The document presents insights into the current advanced persistent threat (APT) landscape in cybersecurity, emphasizing the increasing costs and risks associated with cybercrime. It outlines various types of cyberattacks, methods of attack, and the defense strategies organizations can adopt to protect against APTs, including understanding the nature of threats and implementing layered security measures. Key statistics from reports highlight the prevalence and serious implications of these cyber threats across different countries and industries.

1. APT1 IN THE FINANCIAL SECTOR
ONDREJ KREHEL

2. ONDREJ KREHEL
CISSP, CEH, CEI
MANAGING DIRECTOR
LIFARS LLC
Twitter: @LIFARSLLC

3. Digital Firefighter

4. Talk Agenda
1 Introduction
2 Today’s APT Threat Landscape
3 Attacks and Stories
4 Questions & Answers

5. There are only two types of companies
in the world: The ones that have been
hacked, and those that will be.
-FBI Director Robert Mueller

6. If you had to bet a $100 on someone to
protect your private data, who would it
be?

7. I hope you weren’t thinking of betting
on any of these …

8. D
A
T
A
B
R
E
A
C
H

9. Total cost of
cybercrime is
on the rise
across the
globe.
0%
$3.67
$4.72
$5.19
$6.73
$7.56
$11.56
$3.33
$3.99
$5.93
$6.38
$6.91
$8.13
$12.69
Russia
Australia
United Kingdom
France
Japan
Germany
United States
Total cost of cybercrime in seven countries.
In millions of US dollars. Based on results collected from 257 companies.
FY 2014 FY 2013No info on Russia in FY 2013
Data from the 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute

10. How often
cybersecurity
crosses one’s
mind…

11. THE CYBER EVENT HORIZON

12. The types of
attacks
companies
face.
35%
49%
49%
51%
52%
58%
59%
97%
98%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Malicious Insiders
Stolen Devices
Denial of Service
Malicious Code
Phishing & SE
Web-based Attacks
Botnets
Malware
Viruses, Worms, Trojans
Types of cyberattacks experienced
Based on results collected from 257 companies.
Percentage of experienced attacks
Data from the 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute

13. The black market price of your data

14. The usual APT suspects

15. Getting from point A to point B is only a click
away. So is the danger.

16. Alarming
Advanced
Persistent
Threat
survey
results
22%
69%
9%
YES NO DON'T KNOW
Data from the Palo Alto Networks APT Report 2014
In the past year, has your organization experienced a
security incident as a result of advanced threat or
advanced persistent threat (APT)?

17. What is
APT?
Advanced Persistent Threat
Advanced
Attacker, not attack
Persistent
Attacker won’t give up after a failurw
Threat
Attacker has a particular target

18. What are
the typical
entry points
of an APT
attack?
Human Itself
Social engineering
• Phishing & whaling emails
• Message with malicious
-URL
-Attachment
• Malicious web pages
-Drive by download of malicious code
• Free stuff (USB keys, software, music, movies)
Vulnerability of the client machine
• Message with malicious content
• Malicious web pages
-Redirection to malicious code/exploit
Vulnerable public facing service

19. What are
the typical
attack
goals?
Information
• Blueprints
• Research
• Financial information
• Plans, contracts
• Classified information
• PII
Control of system
• SCADA / PLC
-Critical information providers
-Vendors of technology
-Research and development facilities
Disruption of services
• Critical infrastructure
• Competitor’s services
Research

20. Important
facts about
APT attacks
An APT attack is typically discovered after 6-9 months
Exploitation of vulnerabilities
• not known (zero-days)
• not considered as threat(social engineering, physical
access, employee)
APT produce not imminent losses
• Loss not seen in the moment
“The fact, that you have not discovered a breach does
not mean that you are not compromised.”

21. Principles of
defense
Least privilege for the most specific people
• Assign only necessary privileges and only for those
who need them
Divide “et impera”
• Do proper classification on every information
• Know who is (and can be) owner, consumer, and
holder of information
• Where and how can it be stored, processed, and used
Defense in Depth
• Multiple layers of security
4 eyes principle
• Every possible attack vector should be addressed by
at least two different controls
• At least one should be technical
• At least one should include human supervision

22. Technical
controls
Defense of known perimeters
Malicious code protection
Network behavioral analysis
Intrusion protection
Internal network defense
Hardening of systems
Data Loss Prevention

23. Known
high-profile
APTs
Ghostnet (2009)
•103 countries, cyber espionage
Aurora (2009)
•High-tech, security and defense companies
•Modification of source code, cyber espionage
Stuxnet (2010)
•IRAN, nuclear devices
Aramco (2012)
•Kingdom of Saudi Arabia
•30 000 workstations and servers
compromised

24. James Bond of
yesterday…

25. …Meet the
James Bond of
today!

26. The APT Lifecycle

27. When breached, follow these three steps…

28. Step 0 - UPDATE YOUR RESUME
Step 1 - CONFIRM INCIDENT
Step 2 - PROVIDE RESPONSE
Step 3 - IMPROVE

29. NO ONE SAID IT WOULD BE EASY

30. Cybersecurity CasinoWelcome to the cybersecurity casino!
(Whether you like it or not)

31. To shun this approach is to meddle
with the primary forces of the Internet,
Mr. Beale. The hackers won’t have it.
They’ll take millions out of your
business and put nothing back in. It is
ebb and flow, tidal gravity. It is the new
cyber ecological balance. -movie
NETWORK, 1976
SIDE NOTE

32. Q&A
PART FOUR

33. THANK YOU!