell credentials issued by U.S., Canadian and European financial institutions. Fraudsters that sell infrastructure, such as tools, tend to have the widest targets while fraudsters that deal with cashout operations tend to have the narrowest.
Cyber threats and concerns International level National level Organisational level Individual level• Cyber crime & cyber • Cyber crime & terrorism • Website intrusion/ • Social Engineering terrorism • Attacks on Critical defacement • Email hacking &• Deliberate and Infrastructure • Domain stalking misuse anonymous use of • Web defacements • Malicious Code • Identity theft & ICTs for attacks on • Website intrusion and • Scanning and probing phishing critical Infrastructure malware propagation • Financial scams • Denial of Service &• Unhindered growth • Malicious Code & spread • Abuse through Distributed Denial of of botnets of botnets Service emails• Absence of • Scanning and probing for • Targeted attacks • Abuse through Social international Cyber espionage • Phishing Networking sites mechanism to • Denial of Service & • Data theft • Laptop theft facilitate information sharing & counter Distributed Denial of • Insider threats action Service attacks • Financial frauds• Risk of attack • Supply chain integrity misperception due • Technical & legal inability to uncertainty of for positive attack positive attack attribution attribution
Actions for Cyber Security Level Actions Impact Security Strategy, ICT Enabler for security,Perspectives for effective Government policies & laws, CMP, compliance & assurance,security of cyber space level Assurance framework adequacy of investment Strategic Posture improvement, Critical CMP, Security Policy, enhancing capability to Sector level Drills, TVM Legal detect & resist attacks Protection Threat monitoring, Rapid Prevention of occurrence & ISP/TSP level response, preventive & reoccurrence of attacks Crisis response and quarantine resolution Adequacy of skills & Professional Security skills and competence for cyber Compliance level competence security Education & Awareness Honey pots, sensors, Actionable security Enforcement Technical intrusion detectors, intelligence for proactive & level preventive actions perspective traffic scanning, etc. Collaboration Individual Awareness campaign, Enhanced user awareness, trainings, security responsible behavior & Data Security and level messaging actions Privacy International UNGGE, CSCAP, Trusted Security ecosystem through Computing, ITU a set of cooperative & level collaborative actions
Crisis Management & Emergency Response - Role of CERT Level Actions ImpactCERT- Agency for incident Incident Alert, advice, MoU, & Timely alert for preventiveresponse prevention collaboration & proactive actions Collection, analysis & Tailored advice for specific Incident Honey pots, sensors, dissemination of prediction filters, etc actions by critical sector information Response & Incident reporting, Forecast and alerts of Helpdesk, incident recovery assistance, knowledge tracking mechanism incidents assistance repository Emergency measures Crisis mgmt & CMP implementation & Improved readiness of for incident handling emergency drill critical sectors response Coordination of response activities Policy & Policy, best practices, Improved security posture, assurance assurance over minimal audits & assessments Guidelines, advisories, framework security baseline vulnerability notes, Investigation, Forensic support, Investigation support, research/white papers analysis & pattern analysis, LEA speedier trial of criminal & practices forensic support cases Better preparedness, Training & Training of security adequacy & sufficiency of awareness professionals competence
Security of Cyber Space - Stakeholders NIB NCMC NSCS MHA MOD DIT DOT NIIPC NDMA NIC STQC CCA CERT-In Sectoral CERTS of key critical sectors TSP/ISPs Incident response teams of critical sector organisations (CSIRTs) General user community
Security collaboration efforts Detection Analysis Dissemination & Support Department of Department of Information ISP Hot Liners Information Technology Technology Major ISPs Foreign partners Private Sectors Home Users Analysis Dissemination Detect Press & TV / Radio Recovery
Cyber Security – Force multiplier effect Conformity assessment framework 4 Training and Skill 6 Security cooperation 3 Development (PPP model) with industry(NASSCOM Security and other such agencies Test bed ISO 27001 ISO 15408 IT manpower security ISMS Process Product training posture /system security And Verification certification Testing Cyber Forensic Awareness qualification Skill development Of critical LEA (PPP Model) Security cooperation Short Term & Mass education & partnership sectors Technical security against compliance courses With industry latest verification Security portals threats Creation of skills? & E-forums Reporting & analysis Of incidentsTest bed for cyber Security survey &security drills Research Awareness Empanelment of IT& empanelment Security auditingsupport organizations How do we reach all ? Enabling Trust through Cyber Are we doing right ? security Assurance CERT-IN : Enabling protection & Security compliance Resistance to cyber attacks thro’ 2 5 1 Cyber Laws – IT Act support and research Security incident prediction, compliance and enforcement & development Core and thrust areas Development MoU with Info sharing Tech security guidelines of tools vendors & & international , alerts, advicesIT Act 43A other CERTs Co-operation Mitigation Cybercompliance Compliance Annual incidentsRequirement on guidelines compliance ISMS implementation and compliance Crisis management & Auditing Securitydata security & & standards & reporting Assessment tool development & emergency response training,privacy protection 70B, 70, 70A deployment security tools portal What need to be done ? How do we implement ISMS ? Are we safe ? What if something goes wrong ?
Security Assurance LadderSecurity assurance emphasis depends on the kind ofenvironment • Low risk : ‘Awareness’ – know your security concerns and follow best practices • Medium risk: ‘Awareness & Action’ – Proactive strategies leave you better prepared to handle security threats and incidents • High risk: ‘Awareness, Action and Assurance’ – Since security failures could be disastrous and may lead to unaffordable consequences, assurance (basis of trust & confidence) that the security controls work when needed most is essential.
Cyber Security - Final Message“Failure is not when we fall down, but when we fail to get up”