1. CYBERSECURITY
challenges
Copyright 2016 © CYBER GATES
Samvel Gevorgyan
CEO, CYBER GATES
MSc Cyber Security

2. Cybersecurity components
CIA model
 Confidentiality: Keep secret from those not authorized,
 Integrity: Prevent unauthorized tampering,
 Availability: Ensure authorized parties can access the
data.
 Identification: Who I claim to be (e.g. username,
digital cert),
 Authentication: How I prove it (password, signature),
 Authorization: What is that person allowed to do e.g.
role-based security.
WWW.CYBERGATES.ORG
IAA model

3. Cybersecurity elements
Resources
 People
 Process
 Technology
 Policies and procedures
 Roles and responsibilities
 Risk management
WWW.CYBERGATES.ORG
Governance

4. Cybersecurity statistics
statistics around the Worldwide
Data breaches, by the dollar
 $21,155: The average cost of a data breach, per day
 $7.7 million: The average annualized cost to detect, respond to, and mitigate
a breach globally.
Malware and attack trends, by percentage
 66%: The proportion of a survey of professionals who identified phishing and
social engineering as top threats
 20%: The scope of confirmed data breaches involving social engineering at one
large telecom company.
Cybersecurity spend: Follow the money
 $75.4 billion: The estimated worldwide spending on cybersecurity in 2015
 $19 billion: The proposed federal cybersecurity budget for 2016.
WWW.CYBERGATES.ORG
Source: https://techbeacon.com/resources/cybersecurity-2016-trend-report-ubm-ponemon-study

5. Web security attack statistics
Over 4K hacked websites since 2011.
Top attacks
 Jan 2011 (379)
 Jul 2012 (364)
 Feb 2013 (275)
 Feb 2014 (359)
 Apr 2015 (129)
 Dec 2016 (188)
Attacks around the Worldwide
 Over 1 Billion active websites (NetCraft reports)
 Over 1 Million hacked websites / year (Zone-H reports)
WWW.CYBERGATES.ORG
Attacks in Armenia

6. Target websites of mass attacks
Top 5 categories
 Websites that use same CMS (WordPress,
Joomla, etc.)
 Websites built by the same developer(s)
 Websites that use same technology,
library or certain component
 Websites hosted by the same Hosting
Provider
 Websites of agencies/companies working in
the same industry
WWW.CYBERGATES.ORG

7. Target websites of targeted attacks
Top 5 categories
 Online banks and financial institutions
 Cloud services (dropbox, Gmail, iCloud,
etc.)
 Government agencies, hospitals
 Hosting and Internet Service Providers
(ISP)
 Small outdated websites that are easy to
hack
WWW.CYBERGATES.ORG

8. Cybersecurity threads
Common threads
 Information Leakages
 SQL Injection
 Password bruteforce
attacks
 Phishing
 Social Engineering
 SPAM
 Malicious softwares
 Blacklists
 Botnets
 DoS/DDoS attacks
 Ransomware
WWW.CYBERGATES.ORG

9. Information Leakages
 The revelation of the 1 billion accounts
hack could have implications for the $4.8
billion sale of Yahoo to Verizon, which
has yet to close
 Around 167 million LinkedIn accounts are
now for sale
 Armenian telecom (vivacell, armentel,
orange) databases are free to download
 Armenian online banking system codes has
been stolen by an employee
WWW.CYBERGATES.ORG

10. SQL Injection
 Smart homes can open the doors to
unauthorized people
 98% of Stolen Medical Records due to
Hacking
 Hackers use SQL
Injection attacks
against banks
WWW.CYBERGATES.ORG
Image source: http://www.asianmirror.lk/news/item/16544-commercial-bank-of-ceylon-hacked

11. Password bruteforce attacks
 Hackers target websites or IoT devices
with weak or default passwords
 Authentication systems with no limits for
login attempts
WWW.CYBERGATES.ORG

12. Social Engineering & Phishing
Phishing is a Social Engineering technique to steal
confidential information about the victim such as user login
credentials, credit card information, etc. through the use of
fake login page.
Why social engineering?
- Hacking a human is
much easier than hacking
a business
- Attackers prey on your
human weakness
WWW.CYBERGATES.ORG

13. SPAM
WWW.CYBERGATES.ORG
 Corporate emails used in forums and
social networks
 Corporate emails found in leaked sources
 Email addresses found using dictionary
based bruteforce attacks

14. Malicious software
WWW.CYBERGATES.ORG
 Cloacking: malicious code in a webpage
displays porn for certain IP addresses
 Malicious code redirects to a malicious
website asking to update your system or
displays an advertisement
 Malicious software steals credentials
 Malicious software spreads within your
corporate network

15. Blacklists
WWW.CYBERGATES.ORG
 Realtime Blackhole Lists (RBL's)
-Centralized databases to prevent SPAM
 Google backlist
-Site loses nearly 95% of its organic
traffic
-Modern web browsers display warning
message when someone open your website

16. Botnets
WWW.CYBERGATES.ORG
 Your infected machine becomes a proxy
server, spreads adwares or used for
DoS/DDoS attacks
 Make sure your device firmware does not
have an in-build backdoor
 Make sure you have already changed your
device default password

17. Denial-of-service attack
WWW.CYBERGATES.ORG
 CloudFlare protects you from web-based
denial-of-service attacks
 BBC became the target of 602 Gbps DDoS
attack
 DDoS attack that disrupted internet was
largest of its kind in history: Dyn
published on Wednesday, Mirai was the
“primary source of malicious attack
traffic”

18. Ransomware
WWW.CYBERGATES.ORG
 A malicious software encrypts your files.
You must pay to recover them.
 Tens of thousands of variants of over 40
ransomware families including Locky,
CryptoWall, TeslaCrypt, and Cerber.

19. Plan A: fixing the problem
Reactive approaches
 Computer Emergency Response Team (CERT)
E-mail notifications about an incident
Online support (SIP calls)
 Support
 Investigation (Digital Forensics)
 Consultancy
WWW.CYBERGATES.ORG

20. Plan B: avoiding the problem
Proactive approaches
 Testing
Network/Host Vulnerability Assessment
Penetration Testing
Source Code Auditing
 Protecting (WebShark, PinCat)
 Training
Corporate trainings
University programs
WWW.CYBERGATES.ORG

21. Swiss Army Knife to help you
defend against hackers
WWW.CYBERGATES.ORG

22. CYBER GATES
 Corporate website
www.cybergates.org
 Company profile on Twitter
www.twitter.com/CyberGatesLLC
 Company fan page on Facebook
www.facebook.com/Cyber.Gates.page
 Company profile on LinkedIn
www.linkedin.com/company/CyberGates-LLC
 Company channel on Vimeo
www.vimeo.com/CyberGates
 Company channel on YouTube
www.youtube.com/TheCyberGates
Contacts