NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
The document discusses cybersecurity risks for non-IT professionals. It begins by defining cybersecurity and explaining how smart cities introduce new connections and vulnerabilities. It then provides examples of past cyber attacks, such as hacks on SingPass accounts, SMRT's webpage, and the Saudi Aramco network. The document also outlines common types of attacks like social engineering, ransomware, DDoS attacks, and risks from the Internet of Things. It emphasizes that cybersecurity is everyone's responsibility and provides tips for organizations to assess risks, create strategies and policies, train employees, and plan incident responses.
Back to the future - cyber security, privacy and visions of the futureb coatesworth
Back to the future. A retrospective look through the crystal ball at 6 Cyber security predictions from the rise Intrusion prevention to the loss of privacy
On How the Darknet and its Access to SCADA is a Threat to National Critical I...Matthew Kurnava
This document analyzes how the darknet poses a threat to national critical infrastructure. It begins with an introduction that defines the darknet and describes some of the illegal activities that occur there. The research question asks how the darknet threatens critical infrastructure and how vulnerable different sectors are. The hypothesis is that the darknet poses a primary threat to US cyber critical infrastructure due to criminal, hacktivist, and terrorist use that could significantly damage health and welfare. A literature review discusses research on darknet cyber attacks, hacktivist and terrorist groups using the darknet, and critical infrastructure's growing dependency on technology and vulnerability. The methodology will use an analytical approach to examine threats to each of the 16 US critical infrastructure sectors.
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesS.E. CTS CERT-GOV-MD
The document discusses cyber security in the Moldovan government. It introduces the Cyber Security Center CERT-GOV-MD, which was created in 2010 to handle cyber incidents in Moldovan public administration systems. CERT-GOV-MD aims to provide a single point of contact, assist authorities and citizens with incidents, and coordinate responses. The document also notes challenges like lack of strategy and legal framework, as well as solutions CERT-GOV-MD provides like alerts, best practices, and incident handling.
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
Stuxnet is analyzed in detail, including its architecture, functionality, and propagation methods. It is described as a highly advanced persistent threat that targeted Iran's nuclear facilities. The document outlines how Stuxnet used zero-day exploits and a digital certificate to inject code into industrial control systems and spread via removable drives and network shares. Stuxnet's command and control infrastructure and ability to infect project files for industrial software are also summarized.
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
The document discusses cybersecurity risks for non-IT professionals. It begins by defining cybersecurity and explaining how smart cities introduce new connections and vulnerabilities. It then provides examples of past cyber attacks, such as hacks on SingPass accounts, SMRT's webpage, and the Saudi Aramco network. The document also outlines common types of attacks like social engineering, ransomware, DDoS attacks, and risks from the Internet of Things. It emphasizes that cybersecurity is everyone's responsibility and provides tips for organizations to assess risks, create strategies and policies, train employees, and plan incident responses.
Back to the future - cyber security, privacy and visions of the futureb coatesworth
Back to the future. A retrospective look through the crystal ball at 6 Cyber security predictions from the rise Intrusion prevention to the loss of privacy
On How the Darknet and its Access to SCADA is a Threat to National Critical I...Matthew Kurnava
This document analyzes how the darknet poses a threat to national critical infrastructure. It begins with an introduction that defines the darknet and describes some of the illegal activities that occur there. The research question asks how the darknet threatens critical infrastructure and how vulnerable different sectors are. The hypothesis is that the darknet poses a primary threat to US cyber critical infrastructure due to criminal, hacktivist, and terrorist use that could significantly damage health and welfare. A literature review discusses research on darknet cyber attacks, hacktivist and terrorist groups using the darknet, and critical infrastructure's growing dependency on technology and vulnerability. The methodology will use an analytical approach to examine threats to each of the 16 US critical infrastructure sectors.
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesS.E. CTS CERT-GOV-MD
The document discusses cyber security in the Moldovan government. It introduces the Cyber Security Center CERT-GOV-MD, which was created in 2010 to handle cyber incidents in Moldovan public administration systems. CERT-GOV-MD aims to provide a single point of contact, assist authorities and citizens with incidents, and coordinate responses. The document also notes challenges like lack of strategy and legal framework, as well as solutions CERT-GOV-MD provides like alerts, best practices, and incident handling.
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
Stuxnet is analyzed in detail, including its architecture, functionality, and propagation methods. It is described as a highly advanced persistent threat that targeted Iran's nuclear facilities. The document outlines how Stuxnet used zero-day exploits and a digital certificate to inject code into industrial control systems and spread via removable drives and network shares. Stuxnet's command and control infrastructure and ability to infect project files for industrial software are also summarized.
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
The document summarizes a seminar on the Stuxnet cyber attack. It discusses Stuxnet as a sophisticated cyber weapon targeting Iranian nuclear facilities. It provides an overview of Stuxnet's architecture and propagation methods, describing how it exploited Windows vulnerabilities to infect industrial control systems and spread via removable drives. The document analyzes Stuxnet's command-and-control infrastructure and rootkit functionality used to hide its files and remain undetected on systems.
This document provides an outlook on cyber security for 2016, highlighting key cyber attacks that occurred in 2015 and trends moving forward. Some of the major cyber attacks in 2015 included hacking of Uber and Apple accounts, an Amazon password reset, and data breaches at LinkedIn and Spotify. There was also a record-breaking 602Gbps DDoS attack against BBC and a leak of 25GB of user data from Ashley Madison. The document discusses challenges around security of industrial control systems and internet of things devices. It recommends building cyber resilience through improving cyber defenses, increasing human expertise and collaboration, and ensuring critical infrastructures have cyber security operation centers for compliance. The outlook predicts a focus on security of industrial control systems and critical infrastructure in
Secure Data Transfer Over Internet Using Image Crypto-SteganographyOluwatobiloba Oluwole
The document proposes a system for secure data transfer over the internet using image crypto-steganography. It discusses combining cryptography and steganography to overcome each method's weaknesses. The proposed system would encrypt a secret message, hide it in a cover image using steganography, and transfer the crypto-stego object over the internet. At the receiver end, the secret message would be extracted from the cover image after decrypting the crypto-stego object with a private key. The system would be implemented using C# programming language in Visual Studio, and provide increased security for data transmission over the internet.
Dni nato cyber panel via the interceptBaddddBoyyyy
Russia and China pose the greatest cyber threats to NATO computer networks. Russia is considered the most strategic threat due to its capabilities and intent to target and disrupt NATO infrastructures. China's cyber espionage operations against military networks have expanded dramatically and NATO information is likely a target. While hacktivist groups get media attention, nation-states like Russia pose a greater threat through proxy operations. Classified NATO networks remain at risk from insider threats and vulnerabilities like infected thumb drives. Prioritizing the most critical data and networks could help allocate resources to address gaps and develop response plans.
This document provides an overview of cyberespionage and international cyber operations as weapons. It defines key terms, gives a brief history of cyberespionage dating back to the 1980s, describes the anatomy of a typical cyberespionage attack, discusses implications for nation-state policy, and outlines what individuals should do to protect themselves. The presenter is Mark Russinovich, author of Zero Day and Trojan Horse, speaking at an intermediate-level conference session.
The document discusses the role and responsibilities of the National Critical Information Infrastructure Protection Centre (NCIIPC) in India. It provides examples of past cyber attacks on critical information infrastructures around the world, such as Stuxnet and Flame malware. It also outlines international efforts to protect critical infrastructure and discusses India's initiatives to enhance information security and protect critical government organizations from cyber attacks.
The evolving threats and the challenges of the modern CISOisc2-hellenic
This document summarizes a presentation given by Gerasimos Moschonas on the evolving threats facing CISOs and the challenges they face. It discusses how threats are becoming more advanced as attacks grow more aggressive and attackers become more professional. It also examines how the role of CISO has evolved from an IT security administrator to an independent and strategic role responsible for information security governance. Specific threats discussed include big data, the internet of things, cybercrime, social engineering, mobility, and an increasingly regulated environment. The challenges for CISOs are aligning security and business strategies, reducing risks to an acceptable level while protecting the business brand, and preparing for security incidents.
Cyber(in)security: systemic risks and responsesblogzilla
Presented at National Security 2008 in Brussels. Updated for British Computer Society, Deutsche Bank, Oxford University, and University of Southern Denmark.
Presentation to OECD project group on Global Risk. Expanded version presented to British Computer Society, Deutsche Bank and University of Southern Denmark.
This document discusses cyberterrorism and related topics like cyber warfare. It begins by defining cyberterrorism and differentiating it from cyber crimes and cyber warfare. It then examines examples of cyber attacks attributed to terrorist and state-sponsored groups, including website defacements, denial of service attacks, and sophisticated intrusions into government and military networks to steal information. The document also evaluates the proportionality of state responses and proposes ways to increase security of critical networks and infrastructure by separating them from the public internet and limiting the use of commercial software.
FINAL PAPER 1
FINAL PAPER
1. INTRODUCTION 3
2. THREAT AND VULNERABILITY ASSESSMENT 4
2.1. ASSESSMENT SCOPE 4
2.2. MEASURES TO THREATS AND VULNERABILITIES IN THE COMPANY 6
2.3. THREAT AGENTS AND POSSIBLE ATTACKS 7
2.4. EXPLOITABLE VULNERABILITIES 9
3. MITIGATION STRATEGY 10
4. BUSINESS CONTINUITY PLAN 14
4.1. TESTING A DISASTER RECOVERY PLAN 14
4.2. RISK MANAGEMENT PLAN 15
4.3. CHANGE MANAGEMENT PLAN IMPACT 16
5. SECURITY AWARENESS PROGRAM 17
6. CONCLUSION 19
7. REFERENCES 21
Introduction
Gerić and Hutinski (2017), define threat as a potential harm or danger and Vulnerability as the exposure to possibility of harm. In information systems and organizational data, threats and vulnerabilities infer to the possible harms and possible exposure to harm of the information systems infrastructure and organizational data (Gerić & Hutinski, 2017). Tesla Company is a multinational company that as businesses in technological products such as cloud computing, artificial intelligence and e-commerce (Tran, Childerhouse & Deakins, 2016). Developing and categorizing a security mitigation strategy is essential for companies that deal with any kind of threat to their business. Risk mitigations strategies are designed to control, reduce, and eliminate known risks that threaten the business with a specified undertaking to prevent injury. The security awareness program is important especially to companies like Tesla. Each employee is supposed to be aware of their roles and responsibilities in fighting against cyber threat and attack. Training must be attended by every employee to completion and their capabilities tested in a simulated attack so that they can be familiar with the types of attack to expect. This paper is going to focus on the kind of policies and procedures that will help the Tesla Company to improve security awareness so that they can reduce the risk of cyber threats and attacks.
2. Threat and vulnerability assessment
2.1Assessment Scope
Though in most cases threat and vulnerability assessment involve both physical and intangible assets like computer hard-wares ,organizational networks ,virtualization, database, cloud and mobile systems, this assessment would only focus on users and the intangible organizational assets which form the information system infrastructure of Tesla Inc. Precisely, the assessment would focus on cyber- related attacks on these information systems infrastructures.
Tesla has a broad range of information system infrastructure which include, people, information systems, information security systems (Tanwar et al., 2019). Tesla’s primary information system assets include E-commerce and web-based services, namely, cloud computing, database, ...
This document discusses threat and vulnerability assessment and mitigation strategies for Tesla's information systems infrastructure. It assesses threats such as phishing, malware attacks, and denial of service attacks. It also examines exploitable vulnerabilities like employees, internet of things devices, and software updates. The document proposes several mitigation strategies to reduce risks from threats and vulnerabilities, including network firewalls, encryption, access controls, and security awareness training for employees.
The document discusses cyber defense preparedness and surviving cyber war. It outlines 5 levels of cyber defense conditions ranging from travel warnings to nation-state attacks intended to destroy infrastructure. It also discusses the threat hierarchy from information warfare to cybercrime and hacktivism. Recommendations are made to appoint a cyber security commander and implement defense in depth to survive cyber attacks.
The document summarizes several well-known cyber attacks on critical infrastructure systems from 2015-2021, including:
1) Attacks on Ukraine's power grid in 2015-2016 that caused widespread power outages.
2) The global NotPetya ransomware attack in 2017 that disrupted shipping, logistics and energy sectors.
3) The Triton/Trisis attack in 2017 targeting an oil facility in Saudi Arabia that aimed to potentially cause physical harm.
4) The 2021 ransomware attack on the Colonial Pipeline that shut down its operations and led to fuel shortages.
This document describes a cybersecurity simulation exercise taking place between April and October 2016. It will involve the staged release of scenarios related to technical cybersecurity incidents, business continuity, and crisis management. Participants will include IT security and business continuity teams who will handle incidents virtually and develop relationships with national and EU authorities. The goals are to test incident response and build expertise in addressing large-scale cybersecurity events. Details are provided on the types of incidents that will be covered as well as registration information.
This document provides a detailed syllabus for an Information Security course. It includes 5 units: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit covers the history of information security and computer security. It defines key concepts like confidentiality, integrity, availability, and the CIA triangle. It also discusses security models and the components of an information system. The other units will cover topics like risk management, access control, security standards, cryptography, and physical security controls.
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
The document summarizes a seminar on the Stuxnet cyber attack. It discusses Stuxnet as a sophisticated cyber weapon targeting Iranian nuclear facilities. It provides an overview of Stuxnet's architecture and propagation methods, describing how it exploited Windows vulnerabilities to infect industrial control systems and spread via removable drives. The document analyzes Stuxnet's command-and-control infrastructure and rootkit functionality used to hide its files and remain undetected on systems.
This document provides an outlook on cyber security for 2016, highlighting key cyber attacks that occurred in 2015 and trends moving forward. Some of the major cyber attacks in 2015 included hacking of Uber and Apple accounts, an Amazon password reset, and data breaches at LinkedIn and Spotify. There was also a record-breaking 602Gbps DDoS attack against BBC and a leak of 25GB of user data from Ashley Madison. The document discusses challenges around security of industrial control systems and internet of things devices. It recommends building cyber resilience through improving cyber defenses, increasing human expertise and collaboration, and ensuring critical infrastructures have cyber security operation centers for compliance. The outlook predicts a focus on security of industrial control systems and critical infrastructure in
Secure Data Transfer Over Internet Using Image Crypto-SteganographyOluwatobiloba Oluwole
The document proposes a system for secure data transfer over the internet using image crypto-steganography. It discusses combining cryptography and steganography to overcome each method's weaknesses. The proposed system would encrypt a secret message, hide it in a cover image using steganography, and transfer the crypto-stego object over the internet. At the receiver end, the secret message would be extracted from the cover image after decrypting the crypto-stego object with a private key. The system would be implemented using C# programming language in Visual Studio, and provide increased security for data transmission over the internet.
Dni nato cyber panel via the interceptBaddddBoyyyy
Russia and China pose the greatest cyber threats to NATO computer networks. Russia is considered the most strategic threat due to its capabilities and intent to target and disrupt NATO infrastructures. China's cyber espionage operations against military networks have expanded dramatically and NATO information is likely a target. While hacktivist groups get media attention, nation-states like Russia pose a greater threat through proxy operations. Classified NATO networks remain at risk from insider threats and vulnerabilities like infected thumb drives. Prioritizing the most critical data and networks could help allocate resources to address gaps and develop response plans.
This document provides an overview of cyberespionage and international cyber operations as weapons. It defines key terms, gives a brief history of cyberespionage dating back to the 1980s, describes the anatomy of a typical cyberespionage attack, discusses implications for nation-state policy, and outlines what individuals should do to protect themselves. The presenter is Mark Russinovich, author of Zero Day and Trojan Horse, speaking at an intermediate-level conference session.
The document discusses the role and responsibilities of the National Critical Information Infrastructure Protection Centre (NCIIPC) in India. It provides examples of past cyber attacks on critical information infrastructures around the world, such as Stuxnet and Flame malware. It also outlines international efforts to protect critical infrastructure and discusses India's initiatives to enhance information security and protect critical government organizations from cyber attacks.
The evolving threats and the challenges of the modern CISOisc2-hellenic
This document summarizes a presentation given by Gerasimos Moschonas on the evolving threats facing CISOs and the challenges they face. It discusses how threats are becoming more advanced as attacks grow more aggressive and attackers become more professional. It also examines how the role of CISO has evolved from an IT security administrator to an independent and strategic role responsible for information security governance. Specific threats discussed include big data, the internet of things, cybercrime, social engineering, mobility, and an increasingly regulated environment. The challenges for CISOs are aligning security and business strategies, reducing risks to an acceptable level while protecting the business brand, and preparing for security incidents.
Cyber(in)security: systemic risks and responsesblogzilla
Presented at National Security 2008 in Brussels. Updated for British Computer Society, Deutsche Bank, Oxford University, and University of Southern Denmark.
Presentation to OECD project group on Global Risk. Expanded version presented to British Computer Society, Deutsche Bank and University of Southern Denmark.
This document discusses cyberterrorism and related topics like cyber warfare. It begins by defining cyberterrorism and differentiating it from cyber crimes and cyber warfare. It then examines examples of cyber attacks attributed to terrorist and state-sponsored groups, including website defacements, denial of service attacks, and sophisticated intrusions into government and military networks to steal information. The document also evaluates the proportionality of state responses and proposes ways to increase security of critical networks and infrastructure by separating them from the public internet and limiting the use of commercial software.
FINAL PAPER 1
FINAL PAPER
1. INTRODUCTION 3
2. THREAT AND VULNERABILITY ASSESSMENT 4
2.1. ASSESSMENT SCOPE 4
2.2. MEASURES TO THREATS AND VULNERABILITIES IN THE COMPANY 6
2.3. THREAT AGENTS AND POSSIBLE ATTACKS 7
2.4. EXPLOITABLE VULNERABILITIES 9
3. MITIGATION STRATEGY 10
4. BUSINESS CONTINUITY PLAN 14
4.1. TESTING A DISASTER RECOVERY PLAN 14
4.2. RISK MANAGEMENT PLAN 15
4.3. CHANGE MANAGEMENT PLAN IMPACT 16
5. SECURITY AWARENESS PROGRAM 17
6. CONCLUSION 19
7. REFERENCES 21
Introduction
Gerić and Hutinski (2017), define threat as a potential harm or danger and Vulnerability as the exposure to possibility of harm. In information systems and organizational data, threats and vulnerabilities infer to the possible harms and possible exposure to harm of the information systems infrastructure and organizational data (Gerić & Hutinski, 2017). Tesla Company is a multinational company that as businesses in technological products such as cloud computing, artificial intelligence and e-commerce (Tran, Childerhouse & Deakins, 2016). Developing and categorizing a security mitigation strategy is essential for companies that deal with any kind of threat to their business. Risk mitigations strategies are designed to control, reduce, and eliminate known risks that threaten the business with a specified undertaking to prevent injury. The security awareness program is important especially to companies like Tesla. Each employee is supposed to be aware of their roles and responsibilities in fighting against cyber threat and attack. Training must be attended by every employee to completion and their capabilities tested in a simulated attack so that they can be familiar with the types of attack to expect. This paper is going to focus on the kind of policies and procedures that will help the Tesla Company to improve security awareness so that they can reduce the risk of cyber threats and attacks.
2. Threat and vulnerability assessment
2.1Assessment Scope
Though in most cases threat and vulnerability assessment involve both physical and intangible assets like computer hard-wares ,organizational networks ,virtualization, database, cloud and mobile systems, this assessment would only focus on users and the intangible organizational assets which form the information system infrastructure of Tesla Inc. Precisely, the assessment would focus on cyber- related attacks on these information systems infrastructures.
Tesla has a broad range of information system infrastructure which include, people, information systems, information security systems (Tanwar et al., 2019). Tesla’s primary information system assets include E-commerce and web-based services, namely, cloud computing, database, ...
This document discusses threat and vulnerability assessment and mitigation strategies for Tesla's information systems infrastructure. It assesses threats such as phishing, malware attacks, and denial of service attacks. It also examines exploitable vulnerabilities like employees, internet of things devices, and software updates. The document proposes several mitigation strategies to reduce risks from threats and vulnerabilities, including network firewalls, encryption, access controls, and security awareness training for employees.
The document discusses cyber defense preparedness and surviving cyber war. It outlines 5 levels of cyber defense conditions ranging from travel warnings to nation-state attacks intended to destroy infrastructure. It also discusses the threat hierarchy from information warfare to cybercrime and hacktivism. Recommendations are made to appoint a cyber security commander and implement defense in depth to survive cyber attacks.
The document summarizes several well-known cyber attacks on critical infrastructure systems from 2015-2021, including:
1) Attacks on Ukraine's power grid in 2015-2016 that caused widespread power outages.
2) The global NotPetya ransomware attack in 2017 that disrupted shipping, logistics and energy sectors.
3) The Triton/Trisis attack in 2017 targeting an oil facility in Saudi Arabia that aimed to potentially cause physical harm.
4) The 2021 ransomware attack on the Colonial Pipeline that shut down its operations and led to fuel shortages.
This document describes a cybersecurity simulation exercise taking place between April and October 2016. It will involve the staged release of scenarios related to technical cybersecurity incidents, business continuity, and crisis management. Participants will include IT security and business continuity teams who will handle incidents virtually and develop relationships with national and EU authorities. The goals are to test incident response and build expertise in addressing large-scale cybersecurity events. Details are provided on the types of incidents that will be covered as well as registration information.
This document provides a detailed syllabus for an Information Security course. It includes 5 units: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit covers the history of information security and computer security. It defines key concepts like confidentiality, integrity, availability, and the CIA triangle. It also discusses security models and the components of an information system. The other units will cover topics like risk management, access control, security standards, cryptography, and physical security controls.
Similar to APT Attacks on Critical Infrastructure (20)
The document discusses Capture the Flag (CTF) competitions and wargames and why everyone should participate in them. It notes that CTFs are legal hacking games or puzzles that help people improve their information security skills. Wargames are similar but always online and have no time limits. The document outlines different categories of challenges people may encounter in CTFs and wargames, including programming, cryptography, steganography, forensics, reverse engineering, and web challenges. It argues that participating provides free training, is fun, helps improve skills, allows competitive testing of skills, and can help with recruitment and stress testing teams.
Improving Network Intrusion Detection with Traffic DenoiseMiroslav Stampar
This document discusses improving network intrusion detection systems by filtering out "noise" from real threats. It proposes collecting data from multiple sensors on different IP ranges to identify traffic that is seen across many networks, which is likely noise rather than targeted attacks. By ignoring or lowering the severity of events originating from noisy IP addresses found on public blacklists or seen across different sensor networks, the system could focus alerts on real adversaries and reduce the number of false alarms. An experimental system using these techniques saw a 35-37% reduction in total events and threats after filtering noise. Further development could help security teams prioritize real network threats.
These are the slides from a guest talk "2014 – Year of Broken Name Generator(s)" held at Faculty of Electrical Engineering and Computing 2015 (Croatia / Zagreb 16th January 2015) by Miroslav Stampar
This document discusses the history and techniques of buffer overflow exploits. It begins with an overview of stack-based and heap-based buffer overflows and vulnerable code. It then details the history of buffer overflow exploitation from 1961 to present day. The rest of the document explains techniques used to exploit buffer overflows such as DEP/NX, ASLR, stack canaries, NOP sleds, return-to-libc, egg hunting, heap spraying, and return-oriented programming. It also discusses defenses implemented by operating systems like SEHOP, SafeSEH, and safe functions.
These are the slides from a guest talk "Hash DoS Attack" held at Faculty of Electrical Engineering and Computing 2014 (Croatia / Zagreb 17th January 2014) by Miroslav Stampar
This document describes a case study of discovering and exploiting a SQL injection vulnerability. Over the course of three days, the researcher tested various parameters of a web application using sqlmap and custom payloads. After initial failures, the researcher realized the application was using Windows Search and leveraged its Advanced Query Syntax to conduct file queries and infer file contents. This allowed retrieving a local web.config file containing a SQL Server password. The researcher concluded that thorough manual analysis is needed to fully understand vulnerabilities beyond just using automated scanners.
These are the slides from a talk "Heuristic methods
used in sqlmap" held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) by Miroslav Stampar
This document summarizes sqlmap, an open source penetration testing tool used for detecting and exploiting SQL injection flaws. It discusses sqlmap's features such as supporting large data dumps, storing session data, XML payload and query formats, multithreading, direct database connections, loading requests from files, form and site crawling, authentication, detection of reflection and dynamic content, and fingerprinting of databases and web servers.
These are the slides from a talk "Spot the Web Vulnerability" held at Hacktivity 2012 conference (Hungary / Budapest 12th–13th October 2012) by Miroslav Stampar.
These are the slides from a talk "Analysis of mass SQL injection attacks" held at FSec 2012 conference (Croatia / Varazdin 21st September 2012) by Miroslav Stampar
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APT Attacks on Critical Infrastructure
1. APT Attacks onAPT Attacks on
Critical InfrastructureCritical Infrastructure
Miroslav Štampar
(mstampar@zsis.hr)
APT Attacks onAPT Attacks on
Critical InfrastructureCritical Infrastructure
Miroslav Štampar
(mstampar@zsis.hr)
2. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 2
DisclaimerDisclaimer
I don’t do attribution. Majority of research data
has been gathered from Western world sources
(anti-virus companies, media, academia, etc.)
3. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 3
Critical InfrastructureCritical Infrastructure
…sectors whose assets, systems, and networks,
whether physical or virtual, are considered so vital to
the <country> that their incapacitation or destruction
would have a debilitating effect on security, national
economic security, national public health or safety, or
any combination thereof.
[Department of Homeland SecurityDepartment of Homeland Security]
4. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 4
Advanced Persistent Threat (APT)Advanced Persistent Threat (APT)
“Advanced persistent threat is a military term
adapted into the information security context
that refers to attacks carried out by nation-
states … It is also typical of APT attacks to go
after a country’s infrastructure, such as its
power grids, nuclear reactors, or fuel
pipelines.”
[Trend MicroTrend Micro]
5. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 5
World Powers #cyberwarfare #apt #criticalWorld Powers #cyberwarfare #apt #critical
6. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 6
Characteristics (1)Characteristics (1)
Multi-modular (e.g. key sniffing, screenshot
capturing, LAN MiTM, etc.)
Larger size than regular malware (e.g.
10MB)
Non-regular malware programming traits
(e.g. LUA programming language)
Support for multi-platform attacks (e.g.
Windows OS, SIMATIC WinCC, etc.)
Support for communication with industrial
process controllers (e.g. PLCs)
7. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 7
Characteristics (2)Characteristics (2)
9AM-5PM build / compilation timestamps
0-day exploits
Support for infecting air-gapped networks
Digitally signed components (e.g. drivers)
Infection constraints (e.g. geo-location)
Attacked (victim) organizations have geo-
political importance (e.g. nuclear plant,
electric grid, etc.)
In short: APT modus operandi (attack
vectors, etc.) + support for IPC
8. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 8
Stuxnet (1)Stuxnet (1)
Natanz nuclear enrichment lab in Iran
9. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 9
Stuxnet (2)Stuxnet (2)
USA and Israel targeting Iran (2005-2012)
Attacked Windows OS (four 0-day
vulnerabilities), Siemens PCS 7, WinCC, STEP7
and Siemens S7 PLC
Silent if Siemens software was not found on
infected computers
Faked control sensor signals to prevent
shutting down due to abnormal behavior
Caused fast-spinning centrifuges to tear
themselves apart (1064Hz→1410Hz→2000Hz)
Around 1,000 centrifuges destroyed
10. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 10
Stuxnet (3)Stuxnet (3)
Zero Days (2016)
11. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 11
Flame (1)Flame (1)
USA and UK targeting Iran (2010-2012)
“20 times” more complicated than Stuxnet
Written in LUA (scripting language) and C++
Flame has only been one module’s name,
along with: Boost, Flask, Jimmy, Munch, Snack,
Spotter, Transport, Euphoria, Headache, etc.
Believed to be Stuxnet’s successor
Unlike Stuxnet, it is believed that Flame has
been designed only (?) for cyber-espionage –
collect and delete sensitive information (i.e. no
destruction inside physical realm)
13. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 13
DuquDuqu
USA targeting Iran (2007-2011 and 2014-
2015)
Probably related to the Stuxnet (same
source code used)
Caught in wild with payload for gathering
information that could be used against ICS
Uses JPEG files and encrypted dummy files
(e.g. ~DQ7.tmp) to smuggle data (e.g. user
digital certificates and private keys)
Windows OS 0-day vulnerabilities and
digitally signed components
14. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 14
BlackEnergy (1)BlackEnergy (1)
Russian Federation targeting Ukraine (2014-
2015)
Russian cyber espionage group Sandworm
Trojan (2007-...) used for DDoS, espionage,
information destruction (KillDisk), etc.
Starting with 2014 SCADA plugin targeting ICS
(Industrial Control Systems) and energy
markets worldwide
Power facility Prykarpattya Oblenergo
December 23rd
2015, 50% of homes in Ivano-
Frankivsk region (population cca. 1.4 million)
left without electricity for a few hours
15. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 15
BlackEnergy (2)BlackEnergy (2)
16. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 16
CleaverCleaver
Iran targeting 16 countries (USA, Israel, China,
Saudi Arabia, India, Germany, France, etc.)
(2014)
Military, oil and gas, energy and utilities,
transportation, airlines, airports, hospitals and
aerospace industries organizations worldwide
Attacking wide range of platforms (Microsoft,
Linux, Cisco VPNs, potentially ICS/SCADA, etc.)
Probably a retaliation for Stuxnet et al.
Demonstration of Iran’s cyber capabilities for
additional geopolitical leverage (though, no 0-
days were found)
17. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 17
ReginRegin
USA and UK targeting non-English speaking
countries (including EU) (2011-2015)
Persistent, long-term mass surveillance
operations against targets
Among all, attacking telecom providers
(Belgacom) – to gain access to calls being
routed through compromised infrastructure
Parts (later) described in Snowden’s leak
Encrypted virtual file system (EVFS),
communication with C&C over ICMP, HTTP
Cookies, custom TCP/UDP protocols, etc.
18. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 18
DragonFly (1)DragonFly (1)
Russian Federation targeting EU, USA and
Canada (2011-2014)
Also known as “Energetic Bear”
Cyber-espionage attacks against aviation
sector, energy sector and industrial control
systems
Phishing emails, watering hole attacks
(Lightsout exploit kit) and update hijacks
Remote Access Tool (RAT) Oldrea / Havex
Hacked sites as C&Cs
20. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 20
ShamoonShamoon
Iran targeting countries in Persian Gulf
(particularly Saudi Arabia) (2012 and 2016-
2017)
Oil and energy-sector organizations
Spear phishing attacks as main point of entry
Designed to cause “mass destruction” in local
network
Stealing information and destroying infected
machines (Master Boot Record – MBR) – Wiper
module
Saudi Aramco – damaged 30,000 computers
21. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 21
Dust StormDust Storm
China targeting Japan, South Korea, USA and
EU (2010-2016)
Cyber-espionage attacks against oil, gas,
electric utilities and transportation companies,
etc.
Spear phishing attacks as main point of entry
Android trojan(s) (forwarding SMS messages,
exfiltration of files, etc.)
Microsoft Windows trojan(s) (infection through
IE, Word and Flash 0-day exploits)
22. Cyber Defense Symposium, Mali Losinj (Croatia) August 19th, 2017 22
IndustroyerIndustroyer
??? (2016-2017)
Specifically designed to attack electrical grids
(four different industrial communication
protocols)
Maybe (???) used in the December 17th
2016
cyber-attack on Ukraine’s power grid – part of
Kiev without power for one hour
Considered to be a large-scale test for
(potential) future attacks
Tor communication with C&C
Wiper and DoS (Siemens SIPROTECT)
components