SlideShare a Scribd company logo

Cyber security series advanced persistent threats

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits. Session 10 of 10 This Webinar focuses on Advanced Persistent Threats and targeted cyber attacks: • Advanced Persistent Threats – the shifting paradigm to targeted attacks • Understanding Advanced Persistent threats • Overview of popular types of APTs • Impact of APTs on sensitive data as well as organisation reputation • Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs • Assessing, Managing and Auditing APT Risks • Data loss and Cyber intrusions

Business
1 of 23
Download to read offline
9/25/2018 1 Richard Cascarino CISM, CIA, ACFE, CRMA Cybersecurity Series – Advanced Persistent Threats About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
9/25/2018 2 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 3 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,900 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 4
9/25/2018 3 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC AGENDA • Advanced Persistent Threats – the shifting paradigm to targeted attacks • Understanding Advanced Persistent threats • Overview of popular types of APTs • Impact of APTs on sensitive data as well as organization reputation • Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs • Assessing, Managing and Auditing APT Risks • Data loss and Cyber intrusions
9/25/2018 4 WHAT IS IT? Defined as a group of sophisticated, determined and coordinated attackers that have been systematically compromising U.S. Government and Commercial networks for years. The vast majority of APT activity observed by Mandiant has been linked to China. APT is a term coined by the U.S. Air Force in 2006 7 © 2013 ISACA. All rights reserved IN Q4 OF 2012, ISACA LAUNCHED THE APT AWARENESS SURVEY TO FIND OUT. • How well do security professionals understand APTs? • How are they affecting different industries and organizations throughout the world? • What is being done to prevent them?
9/25/2018 5 RESULTS • Just 46.6% of respondents believed that APTs were a unique threat. • And more than half (53.4%) believe this advanced set of threats is no different to what they’ve been dealing with in the past. ORGANIZATIONAL RESPONSE • Most respondents are using technology in a risk based layered approach to prevent and combat APTs 94.9% Anti-Virus / Anti-Malware 92.8% Network Tech (Firewalls, etc.) 71.2% IPS
9/25/2018 6 • Advanced • – Attacker adapts to defenders’ efforts • – Can develop or buy Zero-Day exploits The Zeroday Emergency Response Team (ZERT) was a group of software engineers who worked to release non-vendor patches for zero-day exploits. • – Higher level of sophistication • Persistent • – Attacks are objective and specific • – Will continue until goal is reached • – Intent to maintain long term connectivity • Threats • – Entity/s behind the attack • – Not the malware/exploit/attack alone ADVANCED PERSISTENT THREATS 11 WALKTHROUGH OF A PUBLICLY REPORTED APT • The Wall Street Journal reported on an intrusion into the Chamber of Commerce that serves as a good example. Image from online.wsj.com
9/25/2018 7 • Key contributors to popularity of APTs Nation States Organized crime groups Hactivist Groups APT DEFINED 13 APT’S OBJECTIVES • Political • Includes suppression of their own population for stability • Economic • Theft of IP, to gain competitive advantage • Technical • Obtain source code for further exploit development • Military • Identifying weakenesses that allow inferior military forces to defeat superior military forces 14
9/25/2018 8 TYPES OF ATTACK • – Not applicable to Military / Defense alone • –Organized Crime & ‘Hactivist’ groups • – Looking for Intellectual Property – M&A, Trade Secrets, Engineering Designs, Application Code, Business Plans, etc. • – Can Bypass Anti Virus & Anti Malware software • – Low and slow attacks • – Can easily move across the network 15 External Recon Initial Intrusion Establish Backdoor Obtain User Credentials Install Utilities Expand Maintain Persistence APT LIFECYCLE Complete Mission
9/25/2018 9 RECONNAISSANCE • In a number of public website pages a victim’s contact information may be extracted and subsequently used in targeted social engineering messages. 17 INITIAL INTRUSION INTO THE NETWORK • The most common and successful method has been the use of social engineering combined with email • The spoofed email will contain an attachment or a link to a zip file. The zip file will contain one of several different intrusion techniques: • A CHM (Compiled HTML Help) file containing malware • A Microsoft Office document exploit • Some other client software exploit, like an Adobe Reader exploit. • The attackers typically operate late in the night (U.S. Time) between the hours of 10 p.m. and 4 a.m. These time correlate to daytime in China 18
9/25/2018 10 ESTABLISH A BACKDOOR INTO THE NETWORK • Attempt to obtain domain administrative credentials . . . Transfer the credentials out of the network • The attackers then established a stronger foothold in the environment by moving laterally through the network and installing multiple backdoors with different configurations. • The malware is installed with system level privileges through the use of process injection, registry modification or scheduled services. • Malware characteristics: • Malware is continually updated • Malware uses encryption and obfuscation techniques of its network traffic • The attackers’ malware uses built-in Microsoft libraries • The attackers’ malware uses legitimate user credentials so they can better blend in with typical user activity • Do not listen for inbound connections 19 OBTAIN USER CREDENTIALS • The attackers often target domain controllers to obtain user accounts and corresponding password hashes en masse. • The attackers also obtain local credentials from compromised systems • The APT intruders access approximately 40 systems on a victim network using compromised credentials • Mandiant (Consulting group from FireEye) has seen as few as 10 compromised systems to in excess of 150 compromised systems 20
9/25/2018 11 INSTALL VARIOUS UTILITIES • Programs functionality includes: • Installing backdoors • Dumping passwords • Obtaining email from servers • List running processes • Many other tasks • More Malware Characteristics: • Only 24% detected by security software • Utilize spoofed SSL Certificates • ie. Microsoft, Yahoo • Most NOT packed • Common File names • ie. Svchost.exe, iexplore.exe • Malware in sleep mode from a few weeks to a few months to up to a year • Target executives’ systems • Use of a stub file to download malware into memory (Minimal Forensic Footprint) 21 PRIVILEGE ESCALATION / LATERAL MOVEMENT / DATA EXFILTRATION • Once a secure foothold has been established: • Exfiltrate data such as emails and attachments, or files residing on user workstations or project file servers • The data is usually compressed and put into a password protected RAR or Microsoft Cabinet File. • They often use “Staging Servers” to aggregate the data they intend to steal • They then delete the compressed files they exfiltrated from the “Staging Servers.” 22
9/25/2018 12 MAINTAIN PERSISTENCE • As the attackers detect remediation, they will attempt to establish additional footholds and improve the sophistication of their malware 23 PREPARATION AND DETECTION • Preparation • Follow Industry Compliance Guidelines: • Robust logging • Servers and Workstations will be more secure • User credentials will be harder to crack • Security appliances will be strategically distributed • Detection “You have to be able to look for complex signs of compromise; integrate host-based and network-based information; and go far beyond simple anti-virus and network intrusion detection. You need to look inside packets, files, e-mail – and even live memory of systems that are still running.” (www.mandiant.com) 24
9/25/2018 13 WHAT CAN WE DO? •Your Network MUST be •Defensible •Hostile •Fertile 25 APT SECURITY 26
9/25/2018 14 AUDITING FOR APT • Know the boundaries of your network • Where it begins and where it ends • Know what should be in your network • Segment your network and use DMZs • Where there is a firewall, there should also be an IDS and network monitoring • Standardize your hardware and software • Know where accounts authenticate 27 AUDITING – YOU WILL NEED TO • Develop Overview of Enterprise Infrastructure • List of all DNS & DHCP servers • List of all Internet points of presence • List of all VPN concentrators • Network diagram of core network infrastructure • Compile the rule set of core firewalls • Ensure GPO(s) log failed and successful log-on attempts • Ensure all items logged centrally • Centralize the Storage of Key Logs • Integrate key logs (firewall, VPN, DHCP, DNS, etc) into a SIEM • At a minimum store key logs in a central location • Implement Robust Logging • Ensure both Success and Failure audits are being logged on all systems • Increase the amount of storage for logs so they are not overwritten • AV and IDS to centralized logging utility • Firewall traffic logs to centralized utility (Packet Contents not required) • Web Proxy (date/time, hostname, IP address pairing, URL browsed info) • VPN Concentrators (hostname and IP address pairing, date/time) • DHCP (hostname and IP address pairing, date/time) • DNS (queried domain name and system performing the query) 28
9/25/2018 15 MITIGATIONS • Change passwords multiple times per day • Fast track two factor authentication • Compartmentalized passwords • Separate user and admin credentials • Minimize lateral trust • Scan entire domain for scheduled tasks • Rebuild Domain Controlers EMPLOYEE AWARENESS TRAINING Employees found to be susceptible can immediately be redirected to • Internal corporate training websites • PhishMe.com • Web-based platform that facilitates the execution of mock phishing exercises and user awareness training • PhishMe’s built-in educational message • PhishMe’s educational comic strip 30
9/25/2018 16 PHISHING STILL WORKS Effectively and securely communicating a password change is hard CYBERSECURITY AUDIT PROCESS 32 Set Targets • Establish Core Group (key staff and Managers) • F2F Session with Core Group to identifty threats and components (2x4 hour sessions/6 managers /staff) • Risk Rank threats and components • Validate Targets with Decision Makers (CISO & Staff) Assess Current State • Identify Key Controls • Assess adequacy Analyze Results • Aggregate key controls and assess overall cyber control effectiveness • Drill down on identified gaps >1 to identify key security performance issues Communicate Results • Review findings & recommendations with CISO & Staff • Inform impacted Managers to ensure prioritization feed into budget and planning cycles • Brief Senior Management on findings and resulting recommendations
9/25/2018 17 CUBE STARTING POINT 33 LAYER BY LAYER 34
9/25/2018 18 Steps in the Cube Approach • 1 Identify the components and threats in a given audit unit • 2 Rank the components and threats • 3 Create the control matrix identifying the high-risk quartile and the low-risk quartile • 4 Identify controls known / believed to be in place • 5 Evaluate the effectiveness and cost/benefits of the systems of internal control • 6 Make recommendations where controls are deemed to be inadequate • 7 Test key controls to ensure their effectiveness • 8 Re-evaluate based on known control effectiveness and make recommendations where appropriate 35 CUSTOMER-FACING KEY CONTROLS 36 Risks compliance integrity availability confidentiality fraud performance external coms 1 3 11 14 16 20 21 60 1 9 10 1112 14 16 18 21 62 1 6 7 16 25 33 60 1 3 10 11 1416 2162 1 7 10 11 12 16 60 1 3 6 12 16 20 25 Elementspeople 3 8 9 14 16 60 3 9 16 60 16 21 8 1 3 16 21 1 3 8 16 20 data 11 60 8 11 19 20 2123 6062 6 20 25 33 8 9 11 16 1819 65 8 9 11 18 19 21 software 3 7 8 9 12 16 17 60 3 7 89 16 18 19 21 22 60 14 16 18 3 11 12 16 3 1921 3 8 9 12 14 16 20 hardware 3 9 10 12 65 1 3 79 10 1 2 3 4 6 16 21 1 3 7 1 3 7 11 3 8 9 12 14 16 20
9/25/2018 19 CONTROL LIST 37 2015 Controls I Series i-Series N/wrk Servers Network Workstation Customer Critical in 4 or more areas 1. Physical Access 2. Climate controls 3. Acquisition standards 4. UPS 5. Secureworks 6. Backups 7. Change management 8. Knowledge 9. Standards and best practices 10. Technical Controls 11. Encryption 12. Vendor Support 13. Warranty 14. Monitoring 15. Bonding 16. Contracts 17. Documentation 18. Software Controls 19. Malware / Antivirus 20. Active user base 21. Logical access MAPPING KEY CONTROLS 38 2015 Controls I Series i-Series N/wrk Servers Network Workstation Customer Critical in 4 or more areas 1. Physical Access 2. Climate controls 3. Acquisitionstandards 4. UPS 5. Secureworks 6. Backups 7. Change management 8. Knowledge 9. Standards and best practices 10. Technical Controls 11. Encryption 12. Vendor Support 13. Warranty 14. Monitoring 15. Bonding 16. Contracts 17. Documentation 18. Software Controls 19. Malware/ Antivirus 20. Active user base 21. Logical access
9/25/2018 20 OVERALL APPROACH 39 CONTINUOUS ANALYSIS 2. Find infected hosts, servers, routers …etc. 3. Conduct forensics, intrusion and malware analysis. 4. Develop mitigation strategy using what you learned. 5. Deploy network detection signatures to IDS/IPS and scan devices and hosts across the Enterprise. 1. Monitor network traffic and hosts for suspicious activity. APT STRATEGY
9/25/2018 21 IMPLEMENT AND EXECUTE NETWORK SECURITY AUDITING 2. Track all users and administrator activity. 3. Identify security holes in your existing policy and unauthorized accesses. 4. Determine causes of attempted access violations. 5. Proactively investigate and prevent all security violations. 1. Develop and satisfy Org. specific security policies. APT STRATEGY “If ignorant both of your enemy and yourself, you are certain to be in peril.” ― Sun Tzu, The Art of War
9/25/2018 22 HANDS UP ALL THE HACKERS 43 QUESTIONS?  Any Questions? Don’t be Shy! 44
9/25/2018 23 AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week THANK YOU! Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino

Recommended

Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 

Recommended

Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organization
Tejas Wasule
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPTSweta Leena Panda
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
EC-Council
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
Jim Kaplan CIA CFE
 

More Related Content

What's hot

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organization
Tejas Wasule
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
EC-Council
 

What's hot (20)

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social engineering
Social engineering Social engineering
Social engineering
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organization
 
Network Security
Network SecurityNetwork Security
Network Security
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
 

Similar to Cyber security series advanced persistent threats

Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
Jim Kaplan CIA CFE
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
Jim Kaplan CIA CFE
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
North Texas Chapter of the ISSA
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
Rackspace
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
Scalar Decisions
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
SolarWinds
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
ThavaselviMunusamy1
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
Jim Kaplan CIA CFE
 
Web Security
Web SecurityWeb Security
Web Security
Randy Connolly
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 

Similar to Cyber security series advanced persistent threats (20)

Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Web Security
Web SecurityWeb Security
Web Security
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 

More from Jim Kaplan CIA CFE

Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
Jim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
Jim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
Jim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
Jim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
Jim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
Jim Kaplan CIA CFE
 

More from Jim Kaplan CIA CFE (20)

Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 

Recently uploaded

Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
Safe PaaS
 
PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop.com LTD
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
Role of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in MiningRole of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in Mining
Naaraayani Minerals Pvt.Ltd
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
YourLegal Accounting
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
AUDIJEAngelo
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
Henry Tapper
 

Recently uploaded (20)

Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024PriyoShop Celebration Pohela Falgun Mar 20, 2024
PriyoShop Celebration Pohela Falgun Mar 20, 2024
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
Role of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in MiningRole of Remote Sensing and Monitoring in Mining
Role of Remote Sensing and Monitoring in Mining
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
 

Cyber security series advanced persistent threats

  • 1. 9/25/2018 1 Richard Cascarino CISM, CIA, ACFE, CRMA Cybersecurity Series – Advanced Persistent Threats About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
  • 2. 9/25/2018 2 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 3 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,900 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 4
  • 3. 9/25/2018 3 The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC AGENDA • Advanced Persistent Threats – the shifting paradigm to targeted attacks • Understanding Advanced Persistent threats • Overview of popular types of APTs • Impact of APTs on sensitive data as well as organization reputation • Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs • Assessing, Managing and Auditing APT Risks • Data loss and Cyber intrusions
  • 4. 9/25/2018 4 WHAT IS IT? Defined as a group of sophisticated, determined and coordinated attackers that have been systematically compromising U.S. Government and Commercial networks for years. The vast majority of APT activity observed by Mandiant has been linked to China. APT is a term coined by the U.S. Air Force in 2006 7 © 2013 ISACA. All rights reserved IN Q4 OF 2012, ISACA LAUNCHED THE APT AWARENESS SURVEY TO FIND OUT. • How well do security professionals understand APTs? • How are they affecting different industries and organizations throughout the world? • What is being done to prevent them?
  • 5. 9/25/2018 5 RESULTS • Just 46.6% of respondents believed that APTs were a unique threat. • And more than half (53.4%) believe this advanced set of threats is no different to what they’ve been dealing with in the past. ORGANIZATIONAL RESPONSE • Most respondents are using technology in a risk based layered approach to prevent and combat APTs 94.9% Anti-Virus / Anti-Malware 92.8% Network Tech (Firewalls, etc.) 71.2% IPS
  • 6. 9/25/2018 6 • Advanced • – Attacker adapts to defenders’ efforts • – Can develop or buy Zero-Day exploits The Zeroday Emergency Response Team (ZERT) was a group of software engineers who worked to release non-vendor patches for zero-day exploits. • – Higher level of sophistication • Persistent • – Attacks are objective and specific • – Will continue until goal is reached • – Intent to maintain long term connectivity • Threats • – Entity/s behind the attack • – Not the malware/exploit/attack alone ADVANCED PERSISTENT THREATS 11 WALKTHROUGH OF A PUBLICLY REPORTED APT • The Wall Street Journal reported on an intrusion into the Chamber of Commerce that serves as a good example. Image from online.wsj.com
  • 7. 9/25/2018 7 • Key contributors to popularity of APTs Nation States Organized crime groups Hactivist Groups APT DEFINED 13 APT’S OBJECTIVES • Political • Includes suppression of their own population for stability • Economic • Theft of IP, to gain competitive advantage • Technical • Obtain source code for further exploit development • Military • Identifying weakenesses that allow inferior military forces to defeat superior military forces 14
  • 8. 9/25/2018 8 TYPES OF ATTACK • – Not applicable to Military / Defense alone • –Organized Crime & ‘Hactivist’ groups • – Looking for Intellectual Property – M&A, Trade Secrets, Engineering Designs, Application Code, Business Plans, etc. • – Can Bypass Anti Virus & Anti Malware software • – Low and slow attacks • – Can easily move across the network 15 External Recon Initial Intrusion Establish Backdoor Obtain User Credentials Install Utilities Expand Maintain Persistence APT LIFECYCLE Complete Mission
  • 9. 9/25/2018 9 RECONNAISSANCE • In a number of public website pages a victim’s contact information may be extracted and subsequently used in targeted social engineering messages. 17 INITIAL INTRUSION INTO THE NETWORK • The most common and successful method has been the use of social engineering combined with email • The spoofed email will contain an attachment or a link to a zip file. The zip file will contain one of several different intrusion techniques: • A CHM (Compiled HTML Help) file containing malware • A Microsoft Office document exploit • Some other client software exploit, like an Adobe Reader exploit. • The attackers typically operate late in the night (U.S. Time) between the hours of 10 p.m. and 4 a.m. These time correlate to daytime in China 18
  • 10. 9/25/2018 10 ESTABLISH A BACKDOOR INTO THE NETWORK • Attempt to obtain domain administrative credentials . . . Transfer the credentials out of the network • The attackers then established a stronger foothold in the environment by moving laterally through the network and installing multiple backdoors with different configurations. • The malware is installed with system level privileges through the use of process injection, registry modification or scheduled services. • Malware characteristics: • Malware is continually updated • Malware uses encryption and obfuscation techniques of its network traffic • The attackers’ malware uses built-in Microsoft libraries • The attackers’ malware uses legitimate user credentials so they can better blend in with typical user activity • Do not listen for inbound connections 19 OBTAIN USER CREDENTIALS • The attackers often target domain controllers to obtain user accounts and corresponding password hashes en masse. • The attackers also obtain local credentials from compromised systems • The APT intruders access approximately 40 systems on a victim network using compromised credentials • Mandiant (Consulting group from FireEye) has seen as few as 10 compromised systems to in excess of 150 compromised systems 20
  • 11. 9/25/2018 11 INSTALL VARIOUS UTILITIES • Programs functionality includes: • Installing backdoors • Dumping passwords • Obtaining email from servers • List running processes • Many other tasks • More Malware Characteristics: • Only 24% detected by security software • Utilize spoofed SSL Certificates • ie. Microsoft, Yahoo • Most NOT packed • Common File names • ie. Svchost.exe, iexplore.exe • Malware in sleep mode from a few weeks to a few months to up to a year • Target executives’ systems • Use of a stub file to download malware into memory (Minimal Forensic Footprint) 21 PRIVILEGE ESCALATION / LATERAL MOVEMENT / DATA EXFILTRATION • Once a secure foothold has been established: • Exfiltrate data such as emails and attachments, or files residing on user workstations or project file servers • The data is usually compressed and put into a password protected RAR or Microsoft Cabinet File. • They often use “Staging Servers” to aggregate the data they intend to steal • They then delete the compressed files they exfiltrated from the “Staging Servers.” 22
  • 12. 9/25/2018 12 MAINTAIN PERSISTENCE • As the attackers detect remediation, they will attempt to establish additional footholds and improve the sophistication of their malware 23 PREPARATION AND DETECTION • Preparation • Follow Industry Compliance Guidelines: • Robust logging • Servers and Workstations will be more secure • User credentials will be harder to crack • Security appliances will be strategically distributed • Detection “You have to be able to look for complex signs of compromise; integrate host-based and network-based information; and go far beyond simple anti-virus and network intrusion detection. You need to look inside packets, files, e-mail – and even live memory of systems that are still running.” (www.mandiant.com) 24
  • 13. 9/25/2018 13 WHAT CAN WE DO? •Your Network MUST be •Defensible •Hostile •Fertile 25 APT SECURITY 26
  • 14. 9/25/2018 14 AUDITING FOR APT • Know the boundaries of your network • Where it begins and where it ends • Know what should be in your network • Segment your network and use DMZs • Where there is a firewall, there should also be an IDS and network monitoring • Standardize your hardware and software • Know where accounts authenticate 27 AUDITING – YOU WILL NEED TO • Develop Overview of Enterprise Infrastructure • List of all DNS & DHCP servers • List of all Internet points of presence • List of all VPN concentrators • Network diagram of core network infrastructure • Compile the rule set of core firewalls • Ensure GPO(s) log failed and successful log-on attempts • Ensure all items logged centrally • Centralize the Storage of Key Logs • Integrate key logs (firewall, VPN, DHCP, DNS, etc) into a SIEM • At a minimum store key logs in a central location • Implement Robust Logging • Ensure both Success and Failure audits are being logged on all systems • Increase the amount of storage for logs so they are not overwritten • AV and IDS to centralized logging utility • Firewall traffic logs to centralized utility (Packet Contents not required) • Web Proxy (date/time, hostname, IP address pairing, URL browsed info) • VPN Concentrators (hostname and IP address pairing, date/time) • DHCP (hostname and IP address pairing, date/time) • DNS (queried domain name and system performing the query) 28
  • 15. 9/25/2018 15 MITIGATIONS • Change passwords multiple times per day • Fast track two factor authentication • Compartmentalized passwords • Separate user and admin credentials • Minimize lateral trust • Scan entire domain for scheduled tasks • Rebuild Domain Controlers EMPLOYEE AWARENESS TRAINING Employees found to be susceptible can immediately be redirected to • Internal corporate training websites • PhishMe.com • Web-based platform that facilitates the execution of mock phishing exercises and user awareness training • PhishMe’s built-in educational message • PhishMe’s educational comic strip 30
  • 16. 9/25/2018 16 PHISHING STILL WORKS Effectively and securely communicating a password change is hard CYBERSECURITY AUDIT PROCESS 32 Set Targets • Establish Core Group (key staff and Managers) • F2F Session with Core Group to identifty threats and components (2x4 hour sessions/6 managers /staff) • Risk Rank threats and components • Validate Targets with Decision Makers (CISO & Staff) Assess Current State • Identify Key Controls • Assess adequacy Analyze Results • Aggregate key controls and assess overall cyber control effectiveness • Drill down on identified gaps >1 to identify key security performance issues Communicate Results • Review findings & recommendations with CISO & Staff • Inform impacted Managers to ensure prioritization feed into budget and planning cycles • Brief Senior Management on findings and resulting recommendations
  • 18. 9/25/2018 18 Steps in the Cube Approach • 1 Identify the components and threats in a given audit unit • 2 Rank the components and threats • 3 Create the control matrix identifying the high-risk quartile and the low-risk quartile • 4 Identify controls known / believed to be in place • 5 Evaluate the effectiveness and cost/benefits of the systems of internal control • 6 Make recommendations where controls are deemed to be inadequate • 7 Test key controls to ensure their effectiveness • 8 Re-evaluate based on known control effectiveness and make recommendations where appropriate 35 CUSTOMER-FACING KEY CONTROLS 36 Risks compliance integrity availability confidentiality fraud performance external coms 1 3 11 14 16 20 21 60 1 9 10 1112 14 16 18 21 62 1 6 7 16 25 33 60 1 3 10 11 1416 2162 1 7 10 11 12 16 60 1 3 6 12 16 20 25 Elementspeople 3 8 9 14 16 60 3 9 16 60 16 21 8 1 3 16 21 1 3 8 16 20 data 11 60 8 11 19 20 2123 6062 6 20 25 33 8 9 11 16 1819 65 8 9 11 18 19 21 software 3 7 8 9 12 16 17 60 3 7 89 16 18 19 21 22 60 14 16 18 3 11 12 16 3 1921 3 8 9 12 14 16 20 hardware 3 9 10 12 65 1 3 79 10 1 2 3 4 6 16 21 1 3 7 1 3 7 11 3 8 9 12 14 16 20
  • 19. 9/25/2018 19 CONTROL LIST 37 2015 Controls I Series i-Series N/wrk Servers Network Workstation Customer Critical in 4 or more areas 1. Physical Access 2. Climate controls 3. Acquisition standards 4. UPS 5. Secureworks 6. Backups 7. Change management 8. Knowledge 9. Standards and best practices 10. Technical Controls 11. Encryption 12. Vendor Support 13. Warranty 14. Monitoring 15. Bonding 16. Contracts 17. Documentation 18. Software Controls 19. Malware / Antivirus 20. Active user base 21. Logical access MAPPING KEY CONTROLS 38 2015 Controls I Series i-Series N/wrk Servers Network Workstation Customer Critical in 4 or more areas 1. Physical Access 2. Climate controls 3. Acquisitionstandards 4. UPS 5. Secureworks 6. Backups 7. Change management 8. Knowledge 9. Standards and best practices 10. Technical Controls 11. Encryption 12. Vendor Support 13. Warranty 14. Monitoring 15. Bonding 16. Contracts 17. Documentation 18. Software Controls 19. Malware/ Antivirus 20. Active user base 21. Logical access
  • 20. 9/25/2018 20 OVERALL APPROACH 39 CONTINUOUS ANALYSIS 2. Find infected hosts, servers, routers …etc. 3. Conduct forensics, intrusion and malware analysis. 4. Develop mitigation strategy using what you learned. 5. Deploy network detection signatures to IDS/IPS and scan devices and hosts across the Enterprise. 1. Monitor network traffic and hosts for suspicious activity. APT STRATEGY
  • 21. 9/25/2018 21 IMPLEMENT AND EXECUTE NETWORK SECURITY AUDITING 2. Track all users and administrator activity. 3. Identify security holes in your existing policy and unauthorized accesses. 4. Determine causes of attempted access violations. 5. Proactively investigate and prevent all security violations. 1. Develop and satisfy Org. specific security policies. APT STRATEGY “If ignorant both of your enemy and yourself, you are certain to be in peril.” ― Sun Tzu, The Art of War
  • 22. 9/25/2018 22 HANDS UP ALL THE HACKERS 43 QUESTIONS?  Any Questions? Don’t be Shy! 44
  • 23. 9/25/2018 23 AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week THANK YOU! Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino