SlideShare a Scribd company logo

APT & Data Breach - Lesson Learned

Download as PPSX, PDF
Ade Ismail Isnan
Ade Ismail Isnan

(2015) This slides to show the audience how APT work and can cause massive data breach in one famous company in US. Lesson learned: keep security in mind for the sake of your business.

1 of 25
Sony Pictures Data Breaches Brief Technical Analysis By: Ade Ismail Isnan Compiled from many source. Send any suggestion to: adeismail@tibandung.com
Source: miltonsecurity.com
Sony Pictures Hack • Targeted & organized attack • The duration of the hack is yet unknown, though evidence suggests that the intrusion had been occurring for more than a year, prior to its discovery in November 2014. • Perfect example of Advanced Persistent Threat (APT) attack
APT Attack Vector • Email attachment contains malware • Drive-by download website • Malware attached with legacy apps (Trojan) • Application attack • 0-day vulnerability • Social engineering
Facts About Sony Pictures, Prior the Attack • “1 firewall and more than 100 other devices were not being monitored” (source: recode.net) • “The auditor found the password Sony employees were using didn’t meet best practice standard. Sony employee were using proper nouns.” (source: cio.com) • “Sony Executive knew about extensive IT Flaws two months before leaks” (source: gizmodo.com)
Backdoor.Destover • Also known as BKDR_WIPALL.A in TrendMicro threat DB • This backdoor were used by the hacker to take control of Sony computers (source: trendmicro.com) • Once activated this backdoor provide access to the compromised system for the attacker with hardcoded username • It also tries to connect to the several IP address on the internet (over SSL/encrypted), including: – 203.131.222.102:443 – 208.105.226.235:443
Backdoor.Destover Attempt to login to shared network drives Connect to its C&C Server via encrypted communication (SSL) Programmed to wipe ALL data on compromised hosts
Backdoor.Destover Another dropped malware, net_var.dat, search and scan in Sony network (by ping sweep & TCP/UDP sweep scan) So then it will provide list of targeted hostnames
Backdoor.Destover
Attack Flow: (1) Attack Vector
Attack Flow: (2) Backdoor Provide Access Compromised Exploit! -Bruteforce weak password -Unpatched service vulnerability Compromised Exploit! -Bruteforce weak password -Unpatched service vulnerability Compromised
Attack Flow: (3) Stealing Data Compromised Compromised Compromised Films, email conversations, employee data, password files, and many more (reported: around 100 TB)
Attack Flow: (4) Time Bomb in Nov 24th Compromised Compromised Compromised
Key for the Major Breach: Bad Password Management Below is a screenshot of some of the contents of the ‘Password’ folder from the Hacker’s “bonus.rar” file:
Aftermath • The hackers involved claim to have taken over 100 Terabytes of data from Sony, includes some films that planned to be released to movie theatre in 2015:
Aftermath (contd.) • The hackers wipe some sensitive data using the built-in function of Backdoor.Destover malware • The hackers released Sony sensitive information to public (eg: contract, salaries, email conversation, employee database, etc) • Cyber attack could cost Sony studio as much as USD$ 100 million (source: reuters.com)
Aftermath (contd.) • Several Sony-related social media accounts were also taken over (those social media passwords were also included in “bonus.rar” file)
Lesson Learned • Lack of awareness of security risks by Sony Pictures from management executive & employee • The importance of IT security monitoring and system patches • Sony Pictures should have and enforce the standard security procedure to the organization • Sony Pictures should classify the level of sensitivity of its data/information/infrastructure (eg: Top Secret, Highly Confidential, Proprietary, Internal Use Only, Public) and control access to them. • Sony IT employee should not store password in plan-easy-to- read-text • Sony Pictures doesn’t have proper incident handling procedure
Major Security Breach Cases Company Case eBay The online auction house suffered a breach in May 2014 that compromised the account information of over 100 million customers. JP Morgan This investment banking institution had been breached. The breach reportedly affected over 76 million households and 7 million small businesses which resulted in the compromise of user contact details including names, addresses, phone numbers, email addresses, and others. Sony Playstation In August 2014, Sony has become a target of a distributed denial of service (DDoS) attack. The attack impacted their online services. Sony Pictures Entertainment The hackers involved claim to have taken over 100 Terabytes of data from Sony, includes some films that planned to be released to movie theatre in 2015. This cyber attack could cost Sony studio as much as $100 million USD Forbes Organizations performing threat intelligence research and endpoint security have collaborated in reporting that Forbes.com was among several sites that were compromised from November 28 through December 1, 2014. China Government Hundreds of phone numbers, names, IP addresses and email addresses from Chinese government servers have been stolen and leaked online by Anonymous group Various & Multinational Institutions an APT group called Carbanak, a.k.a Anuanak and Silicon, has stolen an estimated $1 billion USD from more than 100 financial institutions in 30 countries.
What is Security Awareness? Security awareness is knowledge of potential threats. It is the advantage of knowing what types of security issues and incidents members of our organization may face in the day-to-day routine of their Corporate functions. Technology alone cannot provide adequate information security. People, awareness and personal responsibility are critical to the success of any information security program.
Process People Technology Systems must be built to technically adhere to policy People must understand their responsibilities regarding policy Policies must be developed, communicated, maintained and enforced Processes must be developed that show how policies will be implemented Security Implementation Relies On:
Why is Awareness Important?
Virus Signature Virus Signature Virus Signature How about this? I’m new threat! Antivirus software updated… - 1 new known virus added! Oopss… Oopss… Oopss…
Most Common Security Mistakes 1. Passwords on Post-it Notes 2. Leaving the computer on, unattended 3. Opening e-mail attachments from strangers 4. Poor password etiquette 5. Laptops on the loose 6. Plug and play without protection 7. Not reporting security violations
Q&A Thank You By: Ade Ismail Isnan Compiled from many source. Send any suggestion to: adeismail@tibandung.com

Recommended

Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)
Wail Hassan
 

Recommended

Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)
Wail Hassan
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
Wail Hassan
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
Wail Hassan
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Morakinyo Animasaun
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
The eCore Group
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
Saqib Raza
 
Cyber Threat Simulation
Cyber Threat SimulationCyber Threat Simulation
Cyber Threat Simulation
Tonex
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Umang Patel
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
Mark Gibson
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
Aditya Singh Rana
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Agung Suwandaru
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
On November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdfOn November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdf
aabdin101
 

More Related Content

What's hot

Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
Wail Hassan
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
Wail Hassan
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Morakinyo Animasaun
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
The eCore Group
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
joshquarrie
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
Saqib Raza
 
Cyber Threat Simulation
Cyber Threat SimulationCyber Threat Simulation
Cyber Threat Simulation
Tonex
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Umang Patel
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
Mark Gibson
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
Aditya Singh Rana
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Agung Suwandaru
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 

What's hot (20)

Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
 
1 security goals
1 security goals1 security goals
1 security goals
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
Cyber Threat Simulation
Cyber Threat SimulationCyber Threat Simulation
Cyber Threat Simulation
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 

Similar to APT & Data Breach - Lesson Learned

SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
On November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdfOn November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdf
aabdin101
 
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfCase Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
accuraprintengineers
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
Raghunath G
 
Software Security & Network Security
Software Security & Network SecuritySoftware Security & Network Security
Software Security & Network Security
Maruf Hasan
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry
Lisa Stockley
 
a. Disclosure  secret information known.Recent security incident .pdf
a. Disclosure  secret information known.Recent security incident .pdfa. Disclosure  secret information known.Recent security incident .pdf
a. Disclosure  secret information known.Recent security incident .pdf
anupamele
 
Hacker !
Hacker !Hacker !
Hacker !
Mahmoud Saeed
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
TzahiArabov
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
ANKITA VISHWAKARMA
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
ashish kumar
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
ShivamSharma909
 
Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...
Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...
Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...
BizLibrary
 
Network security
Network securityNetwork security
Network security
LukeDaniel12
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
chauhananand17
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Hackers 22
Hackers 22Hackers 22
Hackers 22
Mahmoud Saeed
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threats
dnomura
 

Similar to APT & Data Breach - Lesson Learned (20)

SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
On November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdfOn November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdf
 
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfCase Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
Software Security & Network Security
Software Security & Network SecuritySoftware Security & Network Security
Software Security & Network Security
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry
 
a. Disclosure  secret information known.Recent security incident .pdf
a. Disclosure  secret information known.Recent security incident .pdfa. Disclosure  secret information known.Recent security incident .pdf
a. Disclosure  secret information known.Recent security incident .pdf
 
Hacker !
Hacker !Hacker !
Hacker !
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
 
Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...
Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...
Lessons Learned from the Top Four Cyber Security Breaches & How Your Company ...
 
Network security
Network securityNetwork security
Network security
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Hackers 22
Hackers 22Hackers 22
Hackers 22
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threats
 

More from Ade Ismail Isnan

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ade Ismail Isnan
 
First Time Hacking (Bahasa Indonesia)
First Time Hacking (Bahasa Indonesia)First Time Hacking (Bahasa Indonesia)
First Time Hacking (Bahasa Indonesia)
Ade Ismail Isnan
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
Ade Ismail Isnan
 
Intrusion Prevention Honeypot System
Intrusion Prevention Honeypot SystemIntrusion Prevention Honeypot System
Intrusion Prevention Honeypot System
Ade Ismail Isnan
 
Hacking Anatomy
Hacking AnatomyHacking Anatomy
Hacking Anatomy
Ade Ismail Isnan
 
Modul Cisco Packet Tracer
Modul Cisco Packet TracerModul Cisco Packet Tracer
Modul Cisco Packet Tracer
Ade Ismail Isnan
 

More from Ade Ismail Isnan (6)

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
First Time Hacking (Bahasa Indonesia)
First Time Hacking (Bahasa Indonesia)First Time Hacking (Bahasa Indonesia)
First Time Hacking (Bahasa Indonesia)
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Intrusion Prevention Honeypot System
Intrusion Prevention Honeypot SystemIntrusion Prevention Honeypot System
Intrusion Prevention Honeypot System
 
Hacking Anatomy
Hacking AnatomyHacking Anatomy
Hacking Anatomy
 
Modul Cisco Packet Tracer
Modul Cisco Packet TracerModul Cisco Packet Tracer
Modul Cisco Packet Tracer
 

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 

APT & Data Breach - Lesson Learned

  • 1. Sony Pictures Data Breaches Brief Technical Analysis By: Ade Ismail Isnan Compiled from many source. Send any suggestion to: adeismail@tibandung.com
  • 3. Sony Pictures Hack • Targeted & organized attack • The duration of the hack is yet unknown, though evidence suggests that the intrusion had been occurring for more than a year, prior to its discovery in November 2014. • Perfect example of Advanced Persistent Threat (APT) attack
  • 4. APT Attack Vector • Email attachment contains malware • Drive-by download website • Malware attached with legacy apps (Trojan) • Application attack • 0-day vulnerability • Social engineering
  • 5. Facts About Sony Pictures, Prior the Attack • “1 firewall and more than 100 other devices were not being monitored” (source: recode.net) • “The auditor found the password Sony employees were using didn’t meet best practice standard. Sony employee were using proper nouns.” (source: cio.com) • “Sony Executive knew about extensive IT Flaws two months before leaks” (source: gizmodo.com)
  • 6. Backdoor.Destover • Also known as BKDR_WIPALL.A in TrendMicro threat DB • This backdoor were used by the hacker to take control of Sony computers (source: trendmicro.com) • Once activated this backdoor provide access to the compromised system for the attacker with hardcoded username • It also tries to connect to the several IP address on the internet (over SSL/encrypted), including: – 203.131.222.102:443 – 208.105.226.235:443
  • 7. Backdoor.Destover Attempt to login to shared network drives Connect to its C&C Server via encrypted communication (SSL) Programmed to wipe ALL data on compromised hosts
  • 8. Backdoor.Destover Another dropped malware, net_var.dat, search and scan in Sony network (by ping sweep & TCP/UDP sweep scan) So then it will provide list of targeted hostnames
  • 10. Attack Flow: (1) Attack Vector
  • 11. Attack Flow: (2) Backdoor Provide Access Compromised Exploit! -Bruteforce weak password -Unpatched service vulnerability Compromised Exploit! -Bruteforce weak password -Unpatched service vulnerability Compromised
  • 12. Attack Flow: (3) Stealing Data Compromised Compromised Compromised Films, email conversations, employee data, password files, and many more (reported: around 100 TB)
  • 13. Attack Flow: (4) Time Bomb in Nov 24th Compromised Compromised Compromised
  • 14. Key for the Major Breach: Bad Password Management Below is a screenshot of some of the contents of the ‘Password’ folder from the Hacker’s “bonus.rar” file:
  • 15. Aftermath • The hackers involved claim to have taken over 100 Terabytes of data from Sony, includes some films that planned to be released to movie theatre in 2015:
  • 16. Aftermath (contd.) • The hackers wipe some sensitive data using the built-in function of Backdoor.Destover malware • The hackers released Sony sensitive information to public (eg: contract, salaries, email conversation, employee database, etc) • Cyber attack could cost Sony studio as much as USD$ 100 million (source: reuters.com)
  • 17. Aftermath (contd.) • Several Sony-related social media accounts were also taken over (those social media passwords were also included in “bonus.rar” file)
  • 18. Lesson Learned • Lack of awareness of security risks by Sony Pictures from management executive & employee • The importance of IT security monitoring and system patches • Sony Pictures should have and enforce the standard security procedure to the organization • Sony Pictures should classify the level of sensitivity of its data/information/infrastructure (eg: Top Secret, Highly Confidential, Proprietary, Internal Use Only, Public) and control access to them. • Sony IT employee should not store password in plan-easy-to- read-text • Sony Pictures doesn’t have proper incident handling procedure
  • 19. Major Security Breach Cases Company Case eBay The online auction house suffered a breach in May 2014 that compromised the account information of over 100 million customers. JP Morgan This investment banking institution had been breached. The breach reportedly affected over 76 million households and 7 million small businesses which resulted in the compromise of user contact details including names, addresses, phone numbers, email addresses, and others. Sony Playstation In August 2014, Sony has become a target of a distributed denial of service (DDoS) attack. The attack impacted their online services. Sony Pictures Entertainment The hackers involved claim to have taken over 100 Terabytes of data from Sony, includes some films that planned to be released to movie theatre in 2015. This cyber attack could cost Sony studio as much as $100 million USD Forbes Organizations performing threat intelligence research and endpoint security have collaborated in reporting that Forbes.com was among several sites that were compromised from November 28 through December 1, 2014. China Government Hundreds of phone numbers, names, IP addresses and email addresses from Chinese government servers have been stolen and leaked online by Anonymous group Various & Multinational Institutions an APT group called Carbanak, a.k.a Anuanak and Silicon, has stolen an estimated $1 billion USD from more than 100 financial institutions in 30 countries.
  • 20. What is Security Awareness? Security awareness is knowledge of potential threats. It is the advantage of knowing what types of security issues and incidents members of our organization may face in the day-to-day routine of their Corporate functions. Technology alone cannot provide adequate information security. People, awareness and personal responsibility are critical to the success of any information security program.
  • 21. Process People Technology Systems must be built to technically adhere to policy People must understand their responsibilities regarding policy Policies must be developed, communicated, maintained and enforced Processes must be developed that show how policies will be implemented Security Implementation Relies On:
  • 22. Why is Awareness Important?
  • 23. Virus Signature Virus Signature Virus Signature How about this? I’m new threat! Antivirus software updated… - 1 new known virus added! Oopss… Oopss… Oopss…
  • 24. Most Common Security Mistakes 1. Passwords on Post-it Notes 2. Leaving the computer on, unattended 3. Opening e-mail attachments from strangers 4. Poor password etiquette 5. Laptops on the loose 6. Plug and play without protection 7. Not reporting security violations
  • 25. Q&A Thank You By: Ade Ismail Isnan Compiled from many source. Send any suggestion to: adeismail@tibandung.com