SlideShare a Scribd company logo

Cybersecurity.pptx

Download as PPTX, PDF
F
Fwem

OceanLotus is a Vietnamese threat group formed in 2014 that conducts cyber espionage targeting organizations of interest to the Vietnamese government. It employs social engineering and exploits vulnerabilities to gain access to targets' systems and exfiltrate data. OceanLotus has targeted dissidents, journalists, foreign governments, and private industries in Southeast Asia. It leverages commercially available tools and custom malware to conduct operations aligned with Vietnamese state interests.

Technology
1 of 17
OCEANLOTUS A CYBERSECURITY THREAT ACTOR
OCEANLOTUS OceanLotus is also known by many other names including APT32, APT-C-00, SeaLotus. OceanLotus is a hacking threat group formed in 2014 and based in Vietman.
OCEANLOTUS Based on the calibre of OceanLotus’ targets; the hacking techniques employed; and also their success rate, this threat actor is amply supplied with hackers with high-level skills and resources.
OCEANLOTUS According to The MITRE Corp. (2021), OceanLotus’ victims range from multiple private sector industries, and foreign governments to dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
OCEANLOTUS OceanLotus' primary motivation is cyber espionage. This threat actor continually targets organizations of interest to the Vietnamese government for surveillance and data-exfiltration purposes.
OCEANLOTUS According to Carr (2017), FireEye assesses that OceanLotus leverages a unique suite of fully- featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests, manufacturing, consumer products, and hospitality sectors.
OCEANLOTUS Based on the Lockheed Martin Kill Chain framework, OceanLotus conducts its reconnaissance by identifying its specific targets. These are mainly organizations of "special interests" to the Vietnam government.
OCEANLOTUS Once they have identified their targets, they move on to weaponization by preparing and determining how they will attack that particular target - This may include coupling malware and exploit into a deliverable payload.
OCEANLOTUS According to The MITRE Corp. (2021), one of the techniques utilized by OceanLotus is Enterprise T1083 (File and Directory Discovery) - this technique, once deployed, grants OceanLotus the backdoor capability to list files and directories on a targeted machine.
OCEANLOTUS Once OceanLotus determines the weaponization route, it then moves on to delivery and exploitation. This enables it to gain access to it target’s systems by exploiting the target’s system's vulnerability.
OCEANLOTUS This is then followed by installation. For instance, Carr (2017) stated that OceanLotus has been known to leverage ActiveMime files that employ social engineering methods to entice the victim into enabling macros. Upon execution, the initialized file downloads multiple malicious payloads from remote servers.
OCEANLOTUS Once OceanLotus completes installation on their victim's system, then it can command and control its victim's system - it can conduct its espionage activities amongst other malicious objectives.
OCEANLOTUS In 2017, social engineering content in lures used by the OceanLotus provided evidence that they were likely used to target members of the Vietnam diaspora in Australia as well as government employees in the Philippines (Carr, 2017). In 2014, OceanLotus leveraged a spear-phishing attachment titled “Plans to crackdown on protesters at the Embassy of Vietnam.exe," which targeted dissident activity among the Vietnamese diaspora in Southeast Asia (Carr, 2017). OceanLotus Target Examples
OCEANLOTUS Target Examples Contd. In 2018, a MacOS backdoor was discovered. It was believed that it was the latest version of a threat used by OceanLotus. The macOS backdoor was discovered in a malicious Word document that was most likely distributed via email. The document claims to be a registration form for an event with HDMC, an organization in Vietnam that advertises national independence and democracy. Upon receiving the malicious document, the user is advised to enable macros. Unsuspecting users who followed as directed inadvertently installed malware backdoor into their system (Horejsi, 2018).
OCEANLOTUS OceanLotus would be considered as both a private problem for businesses and also a public concern for policymakers. This threat actor has launched cyber espionage campaigns against Chinese targets, including ocean affairs agencies, the departments in charge of China’s territorial waters, research institutes, and aviation, aeronautics, and shipping companies. These clearly show that no one is spared from this threat actors’ attacks.
OCEANLOTUS Policymakers needs to continually respond to the threat OceanLotus posses by enacting more cybersecurity laws that mandates that various societal sectors including business, utilities, financial, healthcare, and government ensure the security of their systems and data to prevent attacks from threat actor like OceanLotus and others.
OCEANLOTUS Carr, N. (2017, May 14). Cyber espionage is alive and well: APT32 and the threat to Global Corporations. Mandiant. Retrieved September 12, 2022, from https://www.mandiant.com/resources/blog/cyber-espionage-apt32 Horejsi, J. (2018, April 4). New macos backdoor linked to Oceanlotus found. Trend Micro. Retrieved September 12, 2022, from https://www.trendmicro.com/en_us/research/18/d/new-macos-backdoor- linked-to-oceanlotus-found.html The MITRE Corporation. (2021, October 14). APT32. attack.mitre.org. Retrieved September 12, 2022, from https://attack.mitre.org/groups/G0050/ References

Recommended

Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaRight Tech Centre
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxMALCOMNORONHA1
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksESET Middle East
 
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxFinal Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxAbdulhafizAhmed3
 
Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptxHariNathaReddy14
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Control Risks
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 

Recommended

Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaRight Tech Centre
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxMALCOMNORONHA1
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksESET Middle East
 
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxFinal Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxAbdulhafizAhmed3
 
Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptxHariNathaReddy14
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Control Risks
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
ATT&CKcon Intro
ATT&CKcon IntroATT&CKcon Intro
ATT&CKcon IntroMITRE ATT&CK
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismSavigya Singh
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsDerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
A Satanic Plot For A One World Government Illuminati
A Satanic Plot For A One World Government IlluminatiA Satanic Plot For A One World Government Illuminati
A Satanic Plot For A One World Government Illuminativader Jakob
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
7122017 cyber espionage is alive and well apt32 and the thr
7122017 cyber espionage is alive and well apt32 and the thr7122017 cyber espionage is alive and well apt32 and the thr
7122017 cyber espionage is alive and well apt32 and the thrsmile790243
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 

More Related Content

What's hot

Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malwareamiable_indian
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsDerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
A Satanic Plot For A One World Government Illuminati
A Satanic Plot For A One World Government IlluminatiA Satanic Plot For A One World Government Illuminati
A Satanic Plot For A One World Government Illuminativader Jakob
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 

What's hot (20)

Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Ransomware
RansomwareRansomware
Ransomware
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
ATT&CKcon Intro
ATT&CKcon IntroATT&CKcon Intro
ATT&CKcon Intro
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsDerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
 
A Satanic Plot For A One World Government Illuminati
A Satanic Plot For A One World Government IlluminatiA Satanic Plot For A One World Government Illuminati
A Satanic Plot For A One World Government Illuminati
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
 

Similar to Cybersecurity.pptx

7122017 cyber espionage is alive and well apt32 and the thr
7122017 cyber espionage is alive and well apt32 and the thr7122017 cyber espionage is alive and well apt32 and the thr
7122017 cyber espionage is alive and well apt32 and the thrsmile790243
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxcroysierkathey
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfsulu98
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...IJNSA Journal
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber securityJohn Kingsley
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber securityiFluidsEng
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...IJNSA Journal
 
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...adnis1
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED
 

Similar to Cybersecurity.pptx (20)

7122017 cyber espionage is alive and well apt32 and the thr
7122017 cyber espionage is alive and well apt32 and the thr7122017 cyber espionage is alive and well apt32 and the thr
7122017 cyber espionage is alive and well apt32 and the thr
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
 
Surveillance Software.docx
Surveillance Software.docxSurveillance Software.docx
Surveillance Software.docx
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New Orleans
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docx
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
COLLABORATIVE DEFENCE FOR DISTRIBUTED ATTACKS (CASE STUDY OF PALESTINIAN INFO...
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber security
 
Digital danger zone tackling cyber security
Digital danger zone tackling cyber securityDigital danger zone tackling cyber security
Digital danger zone tackling cyber security
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...
 
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth Analysis
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Cybersecurity.pptx

  • 2. OCEANLOTUS OceanLotus is also known by many other names including APT32, APT-C-00, SeaLotus. OceanLotus is a hacking threat group formed in 2014 and based in Vietman.
  • 3. OCEANLOTUS Based on the calibre of OceanLotus’ targets; the hacking techniques employed; and also their success rate, this threat actor is amply supplied with hackers with high-level skills and resources.
  • 4. OCEANLOTUS According to The MITRE Corp. (2021), OceanLotus’ victims range from multiple private sector industries, and foreign governments to dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia.
  • 5. OCEANLOTUS OceanLotus' primary motivation is cyber espionage. This threat actor continually targets organizations of interest to the Vietnamese government for surveillance and data-exfiltration purposes.
  • 6. OCEANLOTUS According to Carr (2017), FireEye assesses that OceanLotus leverages a unique suite of fully- featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests, manufacturing, consumer products, and hospitality sectors.
  • 7. OCEANLOTUS Based on the Lockheed Martin Kill Chain framework, OceanLotus conducts its reconnaissance by identifying its specific targets. These are mainly organizations of "special interests" to the Vietnam government.
  • 8. OCEANLOTUS Once they have identified their targets, they move on to weaponization by preparing and determining how they will attack that particular target - This may include coupling malware and exploit into a deliverable payload.
  • 9. OCEANLOTUS According to The MITRE Corp. (2021), one of the techniques utilized by OceanLotus is Enterprise T1083 (File and Directory Discovery) - this technique, once deployed, grants OceanLotus the backdoor capability to list files and directories on a targeted machine.
  • 10. OCEANLOTUS Once OceanLotus determines the weaponization route, it then moves on to delivery and exploitation. This enables it to gain access to it target’s systems by exploiting the target’s system's vulnerability.
  • 11. OCEANLOTUS This is then followed by installation. For instance, Carr (2017) stated that OceanLotus has been known to leverage ActiveMime files that employ social engineering methods to entice the victim into enabling macros. Upon execution, the initialized file downloads multiple malicious payloads from remote servers.
  • 12. OCEANLOTUS Once OceanLotus completes installation on their victim's system, then it can command and control its victim's system - it can conduct its espionage activities amongst other malicious objectives.
  • 13. OCEANLOTUS In 2017, social engineering content in lures used by the OceanLotus provided evidence that they were likely used to target members of the Vietnam diaspora in Australia as well as government employees in the Philippines (Carr, 2017). In 2014, OceanLotus leveraged a spear-phishing attachment titled “Plans to crackdown on protesters at the Embassy of Vietnam.exe," which targeted dissident activity among the Vietnamese diaspora in Southeast Asia (Carr, 2017). OceanLotus Target Examples
  • 14. OCEANLOTUS Target Examples Contd. In 2018, a MacOS backdoor was discovered. It was believed that it was the latest version of a threat used by OceanLotus. The macOS backdoor was discovered in a malicious Word document that was most likely distributed via email. The document claims to be a registration form for an event with HDMC, an organization in Vietnam that advertises national independence and democracy. Upon receiving the malicious document, the user is advised to enable macros. Unsuspecting users who followed as directed inadvertently installed malware backdoor into their system (Horejsi, 2018).
  • 15. OCEANLOTUS OceanLotus would be considered as both a private problem for businesses and also a public concern for policymakers. This threat actor has launched cyber espionage campaigns against Chinese targets, including ocean affairs agencies, the departments in charge of China’s territorial waters, research institutes, and aviation, aeronautics, and shipping companies. These clearly show that no one is spared from this threat actors’ attacks.
  • 16. OCEANLOTUS Policymakers needs to continually respond to the threat OceanLotus posses by enacting more cybersecurity laws that mandates that various societal sectors including business, utilities, financial, healthcare, and government ensure the security of their systems and data to prevent attacks from threat actor like OceanLotus and others.
  • 17. OCEANLOTUS Carr, N. (2017, May 14). Cyber espionage is alive and well: APT32 and the threat to Global Corporations. Mandiant. Retrieved September 12, 2022, from https://www.mandiant.com/resources/blog/cyber-espionage-apt32 Horejsi, J. (2018, April 4). New macos backdoor linked to Oceanlotus found. Trend Micro. Retrieved September 12, 2022, from https://www.trendmicro.com/en_us/research/18/d/new-macos-backdoor- linked-to-oceanlotus-found.html The MITRE Corporation. (2021, October 14). APT32. attack.mitre.org. Retrieved September 12, 2022, from https://attack.mitre.org/groups/G0050/ References