SlideShare a Scribd company logo

Cyber espionage - Tinker, taylor, soldier, spy

b coatesworth
b coatesworth

A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.

Technology
1 of 39
Download to read offline
BARRY COATESWORTH
Tier 3 Hacktivist Tier 2 Cyber crime Tier 1 Cyber espionage The Adversary
The Adversary Intellectual property secrets Financial Economic gain Hacktervist Motivator Expertise Ideology political change Cybercriminal Nation State Vandalism Theft Military / political dominance
The kill Chain
Hacktavism SQL Injection Phishing Weak Authentication Account / DNS Hijacking
Hacking and exposure Gaining unauthorized access to and publicly exposing in plain view on the Internet large amounts of confidential data with the goal of causing monetary and reputational damages to the targeted entity. Distributed denial-of-service (DDoS) usually infected with a Trojan or other form of malware to flood a targeted system, usually one or more web servers of a website DDoS attacks are the hacktivist’ cyber attack weapon of choice. • They do not require actual hacking knowledge or skill. • Many “off-the-shelf” tools are available right on the Internet Doxing Gathering and exposing valuable personal information of public figures such as politicians and celebrities to the benefit of the hacktivist, and to react or take action in a way that favours the hacktivist’ ideology. Hacktavism
Hacktavism Anonymous Attack Count HTTP: SQL Injection (Benchmark) 1 HTTP: SQL Injection (Benchmark) 1 HTTP: SQL Injection (SELECT) 2 HTTP: SQL Injection (SELECT) 1 HTTP: SQL Injection Evasion SQL Comment Terminator 1 HTTP: SQL Injection (UNION) 1 HTTP: SQL Injection Evasion SQL Comment Terminator 1 HTTP: SQL Injection (Boolean Identity) 2 HTTP: SQL Injection Evasion Inline SQL Comment 1 HTTP: SQL Injection (Boolean Identity) 1 HTTP: SQL Injection (Boolean Identity) 1 HTTP: SQL Injection (Boolean Identity) 2
The top five cybercrime specialties, courtesy of the FBI, are: · Coders who write malware and exploit data theft tools · Vendors who trade stolen data, malware kits and footprints into compromised networks · Criminal IT guys who maintain criminal IT infrastructure like servers and bulletproof ISPs · Hackers who seek and exploit application, system and network vulnerabilities · Fraudsters who create and social engineering ploys like phishing and domain squatting. • Botnet • Fast Flux Networks • Social Engineering • Denial-of-Service attacks • Skimmers • SPAM Cyber Crime
Cyber Crime Cybercriminals developed sophisticated crime ware kits (Zeus, Citadel, Eleonor, Phoenix) • Easy to use development tools • Service level agreements – CaaS (Crimeware as a Service) • Evasion and anti detection built in
Cyber Crime – going mobile Trend of the year: mobile banking Trojans 2013 was marked by a rapid rise in the number of Android banking Trojans Botnet targeting Android smartphone users who bank at financial institutions in the Middle East
Cyber Crime – going mobile In 2013 Cybercriminals made use of some exceptionally sophisticated methods to infect mobile devices. • Infecting popular websites - water holes. • Distribution via botnets by sending out text messages
Cyber Crime – going mobile
Pineapples? The warning comes in the light of a growing number of cyber attacks using personal information stolen through public Wi-Fi hotspots.
Pineapples?
Cyber Espionage 1998 – Moon light maze 2003 – Titan rain 2009 – operation aurora 2009 – Ghost net 2011 – Nightdragon 2011 – Operation shady rat (2006) 2012 – Red October (2007) 2012 – Elderwood project 2012 – Flame 2012 – Gauss (2009) 2012 – Shamoon 2014 – Mask 2014 – snake APT Cyber Warfare APT - Advanced Persistent Threat PTA - Persistent Targeted Attacks
Cyber Espionage
Kill Chain - Reconnaissance • Target is analyzed and scoped to identify potential attack vectors • Open source Intelligence: • Social media, conferences, company directories, public records • Public web site mapping • Server scanning and fingerprintingg
Asymmetric Warfare Corporate laptop Home server desktop PerimeterHostbased direct attack Firewall IPS indirect attack indirect attack Firewall IPS Anti virus Browser URL Block Anti virus Browser URL Block
Kill Chain - Delivery Common Attack vectors: • Common vulnerability (e.g. SQL injection) • Zero-day exploits • USB keys • Insider threat • Physical access to devices • Interactive social engineering • “Spear Phishing”*
Spear Phishing From: Greg To: Jussi Subject: need to ssh into rootkit im in europe and need to ssh into the server. can you drop open up firewall and allow ssh through port 59022 or something vague? and is our root password still 88j4bb3rw0cky88 or did we change to 88Scr3am3r88 ? thanks
Waterholes Strategic Web Compromise (SWC)
• Backdoors implemented as Windows service • Usually “hide in plain sight” • Use a simple command set • Dwell time is a measure of time that an intruder has on the network • Takes on average 18 days to respond and remove an intrusion Kill Chain - Exploitation
Once inside a network, malware “beacons” out to a Command and Control (C2) servers • C2 servers are either compromised or rented • Traffic is usually HTTP, HTTPS or DNS and mimics common protocols Kill Chain - Command & Control
Covert channels - DNS tunnelling DNS TUNNELLING TOOLS OzymanDNS Dns2tcp Iodine Heyoka DNSCat NSTX DNScapy MagicTunnel, Element53, VPN-over-DNS (Android) VPN over DNS • DNS tunnels are commonly used to carry out covert file transfers, C&C server traffic and web browsing • Botnets can use DNS tunnelling to act as a covert channel, and these covert channels are very hard to detect Covert Storage Channels – Stenography, unused parts of packets Timing Covert Channels – Modulating resources and response time (accurate clock)
Covert channels - Stenography
• Attacker performs internal reconnaissance • User enumeration • Analysis and monitoring of host user activity • Dump of internal and external websites • Scan of connected systems • “Net use” and reverse shell commands • Password logging • Pass-the-hash* Kill Chain - Lateral Movement
Pass the hash • “Hash” refers to a cached credential • Usually not the “clear text” credential • Hash is treated as the actual credential internally by most systems • Then use hashes to move “laterally” through the network • Network/domain privileged account - Game over
Kill Chain - Exfiltration • Identifies targeted assets for exfiltration • Move data to Staging servers • Positions itself for persistent presence • Maintains hold of key high-privilege accounts • Remains resident on only a selection of systems
Nation states Juniper firewall implant Huawei firewall implant Cisco PIX firewall implant
Nation States Wireless exploit kit USB Covert ChannelPC hardware implant
Snake Back in 2008 an unknown malicious file was discovered and auto-classified as “Agent.BTZ” which infected US military networks. Reverse engineering showed that snake is a more advanced variant of Agent.BTZ. It is a rootkit using complex techniques for evading host defences utilising cover channels over Links to Red October and other cyber espionage campaigns
Geo political events
The Dark Side Dark net Deep web Dark market Malicious marketplace In 2001 • Deep Web was 400 to 550 times larger than the commonly defined World Wide Web. • The deep Web 7,500 terabytes of information compared to 19 terabytes in the surface Web. • Contained nearly 550 billion individual documents compared to the one billion of the surface Web. • More than 200,000 deep Web sites existed • Deep Web site is not well known to the Internet-searching public.
The Dark Side
The Dark Side To date, three main networks are used to grant anonymity on both the client and server side: TOR, I2P, and Freenet.
Dark market Tor .onion domains There are many different techniques in use, but Tor’s onion router network is probably the easiest one to get started with. The .onion domains are not part of the ICANN registry and will not resolve until you are running Tor. The combined effect leaves this form of Internet far beyond any kind of government control or regulation. I2P2 Network and .i2p Domains I2P works in a very similar way to Tor, although more flexible • Email • Anonymous websites • Blogging and forums • Website hosting • File sharing • Decentralized file storage
Dark Market Prices of Different Types of Goods Site name Address Type of good Cost Normalized Cost (US$) Cloned credit cards http://mxdcyv6gjs3tvt 5u.onion/products. html EU/US credit cards €40 US$54 NSD CC Store http://4vq45ioqq5cx 7 u32.onion EU/US credit cards US$10 US$10 Carders Planet http://wihwaoykcdzab add.onion/ EU/US credit cards US$60–150 US$60–150 HakPal http://pcdyurvcdiz66 qjo.onion/ PayPal accounts 1 BTC for US$1,000 US$126 for US$1,000 Onion identity http://abbujjh5vqtq7 7 wg.onion/ Fake IDs/passports €1,000–1,150 (ID) €2,500–4,000 (passport) US$1,352–1,555 (ID) US$3,380–5,400 (passport) U.S. citizenship http://ayjkg6ombrsah bx2.onion/silkroad/ home U.S. citizenship US$10,000 US$10,000 U.S. fake driver’s licenses http://en35tuzqmn4l o fbk.onion/ Fake U.S. driver’s license US$200 US$200 U.K. passports http://vfqnd6mieccqy iit.onion/ U.K. passports £2,500 US$4,000
Mapping the hidden services directory: Both TOR and I2P use a domain database built upon a distributed system known as a “DHT.” Social site monitoring: Sites like Pastebin are often used to exchange contact information and addresses for new hidden services Hidden service monitoring: Most hidden services to date tend to be highly volatile and go offline very often, maybe to come back online later under a new domain name Conclusion • Threats will continue to evolve • Security breaches are Inevitable • You need collaboration from people, process & technology • Visibility and detection are key differentiators – centralise security • Threat intelligence internal (system monitoring) and external threat landscape • Survival of the fittest - Share threat Intelligence with your peers • Continual awareness and education
Recap THANK YOU Reference/sources:

Recommended

NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 

Recommended

NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacCSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
CSF18 - The Digital Threat of the Decade (Century) - Sasha KranjacNCCOMMS
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Bangladesh Network Operators Group
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsGerry Elman
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET Journal
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Titan Rain
Titan RainTitan Rain
Titan RainRichard Stiennon
 
Virus&malware
Virus&malwareVirus&malware
Virus&malwareRobin Garza
 

More Related Content

What's hot

CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsGerry Elman
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET Journal
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 

What's hot (20)

Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha Kranjac
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 

Viewers also liked

Win32/Flamer: Reverse Engineering and Framework Reconstruction
Win32/Flamer: Reverse Engineering and Framework ReconstructionWin32/Flamer: Reverse Engineering and Framework Reconstruction
Win32/Flamer: Reverse Engineering and Framework ReconstructionAlex Matrosov
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
Cyberwar
CyberwarCyberwar
Cyberwarzapp0
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?5 Minute Webinars
 
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014Bill Hagestad II
 
Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...
Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...
Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...Martin Ebner
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorismSensePost
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorismblogzilla
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
Security Digital Connect
Security Digital ConnectSecurity Digital Connect
Security Digital ConnectGrafic.guru
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
FLAME Conference Program
FLAME Conference ProgramFLAME Conference Program
FLAME Conference ProgramLee Mordechai
 
10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More ProfitWhatRunsWhere
 

Viewers also liked (20)

Titan Rain
Titan RainTitan Rain
Titan Rain
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
Win32/Flamer: Reverse Engineering and Framework Reconstruction
Win32/Flamer: Reverse Engineering and Framework ReconstructionWin32/Flamer: Reverse Engineering and Framework Reconstruction
Win32/Flamer: Reverse Engineering and Framework Reconstruction
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Espionage
EspionageEspionage
Espionage
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
Cyberwar
CyberwarCyberwar
Cyberwar
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?
 
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
 
Concept of Shadow Network
Concept of Shadow NetworkConcept of Shadow Network
Concept of Shadow Network
 
Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...
Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...
Do You Mind NSA Affair? Does the Global Surveillance Disclosure Impact Our St...
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
Security Digital Connect
Security Digital ConnectSecurity Digital Connect
Security Digital Connect
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
Grc t17
Grc t17Grc t17
Grc t17
 
FLAME Conference Program
FLAME Conference ProgramFLAME Conference Program
FLAME Conference Program
 
10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit
 

Similar to Cyber espionage - Tinker, taylor, soldier, spy

Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Security Assessment
Security AssessmentSecurity Assessment
Security AssessmentAnil Nayak
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 

Similar to Cyber espionage - Tinker, taylor, soldier, spy (20)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
HACKING
HACKINGHACKING
HACKING
 
hacking
hackinghacking
hacking
 
Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen
Deep and Dark internet Safari, How to hire a hacker? Robbrecht van AmerongenDeep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen
Deep and Dark internet Safari, How to hire a hacker? Robbrecht van Amerongen
 
Security Assessment
Security AssessmentSecurity Assessment
Security Assessment
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
 
Dark web
Dark webDark web
Dark web
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Brooks18
Brooks18Brooks18
Brooks18
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

Recently uploaded

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 

Recently uploaded (20)

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 

Cyber espionage - Tinker, taylor, soldier, spy

  • 2. Tier 3 Hacktivist Tier 2 Cyber crime Tier 1 Cyber espionage The Adversary
  • 6. Hacking and exposure Gaining unauthorized access to and publicly exposing in plain view on the Internet large amounts of confidential data with the goal of causing monetary and reputational damages to the targeted entity. Distributed denial-of-service (DDoS) usually infected with a Trojan or other form of malware to flood a targeted system, usually one or more web servers of a website DDoS attacks are the hacktivist’ cyber attack weapon of choice. • They do not require actual hacking knowledge or skill. • Many “off-the-shelf” tools are available right on the Internet Doxing Gathering and exposing valuable personal information of public figures such as politicians and celebrities to the benefit of the hacktivist, and to react or take action in a way that favours the hacktivist’ ideology. Hacktavism
  • 7. Hacktavism Anonymous Attack Count HTTP: SQL Injection (Benchmark) 1 HTTP: SQL Injection (Benchmark) 1 HTTP: SQL Injection (SELECT) 2 HTTP: SQL Injection (SELECT) 1 HTTP: SQL Injection Evasion SQL Comment Terminator 1 HTTP: SQL Injection (UNION) 1 HTTP: SQL Injection Evasion SQL Comment Terminator 1 HTTP: SQL Injection (Boolean Identity) 2 HTTP: SQL Injection Evasion Inline SQL Comment 1 HTTP: SQL Injection (Boolean Identity) 1 HTTP: SQL Injection (Boolean Identity) 1 HTTP: SQL Injection (Boolean Identity) 2
  • 8. The top five cybercrime specialties, courtesy of the FBI, are: · Coders who write malware and exploit data theft tools · Vendors who trade stolen data, malware kits and footprints into compromised networks · Criminal IT guys who maintain criminal IT infrastructure like servers and bulletproof ISPs · Hackers who seek and exploit application, system and network vulnerabilities · Fraudsters who create and social engineering ploys like phishing and domain squatting. • Botnet • Fast Flux Networks • Social Engineering • Denial-of-Service attacks • Skimmers • SPAM Cyber Crime
  • 9. Cyber Crime Cybercriminals developed sophisticated crime ware kits (Zeus, Citadel, Eleonor, Phoenix) • Easy to use development tools • Service level agreements – CaaS (Crimeware as a Service) • Evasion and anti detection built in
  • 10. Cyber Crime – going mobile Trend of the year: mobile banking Trojans 2013 was marked by a rapid rise in the number of Android banking Trojans Botnet targeting Android smartphone users who bank at financial institutions in the Middle East
  • 11. Cyber Crime – going mobile In 2013 Cybercriminals made use of some exceptionally sophisticated methods to infect mobile devices. • Infecting popular websites - water holes. • Distribution via botnets by sending out text messages
  • 12. Cyber Crime – going mobile
  • 13. Pineapples? The warning comes in the light of a growing number of cyber attacks using personal information stolen through public Wi-Fi hotspots.
  • 15. Cyber Espionage 1998 – Moon light maze 2003 – Titan rain 2009 – operation aurora 2009 – Ghost net 2011 – Nightdragon 2011 – Operation shady rat (2006) 2012 – Red October (2007) 2012 – Elderwood project 2012 – Flame 2012 – Gauss (2009) 2012 – Shamoon 2014 – Mask 2014 – snake APT Cyber Warfare APT - Advanced Persistent Threat PTA - Persistent Targeted Attacks
  • 17. Kill Chain - Reconnaissance • Target is analyzed and scoped to identify potential attack vectors • Open source Intelligence: • Social media, conferences, company directories, public records • Public web site mapping • Server scanning and fingerprintingg
  • 18. Asymmetric Warfare Corporate laptop Home server desktop PerimeterHostbased direct attack Firewall IPS indirect attack indirect attack Firewall IPS Anti virus Browser URL Block Anti virus Browser URL Block
  • 19. Kill Chain - Delivery Common Attack vectors: • Common vulnerability (e.g. SQL injection) • Zero-day exploits • USB keys • Insider threat • Physical access to devices • Interactive social engineering • “Spear Phishing”*
  • 20. Spear Phishing From: Greg To: Jussi Subject: need to ssh into rootkit im in europe and need to ssh into the server. can you drop open up firewall and allow ssh through port 59022 or something vague? and is our root password still 88j4bb3rw0cky88 or did we change to 88Scr3am3r88 ? thanks
  • 22. • Backdoors implemented as Windows service • Usually “hide in plain sight” • Use a simple command set • Dwell time is a measure of time that an intruder has on the network • Takes on average 18 days to respond and remove an intrusion Kill Chain - Exploitation
  • 23. Once inside a network, malware “beacons” out to a Command and Control (C2) servers • C2 servers are either compromised or rented • Traffic is usually HTTP, HTTPS or DNS and mimics common protocols Kill Chain - Command & Control
  • 24. Covert channels - DNS tunnelling DNS TUNNELLING TOOLS OzymanDNS Dns2tcp Iodine Heyoka DNSCat NSTX DNScapy MagicTunnel, Element53, VPN-over-DNS (Android) VPN over DNS • DNS tunnels are commonly used to carry out covert file transfers, C&C server traffic and web browsing • Botnets can use DNS tunnelling to act as a covert channel, and these covert channels are very hard to detect Covert Storage Channels – Stenography, unused parts of packets Timing Covert Channels – Modulating resources and response time (accurate clock)
  • 25. Covert channels - Stenography
  • 26. • Attacker performs internal reconnaissance • User enumeration • Analysis and monitoring of host user activity • Dump of internal and external websites • Scan of connected systems • “Net use” and reverse shell commands • Password logging • Pass-the-hash* Kill Chain - Lateral Movement
  • 27. Pass the hash • “Hash” refers to a cached credential • Usually not the “clear text” credential • Hash is treated as the actual credential internally by most systems • Then use hashes to move “laterally” through the network • Network/domain privileged account - Game over
  • 28. Kill Chain - Exfiltration • Identifies targeted assets for exfiltration • Move data to Staging servers • Positions itself for persistent presence • Maintains hold of key high-privilege accounts • Remains resident on only a selection of systems
  • 29. Nation states Juniper firewall implant Huawei firewall implant Cisco PIX firewall implant
  • 30. Nation States Wireless exploit kit USB Covert ChannelPC hardware implant
  • 31. Snake Back in 2008 an unknown malicious file was discovered and auto-classified as “Agent.BTZ” which infected US military networks. Reverse engineering showed that snake is a more advanced variant of Agent.BTZ. It is a rootkit using complex techniques for evading host defences utilising cover channels over Links to Red October and other cyber espionage campaigns
  • 33. The Dark Side Dark net Deep web Dark market Malicious marketplace In 2001 • Deep Web was 400 to 550 times larger than the commonly defined World Wide Web. • The deep Web 7,500 terabytes of information compared to 19 terabytes in the surface Web. • Contained nearly 550 billion individual documents compared to the one billion of the surface Web. • More than 200,000 deep Web sites existed • Deep Web site is not well known to the Internet-searching public.
  • 35. The Dark Side To date, three main networks are used to grant anonymity on both the client and server side: TOR, I2P, and Freenet.
  • 36. Dark market Tor .onion domains There are many different techniques in use, but Tor’s onion router network is probably the easiest one to get started with. The .onion domains are not part of the ICANN registry and will not resolve until you are running Tor. The combined effect leaves this form of Internet far beyond any kind of government control or regulation. I2P2 Network and .i2p Domains I2P works in a very similar way to Tor, although more flexible • Email • Anonymous websites • Blogging and forums • Website hosting • File sharing • Decentralized file storage
  • 37. Dark Market Prices of Different Types of Goods Site name Address Type of good Cost Normalized Cost (US$) Cloned credit cards http://mxdcyv6gjs3tvt 5u.onion/products. html EU/US credit cards €40 US$54 NSD CC Store http://4vq45ioqq5cx 7 u32.onion EU/US credit cards US$10 US$10 Carders Planet http://wihwaoykcdzab add.onion/ EU/US credit cards US$60–150 US$60–150 HakPal http://pcdyurvcdiz66 qjo.onion/ PayPal accounts 1 BTC for US$1,000 US$126 for US$1,000 Onion identity http://abbujjh5vqtq7 7 wg.onion/ Fake IDs/passports €1,000–1,150 (ID) €2,500–4,000 (passport) US$1,352–1,555 (ID) US$3,380–5,400 (passport) U.S. citizenship http://ayjkg6ombrsah bx2.onion/silkroad/ home U.S. citizenship US$10,000 US$10,000 U.S. fake driver’s licenses http://en35tuzqmn4l o fbk.onion/ Fake U.S. driver’s license US$200 US$200 U.K. passports http://vfqnd6mieccqy iit.onion/ U.K. passports £2,500 US$4,000
  • 38. Mapping the hidden services directory: Both TOR and I2P use a domain database built upon a distributed system known as a “DHT.” Social site monitoring: Sites like Pastebin are often used to exchange contact information and addresses for new hidden services Hidden service monitoring: Most hidden services to date tend to be highly volatile and go offline very often, maybe to come back online later under a new domain name Conclusion • Threats will continue to evolve • Security breaches are Inevitable • You need collaboration from people, process & technology • Visibility and detection are key differentiators – centralise security • Threat intelligence internal (system monitoring) and external threat landscape • Survival of the fittest - Share threat Intelligence with your peers • Continual awareness and education