Successfully reported this slideshow.
Your SlideShare is downloading. ×

Cyber War ( World War 3 )

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 15 Ad

Cyber War ( World War 3 )

Download to read offline

Fight for new “space” is now “Cyber space”.
War fare changed to “Information Technology” .
Cyber space stage platform for World War 3.

Fight for new “space” is now “Cyber space”.
War fare changed to “Information Technology” .
Cyber space stage platform for World War 3.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Viewers also liked (20)

Advertisement

Similar to Cyber War ( World War 3 ) (20)

Advertisement

Cyber War ( World War 3 )

  1. 1. World War 3
  2. 2. Quote Human has to learn only one thing from history. That they have not learnt anything from History.
  3. 3. World Wars WW1 WW2 Historysays  Mankindfightfor new space  War fare& strategychanges  France defeatedin 6 weekseventhough6 Bn francdefenceset up beforeWW2afterWW 1 learning  Only unchanged anddecidingfactorin WARis “Human”-Stillnot replaceable Weapons • Machine Gun • Poison gas • Submarine • Airplane • Tank Strategy • Fought from Trenches • Supported by army • Static with little mobility Weapons • All of WW1 • Paratrooper • Nuclear bomb • Missiles • Advanced sub / Jet Planes / Radar • Encrypted communication Strategy • Blitzkrieg • Propaganda • Kamikaze
  4. 4. WW3 is Cyber War • Fight for new “space” is now “Cyber space” • War fare changed to “Information Technology” • With time strategy & weapons changed, can’t rely on old methods • CW involved country, government agency, extremely skilled people- All fighting remotely, unseen by victims • Intentions: Destroy e-space, financial gains, e-terrorism, e-ransom, brand destruction, people confidence shaking Remember Strategy and Skilled army together “Win” in history of manpower
  5. 5. Cyber War Scene • Battle field: Cyber space • Goals to win: Political and Financial - Crime + Sabotage + Espionage + Intellectual property • Warfare: Intelligent unseen snipers using e-tools • Army: 60 Mn command and control centre. 67% are known CnCC, 204 countries involved • Research: 51 countries has cyber research espionage labs • Internal threats: Lots of inside trading and hedging in financial markets No zero day defence by companies and new attacks are made with newly written non repeated malicious scripts • Enemies: No one knows, almost every one on internet is suspected. Even your own government is watching and tracking all activity • Allies: Can’t trust any country or human being • Defence is not knowing Offence Strategy and strength
  6. 6. Offence Evolution Virus & Worms Malware for financial gain APT- Advanced Persistent Threats Key and Certificate based attacks 1990 2000 2007 2010 State backed hacks 2012 Melissa Code Red Mvdoom, Bagle, DM5v Zeus, Aurora, Conflicker Spyeye, Dugu, Diginotar, Comodo, Bit9 Stuxnet, Sony ,Iran nuclear, Extremist linked Objective Threats Examples IT disruption, User machine damage Hacker financial gain Focus company / agency Exploit mass users Government backed Network based E mail, Application based Social Engineering based Application based Politically motivated
  7. 7. Consumerization, social, mobile, cloud, big data and IoT are all contributing an increased risk of security and data breaches “With continuing trends in cloud, consumerization, mobility and the "next big thing", the way IT is delivered is changing. Each brings new threats and breaks old security processes.”–Gartner “Information security must evolve from just an IT project to the core of critical business decisions. You must protect enterprise data from compromise and drive innovation at the same time.” –Gartner “Increasing use of cloud-based services, user mobility and multiple devices is adding complexity to security, particularly identity management requirements.” – Ovum New age technology brings new Security challenge and we need to device new defense strategy New fronts of attacks pouring in
  8. 8. Timing: 24.11.14, planed for past one year What was compromised: 100 TB of Data, unreleased movies, confidential communications and reports. Wiper malware installed to delete rest of data, salary data, Culprits: GOP (Guardian of Peace), North Korea backed hackers (Really??) Motive: Prevent release of film “Interview” on North Korea leader Other damages: Network was down for days, employees were asked not to attend office, hackers posted 4 unreleased movies, legal proceedings against hackers, hiring of security agencies to damage control, controversies etc. Case study - Sony When: April, 2011 What was compromised: Personal information of millions of customers, including their names, email addresses, dates of birth and account passwords Culprits: Hackers Motive: Financial gain, $ 171 Mn loss to Sony Aftermath: Breach of UK Data protection act and penalty of GBP 250K, shaken customer confidence
  9. 9. Case study Target Corporation (Retail Company) When: November - December, 2013 What was compromised: 40 millions of customers credit card and 70 Million other details Motive: Financial gain How: Target was using BMC Remedy Performance Management tool. One user “BEST_USER” with Admin right and password “BACKUPU$R” was compromised. Hackers took away data through Internet. Impact: Sales down just before Christmas, CISO resigned, 3 other retails were attacked using similar technique IRAN NUCLEAR FACILITY What was compromised: Centrifuge pumps in Iranian Nuclear secret facility Motive: Political How: One USB was dropped at facility doped with “STUXNET”. It was highly sophisticated malware made by super skilled team backed by some nations. It spread and infected PLC in plant. Made all machines malfunction. Currently many modified versions of STUXNET available on Internet.
  10. 10. Stats - Analysis • About Defence in depth is just not enough • Hacking seen in spite of lots of traditional tools • Analysis by Human is inevitable • Continuous improvement in skills and tools is imperative to win • Complete information security life cycle protection required
  11. 11. Why you should worry about CW • Brand value at stake • Company potential target due to high business visibility • Reputed brand for country attracts enemy government • Loss to company can cause economical damage to country • Can attract lots of attention if hacked • Huge financial gain to attackers • Can shake client and investors confidence
  12. 12. Current Defence • Most companies are putting complicated defence in depth defence - proxy, gateways, DLP etc. • China 3 PLA and Russia RBN easily breached Defence in depth • Offence and defence are completely dislocated • Focus is on Tools implementation • Signature based 25 years old defence model • Human intelligence is not fully used • Attack mentality not understood to strategize
  13. 13. How to win the CW3 • Threat Modelling • Continuous upgrade of Security Strategy • Align with business • Are we sufficient resourceful to defend? • Defend after to study Hacker mindshare • Relook at Dash board • Automate security and operation activities to reduce human errors • Analyze every possible pattern to catch suspects
  14. 14. Sameer Paradia (CGEIT, CISM, CISSP) (sameer_m_paradia@yahoo.com) Practicing IT Security Services and Outsourcing for past 22+ years Photo acknowledgment: https://www.flickr.com/photos/babalas_shipyards/5339531237/in/photostream/ http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostre
  15. 15. Thank you so much!!

×