Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sentient Cyber Security

608 views

Published on

When companies and institutions suffer Cyber Attacks and damage, they mostly keep quiet in the mistaken belief that they are securing reputations and gaining valuable knowledge and abilities that confer some economic or strategic advantage. In reality - everyone loses! In complete contrast, Cyber Attackers share failures and successes in a global knowledge market designed to maximise the community earnings.

Whilst the forces of good operate in almost total isolation, the bad boys work and adapt as a globally networked team. If a group, find ‘an in’ or ‘partial in’ to a bank they may motivate 500 or more helpers to help exploit the vulnerability. Their leading edge sees AI and Artificial Life used to ‘breed’ new malware and deploy multiple species variants at a time - effectively using us as their laboratory guinea pigs!

So what can we do to ensure that we, all our ‘things’ and organisations are secure? First; a good Cyber Defence demands the understanding and thinking of an experienced Cyber Attacker. Second; we have to share and learn to cooperate. Third; we have to become equally devious, dynamic and adaptable. Fourth; we have to deploy all the available defence techniques including Dynamic Clouds, Block Chains, AI and Auto Immunity.

ONE LINERS

“Cyber Warfare is without frontiers or boundaries, and we all potential targets”

“No government or company can save us and we have to become activists”

“The forces of good outnumber the bad and we can win if we change the way we operate”

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sentient Cyber Security

  1. 1. Sentient Cyber security Peter Cochrane www.cochrane.org.uk “The ultimate war of good v evil, machine & biological adaptability”
  2. 2. what we know for sure Attacks are escalating The Dark Side is winning The attack surface is increasing Cyber disruption costs are growing Companies do not collaborate and share The attackers operate an open market All our security tools are reactive Attacker rewards are on the up People are the biggest risk There are no silver bullets It is time to rethink our strategy and solution space More of the same but better & faster will not change the game… …we have to think anew -get out of the box and do something very different !
  3. 3. Malware protection OS & App updates Firewall settings Password hell Multi-devices Clouds BMOB BYOD Time for automation NOT coping Mobile working Flexi-working Virtualisation Globalisation Rapid change Competition Dynamic tech Multi-teams Travelling WiFi, 3,4 G BlueTooth Authentication “People have a lot on their plat and need to be relieved of the security burden…and we have to get it all automated and dynamically secure”
  4. 4. THE DARK SIDE Shares and sells everything
  5. 5. (Fully Undetectable Server) THE DARK SIDE
  6. 6. People = BIGGEST THREAT Naive Falible Ignorant Habitual Careless Insiders, outsiders, alongsiders, visitors, hackers Evil Open Closed Honest Innocent Slow Limited Constrained Irresponsible Unresponsive +++ and awful lot more!
  7. 7. People = BIGGEST THREAT Social engineering, casual observation, careless 34% divulge their passwords @ first pass 98% use 1 or 2 very weak passwords and PINs 95% leave PC/Laptop/Tablet/Mobile open & unlocked 25% divulge their passwords during a smart conversation 65% unaware of shoulder surfing & are exposed at ATMs 123456 password 12345678 qwerty 12345 123456789 football 1234 1234567 baseball welcome 1234567890 abc123 111111 1qaz2wsx dragon master monkey letmein login Most common passwords
  8. 8. People = BIGGEST THREAT Social engineering, casual observation, careless 34% divulge their passwords @ first pass 98% use 1 or 2 very weak passwords and PINs 95% leave PC/Laptop/Tablet/Mobile open & unlocked 25% divulge their passwords during a smart conversation 65% unaware of shoulder surfing & are exposed at ATMs 123456 password 12345678 qwerty 12345 123456789 football 1234 1234567 baseball welcome 1234567890 abc123 111111 1qaz2wsx dragon master monkey letmein login Most common passwords Sarah < 1 s Sarah56 = 13 hours SarahRoger = 1 month Sarah+Roger = 97 years Sarah+R0ger = 400 years 5arah+R0ger = 485k years <5arah+R0ger> = 47M years <?5arah+R0ger?> = 428 Bn years Password Strength - Time to Crack Make it hard for the enemy Mixed letters, numbers & symbols High entropy, no nouns, no repeats
  9. 9. Dispe rsed guerr illa army Strategy = overall plan of action Tactics = methods to achieve an end the dark side Lone Amateurs Lone Anarchists GreyCompanies Disrupter Groups Anarchistic Groups Rouge Governments Friendly Governments Criminal Organisations Strategy & Fast Evolving Tactics Chancers! Anonymous No constraints Sharing culture Highly adaptable Money motivated Dark Networked Money motivated
  10. 10. H e a v y i n ve s t o r s i n R & D a n d t h e l a t e s t t e c h n o l o g i e s t h e d a r k s i d e Is ve ry r i cH Malware breeding and speciation of successful strains is now their most advanced tool to defeat the far slower and behind the wave defenders
  11. 11. H e a v y i n ve s t o r s i n R & D a n d t h e l a t e s t t e c h n o l o g i e s t h e d a r k s i d e Is ve ry r i cH Malware breeding and speciation of successful strains is now their most advanced tool to defeat the far slower and behind the wave defenders
  12. 12. Rio 2016 London 2012 >80M >800M exponential cyber HITS Evolving machine dominated attacks are now the norm >1.78x per year Today >> 1G
  13. 13. IoT + AI = THREATs to come Fixed Mobile Secure On-line Off-line Evolving Insecure Specialised General purpose Dispersed, fixed, mobile, dumb, intelligent… Evil Open Closed Honest Innocent Disconnected Autonomous Connected Intelligent Complex Isolated Simple Dumb Smart +++ a vast and growing attack surface ~50Bn things ~2020 Old Safe New Stable Unsafe Volatile Reliable Resilient Unreliable
  14. 14. >99.7% of all Apps have ⍩ 1 day one vulnerability/ies
  15. 15. Insecure Irony ! All down to a small configuration error.. “Provides a cyber security ranking and certification service”
  16. 16. Member of youth division of Soviet Communist Party Student Technical Faculty of the KGB Higher School Software Engineer in Soviet military intelligence service Met his wife at a KGB vacation resort in 1987 What a BIO !!! Give this man a .gov job?? I’m, not paranoid but, excuse me ***********
  17. 17. some ancient W ISDOMS Strategy without tactics is the slowest route to victory Tactics without strategy is the noise before defeat Be so subtle that you are invisible Be so mysterious you are intangible Then you will control your rivals’ fate Supreme art of war - subdue the enemy without fighting ~5C BC
  18. 18. b e h av i o u r a l a n a lys i s “To know your enemy you must become your enemy” A key from the past, but now far more diverse & important This now applies to people, organisations, machines and networks! “The ultimate test is to attack yourself using what you know” (PC)
  19. 19. b e h a v i o u r a l a n a lys i s People, devices, networks, components, things are habitual Habituality identifies us Any deviation indicates some form of change
  20. 20. b e h a v i o u r a l a n a lys i s Network data shows a marked increase in activity 222120191817161514131210987654 Attack generated data Normal data
  21. 21. t w o p r i m a ry w e a p o n s
  22. 22. t w o p r i m a ry w e a p o n sBOT Local - PC/Laptop/LAN - Outgoing traffic dominates - Everything slows down - Operations take longer - Power consumption up - Electronics runs hotter Wider Implications - Target disabled/overwhelmed - Some servers less responsive - Points of network congestion - Overall net traffic peaks/limits - Increases other security risks
  23. 23. MALWARE Spreading WannaCry 2017 Windows 7 Windows XP Windows Server 2003 CodeRed 2001 CodeRed II 2001 Nimda 2001 Beast 2002 MS Windows Specific NSA EternalBlue April 07 >>> WannaCry May 07 >200k machines in 150 countries CodeRed Worm July 2001 Local - Machines lock up - Normal traffic ceases - New spreading traffic - People report issues Wider - LAN traffic > 0 - Net traffic changes - Groups are isolated - IT receive reports - ISPs receive reports
  24. 24. • Telkom (South Africa)[152] • Timrå Municipality, Sweden[153] • Universitas Jember, Indonesia[154] • University of Milano-Bicocca, Italy[155] • University of Montreal, Canada[156] • Vivo, Brazil[142] • Andhra Pradesh Police, India[119] • Aristotle University of Thessaloniki, Greece[120] • Automobile Dacia, Romania[121] • Cambrian College, Canada[122] • Chinese public security bureau[123] • CJ CGV[124] • Dalian Maritime University[125] • Deutsche Bahn[126] • Dharmais Hospital, Indonesia[127] • Faculty Hospital, Nitra, Slovakia[128] • FedEx[129] • Garena Blade and Soul[130] • Guilin University Of Aerospace Technology[125] • Guilin University Of Electronic Technology[125] • Harapan Kita Hospital, Indonesia[127] • Hezhou University[125] • Hitachi[131] • Instituto Nacional de Salud, Colombia[132] • Lakeridge Health[133] • LAKS[134] • National Health Service (England)[139][86][88] • NHS Scotland[86][88] • Nissan Motor Manufacturing UK[139] • O2, Germany[140][141] • Petrobrás[142] • PetroChina[13][123] • Portugal Telecom[143] • Q-Park[144] • Renault[145] • Russian Railways[146] • Sandvik[127] • São Paulo Court of Justice[142] • Saudi Telecom Company[147] • Sberbank[104] • Shandong University[125] • State Governments of India • SuzhouVehicle Administration[125] • SunYat-sen University, China[127] • Telefónica[150] • Telenor Hungary, Hungary[151] • LATAM Airlines Group[135] • MegaFon[136] • Ministry of Internal Affairs of Russian Fed[137] • Ministry of Foreign Affairs (Romania)[138] w a n n a c ry v i c t i m s >200k machines in >150 countries - All MS
  25. 25. • Telkom (South Africa)[152] • Timrå Municipality, Sweden[153] • Universitas Jember, Indonesia[154] • University of Milano-Bicocca, Italy[155] • University of Montreal, Canada[156] • Vivo, Brazil[142] • Andhra Pradesh Police, India[119] • Aristotle University of Thessaloniki, Greece[120] • Automobile Dacia, Romania[121] • Cambrian College, Canada[122] • Chinese public security bureau[123] • CJ CGV[124] • Dalian Maritime University[125] • Deutsche Bahn[126] • Dharmais Hospital, Indonesia[127] • Faculty Hospital, Nitra, Slovakia[128] • FedEx[129] • Garena Blade and Soul[130] • Guilin University Of Aerospace Technology[125] • Guilin University Of Electronic Technology[125] • Harapan Kita Hospital, Indonesia[127] • Hezhou University[125] • Hitachi[131] • Instituto Nacional de Salud, Colombia[132] • Lakeridge Health[133] • LAKS[134] • National Health Service (England)[139][86][88] • NHS Scotland[86][88] • Nissan Motor Manufacturing UK[139] • O2, Germany[140][141] • Petrobrás[142] • PetroChina[13][123] • Portugal Telecom[143] • Q-Park[144] • Renault[145] • Russian Railways[146] • Sandvik[127] • São Paulo Court of Justice[142] • Saudi Telecom Company[147] • Sberbank[104] • Shandong University[125] • State Governments of India • SuzhouVehicle Administration[125] • SunYat-sen University, China[127] • Telefónica[150] • Telenor Hungary, Hungary[151] • LATAM Airlines Group[135] • MegaFon[136] • Ministry of Internal Affairs of Russian Fed[137] • Ministry of Foreign Affairs (Romania)[138] w a n n a c ry v i c t i m s >200k machines in >150 countries - All MS 2016 Ransome Ware Growth > 600% Earnings > $1Bn 2017 Ransome Ware Growth > ??% Earnings > $10Bn ?
  26. 26. G R OW T H No one is safe
  27. 27. we are in a cyber war Engaged in a full on, and accelerating, arms race The old defences Maintained Upgraded Improved Dynamic Combatants Active Defenders Passive Defenders Full on Aggressors ? The new defences Evolutionary Pro-Active Intelligent Adaptable
  28. 28. Situational Awareness Automated and predictive at every operating level Behavioural Analysis 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks Organisations Companies Platforms Groups People Mobile Fixed Deviations and exceptions to long term equilibrium investigated and analysed by multiple AIs in real time with threat identification and automated reaction
  29. 29. Auto-immunity Mirrors biological forebears Behavioural Analysis 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks Organisations Companies Platforms Groups People Mobile Fixed
  30. 30. Broadcasting Malware Responding with updated protection Wider Network Updated Latest Solution Update Dynamic isolation of infected devices and components leading to repairA mix of clean and infected Auto-immunity
  31. 31. A Multiplicity of channels Attack detection/exposure/thwarting using access diversity BlueTooth Short Range Device to Cloud Device to Device SatCom Broadcast WiFi, WiMax Medium Range WLAN/Cloud Integrated and intelligent security systems embedded into all products and components ZigBe/Other ?? Car-to-Car Direct Communications Defence opportunities in channel/device/system diversity A wide plurality of channel detection and protection Attacks almost never isolated or single sourced Not restricted to single channel/attempt Secure attack and infection isolation Diverse immunity/support access Distributed info sharing GEO info location 3, 4, 5 G Long Range Device to Net Device to Cloud
  32. 32. SPACE AIR SEA LAND CYBER Dominated by Government Forces Dominated by Industry and Whitehats? Warfare continues to rapidly evolve, but governments does not have the frameworks to deal with the growing Cyber Threat The big defence challenge is to make all infrastructures, facilities and peoples safe from simultaneous attack across any and all domains - civil and military theatres of war No longer a sole military preserve
  33. 33. C Y B E R w a r f a r e A new and really big game changer
  34. 34. DO MORE THAN THIS ! Typical industry advice given by experts • Conduct live fire drills • Enact penetration testing • Reward your responsive people • Introduce staff training/tutorials/briefings • Get ‘White Hats’ to hack your organisation • Don’t stop adapting • Build multi-layer security • Use the best hosting companies • Employ the best support and ISPs • Use the latest security technologies • Create ‘what if’ - attack/penetration strategies
  35. 35. Live fire & Education Make it real, make it effective and up to date War Games - Spoof Attacks Rewards for the Alert Regular Briefings Constant Watch The miltary play all day and go into war now and again We are in a war every day but never play !
  36. 36. Supporting Materials Slide sets, blogs, papers, tutorial publications Slide Sets https://www.slideshare.net/PeterCochrane/evolving-it-security-threats-and-solutions https://www.slideshare.net/PeterCochrane/from-identity-to-ownership-theft https://www.slideshare.net/PeterCochrane/the-infinite-security-of-clouds https://www.slideshare.net/PeterCochrane/block-chain-basics Papers/Blogs/Tutorials http://cochrane.org.uk/publications/articles-lectures-preprints-and-reprints/cyber-security-auto-immunity/ http://cochrane.org.uk/publications/articles-lectures-preprints-and-reprints/blockchain-ultimate-ledger/ https://www.financialdirector.co.uk/financial-director/opinion/2402924/it-strategy-ownership-theft-will-eclipse-identity-threat- epidemics https://www.computing.co.uk/ctg/opinion/2474472/need-to-know-or-need-to-share-the-dark-side-is-winning-and-the-industry- needs-to-act http://insights.wired.com/profiles/blogs/cybercrime-security-and-the-risks-of-the-future#ixzz2mmRGO2Bv

×