3. #cloudsec
Under Armour: one of the
biggest hacks in history
Number Of Records
Exposed: 150 Million
in March data from
some 150 million
MyFitnessPal diet and
fitness app accounts
had been compromised.
Hacked: account user
names, email
addresses and
scrambled passwords
7. #cloudsec
Known threats, new variations
Smaller cloud operators becoming more attractive targets
with massive data, higher vulnerability
DDoS attacks
Phishing attacks
Malware
Ransomware
How to protect corporate and customer information from
data thieves?
10. #cloudsec
With the consequences & implications
of cyber attacks getting bigger,
how confident are you in your
cybersecurity strategy?
11. #cloudsec
New technologies are escalating
the rapidly changing arms race
between attackers and defenders.
What do emerging
threats look like?
12. Weaponization of AI and machine learning
means faster attacks
• Vulnerability discovery using AI tools
• Exploitation: quickly generate exploit variants
• Post-exploitation (discovery and exploitation of other
vulnerabilities inside)
• Data theft: AI-powered data search and classification
13. Cyberattacks powered by AI
makes prevention more difficult
- AI can create more convincing phishing email customised to
human
- AI-powered malware design
- study patterns of user behavior within a network
- automated bot attacks
15. Cyber-physical attacks:
The Internet of Things risk
Wide open for hackers: unsecured older
devices
that may never be updated
- connected video cameras
- home appliances
- smartwatches
- other IoT devices
Are the large volume of data encrypted?
Are the firmware updated?
Are the devices compromised to
become part of botnet?
16. The Booming Cybercrime Economy
study finds cybercriminal revenues hit
US$1.5T annually
US$860 billion – Illicit/illegal online markets
US$500 billion – Theft of trade secrets/IP
US$160 billion – Data trading
US$1.6 billion – Crimeware-as-a-Service
US$1 billion – Ransomware
Source: Study by researcher Dr. Michael McGuire for Bromium (Apr 2018)
17. Cybercrime-as-a-Service
Hackers for hire
(In USD)
Zero-day Adobe exploits, up to $30,000
Zero-day iOS exploit, $250,000
Malware exploit kit, $200-$600 per exploit
Blackhole exploit kit, $700/month or $1,500/year
Custom spyware, $200
SMS spoofing service, $20 per month
Hacker for hire, around $200 for a “small” hack
Source: Study by researcher Dr. Michael McGuire for Bromium (Apr 2018)
18. Cybercrime-as-a-Service
Hackers for hire
(In USD)
Zero-day Adobe exploits, up to $30,000
Zero-day iOS exploit, $250,000
Malware exploit kit, $200-$600 per exploit
Blackhole exploit kit, $700/month or $1,500/year
Custom spyware, $200
SMS spoofing service, $20 per month
Hacker for hire, around $200 for a “small” hack
Source: Study by researcher Dr. Michael McGuire for Bromium (Apr 2018)
19. #cloudsec
Keep up with the attackers:
investment & execution
Invest in innovative technologies to supplement human-
centric activities
Assessing evolving risks and detect threats via big data
analytics
Closing the cybersecurity skills gap by training