Craig Searle BAE Systems Detica: APT – Myths & malware
Upcoming SlideShare
Loading in...5
×
 

Craig Searle BAE Systems Detica: APT – Myths & malware

on

  • 644 views

Craig Searle, Operations Director (Australasia), BAE Systems Detica delivered this presentation at the 2013 Corporate Cyber Security Summit. The event examined cyber threats to Australia’s private ...

Craig Searle, Operations Director (Australasia), BAE Systems Detica delivered this presentation at the 2013 Corporate Cyber Security Summit. The event examined cyber threats to Australia’s private sector and focussed on solutions and counter cyber-attacks. For more information about the event, please visit the conference website http://www.informa.com.au/cybersecurityconference

Statistics

Views

Total Views
644
Views on SlideShare
643
Embed Views
1

Actions

Likes
0
Downloads
8
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Craig Searle BAE Systems Detica: APT – Myths & malware Craig Searle BAE Systems Detica: APT – Myths & malware Presentation Transcript

    • APT – Myths & Malware
    • WHY WE’RE HERE LOTS OF HYSTERIA AROUND THE “APT THREAT” HAS BECOME AN INTERNET BOOGEYMAN OF SORTS SOMETIMES AN APT IS SIMPLY A HACKER TAKING ADVANTAGE OF YOUR POOR SECURITY PRACTICES SOMETIMES AN APT SOMETHING MORE…. STRICTLY CONFIDENTIAL 2
    • AN APT BY ANY OTHER NAME? STRICTLY CONFIDENTIAL 3
    • CYBERCRIME != CYBERWARFARE •  Plenty of media coverage of the threat of Cyberwarfare •  Very little actual Cyberwarfare actually going on though –  Stuxnet in Iran –  Estonia…but not really –  Vitek Boden….Maroochydore •  Despite that Cyberwarfare is seen as a credible and present threat –  Akin to the ‘nuclear option’ a serious escalation in times of conflict •  Where does that leave us? –  Cyber Activism (Hacktivism) –  Cybercrime –  Good old fashioned espionage, either corporate or state sponsored –  (Un)fortunately for us the line between these three has become increasingly blurred STRICTLY CONFIDENTIAL 4
    • Cyber-­‐criminals   Cyber-­‐ac/vists   Cyber-­‐espionage   Serving  themselves   Serving  the  cause   Serving  the  na/on   5
    • Recent  examples   Cyber-­‐ac)vists   © BAE SYSTEMS DETICA 2013 6
    • Recent  examples   Cyber-­‐ac)vists   2011 June   September   2012 January   News  reports  of  ‘Syrian  Electronic  Army’  harassing  dissidents  on  Facebook,  spamming  an/-­‐ government  pages   Harvard.edu  site  hacked,  defaced   Al-­‐Jazeera  blog  hacked,  defaced   April   July   2013 LinkedIn  Blog  hacked,  defaced   TwiLer  account  of  Al-­‐Jazeera’s  Stream  programme  hacked,  messages  posted  cri/cising  Al-­‐Jazeera   and  The  Guardian   March   Human  Rights  Watch  site  &  TwiLer  account  hacked.  Mul/ple  other  TwiLer  accounts  hacked,   including  BBC  News  and  Deustche  Welle   April   Associated  Press  TwiLer  account  hacked,  false  reports  of  aLack  on  white  house  cause  DOW   Jones  to  temporarily  crash.  11  Guardian  TwiLer  Accounts  hacked   May   The  Onion  hacked   © BAE SYSTEMS DETICA 2013 7
    • State-­‐of-­‐the-­‐na)on   Cyber-­‐espionage   NYT  hacked  aVer  publishing  ar/cle  en/tled:   “Billions  in  Hidden  Riches  for  Family  of  Chinese   Leader”   WSJ:  “It's  a  plain-­‐old  crime,  undertaken   by  a  government  that  fancies  itself  the   world's  next  superpower  but  acts  like  a   giant  thievery  corpora/on.”   © BAE SYSTEMS DETICA 2013 8
    • State-­‐of-­‐the-­‐na)on   Cyber-­‐espionage   The  US  goes  on  the  offensive:   Chinese  hacking  crew  go  quiet:   © BAE SYSTEMS DETICA 2013 9
    • State-­‐of-­‐the-­‐na)on   Cyber-­‐espionage   Consistent  communica/on  and  cipher  rou/ne:   “De/ca  researchers  have  obtained  a  copy   of  malware  that  has  all  the  hallmarks  of   being  craVed  by  this  espionage  group.”   Targe/ng  US  defence  related  conference:   Recently  compiled  sample:   © BAE SYSTEMS DETICA 2013 10
    • A DAY IN THE LIFE OF AN APT •  APT is a business •  Like any business they have working hours, customers, suppliers, partners and a fully functioning supply chain •  Business is good, really good! STRICTLY CONFIDENTIAL 11
    • A PROFESSIONAL APPROACH
    • PORTALS
    • PORTAL STRUCTURE
    • PORTAL MANAGEMENT
    • ENABLING SERVICES
    • MALWARE AND MAYHEM ::  Campaign  da/ng  back  over   5  years   ::  Targeted  government   ministries,  embassies,  and   technology  companies   ::  Advanced  code-­‐base  of  over   100  dis/nct  modules  for   stealing  specific  data   ::  Cyrillic  language  sebngs,   and  Russian  words  in  the  code  
    • “EVERBODY’S WORKING FOR THE WEEKEND”
    • Another Persistent Threat Cyber-­‐war  on  Korean  Peninsula?   “The  computer  networks  of   three  broadcasters  -­‐  KBS,  MBC   and  YTN  -­‐  and  two  banks,   Shinhan  and  Nonghyup,  froze  at   around  2pm  local  /me.  Shinhan   said  its  ATMs,  payment   terminals  and  mobile  banking  in   the  South  were  affected.  TV   broadcasts  were  not  affected.”   Friday 15 March 2013! Wednesday 20 March 2013!
    • Characteris)cs   Prevalence   THE 4CORNERS EFFECT “There  are  two  types  of  CEO,  those  that  know  their  systems  are  being  hacked  -­‐   and  those  that  don’t”,  Ian  Livingstone,  CEO  of  BT   “There  are  now  three  certain/es  in  life  -­‐  there's  death,  there's  taxes  and  there's   a  foreign  intelligence  service  on  your  system”,  MI5  Head  of  Cyber   •  •  •  •  •  •  Asymmetric  –  much  easier  to  aLack  than  defend   Anonymous  –  easy  to  hide  or  deny   Global  –  can  aLack  anyone  from  anywhere   Trans-­‐jurisdic/onal  –  loca/on  of  incidents  are  not  obvious   Large  and  complex  –  billions  of  people  and  webpages  interac/ng   Dynamic  –  millions  of  bright  people  inven/ng  new  services  or  aLacks   20
    • THE 4CORNERS EFFECT •  Increasing public accounts of industrial espionage using ‘cyber’ as an attack vector •  APTs are exceedingly skillful at keeping a low profile - Not apparent you have a problem until it is too late •  Increasing attacks on the supply chain due to: - Weaker links / softer targets than the end entity - Ability to achieve deeper and wider penetration Do  any  of  your  customers  think  that  this  ihis?   Which  of  your  vendors/suppliers  is  t s  you?   21
    • ANOTHER WAY TO THINK OF APT •  Consider APT to be a business, which they are •  They have now evolved to become a hyper-aggressive competitor, always on the lookout to impinge upon your IP, your products/services and your brand •  Now how would you counter that threat? –  Changes board focus, has now become a business risk not an IT risk •  You might consider additional control of your crown jewels •  You would likely also want better notification of what your competitor is doing and where your IP is appearing •  Also need the ability to respond effectively and efficiently in the event of a breach STRICTLY CONFIDENTIAL 22
    • ORGANISATIONAL IMPERATIVES •  Whatever the business, there is always a need to adapt in order to grow and build value New  customers   More  online  services   More  personal  data  being  collected   and  stored   New  partners   New  IP  and  markets   Mobilising  and   globalising  delivery   More  connec/vity  between   systems   More  sensi/ve  commercial   informa/on   More  partners,  customers  and  clients   More  mobile  and  flexible  working   …but  the  threats  and  possible  impacts  on  business  are  con/nuously  evolving…  
    • …but  threats  and  impacts  on  business  are  constantly  evolving…   Financial  loss   Physical  damage   Malicious  insiders   Business  disrup/on   Loss  of  compe//ve  advantage   Vulnerable  partners   Reputa/onal  damage   Economic  damage   External  threats   Endangering  na/onal  security   …and  the  aLacks  reported  in  the  press  are  just  the  /p  of  the  iceberg   24  
    • PLAN FOR RESILIENCE Understanding  and   managing  risk  and  preparing   for  the  risks  we  wish  to   mi/gate   Protec/ng  key  informa/on   and  systems  from  aLack  and   reducing  the  impact  of   aLacks   Prepare   Respond   Managing  the  consequences   of  an  aLack  to  minimise  its   impact   Protect   Monitor   Monitoring  systems  to   detect  and  frustrate   aLackers   25  
    • IN CLOSING •  Hype •  Know your enemy •  A business problem •  Plan for resilience Legal Disclaimer STRICTLY CONFIDENTIAL 26
    • QUESTIONS ? Legal Disclaimer STRICTLY CONFIDENTIAL 27