The document discusses four defining cyber attacks:
1) Stuxnet, the first known cyberweapon targeting Iran's nuclear program.
2) A multi-year breach of QinetiQ North America, a military R&D contractor, resulting in the theft of terabytes of classified data, potentially leaked to China.
3) NotPetya, a destructive cyber attack attributed to Russia that spread globally through Ukraine.
4) Cloud Hopper, a long-running Chinese cyber espionage campaign targeting governments and major technology, pharmaceutical, and telecom companies for data theft.
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
Cybersecurity Technologies, Standards and OperationsDr David Probert
2-Day Cybersecurity Master Class given at the University of Technology (UTECH), Kingston, Jamaica - 16th-17th September 2010 - in partnership with the UN/ITU Excellence Network in the Caribbean Region. These lectures are more technical than those in the more general 3-Day Cybersecurity Master Class that we held on 13th to 15th September. Topics covered include ITU, NIST, IEEE and ISO/IEC Standards. Setting up and running CERTs/CSIRTS - Computer Emergency Response Team - and Business Continuity.
We began to see renewed innovation in the threat actor space in mid to late 2018. This trend has continued to surface in 2019. Threat actors (black hat hackers) have increasingly leveraged prior attacks, data collection and mining, and likely AI to create a new type of highly targeted, very sophisticated cyber attacks. Explore this new threat technique, prevention and detection strategies, and some of the most effective strategies to balance compliance and customer requirements with practical cyber security.
Using ATT&CK for purple teaming. We walk through one technique emulation + detection example (easy, medium, hard). Then we asses where we stand after that in terms of defense (detection, protection, informed hunt/IR).
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat Sharing; Sara Terp and John Gray, Credibility Coalition Misinfosec Working Group
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
Cybersecurity Technologies, Standards and OperationsDr David Probert
2-Day Cybersecurity Master Class given at the University of Technology (UTECH), Kingston, Jamaica - 16th-17th September 2010 - in partnership with the UN/ITU Excellence Network in the Caribbean Region. These lectures are more technical than those in the more general 3-Day Cybersecurity Master Class that we held on 13th to 15th September. Topics covered include ITU, NIST, IEEE and ISO/IEC Standards. Setting up and running CERTs/CSIRTS - Computer Emergency Response Team - and Business Continuity.
We began to see renewed innovation in the threat actor space in mid to late 2018. This trend has continued to surface in 2019. Threat actors (black hat hackers) have increasingly leveraged prior attacks, data collection and mining, and likely AI to create a new type of highly targeted, very sophisticated cyber attacks. Explore this new threat technique, prevention and detection strategies, and some of the most effective strategies to balance compliance and customer requirements with practical cyber security.
Using ATT&CK for purple teaming. We walk through one technique emulation + detection example (easy, medium, hard). Then we asses where we stand after that in terms of defense (detection, protection, informed hunt/IR).
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...IBM Security
In the wake of massive numbers of security breaches in 2014, enterprises are struggling to improve how they consume threat intelligence to better protect their networks. Over 65% of companies use external threat intelligence as part of their security analytics, but are dissatisfied with the time and resources needed to understand and analyze the data available. With a barrage of information coming in to your organization on vulnerabilities, malware, and potentially malicious sites on the Internet, how can you truly make sense of the data and take action when it’s required?
During this presentation, you will learn how your enterprise can quickly research threats, integrate actionable intelligence and collaborate with peers using global threat intelligence.
Cybersecurity for Critical National InfrastructureDr David Probert
Presentation focuses on National Cybersecurity Strategies, Models and Plans. These include the well known UN/ITU - International Telecommunication Union Strategy Guidelines which were updated this year. The talk includes the authors security missions to Armenia and Georgia as well as industrial ICS/SCADA security and the critical info sectors. We briefly review national cybersecurity legislation as well as standards and cyber skills requirements. We wrap up with a cyber "Shopping List" , Business Action Plan & Conceptual RoadMap. This presentation was given on the 6th November 2018 at the 38th East-West Security Conference in Nice, France! Enjoy!
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
We compare the challenge of the current COVID-19 Bio-Pandemic with the potential of Global Cyber-Pandemic during the coming decade! Bio-Events are Spatial whilst Cyber-Events are Temporal & require "Defence in Time" We speculate on the emergence of "Silicon Life" and the possibility of autonomous cyber-attacks by networks of AI-Bots & Drone Swarms upon Critical National Infrastructure. The paper assumes some understanding of Artificial Intelligence, Machine Learning and Cybersecurity. Enjoy!
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
One Technique, Two Techniques, Red Technique, Blue TechniqueDaniel Weiss
So you’re digging the MITRE ATT&CK™ Framework and maybe even implementing it in your work, but c’mon…. what does that really mean? While it’s not the turnkey solution to CYBER, ATT&CK has numerous applications in many facets of both adversarial and defensive operations (spanning “holy #%&^! what/who/why is that” to you briefing your check-signers on how you thwarted, and maybe even deceived [ooh la la] some hacking hooligans).
MITRE’s ATT&CK is a community-driven knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By scoping the wide breadth of the MITRE ATT&CK matrix to focus initially on the techniques used by threat actors you specifically care about, you can help the defenders create more useful and impactful detections first. Once you start emulating the appropriate threat actors, you can practice your defenses in a scenario that’s more realistic and applicable without the need for an actual intrusion. The speakers are providing a process and a case study of APT3 - a China-based threat group - for how to go from finding threat intelligence, sifting through it for actionable techniques, creating emulation plans, discovering how to emulate different techniques... to actually operating on a network. They are also providing a beginning "cheat sheet" for this actor to give a starting point for red and blue teams to accomplish these techniques in their own environment without the need to build their own tooling.
Effective CyberSecurity for the 2020s - Intelligent Analytics & Modelling Dr David Probert
This invited presentation was given at the International East-West Security Conference on the 4th June in Naples, Italy. The talk begins with a review of the current Cyber Society including the topics of CyberCrime, CyberTerror & CyberWar. We include a quick review of the extremely useful national cybersecurity strategy guides developed by the UN/ITU (United Nations - International telecommunications Union) during the last 10 years. We then progress to review the Top 10 Cyber Threats & Attacks including DDOS, SQL Injection, Ransomware, APT - Advanced Persistent Attack, Custom Torjan "Bots", Classic Malware, & Toxic Cookies, DNS & Proxy Diversion Attacks, We provide numerous examples of some recent devastating cyber attacks across market sectors such as Banking, Airllines, Shipping, Healthcare & Government. We the proceed to review future cyber scenarios - 2019 (Integrated Security), 2020(Self-Adaptive Security), 2022 (Self-Learning), 2025 (Cyber-Intelligent) & way into the future - 2040 (Neural Security). Once again we provide many examples of Cyber Solutions & Toolkits that are available today for implmentation. Many Cyber tools already embed AI & Deep Learning Algorithms which can help mitigate zero-day attacks and most other cyber stealth & malware attacks including DDoS, APT, SQL & Ransomware. We conclude, as usual, with suggestions for how YOUR Business can review, audit and upgrade to boost cyber resilience! Enjoy!
Intelligent Cyber Surveillance: AI Video Analytics & Biometrics!Dr David Probert
This presentation discusses recent trends in cyber surveillance to combat increasing cybercrime, cyberterrorism and the advent of cyberwarfare! We begin by reviewing the convergence of physical & cybersecurity before moving to recent tragic events in urban terrorism, We discuss the ways in which "crowded place" such as stadiums, transport hubs, resorts and malls may be more fully secured against cyberterrorists, We then review trends in advanced AI - artificial intelligence - based video analytics & biometric which are now a key component in business & government cyber toolkit! We provide a short review of cyber sector sector before providing some 7 year cyber trends towards the year 2025. The presentation wraps up with your TOP 3 Actions and a suggested Cyber Shopping List for your Business! Enjoy!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
This presentation provides a personal vision of cybersecurity trends for the coming 10 years and beyond! We begin with some historical relics and the discovery of the Antikythera Mechanism almost 2000 years ago (Cyber Year ZERO!). We rapidly move to our cyber society - 2018 - and some recent massive cyber hacks & attacks related both to cybercrime, cyberterror and emerging cyber and information warfare. We briefly discuss the TOP 10 Cyber attack and means of defence. These include Advanced Persistent Threat (APT), Stealth Monitoring, Toxic eMail, Custom Bots (Stuxnet), DDoS, Ransomware and Toxic Cookies/Proxy & DNS Hacks & Attacks. After briefing exploring Blockchains, "Internet of Things" & Integrated Security Dashboards we present a sequence of cyber scenarios for 2019 (Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber Intelligent) and 2040 (Neural Security). We provide examples of cyber tools already available that deploy machine learning, AI and Deep Learning to protect business and governments around the world. We provide some warnings from the late Stephen Hawking on both the risks and rewards or the widespread deployment of artificial intelligence based solutions in both business, government & open society! Finally we wrap up with a quick review of future cyber tools and suggestions for your own Business Action Plan & RoadMap! Enjoy!
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...Dr David Probert
Now we see the evolution of Hybrid Warfare, Cybercrime and Terrorism. To mitigate to Terror Attacks we urgently need to integrate Real-Time Cybersecurity Solutions with Physical Surveillance in Business, Campus, Cities And Nationwide! In this presentation we discuss both Historic & Current Cyber Threats and practical options to minimise the risks of future Terror Attacks through Integrated Physical-Cybersecurity Solutions. We briefly review the United Nations/ITU, NATO and NIST Cybersecurity Frameworks, and the threats on Critical National Information Infrastructure. Finally we suggest the TOP Actions for Chief Security Officers (CSO) to mitigate Attacks within their own Security Operations. This invited presentation was given @ the International East-West Security Conference at the Marriott Courtyard Hotel in Prague - June 2016.
Integrated Cybersecurity and the Internet of ThingsDr David Probert
Presentation given in Madrid at the East-West International Security Conference - October 2015. The topics include Integrated Cybersecurity and Physical Security as well as developments in the Internet of Things. The talk discusses models, architectures and standards for the IoT as well as a survey of some EU work under the IERC Programme. Finally the talk makes suggestions for actions by Chief Security Officers (CSOs) to prepare themselves for IoT Security. It is recommended that CSOs review the security for ALL their legacy networked devices to mitigate the risks of cyber attacks. The talk was given by Dr David Eric Probert on 27th October 2015 at the Security Conference Venue - Melia Galgos Hotel - Madrid, Spain.
Energising Cybersecurity with Biometrics & Digital ForensicsDr David Probert
Fighting Cybercrime and Cyberterror requires Business & Government to integrate Biometrics (Pre-Attack) and Digital Forensics (Post-Attack) in order to both mitigate & diagnose attack vectors. This presentation was given @ the East-West International Security Conference in Prague - June 2016. It includes a 25 year Cyber Vision of Future Adaptive, Intelligent & Neural Cybersecurity Tools. These will be based upon Artificial Intelligence, Machine Learning & Adaptive Behavioural Analytics. The advance of Hybrid Cybercrime, Cyberwar & Cyberterror require all Businesses & Government Agencies to seriously consider the deployment of Intelligent Cybersecurity Solutions with Biometrics & Digital Forensics during next 10 years!
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
Join Shawn Henry as he discusses his vision of IoT Security. What will be the impact of insecured IoT devices for consumers in the home, smart cities and other industrial and critical infrastructures? Looking forward five years, what is the landscape to consider?
Shawn Henry
President, CrowdStrike Services & CSO
https://www.cablelabs.com/informed/
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...IBM Security
In the wake of massive numbers of security breaches in 2014, enterprises are struggling to improve how they consume threat intelligence to better protect their networks. Over 65% of companies use external threat intelligence as part of their security analytics, but are dissatisfied with the time and resources needed to understand and analyze the data available. With a barrage of information coming in to your organization on vulnerabilities, malware, and potentially malicious sites on the Internet, how can you truly make sense of the data and take action when it’s required?
During this presentation, you will learn how your enterprise can quickly research threats, integrate actionable intelligence and collaborate with peers using global threat intelligence.
Cybersecurity for Critical National InfrastructureDr David Probert
Presentation focuses on National Cybersecurity Strategies, Models and Plans. These include the well known UN/ITU - International Telecommunication Union Strategy Guidelines which were updated this year. The talk includes the authors security missions to Armenia and Georgia as well as industrial ICS/SCADA security and the critical info sectors. We briefly review national cybersecurity legislation as well as standards and cyber skills requirements. We wrap up with a cyber "Shopping List" , Business Action Plan & Conceptual RoadMap. This presentation was given on the 6th November 2018 at the 38th East-West Security Conference in Nice, France! Enjoy!
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
We compare the challenge of the current COVID-19 Bio-Pandemic with the potential of Global Cyber-Pandemic during the coming decade! Bio-Events are Spatial whilst Cyber-Events are Temporal & require "Defence in Time" We speculate on the emergence of "Silicon Life" and the possibility of autonomous cyber-attacks by networks of AI-Bots & Drone Swarms upon Critical National Infrastructure. The paper assumes some understanding of Artificial Intelligence, Machine Learning and Cybersecurity. Enjoy!
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
One Technique, Two Techniques, Red Technique, Blue TechniqueDaniel Weiss
So you’re digging the MITRE ATT&CK™ Framework and maybe even implementing it in your work, but c’mon…. what does that really mean? While it’s not the turnkey solution to CYBER, ATT&CK has numerous applications in many facets of both adversarial and defensive operations (spanning “holy #%&^! what/who/why is that” to you briefing your check-signers on how you thwarted, and maybe even deceived [ooh la la] some hacking hooligans).
MITRE’s ATT&CK is a community-driven knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By scoping the wide breadth of the MITRE ATT&CK matrix to focus initially on the techniques used by threat actors you specifically care about, you can help the defenders create more useful and impactful detections first. Once you start emulating the appropriate threat actors, you can practice your defenses in a scenario that’s more realistic and applicable without the need for an actual intrusion. The speakers are providing a process and a case study of APT3 - a China-based threat group - for how to go from finding threat intelligence, sifting through it for actionable techniques, creating emulation plans, discovering how to emulate different techniques... to actually operating on a network. They are also providing a beginning "cheat sheet" for this actor to give a starting point for red and blue teams to accomplish these techniques in their own environment without the need to build their own tooling.
Effective CyberSecurity for the 2020s - Intelligent Analytics & Modelling Dr David Probert
This invited presentation was given at the International East-West Security Conference on the 4th June in Naples, Italy. The talk begins with a review of the current Cyber Society including the topics of CyberCrime, CyberTerror & CyberWar. We include a quick review of the extremely useful national cybersecurity strategy guides developed by the UN/ITU (United Nations - International telecommunications Union) during the last 10 years. We then progress to review the Top 10 Cyber Threats & Attacks including DDOS, SQL Injection, Ransomware, APT - Advanced Persistent Attack, Custom Torjan "Bots", Classic Malware, & Toxic Cookies, DNS & Proxy Diversion Attacks, We provide numerous examples of some recent devastating cyber attacks across market sectors such as Banking, Airllines, Shipping, Healthcare & Government. We the proceed to review future cyber scenarios - 2019 (Integrated Security), 2020(Self-Adaptive Security), 2022 (Self-Learning), 2025 (Cyber-Intelligent) & way into the future - 2040 (Neural Security). Once again we provide many examples of Cyber Solutions & Toolkits that are available today for implmentation. Many Cyber tools already embed AI & Deep Learning Algorithms which can help mitigate zero-day attacks and most other cyber stealth & malware attacks including DDoS, APT, SQL & Ransomware. We conclude, as usual, with suggestions for how YOUR Business can review, audit and upgrade to boost cyber resilience! Enjoy!
Intelligent Cyber Surveillance: AI Video Analytics & Biometrics!Dr David Probert
This presentation discusses recent trends in cyber surveillance to combat increasing cybercrime, cyberterrorism and the advent of cyberwarfare! We begin by reviewing the convergence of physical & cybersecurity before moving to recent tragic events in urban terrorism, We discuss the ways in which "crowded place" such as stadiums, transport hubs, resorts and malls may be more fully secured against cyberterrorists, We then review trends in advanced AI - artificial intelligence - based video analytics & biometric which are now a key component in business & government cyber toolkit! We provide a short review of cyber sector sector before providing some 7 year cyber trends towards the year 2025. The presentation wraps up with your TOP 3 Actions and a suggested Cyber Shopping List for your Business! Enjoy!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
This presentation provides a personal vision of cybersecurity trends for the coming 10 years and beyond! We begin with some historical relics and the discovery of the Antikythera Mechanism almost 2000 years ago (Cyber Year ZERO!). We rapidly move to our cyber society - 2018 - and some recent massive cyber hacks & attacks related both to cybercrime, cyberterror and emerging cyber and information warfare. We briefly discuss the TOP 10 Cyber attack and means of defence. These include Advanced Persistent Threat (APT), Stealth Monitoring, Toxic eMail, Custom Bots (Stuxnet), DDoS, Ransomware and Toxic Cookies/Proxy & DNS Hacks & Attacks. After briefing exploring Blockchains, "Internet of Things" & Integrated Security Dashboards we present a sequence of cyber scenarios for 2019 (Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber Intelligent) and 2040 (Neural Security). We provide examples of cyber tools already available that deploy machine learning, AI and Deep Learning to protect business and governments around the world. We provide some warnings from the late Stephen Hawking on both the risks and rewards or the widespread deployment of artificial intelligence based solutions in both business, government & open society! Finally we wrap up with a quick review of future cyber tools and suggestions for your own Business Action Plan & RoadMap! Enjoy!
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...Dr David Probert
Now we see the evolution of Hybrid Warfare, Cybercrime and Terrorism. To mitigate to Terror Attacks we urgently need to integrate Real-Time Cybersecurity Solutions with Physical Surveillance in Business, Campus, Cities And Nationwide! In this presentation we discuss both Historic & Current Cyber Threats and practical options to minimise the risks of future Terror Attacks through Integrated Physical-Cybersecurity Solutions. We briefly review the United Nations/ITU, NATO and NIST Cybersecurity Frameworks, and the threats on Critical National Information Infrastructure. Finally we suggest the TOP Actions for Chief Security Officers (CSO) to mitigate Attacks within their own Security Operations. This invited presentation was given @ the International East-West Security Conference at the Marriott Courtyard Hotel in Prague - June 2016.
Integrated Cybersecurity and the Internet of ThingsDr David Probert
Presentation given in Madrid at the East-West International Security Conference - October 2015. The topics include Integrated Cybersecurity and Physical Security as well as developments in the Internet of Things. The talk discusses models, architectures and standards for the IoT as well as a survey of some EU work under the IERC Programme. Finally the talk makes suggestions for actions by Chief Security Officers (CSOs) to prepare themselves for IoT Security. It is recommended that CSOs review the security for ALL their legacy networked devices to mitigate the risks of cyber attacks. The talk was given by Dr David Eric Probert on 27th October 2015 at the Security Conference Venue - Melia Galgos Hotel - Madrid, Spain.
Energising Cybersecurity with Biometrics & Digital ForensicsDr David Probert
Fighting Cybercrime and Cyberterror requires Business & Government to integrate Biometrics (Pre-Attack) and Digital Forensics (Post-Attack) in order to both mitigate & diagnose attack vectors. This presentation was given @ the East-West International Security Conference in Prague - June 2016. It includes a 25 year Cyber Vision of Future Adaptive, Intelligent & Neural Cybersecurity Tools. These will be based upon Artificial Intelligence, Machine Learning & Adaptive Behavioural Analytics. The advance of Hybrid Cybercrime, Cyberwar & Cyberterror require all Businesses & Government Agencies to seriously consider the deployment of Intelligent Cybersecurity Solutions with Biometrics & Digital Forensics during next 10 years!
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
Join Shawn Henry as he discusses his vision of IoT Security. What will be the impact of insecured IoT devices for consumers in the home, smart cities and other industrial and critical infrastructures? Looking forward five years, what is the landscape to consider?
Shawn Henry
President, CrowdStrike Services & CSO
https://www.cablelabs.com/informed/
Jim Norton, Royal Academy of Engineering Digital Systems Engineering Communit...techUK
Presented by Jim Norton, Royal Academy of Engineering Digital Systems Engineering Community of Practice
in the UK Spectrum Policy Forum UK SPF Workshop: Spectrum Infrastructure Resiliency & Interference on the 18 April 2016.
http://www.techuk.org/about/uk-spectrum-policy-forum
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
Cybersecurity is primarily a strategic issue in today´s societies and businesses. Or should we just say security since cybersecurity must be understood as integral part of security. It is very important - in order to succeed - to understand what is security in 2016 and what the future of strategic security looks like - and what kind of solutions are needed?
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
Stephen graham switching societies off: war, infrastructure, geopoliticsStephen Graham
A detailed look at how contemporary war involves the devastation of the essential civilian infrastructures of cities by state militaries. The presentation also looks in depth at the devastating and often hidden effects of these actions on urban civilians
IAM development phases for the Infosecurity NL event on November 1st 2018 in Utrecht, The Netherlands.
Presenting the past, present and future of Identity Management and Access Control.
Attribute Based Access Control and API security, IoT
by: André Koot, Lead Security Consultant
Esitetty Tietoturva ry:n 18v juhlatilaisuudessa 5.11.2015 (c) Nixu Oyj, Pietari Sarjakivi
Lue Nixun sivuilta lisää tietoturvapoikkeaman hallintapalvelustamme: https://www.nixu.com/fi/ratkaisut/nixu-csirt
Kuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeama. Esitetty Ohjelmistoyrittäjät ry:n 'Tietosuoja ja tietoturva verkkoliiketoiminnassa -seminaarissa' 21.1.2015 (c) Nixu Oyj, Mikko Nurmi
Lue Nixun sivuilta lisää tietoturvapoikkeaman hallintapalvelustamme: https://www.nixu.com/fi/ratkaisut/nixu-csirt
Kuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeamaNixu Corporation
Kuinka toimitaan oikeammin kun havaitaan tietoturvapoikkeama. Esitetty NamesDays -seminaarissa 2.10.2014 (c) Nixu Oy, Jussi Perälampi
Lue Nixun sivuilta lisää tietoturvapoikkeaman hallintapalvelustamme: https://www.nixu.com/fi/ratkaisut/nixu-csirt
Tekninen näkökulma: Lokienhallinta vai SIEM? Esitetty SIEM -seminaarissa 16.9.2014 (c) Nixu Oy, Pietari Sarjakivi, Jussi-Pekka Liimatainen
Lue Nixun sivuilta lisää lokienhallinnasta https://www.nixu.com/fi/palvelualueet/lokienhallinta ja SIEM:stä https://www.nixu.com/fi/palvelualueet/tietoturvatiedon-ja-tapahtumien-hallinta-siem
Tietoturva teollisen internetin vauhdittajana. Esitetty Kyberturvallisuusmessuilla 5.9.2014 (c) Nixu Oy, Kalle Luukkainen
Lue lisää tilannekuvasta ja verkkoturvallisuudesta Nixun kotisivuilta: http://www.nixu.com/fi/palvelualueet/tilannekuva-ja-verkkoturvallisuus
Corporate Cybersecurity. What has changed in recent years? Presentation held for business decision makers for them to understand the paradigm change from traditional infosec towards cybersecurity of today.
Mittaristot kyberturvan tilannejohtamiseen. Esitetty Kyberturvallisuusmessuilla 4.9.2014 (c) Nixu Oy, Pietari Sarjakivi
Lue lisää tilannekuvasta ja verkkoturvallisuudesta Nixun kotisivuilta: http://www.nixu.com/fi/palvelualueet/tilannekuva-ja-verkkoturvallisuus
"Hakkerihyökkäys terveydenhoitoalan organisaatioon – näin se tapahtuisi”Nixu Corporation
"Hakkerihyökkäys terveydenhoitoalan organisaatioon – näin se tapahtuisi” Esitetty Terveysteknologia 2014 tapahtumassa 19.11.2013 (c) Nixu Oy, Jussi Perälampi.
Miten tietomurron voi havaita lokeista? Esitetty Information Security SUMMIT! tapahtumassa 19.11.2013 (c) Nixu Oy, Pietari Sarjakivi
Lue lisää tilannekuvasta ja verkkoturvallisuudesta Nixun kotisivuilta: http://www.nixu.com/fi/palvelualueet/tilannekuva-ja-verkkoturvallisuus
Verkkopalveluiden tietoturva markkinointi- ja viestintäasiantuntijoille, kevä...Nixu Corporation
Digitaalisten verkkopalveluiden tietoturvan perusteet viestintä- ja markkinointipäättäjille. Tietoturva sosiaalisessa mediassa. Tietovastuun käsite. Esitetty MIFin digitaalisen viestinnän koulutusohjelmassa keväällä 2013 (c) Nixu Oy, Petri Kairinen
Nixu järjesti Corporate cyber security -seminaarinsa yhteydessä elo-syyskuussa 2013 kyselyn, jossa 500 suurimman suomalaisyrityksen vastuuhenkilöiltä tiedusteltiin, miten amerikkalaisten harjoittaman verkkovakoilun paljastumisen on vaikuttanut heihin ja heidän yrityksensä toimintaan.
Kyselyyn vastasi 86 henkeä, joista reilu puolet kuului yrityksensä tietohallintojohtoon ja reilu kolmannes ylimpään tai liiketoiminnan johtoon.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
5. 31/08/2019
Mattias Almeflo
the professional
5
• Systems Integrator | Information Security Architect |
Team Leader
• IT security, Systems Engineering, Team Leader
2016
2010
2017
2018 • Principal Security Consultant
• Senior Information Security Architect
• Specializing in military security frameworks
• Team Leader | Information Security Architect
• Part of the founding team of Saab Cyber Security Division
• Thesis Worker | Software Developer
• Databases, .NET software development
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
6. 31/08/20196
Mattias Almeflo
And the domains of warfare
2010 - 2013
Created the Secure
Operating Environment
(SOE) for the Swedish
armed forces
2013 – 2015
Windows Security in L16
Backbone
2015 – 2016
Docker Security in naval
systems
2016 – 2017
R&D Defensive Cyber Warfare
2017 –
Development
Environments
NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
7. 31/08/20197 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
The complexity of the domain is staggering
31.8.20197
• and my areas of focusAnd my areas of focus
8. 31/08/20198 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
Trusted go-to partner
for cybersecurity services
Finland
Sweden
31.8.201
9
Vision:
Keeping the digital
society running
Mission:
Be the best workplace for
cyber security
specialists
8
Cyber security
specialists
Founded in
1988
publicly listed
2014
Locations
Finland, Sweden,
Netherland, US,
Denmark
Romania and
Australia and more
400
98%
of our clients
recommend Nixu
Cyber security services
from board decisions to
deep forensic investigations
11
approx
9. 31/08/2019
”There is no security without a threat model,
only paranoia.”
9 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
10. 31/08/201910 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
11. 31/08/201911 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
12. • Possible, unwanted event with a negative outcome for operations, which
isn’t caused by a human actors deliberate actions.
• Generally speaking non-antagonistic threats can be divided into three
(3) categories:
• Natural phenomena (natural disasters, disease)
• Site security related threats (Fire, locks, alarms accidents etc)
• Errors in technical systems (bugs, malfunction )
• Non-intentional actions by human actors (accidents, negligence)
• Loss of device, Incorrect or careless handling of info
31/08/2019
Two types of threats
Non actor driven (not antagonistic) threat
12 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
13. • Threat driven by an actor in the form of an individual, group, network,
organisation, state etc.
• Actor driven threats are normally intentional.
31/08/2019
Two types of threats
Actor driven (antagonistic) threat
13 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
14. "Fundamental principles by which the military forces guide their actions in
support of objectives. It is authoritative but requires judgement in
application“
- NATO's definition of doctrine, used unaltered by many member nations.
31/08/2019
Military doctrine
It is a guide to action, rather than hard and fast rules
14 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
15. 31/08/2019
The five (5) domains of war
Doctrines are old and tend to change slowly
15 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
01000 BC 2000 AD2000 BC 1000
Human Energy
(infantry:
2500-1500 BC)
Animal Energy
(cavalry: 865-
860 BC)
Mechanical Energy with fuel
(trains: 1861, Cars: 1899,
Tanks: 1916 ”WW1”)
Ships
(300 BC)
American
Turtle (1775)
Submarines
(1941 ”WW1”)
1500
Ballons & Airplanes
(1911)
Space
(1962)
Cyber
(1996)
1600 1700 1800 1900
1. LAND
2. NAVAL
3. AIR
4. SPACE
5. CYBER
Mechanical Kinetic Energy
(Catapults: 300 BC, Crossbows: 1337-1521,
Handguns: 1500, Revolvers: 1836, Gattling gun: 1860)
Steam/Motor
Boats: (1810-
1910)
16. 31/08/2019
The Concept of Fifth Dimension Operations
22 years in the making
16 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
“We are approaching the end of the first
decade of weaponized malware”
- Francis deSouza, 2013
“The physics of cyberspace are wholly different from
every other war domain.”
- Joshua Corman, a cybersecurity fellow at the Atlantic Council, 2018
17. 31/08/2019
The Intelligence Community – Espionage et al.
17 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
Military Intelligence
• India (Chanakya, 321–297 BC)
• China (Sun Tzu, 512 BC)
Modern espionage techniques
• England (Walsingham,1532)
• Russia (the Bureau of Information, 1682)
From a state perspective (anno 1900)
• Military Intelligence
• Naval Intelligence
• Civil intelligence agencies
HUMINT
GEOINT
MASINT
OSINT
SIGINT
TECHINT
CYBINT/DNINT
FININT
COMINT
ELINT
FISINT (TELINT)
Espionage
Friendly accredited diplomats
Military attachés
Non-Governmental Organizations
Patrolling
Prisoners of war or detainees
Refugees
Strategic reconnaissance
Traveler debriefing
18. 31/08/2019
Cyber: SIGINT at rest vs. HUMINT in motion
The Rise of Computer Network Operations as a Major Military Innovation…
18 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
Who “owns” cyber in the IC
19. 31/08/2019
Espionage’s most valuable resource is data
19 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
20. Covert action, old school
• plausibly deniable intervention in the affairs of others
• the sponsor's hand is neither apparent nor acknowledged.
Covert action fit for the twenty-first century
• embracing implausible deniability (an open secret) and the ambiguity it
creates
• unacknowledged interference in the affairs of others.
31/08/2019 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIED20
Grey is the new black
covert action and implausible deniability
Refences per slide, at the end.
21. 31/08/2019
The evolution of state sponsored conflict (war)
21 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
Asymmetric warfare
“below this line…”
22. 31/08/2019
The evolution of state sponsored conflict (war)
22 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
Asymmetric warfare
below this line…
23. In January 2016, James Clapper (Director of National Intelligence, USA)
said that
"in 2013, 'cyber' bumped 'terrorism' out of the top spot on our list of national
threats".
31/08/2019
Cyber Trumps Terrorism as Priority Threat #1
23 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
24. 31/08/2019
Geopolitics - An overlooked influencer in Cyber Ops
Rising tensions between NATO, EU and RU
24 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
• Baltic Sea, Crimea and Arctic of great geo-
economical and security strategic interest
• Hybrid warfare strategy; blends conventional
warfare, irregular warfare and cyber warfare;
“Green Little Men” and “Internet Trolls” etc.
Information Operations against the Nordics and
Nordic companies - a part of the strategy
25. • Strengthen the political
and cultural influence of
the Chinese state
• Ultimately, the ambition is
to help make China an
alternative global
“civilizational” reference
point to the United States.
31/08/2019
Geopolitics - An overlooked influencer in Cyber Ops
China: The Belt and Road Initiative
25 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
26. “there are friendly nations, but no friendly intelligence services”
- Raymond Rocca (deputy chief of CIA counterintelligence, 1972)
31/08/201926 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
27. 31/08/201927 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
• operate covertly and are very skillful in covering their digital footprints
• not concerned with abiding by computer crime laws for whichever
country they are launching operations against
• only concerned with collecting strategically valuable information by
whatever electronic means are possible
Advanced persistent threat (APT)
All developed countries have operational APT capability today
28. Currently the ATT&CK framework have 86 different threat actors in its
catalogue.
• Roughly 50% of the threat actors are attributed to countries
• 23 are presumed to be Chinese-based
• 10 are presumed to be Iranian-based
• 7 are presumed to be Russia-based
• 3 are presumed to be North Korea-based
31/08/2019
APT groups aka advance threat actors
Advanced Persistent Threat groups came to light in 2013
28 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
29. • Geopolitical or financial relevance
• Nation state actors (Intelligence Community)
31/08/2019
The Definition / Scope
Attacks related to the fifth domain of war (aka cyber conflict)
29 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
30. • Geopolitical or financial relevance
• Nation state actors (Intelligence Community)
31/08/2019
The Definition / Scope
Attacks related to the fifth domain of war (aka cyber conflict)
30 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
A lot of attacks don’t meet
the selection criteria…
31. 31/08/2019
Four defining attacks in the realm of cyber
31 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
NotPetya
Stuxnet
Cloud
Hopper
QinetiQ
“old school”
“twenty-first century”
32. • Stuxnet is not a traditional malware
• It was the first “special forces” of cyber warfare
• It is a hybrid of Worm, Trojan horse, Rootkit and Virus
31/08/2019
01. Stuxnet
“patient zero”
32 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
33. It was built to do 4 steps:
• Spread/Infiltrate: Like a worm or/and a virus using a Trojan
• Discover target machine/system
• Destroy/Disrupt the target (Iran's centrifuges)
• Evade detection
31/08/2019
01. Stuxnet
“patient zero”
33 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
34. • Built specifically to disrupt/destroy or at least slow down Iran's nuclear
program
• The most complicated, advanced and efficient malware written at that
time
• It was almost 20 times more complex than any other previous malware
31/08/2019
01. Stuxnet
“patient zero”
34 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
35. Stuxnet in the wild
• Stuxnet 0.5 was found in the wild 2007,
it’s Command & Control servers had been active
since 2005
• Stuxnet 1.0 was found 2010 when it went active in Iran
targeting a specific plant.
• It was presumed dormant as of 2012 but resurfaced
to spy on USA-Iran talks in 2014-2015
31/08/2019
01. Stuxnet
“patient zero”
35 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
36. • ”Offline” is definitly not secure by itself
• Software can cause real world, physical damage
• You need to share intel and pool resources internationally
• Monitoring have to be protected / integrity matters
• USB-memory-sticks are merely very unprotected high latency networks
(sneaker/walk net)
31/08/2019
Lessons Stuxnet
36 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
37. For more than a decade (10 years!)
USB peripherals have been used as innocuous cyber weapons.
Today weaponized USB is so common that you can either buy it
“over-the-counter” or build your own with source code
from github and youtube video
31/08/2019
USB Peripherals
The weapon of choice
37 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
38. QinetiQ is “a privatised version of DARPA”, in UK it actually IS the privatised version of
DERA (UK’s DARPA)
The 2011 Anonymous Hack of HBGary showed
• that defence contractor QinetiQ suffered a massive breach of classified data over
four years years (2006-2010) which may have leaked advanced military secrets to
Chinas military
• QinetiQ lost terabytes of classified data
• Threat actors targeted advanced drone and robotics technology and compromised
hundreds of machines in QinetiQ’s facilities all over the US, including St. Louis,
Mississippi, Alabama and New Mexico
31/08/2019
02. QinetiQ North America Attack
Military R&D on steroids
38 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
39. They were notified by third parties several times
• 2007 Naval Criminal Investigative Service notifies
• 2007 NASA tells QinetiQ that NASA are being attacked by one of QinetiQ’s computers
31/08/2019
02. QinetiQ North America Attack
Military R&D on steroids
39 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
40. A 2008 IR-report states that
• QinetiQ’s corporate network could be accessed using unsecured Wi-Fi from a car
park outside a facility in Waltham, Massachusetts
• The software installed by HBGary to monitor for malicious activity wouldn’t function
properly and was deleted by many employees because it apparently used too much
processing power.
• The investigators even found evidence that Russian hackers had been stealing
QinetiQ secrets for over two years through a compromised PC belonging to a
secretary
31/08/2019
02. QinetiQ North America Attack
Military R&D on steroids
40 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
41. • Exfiltration was made in small packets to evade detection by traditional
filters.
• QinetiQ never saw the whole picture because the firm continued to treat
incidents in isolation despite it happening “all the time” for several years.
• No 2FA (only username/password or soft tokens)
• No adequate detection/monitoring
• No separation between wifi / LAN
• No separation inside the LAN
31/08/2019
Lessons QinetiQ
41 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
“There was virtually no place we looked
where we didn’t find them.”
42. Threat Intelligence might help…
• 30 defence contractors targeted in 2007
31/08/2019
Lessons QinetiQ
42 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
43. The mother of all Upstream Attacks, 2014-2016
• The Target breach in 2013 affected 41 million customer payment card
accounts along with contact information for more than 60 million Target
customers
31/08/2019
03. Cloud Hopper
"thought to be one of the largest ever sustained global cyber
espionage campaigns in an operation.“
43 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
44. 2017, PwC UK states that Cloud Hopper impacted multiple organizations in
North America, Europe, South America, and Asia
Cloud Hopper targets Service Providers (cloud infrastrucutre)
• Managed Service Providers (MSP)
• United Kingdom (U.K.), United States (U.S.), Japan, Canada, Brazil, France,
Switzerland, Norway, Finland, Sweden, South Africa, India, Thailand, South
Korea, and Australia
31/08/2019
03. Cloud Hopper
"thought to be one of the largest ever sustained global cyber
espionage campaigns in an operation.“
44 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
45. The targets were not the MSP but their clients
• Industries affected include those in engineering, industrial manufacturing,
retail, energy, pharmaceuticals, telecommunications, and government
agencies.
• Massive exfiltration of data
Over 70 variants of backdoor families and Trojans were involved in the
cloud hopper campaign.
• Spearfishing…
31/08/2019
03. Cloud Hopper
"thought to be one of the largest ever sustained global cyber
espionage campaigns in an operation.“
45 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
46. Anti-virus is not enough and network detection lacking
• Out of 300 defined IOCs there are still 69 that no anti-virus software
currently detect
Data was moved upstream with valid (stolen) credentials.
31/08/2019
03. Cloud Hopper
"thought to be one of the largest ever sustained global cyber
espionage campaigns in an operation.“
46 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
47. • Attacked ”everyone” not just Defence Contractors…
• Used for further infiltration
• Outsourcing is very risky
• Effeciency is NOT balanced with security when facing nation state actors
• No 2FA
• The targets monitoring doesn’t catch the up-stream attack (out of scope)
The lessons are ongoing but if you are swedish a good start is to read the
unprecedented FRA report: ”Åtgärdsförslag - Angrepp via tjänsteleverantörer”
31/08/2019
Lessons Cloud Hopper
"thought to be one of the largest ever sustained global cyber
espionage campaigns in an operation.“
47 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
48. A month after the debute of WannaCry, NotPetya hit the world
• using the same EternalBlue weakness (+ Mimikatz/pass-the-hash) to
spread within corporate networks, but without being able to jump from
one network to another.
• NotPetya was seeded to victims through a hacked version of a major
accounting program widely used in Ukraine.
31/08/2019
04. WannaCry, Petya, NotPetya
“To date, it was simply the fastest-propagating piece of malware
we’ve ever seen”
48 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
49. More than $10 billion in total damages
• Maersk (shipping industry)
• Every 15 minutes a Maersk ship docks somewhere in the
world
• 250-300 million USD in losses
• 10 days blitz: 4000 servers, 45000 PCs & 2500 apps all rebuilt
• 20% drop in productivity
• 2 months 24/7 to rebuild Maersk’s software setup
31/08/2019
04. Notpetya - Wiperware
"In June 2017, the Russian military launched the most destructive and
costly cyberattack in history“
49 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
• Merck (pharmaceutical company)
• 870 million USD in losses
• Staff not allowed to work
• FedEX/TNT Express (postal/shipping
industry)
• 400 million USD in losses
50. • Be wary of doing business in war zones, even if they’re not ”hot”
• Do you know where all parts of your network is geographically located?
• Patch your systems
• Use 2FA (at least for critical systems)
• Separate email from critical systems
• Network segmentation is a good thing
• Have manual routines that work
• Offline, Off-site backup is a good thing
31/08/2019
Lessons NotPetya
50 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
51. Technical Controls
• Strong authentication (two factor:
smart cards, yubikey, sms etc)
• Separation (physical and logical)
• Security logging
• White/Black listening
• SANS Critical Security Controls / CIS 20
31/08/2019
The Force Multipliers
or “how to fight the war from the trenches”
51 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
Engineering
• Know your network
• Documentation vs Implementation
• Threat modeling
• Crown Jewels
• Think in graphs
• Not everything is equal
People
• Relationships matter
52. 31/08/2019
Help Wanted!
52 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences per slide, at the end.
"Ask not what your government can
do for you, but what you can do for
your government“
- John F. Kennedy
53. G I V E M E Y O U R F E E D B A C K !
via the event mobile app
54. Me, Myself & I
S05-08: Saab, the corporation video (6 min) - https://www.youtube.com/watch?v=2KsdPHsgR9Q
S05-08: The domains of war - https://saab.com/land/, https://saab.com/air/, https://saab.com/naval/, https://en.wikipedia.org/wiki/Cyberwarfare
S05-08: LinkedIn Cyber Security Domain Map - https://www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp
S05-08: Nixu Oy at 600Minutes Information and Cyber Security 2017 (Spotlight) - This is Nixu - https://www.youtube.com/watch?v=pwIIJnZ8pHo
Threatmodels
S09-10: Cybergibbons on threatmodels - https://twitter.com/cybergibbons/status/1010981698593591296
S11: TheGrugq on threatmodels - https://twitter.com/thegrugq/status/864023197145944064
Two types of threats
S12-13: H SÄK Grunder, 2013 - https://www.forsvarsmakten.se/siteassets/4-om-myndigheten/dokumentfiler/handbocker/h-sak-grunder.pdf
S12-13: IT-Säkerhetsarkitektur, 2015 - https://www.svk.se/siteassets/aktorsportalen/sakerhetsskydd/dokument/vagledning-it-sakerhetsarkitektur-final.pdf
S12-13: Picture - https://krypt3ia.files.wordpress.com/2018/06/espionge-in-the-modern-age-of-information-warfare.pdf
Military doctrine
S14: Wikipedia - Military Doctrine - https://en.wikipedia.org/wiki/Military_doctrine
S14: Doctrine – Military usage - https://en.wikipedia.org/wiki/Doctrine#Military_usage
The five (5) domains of war
S15: Cyber – the fifth domain of war - https://www.economist.com/news/briefing/16478792-are-mouse-and-keyboard-new-weapons-conflict-war-fifth-domain
S15: Is War in the Sixth Domain the End of Clausewitz? - http://blogsofwar.com/is-war-in-the-sixth-domain-the-end-of-clausewitz/
S15: History of infantry warfare - https://en.wikipedia.org/wiki/Infantry
S15: History of cavalry warfare - https://en.wikipedia.org/wiki/Cavalry
S15: History of Catapults - https://en.wikipedia.org/wiki/Catapult
S15: History of Crossbows - https://en.wikipedia.org/wiki/Crossbow#History
S15: History of Handguns & Revolvers - https://en.wikipedia.org/wiki/Handgun#History, https://en.wikipedia.org/wiki/Revolver#History
S15: History of the Gatling gun - https://en.wikipedia.org/wiki/Gatling_gun#History
31/08/2019
Credits and prior art 1/11
"discovering truth by building on previous discoveries“
54 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
55. The five (5) domains of war
S15: History of vehicle warfare - https://en.wikipedia.org/wiki/Armoured_train
S15: History of vehicle warfare - https://en.wikipedia.org/wiki/Armored_car_(military)
S15: History of tank warfare - https://en.wikipedia.org/wiki/Tank
S15: History of naval warfare - https://en.wikipedia.org/wiki/Navy
S15: History of submarine warfare - https://en.wikipedia.org/wiki/Submarine
S15: History of air warfare - https://en.wikipedia.org/wiki/Air_force
S15: Space warfare - https://en.wikipedia.org/wiki/Space_warfare
The Concept of Fifth Dimension Operations
S16: Fifth Dimension Operations - https://en.wikipedia.org/wiki/Fifth_Dimension_Operations
S16: Quote, Francis deSouza, RSA Conference US 2013 - http://privacy-pc.com/articles/symantecs-francis-desouza-on-building-a-higher-order-of-security-intelligence.html
S16: Quote, Joshua Corman - https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
S16: Picture, Cyber war tag cloud - http://www.europarl.europa.eu/EPRS/EPRS-Briefing-542143-Cyber-defence-in-the-EU-FINAL.pdf
The Intelligence Community – Espionage et al.
S17: Author of The Arthashastra - https://en.wikipedia.org/wiki/Chanakya
S17: Author of the Art of War - https://en.wikipedia.org/wiki/Sun_Tzu
S17: Father of Modern espionage - https://en.wikipedia.org/wiki/Francis_Walsingham
S17: Defining European espionage scene - https://dailyhistory.org/How_Did_Spy_Services_Develop_in_Russia%3F
S17: History of espionage - https://en.wikipedia.org/wiki/History_of_espionage
S17: List of intelligence gathering disciplines - https://en.wikipedia.org/wiki/List_of_intelligence_gathering_disciplines
S17: Signals intelligence - https://en.wikipedia.org/wiki/Signals_intelligence
Cyber: SIGINT at rest vs. HUMINT in motion
S18: Perspectives on Intelligence Collection - https://www.afio.com/publications/CLARK%20Pages%20from%20AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf
S18: Twitter, The Grugq - https://twitter.com/thegrugq/status/974333937509007361
31/08/2019
Credits and prior art 2/11
"discovering truth by building on previous discoveries“
55 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
56. Espionage’s most valuable resource is data
S19: PHD Thesis (486 pages, worth it!), The IC’s role in the creation of a major military innovation - http://ebot.gmu.edu/bitstream/handle/1920/10613/Wiener_gmu_0883E_11318.pdf
S19: Data is the worlds most valuable resource - https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data
Grey is the new black
S20: Grey is the new black: covert action and implausible deniability (18 pages) - https://academic.oup.com/ia/article/94/3/477/4992414
The evolution of state sponsored conflict (war)
S21 – 22: Picture - https://krypt3ia.files.wordpress.com/2018/06/espionge-in-the-modern-age-of-information-warfare.pdf
Cyber Trumps Terrorism as Priority Threat #1
S23: Quote, James Clapper - https://electrospaces.blogspot.com/2014/09/nsas-strategic-mission-list.html
Geopolitics - An overlooked influencer in Cyber Ops
S24-25: Picture - https://www.washingtonpost.com/world/russia-unnerves-its-neighbors/2014/11/23/ef79e1d0-738a-11e4-9c9f-a37e29e80cd5_graphic.html?utm_term=.4470722bc5ab
S24-25: Geopolitics: An Overlooked Influencer in Cyber Operations - https://www.recordedfuture.com/geopolitical-cyber-operations/
S24-25: Cyber war in perspective: Russian aggression against Ukraine (175 pages) - https://ccdcoe.org/uploads/2018/10/CyberWarinPerspective_full_book.pdf
S24-25: Made in China 2025, Explained: https://thediplomat.com/2019/02/made-in-china-2025-explained/
S24-25: Chinese geopolitics: continuities, inflections, uncertainties: http://www.cadtm.org/Chinese-geopolitics-continuities-inflections-uncertainties
S24-25: When the China dream and the European dream collide: https://warontherocks.com/2019/01/when-the-china-dream-and-the-european-dream-collide/
S24-25: New Silk Road calls for Rotterdam to take on a directing role: http://smart-port.nl/new-silk-road-calls-for-rotterdam-to-take-on-a-directing-role/
S24-25: Chinese geopolitics: continuities, inflections, uncertainties: http://www.cadtm.org/Chinese-geopolitics-continuities-inflections-uncertainties
S24-25: How China is redrawing the map of world science: https://www.nature.com/immersive/d41586-019-01124-7/index.html
No friendly services
S26: The Ten Commandments of Counterintelligence - https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol45no5/html/v45i5a08p.htm
S26: Quote, Raymond Rocca - https://twitter.com/WylieNewmark/status/1165993444185116673
31/08/2019
Credits and prior art 3/11
"discovering truth by building on previous discoveries“
56 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
57. Advanced persistent threat (APT)
S27: How nation-states and criminal syndicates use exploits to bypass security - https://www.slideshare.net/cisoplatform7/how-nationstates-and-criminal-syndicates-use-exploits-to-bypass-security
S27: Cyber war in perspective: Russian aggression against Ukraine - https://ccdcoe.org/uploads/2018/10/CyberWarinPerspective_full_book.pdf
S27: Congressional Research Service, North Korean Cyber Capabilities: In Brief - https://nsarchive2.gwu.edu/dc.html?doc=3986441-Congressional-Research-Service-North-Korean
S27: Kaspersky Lab, Lazarus Under the Hood - https://nsarchive2.gwu.edu/dc.html?doc=3673007-Document-07-Kaspersky-Lab-Lazarus-Under-the-Hood
S27: Huawei, 5G and China as a Security Threat - https://ccdcoe.org/uploads/2019/03/CCDCOE-Huawei-2019-03-28-FINAL.pdf
APT groups aka advance threat actors
S28: MITRE ATT&CK Group pages - https://attack.mitre.org/groups/
S28: Mandiant/Fireeye report about APT1 to US Congress which outed China (2013, Nov) - https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
S28: 2013 REPORT TO CONGRESS of the U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION - https://www.uscc.gov/sites/default/files/annual_reports/Complete%202013%20Annual%20Report.PDF
The Definition / Scope
S29-30: Picture - https://www.nixu.com/sites/default/files/Nixu_CMD_deck_FINAL.pdf
01. Stuxnet & Lessons
S32-36: What type of malware is Stuxnet? - https://www.quora.com/What-type-of-malware-is-Stuxnet
S32-36: Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks – https://www.wsj.com/articles/spy-virus-linked-to-israel-targeted-hotels-used-for-iran-nuclear-talks-1433937601
S32-36: Stuxnet – an American and Israeli effort to undermine the Iranian nuclear program - https://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html
S32-36: Stuxnet Dossier - http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
S32-36: Duqu - http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
S32-36: RSA 2013: Symantec shows proof that Stuxnet has been striking since at least 2007 - http://www.scmagazine.com/rsa-2013-symantec-shows-proof-that-stuxnet-has-been-striking-since-at-least-2007/article/281979/
S32-36: Duqu 2.0 - https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/70504/
31/08/2019
Credits and prior art 4/11
"discovering truth by building on previous discoveries“
57 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
58. 31/08/2019
Credits and prior art 5/11
"discovering truth by building on previous discoveries“
58 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
1
2017-03-06: Trump, Putin, and the New Cold War
https://www.newyorker.com/magazine/2017/03/06/trump-putin-and-the-new-cold-war
“In 2008 (---) Russian hackers accomplished a feat that Pentagon officials considered almost impossible: breaching a classified network that wasn’t even connected to the public Internet.
Apparently, Russian spies had supplied cheap thumb drives, stocked with viruses, to retail kiosks near NATO headquarters in Kabul, betting, correctly, that a U.S. serviceman or woman would buy
one and insert it into a secure computer.”
2
2016-06-22: Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept
https://www.csoonline.com/article/3087484/security/say-hello-to-badusb-20-usb-man-in-the-middle-attack-proof-of-concept.html
“BadUSB 2.0 is an inline hardware implant capable of compromising USB fixed-line communications. It 'can eavesdrop, replay, modify, fabricate, exfiltrate data and BadUSB in one device.'”
3
2017-04-10: HIDden gem: Low-cost Digispark USB now quacks DuckyScript
https://www.nixu.com/blog/hidden-gem-low-cost-digispark-usb-now-quacks-duckyscript
“This allows you to use existing or custom DuckyScript payloads and convert those to Arduino sketches to run on Digispark compatible hardware. Download from GitHub: https://github.com/nixu-
corp/Dckuino.js or use the online version: https://nixu-corp.github.io”
“Cheaper alternatives (in the $15-$20 price range) exist, such as PJRC’s Teensy, which can count on support from several pen testing tools such as the Social Engineering Toolkit, Nikhil Mittal’s
Kautilya and Powershell Empire. Another viable alternative is the Arduino Micro, which just like the Teensy, comes as a circuit board with a female mini-B USB port. Its form factor is not exactly suitable
for fitting in a thumb drive enclosure, but hey, who needs one if you can hide your HID inside an ultra-cool USB-gadget of your choice? Another option is to put your 3D-printer at work.”
4
2014-07-31: Why the security of USB is fundamentally broken
https://www.wired.com/2014/07/usb-security/
“In this new way of thinking, you have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.”
““You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s 'clean,'" says Nohl. But unless the IT guy has the reverse engineering skills to find and
analyze that firmware, “the cleaning process doesn’t even touch the files we’re talking about.””
5
2014-10-02: The Unpatchable Malware That Infects USBs Is Now on the Loose
https://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/
"This was largely inspired by the fact that [SR Labs] didn't release their material. If you're going to prove that there's a flaw, you need to release the material so people can defend against it."
S37: USB Peripherals - The weapon of choice
59. 31/08/2019
Credits and prior art 6/11
"discovering truth by building on previous discoveries“
59 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
S37: USB Peripherals - The weapon of choice
6
2013-10-29: Russia 'spied on G20 leaders with USB sticks'
http://www.telegraph.co.uk/news/worldnews/europe/russia/10411473/Russia-spied-on-G20-leaders-with-USB-sticks.html
“The USB pen drives and the recharging cables were able to covertly capture computer and mobile phone data,”
7
2013-12-29: Inside Tailored Access Operations (TAO) - Documents Reveal Top NSA Hacking Unit
http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html
“TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained
access to and read mails sent over Blackberry's BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a "sustained TAO operation," one
document states.”
“The technical term for this type of activity is "Computer Network Exploitation" (CNE). The goal here is to "subvert endpoint devices," according to an internal NSA presentation that SPIEGEL has
viewed. The presentation goes on to list nearly all the types of devices that run our digital lives -- "servers, workstations, firewalls, routers, handsets, phone switches, SCADA systems, etc."”
8
2013-12-29: Shopping for Spy Gear - Catalog Advertises NSA Toolbox
http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html
Advanced or Access Network Technology (ANT)
“Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here,
too, it appears the US intelligence agency is compromising the technology and products of American companies.”
“Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million.”
9
2015-01-17: The Digital Arms Race - NSA Preps America for Future Battle
http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html
“Even before NSA management massively expanded the ROC group during the summer of 2005, the department's motto was, "Your data is our data, your equipment is our equipment."”
“Among the data on "sensitive military technologies" hit in the attack were air refueling schedules, the military logistics planning system, missile navigation systems belonging to the Navy, information
about nuclear submarines, missile defense and other top secret defense projects.
The desire to know everything isn't, of course, an affliction only suffered by the Chinese, Americans, Russians and British. Years ago, US agents discovered a hacking operation originating in Iran in a
monitoring operation that was codenamed Voyeur. A different wave of attacks, known as Snowglobe, appears to have originated in France.”
60. 31/08/2019
Credits and prior art 7/11
"discovering truth by building on previous discoveries“
60 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
S37: USB Peripherals - The weapon of choice
10
2014-11-03: An Unprecedented Look at Stuxnet, the World's First Digital Weapon
https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
“Because the computers are air-gapped from the internet, however, they cannot be reached directly by the remote attackers. So the attackers have designed their weapon to spread via infected
USB flash drives.”
11
2017-01-10: Inside a low budget consumer hardware espionage implant
https://ha.cking.ch/s8_data_line_locator/
“It can, e.g., be called to listen to a live audio feed from a small microphone within the device, as well as programmed to call back if the sound level surpasses a 45 dB threshold. The fact that the
device can be repackaged in its sliding case, after configuring it, i.e. inserting a SIM, without any noticeable marks to the packaging suggests its use-case: covert espionage.”
12
2017-08-12: USB Devices Vulnerable to Crosstalk Data Leaks
https://www.bleepingcomputer.com/news/security/usb-devices-vulnerable-to-crosstalk-data-leaks/
"For the practical side of their research, scientists used a modified off-the-shelve plug-in lamp with a USB connector to log every key stroke from an adjacent USB keyboard. They then sent the data
to another PC via Bluetooth."
13
2017-03-11: USG works like a firewall for USB connections
https://www.bleepingcomputer.com/news/hardware/this-device-works-as-a-firewall-for-your-usb-ports/
", the recently released USG v1.0 only supports a data transfer speed of up to 1 MB/s, much inferior to commercial USB devices that work in the range of tens of MB/s. In addition, USG only supports
USB mass storage (flash drives), keyboards, and mice"
14
2017-11-07: Linux Has a USB Driver Security Problem
https://www.bleepingcomputer.com/news/security/linux-has-a-usb-driver-security-problem/
"The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months. Not all of these 79 vulnerabilities have been reported, let alone patched.
Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code."
61. 31/08/2019
Credits and prior art 8/11
"discovering truth by building on previous discoveries“
61 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
S37: USB Peripherals - The weapon of choice
15
2016-11-16: PoisonTap Can Hijack Web Traffic and Install Backdoors on Password-Protected PCs
https://www.bleepingcomputer.com/news/security/poisontap-can-hijack-web-traffic-and-install-backdoors-on-password-protected-pcs/
"PoisonTap works by spoofing an over-USB Ethernet adapter, which sets up as the primary source of Internet traffic for all IPv4 addresses. Windows and OS X will automatically recognize and install
the fake Ethernet adapter, even when the machine is locked. This tricks the computer in sending all web traffic to PoisonTap."
16
2017-10-17: Here's a Video of the Latest ATM Malware Sold on the Dark Web
https://www.bleepingcomputer.com/news/security/heres-a-video-of-the-latest-atm-malware-sold-on-the-dark-web/
"A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware."
17
2018-03-13: Here's a List of 29 Different Types of USB Attacks
https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/
"Researchers from the Ben-Gurion University of the Negev in Israel have identified 29 ways in which attackers could use USB devices to compromise users' computers. The research team has
classified these 29 exploitation methods in four different categories, depending on the way the attack is being carried out."
18
2018-06-22: Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems
https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
“The weaponization of a secure USB drive is an uncommon attack technique and likely done in an effort to spread to air-gapped systems, which are systems that do not connect to the public
internet. In addition, our research shows that the malware used in these attacks will only try to infect systems running Microsoft Windows XP or Windows Server 2003. “
62. 02. QinetiQ North America Attack & Lessons
S38-42: 'Chinese' attack sucks secrets from US defence contractor - http://www.theregister.co.uk/2013/05/02/china_us_hacking_qinetiq_apt/
S38-42: Hackers in china compromise us defense secrets - https://www.bloomberg.com/graphics/infographics/hackers-in-china-compromise-us-defense-secrets.html
S38-42: Cyber Espionage and the Theft of U.S. Intellectual Property and Technology - https://www.uscc.gov/sites/default/files/Wortzel-OI-Cyber-Espionage-Intellectual-Property-Theft-2013-7-9.pdf
03. Cloud Hopper & Lessons
S43-47: Operation Cloud Hopper - https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html/
S43-47: The Weakest Link - https://newsfromthelab.files.wordpress.com/2017/04/the-weakest-link-f-secure-state-of-cyber-security-2017.pdf
S43-47: FRA:s åtgärdsförslag med anledning av angrepp mot tjänsteleverantörer - http://www.fra.se/snabblankar/nyheterochpress/nyhetsarkiv/nyheter/frasatgardsforslagmedanledningavangreppmottjansteleverantorer.411.html
S43-47: Så identifieras Cloud Hopper APT10 - https://kryptera.se/sa-identifierars-cloud-hopper-apt10/
S43-47: APT10 - Operation Cloud Hopper - https://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html
S43-47: Global targeting of enterprises via managed service providers - https://www.ncsc.gov.uk/information/global-targeting-enterprises-managed-service-providers
S43-47: Inside the West’s failed fight against China’s ‘Cloud Hopper’ hackers - https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/
04. WannaCry, Petya, NotPetya & Lessons
S48-50: The White House Blames Russia for NotPetya, the 'Most Costly Cyberattack In History‘ - https://www.wired.com/story/white-house-russia-notpetya-attribution/
S48-50: WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017 - https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware
S48-50: The Untold Story of NotPetya, the Most Devastating Cyberattack in History - https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
S48-50: NotPetya Ushered In a New Era of Malware - https://www.vice.com/en_us/article/7x5vnz/notpetya-ushered-in-a-new-era-of-malware
31/08/2019
Credits and prior art 9/11
"discovering truth by building on previous discoveries“
62 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
63. The force multipliers - or “how to fight the war from the trenches”
S51: Strong authentication: https://en.wikipedia.org/wiki/Strong_authentication
S51: YubiKey: https://en.wikipedia.org/wiki/YubiKey
S51: Smart Cards: https://en.wikipedia.org/wiki/Smart_card
S51: Google Authenticator: https://en.wikipedia.org/wiki/Google_Authenticator
S51: Google: Security Keys Neutralized Employee Phishing - https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/
S51: Microsoft: Using multi-factor authentication blocks 99.9% of account hacks - https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/
S51: Separation (physical and logical). Unfortunately I have not found any good public resources describing this.
- The basis of the separation concept is the idea of a security domain - https://en.wikipedia.org/wiki/Security_domain
- which is based on the concept of domain based security - https://en.wikipedia.org/wiki/Domain_Based_Security
Examples of Network separation
- Logical separation, VLAN som separationsmetod för industriella styrsystemsnät - https://www.foi.se/rapportsammanfattning?reportNo=FOI-R--4070--SE
- Unidirectional network (a common separation mechanism within military networks) - https://en.wikipedia.org/wiki/Unidirectional_network
S51: Security logging - https://en.wikipedia.org/wiki/Security_information_and_event_management
S51: White/Black listening - https://en.wikipedia.org/wiki/Whitelisting#Program_whitelists & https://en.wikipedia.org/wiki/Blacklist_(computing)#Information_systems
S51: SANS Critical Security Controls - https://www.cisecurity.org/controls/ & https://www.sans.org/critical-security-controls
S51: (Know your network) NSA TAO Chief on Disrupting Nation State Hackers video (38 min) - https://www.youtube.com/watch?v=bDJb8WOJYdA
S51: (Know your network) Improving the Security of Your Site by Breaking Into it (20 pages) - http://www.dcs.ed.ac.uk/home/rah/Resources/Security/admin_guide_to_cracking.pdf
S51: (Threat modelling) “Think Like an Attacker” is an opt-in mistake - http://emergentchaos.com/archives/2016/04/think-like-an-attacker-is-an-opt-in-mistake.html
S51: Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win - https://blogs.technet.microsoft.com/johnla/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win/
31/08/2019
Credits and prior art 10/11
"discovering truth by building on previous discoveries“
63 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences
64. Help Wanted
S52: Help Wanted! - https://twitter.com/steffanwatkins/status/976107933305098240
General inspiration for this talk:
Black Hat Asia 2018 Day 2 Keynote: A Short Course in Cyber Warfare presented by The Grugq - https://youtu.be/gvS4efEakpY
Elizabeth (1998) - https://www.imdb.com/title/tt0127536/
Books you should read that might have been mentioned but aren’t represented by a slide:
- Site Reliability Engineering, How Google Runs Production Systems (552 pages) - http://shop.oreilly.com/product/0636920041528.do
- Vem kan man lita på?: den globala övervakningens framväxt (304 pages) - http://www.adlibris.com/se/bok/vem-kan-man-lita-pa-den-globala-overvakningens-framvaxt-9789175453958
- Konsten att gissa rätt - Underrättelsevetenskapens grunder (218 pages) - https://www.adlibris.com/se/bok/konsten-att-gissa-ratt---underrattelsevetenskapens-grunder-9789144004389
- The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (384 pages) - https://www.amazon.com/Perfect-Weapon-Sabotage-Fear-Cyber/dp/0451497899
If you lack references to something I mentioned, please contact me.
31/08/2019
Credits and prior art 11/11
"discovering truth by building on previous discoveries“
64 NIXU PUBLIC | NOT EXPORT CONTROLLED | CUSTOMER UNCLASSIFIEDRefences