Presentation delivered for Management Development Programme on "Information and Cyber Security" at Institute of Public Enterprise, Hyderabad on 12th September, 2015.
ITSD Division Overview and Cybersecurity Threat Landscape
1. Information Technology Services Division , ITSD
- Abhinav Biswas
Alt. CISO, NKN Data Centre,
Electronics Corporation of India Limited, ECIL
Department of Atomic Energy.
2. Information Technology Services Division , ITSD
• Corporate Threat Landscape
• Signature Based
• Analytics based (Sandboxing & GTI )
• Log Correlation & Big Data Analysis
• Nessus, Acunetix
3. Information Technology Services Division , ITSD
Gathers information secretly and sends to another entity
without the user's consent.
Stops from using your PC until you pay a certain
amount of money (the ransom).
e.g. Encryption Ransomware, CryptoLocker
Psychological manipulation of people into
performing actions or divulging confidential information.
Act of attempting to acquire
information such as usernames, passwords, and credit card details by
masquerading as a trustworthy entity in an electronic communication.
Voice-over Phishing
4. Information Technology Services Division , ITSD
A weakness which allows an attacker to reduce a system's
information assurance.
A possible danger that might exploit a vulnerability to breach security
and thus cause possible harm.
A piece of software or a sequence of commands that takes advantage of
a bug or vulnerability.
An attempt to destroy, expose, alter, disable, steal or gain unauthorized
access to or make unauthorized use of an asset.
(A realized Threat using an Exploit on Vulnerability is an Attack.)
An observable change to the normal behavior of a system, environment,
process, workflow or person.
An event attributable to a root cause. All incidents are events but
many events are not incidents.
(An Attack is a series of security incidents.)
5. Information Technology Services Division , ITSD
- Advanced Persistent Threats (APT)
- Zero-day Attacks (ZDA)
- Smart Mobile Malware (SMM)
- Web-based Plug-in Exploits (WPE)
- Free availability of Root-kits, SpamBots, Phishing Tools etc.
- Digital Currencies (BitCoin) & Anonymous Payment Services.
- Strategic Government institutions.
- Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/
Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
7. Information Technology Services Division , ITSD
7
Social
Media
Email
Mobile
Attack Vectors
Web
Redirects
Malware
Recon
XSS
Dropper
Files
C
n
CExploit
Kits
Phishing
8. Information Technology Services Division , ITSD
• 1a) Identify target
• 1b) Determine browsing
habits
• 2) Select favorite website
• 3) Compromise and host
exploits
• 3)Drop malware
• 4)Determine target profile
• 4)Wait for opportunity to
further compromise
9. Information Technology Services Division , ITSD
Internet
Customer
Attacker
Vuln. ADSL Router
Changes the DNS server entries in the
modem to rogue DNS servers and changes
the password of the DSL router
Rogue DNS Server
Attacker scans for the DSL router and logs onto
Admin console via WAN interface by exploiting
vulnerabilities in the router firmware or
configuration flaws; or by infecting connected
computer
10. Information Technology Services Division , ITSD
3 FORWARD FACING ONLY,
LACK OUTBOUND PROTECTION
No contextual analysis of Internal Threats.
2 LACK OF REAL-TIME
INLINE CONTENT ANALYSIS
No Byte-Range Data Packet Analysis for
Data Loss/ Theft Detection
4 LACK OF ADVANCED ANALYTICS
& ANOMALY DETECTION
No Sandboxing in existing UTMs, NGFWs.
No SSL packet inspection.
1 PRIMARILY BASED ON
SIGNATURE & REPUTATION
Signature history cannot keep up with the
dynamic future of threats
17. Information Technology Services Division , ITSD
- Concept of the network perimeter evaporates
- No Physical Segregation across VMs
- Web access to all Resources
- VM to VM vulnerability exploitation (Colocation of VMs)
- Easy Reconfiguration (Lack of Persistence)
- Still a hot research topic
- Instance Isolation in Software Defined Data Centre (SDDC)
- Homo-morphic encryption based virtual disks.
- Randomized Memory Mapping & Distributed Scheduling.
20. Information Technology Services Division , ITSD
• Use Legal software only
• Keep upto-date patches and fixes of the Operating System and
Application Software
• Exercise caution while opening unsolicited emails and do not
click on a link embedded within
• Open only email attachments from trusted parties
• Use latest browsers having capability to detect phishing/
malicious sites
• Harden the Operating System
• Whitelist the Applications
• Deploy software for controlled use of USB Pen Drives.
21. Information Technology Services Division , ITSD
“Let us not look back in anger or look forward
in fear, but look around in awareness.”
23. Information Technology Services Division , ITSD
Abhinav Biswas
http://abhinav-biswas.appspot.com
Alt. CISO, NKN Data Centre,
ITSD, IT&TG, ECIL Hyderabad,
Electronics Corporation of India Limited, Dept. of Atomic Energy.
Editor's Notes
Security Challenges faced by todays security administrators.
APT – New model of targetted attacks.
Tradition Defense – Why they fail in present scenario?
Focus on new technology – SIEM
Virtual – New threats emerging from adoption of VMs
VA/PT – Why they are necessary?
I assume, - Aware of basic terminologies like, malware, virus, trojans, rootkits etc.
Spyware - New form of malware. – Very stealthy in nature with No symptoms
Social Engg – People are much more social online than offline becoz of platforms lik FB, watsapp.
- friendly conversation, digging out sensitive info.
Spear-Phishing mail – Online SBI
Vishing – Abrupt way of psychological manipulation – Call from MD & send mail
APT – Targetted attacks which specific goals
0-day - vulnerabilities which are not yet detected or no patch available. Bad guys.
Mobile – App Permissions : Chat App - access to mail, browsing history etc.
- Not save Payment credentials.
Plugins- Wordpress – developed by third party – not tested
Free – Tools like Metasploit
Stuxnet – Designed by america in collaboration with Israel for Iraninan nuclear reactors- 0-day flaws of Siemens PLC software
- Increased the spinning speed of centrifuges and got burnt, whole plant came down
APT – Sophisticated attack targetted to a specific organisation for steal confidential info like IP
Not 1 or 3 people – Organisation of people working together
It’s not just spread malware and say spread it to 10 million people if there’s a 1% hit that’s fine no.
Specific to a particular system or person.
Drip data – bit by bit – different locations
Strength of a chain depends on weakest link.
Weakest link is human, lets see how.
Stealthy
Can span across a duration of days to years.
Common cold vs Cancer
Stuxnet- PLC technician went inside with laptops which were infected. They were not aware.
Other ways, - Throw Pendrives.
Browser fingerprinting.
Ads based on browsing history.
Discounts on product.
www.ipeindia.org
How DNS works?
How Antivirus works?
Only Packet Headers Inspection.
Insider threats. Bad guy with malicious intention.
Mail Administrators can check mail if not encrypted.
3 aspects of Data – CIA
App – Unnecessary services & ports
Network – NAC, NMS, ECIL SNAS
No access to datacentre, DC & DR security
Some advanced techniques.
Content – Not just headers. Full packet inspection
Video - Websense
SSH, Remote shell login
Drip Data
Apart from them, New Advanced Technologies
Market leaders – HP & IBM
Both Good and Bad guys use it.
Ethical hacking.
System integrity – Tripwire
VPN UTM
How much is it worth investing>
Criticality of data.
Famous Quote – “If someone steals your password, you can change it. But if someone steals your thumbprint, you can’t get a new thumb.”