SlideShare a Scribd company logo

APT or not - does it make a difference if you are compromised?

•Download as PPTX, PDF•
•
Thomas Malmberg
Thomas Malmberg

This is my presentation from the Cyber Security Summit held in Prague 2015 at the Boscolo Prague Spa Hotel. For the missing slides and further information, contact me directly.

Presentations & Public Speaking
1 of 48
APT or not Does it make a difference if you are compromised? Thomas Malmberg
Who I am - and why you are listening to me 2 •I work with IT-risk management and IT- security •I develop security principles, processes and architectures for both the corebanking as well as the netbanking platform •I develop and maintain auditing principles and methodologies •I perform and manage internal IT-audits in the bank •I like processes, log management, web- application firewalls and IAM - Finlandis themostsparselypopulatedcountryinthe EuropeanUnion,withonly16 inhabitantsperkm². -Thereareexactly187,888lakes(largerthan500m²) and179,584islandswithintheterritoryofFinland. - Bothareworldrecords. Source:Google
What you need to know about Aktia 3 •Aktia provides individual solutions in banking, asset management, insurance and real estate services •Aktia operates in the Helsinki region, in the coastal area and in growth centres of Finland •Operating profit was EUR 68.3 million and the profit for the year was EUR 55.0 million •Aktia is renewing its core banking system and the launch of the new system is planned to the end of 2015 - the investment cost is estimated to approx. EUR 40 million
Todays topics 1. If phishing works, why bother with APT? – Finnish stats and stories 2. Easy targets are always targeted first – APT economics – Tone at the top 3. Whether it's an attack or a disguise - logs are your best friends – Situational (un)awareness 4. How to manage the risks - continuous “auditing” – How you hook up audits & scans, projects, backlogs, source- code, people and risk-management together 4 Source:Unknown
If phishing works, why bother with APT?
Situation in Finland 2011-2014 •Financial institutions and companies are mostly targeted by – Phishing – Banking malware & trojans – Denial of Service •Criminals have successfully monetized phishing and malware •“Ransom demands” have been seen in social media like Facebook & Twitter during DoS-attacks – Demands between 10-100BTC – Monetization success rate probably zero (but not known) 6 Source: EUROPOL Exploring tomorrow’s organised crime 2015
How phishing worked best in 2014 •Background – TUPAS is an 2F authentication method created by the Federation of Finnish Financial Services over 10 years ago – TUPAS is based on ebanking authentication – PIN & TAN – TUPAS is used for almost everything that requires real and reliable authentication in Finland – including governmental services •The modus operandi in 2013 and 2014 – Create a fake service that requires TUPAS to log into – Acquire PIN & 1 TAN – Use credentials to get a “payday loan” • NOTE: Targeted mainly payday loan companies, NOT banks! 7
About TUPAS-authentication 8 •Safety – There are known issues, but it is not inherently unsafe •Market – It is the de facto standard – No alternatives •Sponsorship – Standard defined by banks – Implementations owned by banks Source: Federation of Finnish Financial Services / FK
Details about the simplicity of the campaign •1 Estonian person behind the phishing campaign •The Estonian language is close to Finnish making it easy to create realistic phishing emails and SMS’s •The campaign used more than 40 mules and “associates” and netted between 700k€-800k€ •KISS was a successful paradigm – Create a rock solid plan to monetize the data you gather – Use correct and proper language for your communication – Use psychology – “if you do not immediately … you will face liability” – Make it easy for the targets to lose their credentials 9 <100km Source:Google
How this phishingcase evolved 10 Source:HelsinginSanomat Source:IT-viikko
How this phishingcase evolved 11 Source:HelsinginSanomat Maximum sentence – 7 years 11 grand frauds in 2014 0,5M€ - 100’s of people
Trends for nasty activities (financial sector) 12 2010 2011 2012 2013 2014 APT Malware & Trojans Phishing DoS This graph shows trends and relations in an ”apples vs. oranges” -way. This graph does not show any actual amounts. It is based on official reports and other public information. ”MUCH” ”NOT SO MUCH”
One known & disclosed real APT in Finland 13
A few words about the DDOS 14
A few words about the DDOS 15
Easy targets are always targeted first
Can we even agree on what an APT is? 17 Source:NIST
Can we even agree on what an APT is? 18
Can we agree on what an APT is NOT! •It is not an APT – If you leave the front door open, someone walks in and steals all your data – and repeats this every workday for a month – If your customers are targeted using phishing emails for several weeks – If your network - which is lacking firewalls, antivirus-solutions and content-proxies – is infiltrated with malware - for months – If your customers are infested by banking- trojans (Zeus etc.) •A single piece of malware, a single exploit or vuln is NOT an APT. 19 Source:GraphicsbyISACA
What they need to do and what you can lose 20 Source:GraphicsbyISACA What they need to do ISACA Survey in the US in 2013 What you are scared to lose
Analyze your ”adversary landscape” 21 The only relevant threat in the table seems to be criminal groups. - What are their actual capabilities? - What are their motives? The Snowden-Greenwald –revelations have taught us that the best APT- capabilities are held here. Source:GraphicsbyISACA We aim to avoid PR-disasters that could trigger such a level of badwill that someone in these categories might want to target me. We adhere to money laundering rules and maintain a high ethical level. ”Threat Agent”
The financial anatomy of an APT 22 •The criminal – The criminal does not know the financial outcome or gain beforehand – The research phase will require a significant amount of investment in time – The penetration requires costly tools • 0-days or “near-zero” can cost between 5k-100k • You probably need other tools or social engineering & bribes – The (financial) outcome has to outweigh the investment •You – Protection (licenses + appliances) can cost many 100k€ – A forensics project costs around 100k€-150k€ Input: 100k€ Output: ?€ Input: 3k€ Output: 50k€
23 Source:scmagazineaustralia
Don’t be an easy target 24 •Every risk can be quantified as a business risk •Don’t let salespersons fool you into false security with silver bullets – not on any level •IT-security (security appliances and software) is only one component in the IT- risk landscape •Also – “cyber security” is hidden somewhere in those boxes… •Use your money wisely Business risk IT risk IT security IT
Risk assessment for the win! 25
Create a culture of security awareness 26 •Management has to be involved •All incentive programs should have a security awareness and/or security incentive built in – including those at the C-level •All of us – act accordingly “Well, once again, we’ve saved civilization as we know it.” Captain James T. Kirk
Create a culture of security awareness 27
”But we are so secure already” 28 Source:MicrosfotSecurityIntelligenceReport
A small banks perspective 29 Source:ISACA •I have a limited budget •I want to spend my money against – Things I understand and – Things I can measure • Because I cannot reasonably motivate spending if I am not able to – Make my management understand – Show my management figures
Who cares? 30 • “Industry analysts have inferred that shareholders are numb to news of data breaches” • “Since consumers don’t have sufficient tools to measure the impact of breaches themselves, they are at the mercy of companies to disclose the impacts of their own corporate data breaches” • “New, more stringent regulations on when to disclose data breaches and more sophisticated technologies […] may contribute to more shareholder reaction to these types of incidents down the road. “
Whether it’s an attack or not – logs are your best friends
All your logs are belong to us 32 •Nobody has ”all the logs” •Case Gemalto Source:GemaltoPressRelease
Logs are just a bunch of huge files 33 •Gathering logs can be is a tough job •Who knows what the logs actually contain and which logs are important? •You can easily kill your efforts by choosing too simple sources which – are high volume – add very little value on their own – cost a lot to store – create only a limited ”buzz” in your organization ?
Logs are DevOps! 34 •Leverage your dev’s! – They know the application logs – They SHOULD know the application logs – They can enhance and add to the logs – given the motive •Leverage your ops! – They know the infrastructure logs – They SHOULD know the infrastructure logs – They can configure the logs – given the motive •Leverage yourself! – Add security as a viewpoint
Put a SOC in it 35 •You can outsource everything – and make your life easy – but... – You can not outsource understanding – You should not outsource understanding – You can not outsource responsibility •An outsourced SOC can – do a lot of the hard work – leverage special skills •The information and data should be yours, not just a quarterly report and some (hopefully) occasional alerts Delivered as ordered?
Add external information and tools to the brew 36 •HAVARO – An IDS-IPS –like tool developed by CERT-FI (NCSC-FI) and the National Emergency Supply Agency in 2011 – Targeted primarily for Finnish companies that have some kind of statutory duties in a national emergency situation •Does NOT compete with commercial solutions – is not meant to be the only security solution •Creates security awareness within Finland and within specific industries •Governed by Finnish laws – safe for companies
Add people and communications to the brew 37 •In Finland, exchange of critical information is good Public mailinglists Closed mailinglists Personal contacts & first name basis Interest groups International cooperation Federation of Finnish Financial Services / Security National Emergency Supply Agency National Bureau of Investigation NCSC-FI Europol Banks
Create Awareness 38 •Enable critical logs •Gather and SECURE logs •Understand log relevance •Understand volume relevance •Correlate •Visualize Show Off !
39 CIO Product Owner IT Manager Devs CRO Ops
How to manage the risks– continuous security auditing continuous monitoring continuous risk assessment continuous excellence continuous risk monitoring
Definition of continuos <activity> 41 •“Continuous auditing has been defined as a methodology or framework that enables auditors to provide written results on the subject matter using one or a series of reports issued simultaneously” •“Continuous monitoring allows an organization to observe the performance of one or many processes, systems or types of data“ •“Continuous risk monitoring and assessment is used to dynamically measure risk and provide input for audit planning” Source: ISACA & Wikipedia
Our implementation of continuos auditing 42 •The definitions are not really optimal •We do a best of breed combining – continuous (technical and process) auditing, – continous monitoring (of logs and events) and – continuous (security) risk monitoring and assessment •I call this continuous auditing to make it sound simple (enough) – Hopefully it isn’t simplifying this matter too much While you plan for next years audit, I hack away. Source: Juha Strandman
How we link things together 43 •Processes – Regular pentests (3rd party, external & internal) – Weekly security scans – Systems security audits and process analysis – Log analysis and monitoring – Most important critical business processes •Dogmas and paradigms – Ticket everything – Track everything – Analyze everything
What hinders progress 44 •Management commitment and ”tone” – ”We want more powerpoints” – ”We want more email attachments” •Separate tools with nonexistent integration – A bad stack doesn’t make it easy enough to integrate the security efforts into the process •Resistance – ”A valid pentest report is only valid if it looks exactly like this.” •No DevOps – Dev’s love agile, Ops hate it
What enables progress 45 •Link to the real activities, goals and people – Our security organization is small – Written reports and formal bureaucracy would cripple us •Projects use agile methodologies – Teams are used to managing tickets – Projects are agileboard-driven •Tools that work together – Link tickets, reports, sourcecode, releases, deliverables, configurations, backlogs, sprints and documentation
46
Credits & thanks • Images and pictures are • created by the author • sourced as noted in the presentation • from freeimages.com • Thanks to everyone who gave insight and comments during the creation of this presentation • Thanks for the pig! Wrapup • Do your homework and spend your money wisely • Share information - internally and externally • The ”tone at the top” is a decisive factor • Keep focus on the real threats • Good is not good enough (only good enough is!) linkedin.com/in/thomasmalmberg @tsmalmbe malmberg@iki.fi
APT or not - does it make a difference if you are compromised?

Recommended

Hacking Portugal , C-days 2016 , v1.0
Hacking Portugal , C-days 2016 , v1.0Hacking Portugal , C-days 2016 , v1.0
Hacking Portugal , C-days 2016 , v1.0Dinis Cruz
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 

Recommended

Hacking Portugal , C-days 2016 , v1.0
Hacking Portugal , C-days 2016 , v1.0Hacking Portugal , C-days 2016 , v1.0
Hacking Portugal , C-days 2016 , v1.0Dinis Cruz
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Intelligence Strategies For Law Enforcers_web
Intelligence Strategies For Law Enforcers_webIntelligence Strategies For Law Enforcers_web
Intelligence Strategies For Law Enforcers_webPeter Elton Jordaan
 
Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics Deepak Kumar (D3)
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminarRobert David Steele Vivas
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Ch&Cie - Cyber Security - CIB - Teaser
Ch&Cie - Cyber Security - CIB - TeaserCh&Cie - Cyber Security - CIB - Teaser
Ch&Cie - Cyber Security - CIB - TeaserStephanie Baruk
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview ENITrust - Cybersecurity as a Service
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacyPECB
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology ConferenceInstitute of Chartered Secretaries and Administrators
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017Ray Bugg
 

More Related Content

What's hot

Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Burton Lee
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Intelligence Strategies For Law Enforcers_web
Intelligence Strategies For Law Enforcers_webIntelligence Strategies For Law Enforcers_web
Intelligence Strategies For Law Enforcers_webPeter Elton Jordaan
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminarRobert David Steele Vivas
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Ch&Cie - Cyber Security - CIB - Teaser
Ch&Cie - Cyber Security - CIB - TeaserCh&Cie - Cyber Security - CIB - Teaser
Ch&Cie - Cyber Security - CIB - TeaserStephanie Baruk
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteWork-Bench
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacyPECB
 

What's hot (19)

Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Intelligence Strategies For Law Enforcers_web
Intelligence Strategies For Law Enforcers_webIntelligence Strategies For Law Enforcers_web
Intelligence Strategies For Law Enforcers_web
 
Cyber Forensics
Cyber Forensics Cyber Forensics
Cyber Forensics
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar2004 07 intelligence new rules seminar
2004 07 intelligence new rules seminar
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Ch&Cie - Cyber Security - CIB - Teaser
Ch&Cie - Cyber Security - CIB - TeaserCh&Cie - Cyber Security - CIB - Teaser
Ch&Cie - Cyber Security - CIB - Teaser
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit KeynoteGus Hunt's Work-Bench Enterprise Security Summit Keynote
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacy
 

Similar to APT or not - does it make a difference if you are compromised?

CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017Ray Bugg
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
 
Hacking Portugal v1.1
Hacking Portugal v1.1Hacking Portugal v1.1
Hacking Portugal v1.1Dinis Cruz
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelSURFnet
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyCRS4 Research Center in Sardinia
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
Digital Transformation and Data Protection
Digital Transformation and Data ProtectionDigital Transformation and Data Protection
Digital Transformation and Data ProtectionSerter Ozturk
 
Cyber security best practices
Cyber security best practicesCyber security best practices
Cyber security best practicesJohn Moylan
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Arrow Institute
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 

Similar to APT or not - does it make a difference if you are compromised? (20)

CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
Hacking Portugal v1.1
Hacking Portugal v1.1Hacking Portugal v1.1
Hacking Portugal v1.1
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Digital Transformation and Data Protection
Digital Transformation and Data ProtectionDigital Transformation and Data Protection
Digital Transformation and Data Protection
 
Cyber security best practices
Cyber security best practicesCyber security best practices
Cyber security best practices
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 

Recently uploaded

OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 

Recently uploaded (20)

OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur fĂĽr Container und Kubern...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 

APT or not - does it make a difference if you are compromised?

  • 1. APT or not Does it make a difference if you are compromised? Thomas Malmberg
  • 2. Who I am - and why you are listening to me 2 •I work with IT-risk management and IT- security •I develop security principles, processes and architectures for both the corebanking as well as the netbanking platform •I develop and maintain auditing principles and methodologies •I perform and manage internal IT-audits in the bank •I like processes, log management, web- application firewalls and IAM - Finlandis themostsparselypopulatedcountryinthe EuropeanUnion,withonly16 inhabitantsperkm². -Thereareexactly187,888lakes(largerthan500m²) and179,584islandswithintheterritoryofFinland. - Bothareworldrecords. Source:Google
  • 3. What you need to know about Aktia 3 •Aktia provides individual solutions in banking, asset management, insurance and real estate services •Aktia operates in the Helsinki region, in the coastal area and in growth centres of Finland •Operating profit was EUR 68.3 million and the profit for the year was EUR 55.0 million •Aktia is renewing its core banking system and the launch of the new system is planned to the end of 2015 - the investment cost is estimated to approx. EUR 40 million
  • 4. Todays topics 1. If phishing works, why bother with APT? – Finnish stats and stories 2. Easy targets are always targeted first – APT economics – Tone at the top 3. Whether it's an attack or a disguise - logs are your best friends – Situational (un)awareness 4. How to manage the risks - continuous “auditing” – How you hook up audits & scans, projects, backlogs, source- code, people and risk-management together 4 Source:Unknown
  • 5. If phishing works, why bother with APT?
  • 6. Situation in Finland 2011-2014 •Financial institutions and companies are mostly targeted by – Phishing – Banking malware & trojans – Denial of Service •Criminals have successfully monetized phishing and malware •“Ransom demands” have been seen in social media like Facebook & Twitter during DoS-attacks – Demands between 10-100BTC – Monetization success rate probably zero (but not known) 6 Source: EUROPOL Exploring tomorrow’s organised crime 2015
  • 7. How phishing worked best in 2014 •Background – TUPAS is an 2F authentication method created by the Federation of Finnish Financial Services over 10 years ago – TUPAS is based on ebanking authentication – PIN & TAN – TUPAS is used for almost everything that requires real and reliable authentication in Finland – including governmental services •The modus operandi in 2013 and 2014 – Create a fake service that requires TUPAS to log into – Acquire PIN & 1 TAN – Use credentials to get a “payday loan” • NOTE: Targeted mainly payday loan companies, NOT banks! 7
  • 8. About TUPAS-authentication 8 •Safety – There are known issues, but it is not inherently unsafe •Market – It is the de facto standard – No alternatives •Sponsorship – Standard defined by banks – Implementations owned by banks Source: Federation of Finnish Financial Services / FK
  • 9. Details about the simplicity of the campaign •1 Estonian person behind the phishing campaign •The Estonian language is close to Finnish making it easy to create realistic phishing emails and SMS’s •The campaign used more than 40 mules and “associates” and netted between 700k€-800k€ •KISS was a successful paradigm – Create a rock solid plan to monetize the data you gather – Use correct and proper language for your communication – Use psychology – “if you do not immediately … you will face liability” – Make it easy for the targets to lose their credentials 9 <100km Source:Google
  • 10. How this phishingcase evolved 10 Source:HelsinginSanomat Source:IT-viikko
  • 11. How this phishingcase evolved 11 Source:HelsinginSanomat Maximum sentence – 7 years 11 grand frauds in 2014 0,5M€ - 100’s of people
  • 12. Trends for nasty activities (financial sector) 12 2010 2011 2012 2013 2014 APT Malware & Trojans Phishing DoS This graph shows trends and relations in an ”apples vs. oranges” -way. This graph does not show any actual amounts. It is based on official reports and other public information. ”MUCH” ”NOT SO MUCH”
  • 13. One known & disclosed real APT in Finland 13
  • 14. A few words about the DDOS 14
  • 15. A few words about the DDOS 15
  • 17. Can we even agree on what an APT is? 17 Source:NIST
  • 18. Can we even agree on what an APT is? 18
  • 19. Can we agree on what an APT is NOT! •It is not an APT – If you leave the front door open, someone walks in and steals all your data – and repeats this every workday for a month – If your customers are targeted using phishing emails for several weeks – If your network - which is lacking firewalls, antivirus-solutions and content-proxies – is infiltrated with malware - for months – If your customers are infested by banking- trojans (Zeus etc.) •A single piece of malware, a single exploit or vuln is NOT an APT. 19 Source:GraphicsbyISACA
  • 20. What they need to do and what you can lose 20 Source:GraphicsbyISACA What they need to do ISACA Survey in the US in 2013 What you are scared to lose
  • 21. Analyze your ”adversary landscape” 21 The only relevant threat in the table seems to be criminal groups. - What are their actual capabilities? - What are their motives? The Snowden-Greenwald –revelations have taught us that the best APT- capabilities are held here. Source:GraphicsbyISACA We aim to avoid PR-disasters that could trigger such a level of badwill that someone in these categories might want to target me. We adhere to money laundering rules and maintain a high ethical level. ”Threat Agent”
  • 22. The financial anatomy of an APT 22 •The criminal – The criminal does not know the financial outcome or gain beforehand – The research phase will require a significant amount of investment in time – The penetration requires costly tools • 0-days or “near-zero” can cost between 5k-100k • You probably need other tools or social engineering & bribes – The (financial) outcome has to outweigh the investment •You – Protection (licenses + appliances) can cost many 100k€ – A forensics project costs around 100k€-150k€ Input: 100k€ Output: ?€ Input: 3k€ Output: 50k€
  • 24. Don’t be an easy target 24 •Every risk can be quantified as a business risk •Don’t let salespersons fool you into false security with silver bullets – not on any level •IT-security (security appliances and software) is only one component in the IT- risk landscape •Also – “cyber security” is hidden somewhere in those boxes… •Use your money wisely Business risk IT risk IT security IT
  • 25. Risk assessment for the win! 25
  • 26. Create a culture of security awareness 26 •Management has to be involved •All incentive programs should have a security awareness and/or security incentive built in – including those at the C-level •All of us – act accordingly “Well, once again, we’ve saved civilization as we know it.” Captain James T. Kirk
  • 27. Create a culture of security awareness 27
  • 28. ”But we are so secure already” 28 Source:MicrosfotSecurityIntelligenceReport
  • 29. A small banks perspective 29 Source:ISACA •I have a limited budget •I want to spend my money against – Things I understand and – Things I can measure • Because I cannot reasonably motivate spending if I am not able to – Make my management understand – Show my management figures
  • 30. Who cares? 30 • “Industry analysts have inferred that shareholders are numb to news of data breaches” • “Since consumers don’t have sufficient tools to measure the impact of breaches themselves, they are at the mercy of companies to disclose the impacts of their own corporate data breaches” • “New, more stringent regulations on when to disclose data breaches and more sophisticated technologies […] may contribute to more shareholder reaction to these types of incidents down the road. “
  • 31. Whether it’s an attack or not – logs are your best friends
  • 32. All your logs are belong to us 32 •Nobody has ”all the logs” •Case Gemalto Source:GemaltoPressRelease
  • 33. Logs are just a bunch of huge files 33 •Gathering logs can be is a tough job •Who knows what the logs actually contain and which logs are important? •You can easily kill your efforts by choosing too simple sources which – are high volume – add very little value on their own – cost a lot to store – create only a limited ”buzz” in your organization ?
  • 34. Logs are DevOps! 34 •Leverage your dev’s! – They know the application logs – They SHOULD know the application logs – They can enhance and add to the logs – given the motive •Leverage your ops! – They know the infrastructure logs – They SHOULD know the infrastructure logs – They can configure the logs – given the motive •Leverage yourself! – Add security as a viewpoint
  • 35. Put a SOC in it 35 •You can outsource everything – and make your life easy – but... – You can not outsource understanding – You should not outsource understanding – You can not outsource responsibility •An outsourced SOC can – do a lot of the hard work – leverage special skills •The information and data should be yours, not just a quarterly report and some (hopefully) occasional alerts Delivered as ordered?
  • 36. Add external information and tools to the brew 36 •HAVARO – An IDS-IPS –like tool developed by CERT-FI (NCSC-FI) and the National Emergency Supply Agency in 2011 – Targeted primarily for Finnish companies that have some kind of statutory duties in a national emergency situation •Does NOT compete with commercial solutions – is not meant to be the only security solution •Creates security awareness within Finland and within specific industries •Governed by Finnish laws – safe for companies
  • 37. Add people and communications to the brew 37 •In Finland, exchange of critical information is good Public mailinglists Closed mailinglists Personal contacts & first name basis Interest groups International cooperation Federation of Finnish Financial Services / Security National Emergency Supply Agency National Bureau of Investigation NCSC-FI Europol Banks
  • 38. Create Awareness 38 •Enable critical logs •Gather and SECURE logs •Understand log relevance •Understand volume relevance •Correlate •Visualize Show Off !
  • 40. How to manage the risks– continuous security auditing continuous monitoring continuous risk assessment continuous excellence continuous risk monitoring
  • 41. Definition of continuos <activity> 41 •“Continuous auditing has been defined as a methodology or framework that enables auditors to provide written results on the subject matter using one or a series of reports issued simultaneously” •“Continuous monitoring allows an organization to observe the performance of one or many processes, systems or types of data“ •“Continuous risk monitoring and assessment is used to dynamically measure risk and provide input for audit planning” Source: ISACA & Wikipedia
  • 42. Our implementation of continuos auditing 42 •The definitions are not really optimal •We do a best of breed combining – continuous (technical and process) auditing, – continous monitoring (of logs and events) and – continuous (security) risk monitoring and assessment •I call this continuous auditing to make it sound simple (enough) – Hopefully it isn’t simplifying this matter too much While you plan for next years audit, I hack away. Source: Juha Strandman
  • 43. How we link things together 43 •Processes – Regular pentests (3rd party, external & internal) – Weekly security scans – Systems security audits and process analysis – Log analysis and monitoring – Most important critical business processes •Dogmas and paradigms – Ticket everything – Track everything – Analyze everything
  • 44. What hinders progress 44 •Management commitment and ”tone” – ”We want more powerpoints” – ”We want more email attachments” •Separate tools with nonexistent integration – A bad stack doesn’t make it easy enough to integrate the security efforts into the process •Resistance – ”A valid pentest report is only valid if it looks exactly like this.” •No DevOps – Dev’s love agile, Ops hate it
  • 45. What enables progress 45 •Link to the real activities, goals and people – Our security organization is small – Written reports and formal bureaucracy would cripple us •Projects use agile methodologies – Teams are used to managing tickets – Projects are agileboard-driven •Tools that work together – Link tickets, reports, sourcecode, releases, deliverables, configurations, backlogs, sprints and documentation
  • 46. 46
  • 47. Credits & thanks • Images and pictures are • created by the author • sourced as noted in the presentation • from freeimages.com • Thanks to everyone who gave insight and comments during the creation of this presentation • Thanks for the pig! Wrapup • Do your homework and spend your money wisely • Share information - internally and externally • The ”tone at the top” is a decisive factor • Keep focus on the real threats • Good is not good enough (only good enough is!) linkedin.com/in/thomasmalmberg @tsmalmbe malmberg@iki.fi