DDoS attacks have catapulted to the forefront of banking security news after the industry experienced a series of multi-phased attacks beginning back in September of 2012. Hackers launch DDoS attacks prompted by one of two common motives. Protest attacks, like OpUSA, target large, high-profile banks and are often launched for social or political purposes. Attacks on community banks are usually used to as a distraction in conjunction with account takeover attacks. This event is designed to strengthen the awareness and defenses of participants. Jay McLaughlin, this session's presenter, fights cybercrime aimed at financial institutions on a daily basis as Q2ebanking's Chief Security Officer. Jay will break down conceptual and technical aspects of DDoS attack types, clarify the differing attacker motives, and discuss how community banks can build a layered security model to prevent DDoS attacks.
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
Is the world in the midst of a cyber-war? If so, what are the implications?
In this presentation Carl Herberger, Radware's VP of Security Solutions, explores some of the most notable recent cyber-attacks and how many of the findings correlate with the tenets of warfare as defined in The Art of War by Sun Tzu, the ancient military general, strategist and tactician.
How should organizations be preparing for an information security landscape that is shaped by ideologically motivated cyber warfare rather than just opportunistic cyber-crime? Learn the techniques being employed to safeguard IT operations in a theatre that is witnessing ever more sophisticated attacks.
For more on how to help detect, mitigate and win this cyber war battle, visit here: http://www.radware.com/ert-report-2013/ to download the 2013 Global Application and Network Security Report.
Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make difficult decisions about how best to protect their information systems. Executives daily open the newspaper to find another example of effective cyber attacks and hacking. How do organizations know when security mechanisms are enough to keep their data safe? In an effort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous efforts to secure cyberspace. But what are they and will they be enough? In this presentation James Tarala, a Senior Instructor with the SANS Institute and a Principal Consultant at Enclave Security, will describe current efforts and the tools being offered to help citizens and protect cyberspace.
Cyber war, cyber terrorism, and cyber espionage were discussed. The document began by noting some disclaimers from the author about their expertise and intentions. It then discussed how cyber war is often misunderstood and does not refer to things like cybercrime or hacking. The document went on to discuss how cyber attacks could potentially lead to accidental nuclear war by degrading decision making systems. It also provided a real example of how access was gained to a strategic nuclear system, highlighting the risks of cyber threats in this domain.
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments.
In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks.
Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
Have the Bad Guys Won the Cyber security War...Andrew Hammond
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while the bad guys have not won the cyber war, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from unsafe to safe and secure cryptography, including the development of quantum-safe and quantum cryptography methods.
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) . We had several important dialogues concerning Global Citizenship Education in Cyber Civil Defense
The document discusses global citizenship education and cyber civil defense. It proposes that global citizenship education, as outlined by UNESCO, can help develop critical thinking skills to promote cyber resilience. These skills include media literacy, critical inquiry, and personal responsibility. The document also argues that greater cyber civil defense through education of the public could help minimize cyber attacks by making infrastructure less vulnerable. It provides examples of major data breaches and argues that security education for civilians and professionals could have mitigated risks in many cases. Overall it advocates for coordinated efforts between UNESCO, UCLA, and other groups to develop and implement cyber civil defense education programs.
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
Is the world in the midst of a cyber-war? If so, what are the implications?
In this presentation Carl Herberger, Radware's VP of Security Solutions, explores some of the most notable recent cyber-attacks and how many of the findings correlate with the tenets of warfare as defined in The Art of War by Sun Tzu, the ancient military general, strategist and tactician.
How should organizations be preparing for an information security landscape that is shaped by ideologically motivated cyber warfare rather than just opportunistic cyber-crime? Learn the techniques being employed to safeguard IT operations in a theatre that is witnessing ever more sophisticated attacks.
For more on how to help detect, mitigate and win this cyber war battle, visit here: http://www.radware.com/ert-report-2013/ to download the 2013 Global Application and Network Security Report.
Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make difficult decisions about how best to protect their information systems. Executives daily open the newspaper to find another example of effective cyber attacks and hacking. How do organizations know when security mechanisms are enough to keep their data safe? In an effort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous efforts to secure cyberspace. But what are they and will they be enough? In this presentation James Tarala, a Senior Instructor with the SANS Institute and a Principal Consultant at Enclave Security, will describe current efforts and the tools being offered to help citizens and protect cyberspace.
Cyber war, cyber terrorism, and cyber espionage were discussed. The document began by noting some disclaimers from the author about their expertise and intentions. It then discussed how cyber war is often misunderstood and does not refer to things like cybercrime or hacking. The document went on to discuss how cyber attacks could potentially lead to accidental nuclear war by degrading decision making systems. It also provided a real example of how access was gained to a strategic nuclear system, highlighting the risks of cyber threats in this domain.
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments.
In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks.
Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
Have the Bad Guys Won the Cyber security War...Andrew Hammond
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while the bad guys have not won the cyber war, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from unsafe to safe and secure cryptography, including the development of quantum-safe and quantum cryptography methods.
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) . We had several important dialogues concerning Global Citizenship Education in Cyber Civil Defense
The document discusses global citizenship education and cyber civil defense. It proposes that global citizenship education, as outlined by UNESCO, can help develop critical thinking skills to promote cyber resilience. These skills include media literacy, critical inquiry, and personal responsibility. The document also argues that greater cyber civil defense through education of the public could help minimize cyber attacks by making infrastructure less vulnerable. It provides examples of major data breaches and argues that security education for civilians and professionals could have mitigated risks in many cases. Overall it advocates for coordinated efforts between UNESCO, UCLA, and other groups to develop and implement cyber civil defense education programs.
Attribution within threat intelligence operations generally focuses on trying to find a 'who' - pick a US three-letter agency or other intelligence service - rather than the 'how' - what totality of activities makes up a specific activity group responsible for one (or more) campaigns. This talk will explore and outline the differences between these approaches, and how the former might be useful when discussing things in the press or looking at events from a law enforcement perspective, but the latter is far more useful (and significantly less controversial) for actual network defenders. Specifically, by limiting ourselves to defining a collection of behaviors or TTPs surrounding a specific event or campaign, threat intelligence can then develop playbooks, response procedures, and evaluation of expected follow-on actions related to the documented activity group. Most importantly, activity groups - as collections of behaviors - are distinct from 'actors'. Thus, you may have multiple activity groups, associated with a set of targets and TTPs, that all happen to belong to the same hostile foreign intelligence service. But from an IR or SOC perspective, the 'geopolitical' aspect is irrelevant.
To illustrate the above and how this matters, I would provide a couple of examples - including one where aggressive attribution for the sake of press or other motives muddies the waters from a defense perspective. Specifically, I'll look into the Dragonfly2.0 report released earlier in 2017 and follow-on reporting related to it (most notably US-CERT's report) to show how multiple activity groups can be conflated and produce a confusing and unhelpful threat landscape understanding for network defenders.
Following this discussion, attendees will have a more robust understanding of threat intelligence operations, the different types of attribution based upon threat intelligence work, and why an activity group-focused approach is more useful to security operations than alternatives. Attendees will be equipped to more robustly examine and, where necessary, challenge threat intelligence reporting, and learn what details are most useful in applying threat intelligence data to security operations.
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBoston Global Forum
This document summarizes three cybersecurity incidents:
1) The theft of $81 million from Bangladesh's central bank account at the NY Federal Reserve due to weak security practices at SWIFT and the bank.
2) A mental health clinic preparing to implement an electronic medical records system was advised to have an outside expert test its security controls, but the board did not understand the reputational, financial, and legal risks.
3) Hackers breached servers at the NY State Psychiatric Institute, accessing information on 22,000 people including 13,000 coded records and 9,000 with personally identifiable information, highlighting the value of medical records data on the black market.
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
hashdays 2011: Sniping Slowloris - Taking out DDoS attackers with minimal har...Area41
Request delaying attacks like slowloris or RUDY made it clear that killing a webserver via HTTP is trivial. No, it is not trivial. It's even easier than that. One netbook, probably a smartphone, is enough to consume all the threads a big iron server has to offer. In this age of super-smart AJAX services with fat backend application servers exposed on the internet, this is bad news. When the anonymous network attacked, VISA, Mastercard and Swiss Post got a bloody nose out of it. This talk will teach you some basics and then fairly advanced defense methods. This is a hands on guide on configuring the standard defense techniques on Apache including ModSecurity recipes. Furthermore, a custom script will be presented that helps you monitor your server's incoming connection and throw out the attackers. Some of the infos are useful for other server types as well. Along the line you will also pick up useful information on the defense of medieval castles, but that is not the main focus of the talk. Really.
Bio: Christian Folini studied History and Computer science at the Universities of Fribourg, Switzerland and Bern. His postgraduate studies took him to Bielefeld and Berlin. Christian Folini holds a PhD in Medieval History and has ten years of experience with Unix and Webservers in particular.
Christian Folini works as a security consultant and webserver engineer for netnea.com, a contracting Company based in Berne, Switzerland. His customers include Swiss Post, Federal Office of Information Technology (BIT), IBM, Novartis, Cornerbank and Swiss TV. He has several years of experience with ModSecurity installations and developed REMO, a graphical rule editor for ModSecurity. He gave ModSecurity classes at OWASP conferences and contributed to the latest editions of the Center for Internet Security (CIS) Apache Benchmark. Recently, he started to write a series of tutorials on secure enterprise-level Apache deployments with a purely Open Source approach. These tutorials are all in German. See http://www.netnea.com. Christian Folini started to do research on request delaying or slowloris-type DoS/DDoS in 2006, but never published his findings beyond the Apache/ModSecurity mailinglists until Slowloris was released by RSnake in June 2009. Christian Folini's analysis of Slowloris appeared in Linux Weekly News the day his first son was born (and I tell you, finishing the article in time was a tough race). http://lwn.net/Articles/338407/
The Art of Cyber War [From Black Hat Brazil 2014]Radware
With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments.
In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks.
Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Chris Hails
The document discusses how the Cyber Self Defence Framework (CSDF) can help individuals prioritize cybersecurity efforts using Situational Crime Prevention (SCP) strategies. The CSDF identifies 101 unique safeguards across three priority levels to deter, deflect, and defend against cybercrime. It takes a holistic approach, focusing on practices like using unique passwords, antivirus software, firewalls, and backing up data. The CSDF aims to help overwhelmed users by stating clear actions and benefits. Future versions could tailor recommendations based on user profiles and provide time-bound or budget-bound "recipes" through distribution channels like the police or apps.
In the Line of Fire-the Morphology of Cyber AttacksRadware
Dennis Ulse's Presentation from SecureWorld Expo Atlanta that discusses Availability-based threats; Attacks on U.S. banks and other popular attack patterns and trends.
This document discusses cyber warfare and strategies related to cyber defense and offense. It covers the following key points in 3 sentences:
Cyber weapons and tools are discussed for various purposes like detection, prevention, targeting identification, and attack. Effective cybersecurity strategies include reactive, planned, and proactive behaviors to respond to known and unknown threats. Building an effective cyber force requires highly skilled experts, intelligence capabilities, and proper training structures and procedures to coordinate offensive and defensive cyber operations for national security.
This document summarizes key points from a presentation on trends and challenges in cybersecurity given by Chuck Brooks, Vice President of Sutherland Government Solutions. It discusses increasing cyber threats from a variety of sources, including hackers, insiders, nation states, and terrorists. Specific threats covered include viruses, worms, Trojans, ransomware, and others. The document also addresses challenges securing critical infrastructure and outlines the role of the Department of Homeland Security in cybersecurity efforts. Emerging technologies like the internet of things, big data, artificial intelligence, and augmented reality are discussed along with their potential impacts and policy issues.
HITB2013AMS Defenting the enterprise, a russian way!F _
Thank you for the summary. While technology can enable both helpful and harmful uses, focusing on understanding different perspectives and bringing more light than heat can help address challenges in a constructive manner.
In the Line of Fire - The Morphology of Cyber-AttacksRadware
Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
This document provides guidance for state, local, tribal, and territorial (SLTT) law enforcement on reporting cyber incidents to federal authorities. It outlines types of incidents that should be reported, such as those affecting critical infrastructure, national security, or public safety. The document details the information that should be included in reports, such as technical details about the incident and impacted systems. It also lists several ways for SLTT law enforcement to report incidents, including email, phone, or online portals, and specifies the federal agencies responsible for accepting different types of reports related to cybercrime, national infrastructure, or investigations.
This document provides an overview of cyber security threats facing businesses in the 21st century. It discusses the scale of cyber crime, changing threats from insiders, hacktivists, organized crime and nation-states. It also covers common forms of malware, how malware infects systems and steals credentials, and tips for businesses to prevent account takeover and avoid being victims of cyber attacks.
Katherine Cancelado is a cybersecurity consultant with over 3 years of experience in penetration testing, vulnerability assessment, and incident response. She has an MSc in Cyber Security and certifications in system security and digital forensics. The document discusses cybersecurity and privacy risks women face online due to their underrepresentation in cybersecurity fields and management of personal data. It provides tips for protecting personal information at home and work such as using encryption, anonymizing internet use, and securely disposing of unused data. The agenda covers women in the workforce, online risks, privacy and data protection, mitigation strategies, and takes questions.
This Imperva Hacker Intel report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The report offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized, as well as insights on the use of social media to recruit participants and coordinate the attack.
Data Breaches. Are you next? What does the data say? Phil Agcaoili
The document discusses cyber security risks facing the airline and airport industries. It notes that airports and airlines have complex IT systems used to manage passenger flow and exchange sensitive information in real-time, making them vulnerable to cyber attacks. The document presents several case studies of past cyber incidents affecting airports and airlines, including viruses that infected airport servers and drone fleets, and system failures at airports due to malware and technical issues. It stresses that all organizations must take basic steps to improve cyber hygiene and security.
This document summarizes a presentation on IT security threats, vulnerabilities, and countermeasures. It discusses the rise of cybercrime and how attacks have become more advanced, well-organized, technical, and well-financed. Various cyber threats are examined like the increase in cyber intelligence activities by nation-states. Common security vulnerabilities are also reviewed, such as the OWASP top 10 list and the SANS top 20 list. Specific threats like keyloggers and the WSNPOEM malware are discussed in more detail. The presentation emphasizes the importance of security awareness, training, patching, authentication, and implementing proper countermeasures and configurations to mitigate risks.
This document discusses security issues related to the Internet of Things (IoT) and smart buildings. It describes the various phases of an IoT system from data collection to delivery. It then discusses security threats in three dimensions: by phase (e.g. data leakage), by architecture (e.g. external attacks), and by component (e.g. sensors). Specific attacks like denial of service attacks and IP spoofing are explained. Finally, the document discusses privacy threats in smart buildings related to user behavior, location privacy from wireless networks and RFID, and visual privacy from video surveillance.
Attribution within threat intelligence operations generally focuses on trying to find a 'who' - pick a US three-letter agency or other intelligence service - rather than the 'how' - what totality of activities makes up a specific activity group responsible for one (or more) campaigns. This talk will explore and outline the differences between these approaches, and how the former might be useful when discussing things in the press or looking at events from a law enforcement perspective, but the latter is far more useful (and significantly less controversial) for actual network defenders. Specifically, by limiting ourselves to defining a collection of behaviors or TTPs surrounding a specific event or campaign, threat intelligence can then develop playbooks, response procedures, and evaluation of expected follow-on actions related to the documented activity group. Most importantly, activity groups - as collections of behaviors - are distinct from 'actors'. Thus, you may have multiple activity groups, associated with a set of targets and TTPs, that all happen to belong to the same hostile foreign intelligence service. But from an IR or SOC perspective, the 'geopolitical' aspect is irrelevant.
To illustrate the above and how this matters, I would provide a couple of examples - including one where aggressive attribution for the sake of press or other motives muddies the waters from a defense perspective. Specifically, I'll look into the Dragonfly2.0 report released earlier in 2017 and follow-on reporting related to it (most notably US-CERT's report) to show how multiple activity groups can be conflated and produce a confusing and unhelpful threat landscape understanding for network defenders.
Following this discussion, attendees will have a more robust understanding of threat intelligence operations, the different types of attribution based upon threat intelligence work, and why an activity group-focused approach is more useful to security operations than alternatives. Attendees will be equipped to more robustly examine and, where necessary, challenge threat intelligence reporting, and learn what details are most useful in applying threat intelligence data to security operations.
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBoston Global Forum
This document summarizes three cybersecurity incidents:
1) The theft of $81 million from Bangladesh's central bank account at the NY Federal Reserve due to weak security practices at SWIFT and the bank.
2) A mental health clinic preparing to implement an electronic medical records system was advised to have an outside expert test its security controls, but the board did not understand the reputational, financial, and legal risks.
3) Hackers breached servers at the NY State Psychiatric Institute, accessing information on 22,000 people including 13,000 coded records and 9,000 with personally identifiable information, highlighting the value of medical records data on the black market.
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
hashdays 2011: Sniping Slowloris - Taking out DDoS attackers with minimal har...Area41
Request delaying attacks like slowloris or RUDY made it clear that killing a webserver via HTTP is trivial. No, it is not trivial. It's even easier than that. One netbook, probably a smartphone, is enough to consume all the threads a big iron server has to offer. In this age of super-smart AJAX services with fat backend application servers exposed on the internet, this is bad news. When the anonymous network attacked, VISA, Mastercard and Swiss Post got a bloody nose out of it. This talk will teach you some basics and then fairly advanced defense methods. This is a hands on guide on configuring the standard defense techniques on Apache including ModSecurity recipes. Furthermore, a custom script will be presented that helps you monitor your server's incoming connection and throw out the attackers. Some of the infos are useful for other server types as well. Along the line you will also pick up useful information on the defense of medieval castles, but that is not the main focus of the talk. Really.
Bio: Christian Folini studied History and Computer science at the Universities of Fribourg, Switzerland and Bern. His postgraduate studies took him to Bielefeld and Berlin. Christian Folini holds a PhD in Medieval History and has ten years of experience with Unix and Webservers in particular.
Christian Folini works as a security consultant and webserver engineer for netnea.com, a contracting Company based in Berne, Switzerland. His customers include Swiss Post, Federal Office of Information Technology (BIT), IBM, Novartis, Cornerbank and Swiss TV. He has several years of experience with ModSecurity installations and developed REMO, a graphical rule editor for ModSecurity. He gave ModSecurity classes at OWASP conferences and contributed to the latest editions of the Center for Internet Security (CIS) Apache Benchmark. Recently, he started to write a series of tutorials on secure enterprise-level Apache deployments with a purely Open Source approach. These tutorials are all in German. See http://www.netnea.com. Christian Folini started to do research on request delaying or slowloris-type DoS/DDoS in 2006, but never published his findings beyond the Apache/ModSecurity mailinglists until Slowloris was released by RSnake in June 2009. Christian Folini's analysis of Slowloris appeared in Linux Weekly News the day his first son was born (and I tell you, finishing the article in time was a tough race). http://lwn.net/Articles/338407/
The Art of Cyber War [From Black Hat Brazil 2014]Radware
With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments.
In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks.
Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Chris Hails
The document discusses how the Cyber Self Defence Framework (CSDF) can help individuals prioritize cybersecurity efforts using Situational Crime Prevention (SCP) strategies. The CSDF identifies 101 unique safeguards across three priority levels to deter, deflect, and defend against cybercrime. It takes a holistic approach, focusing on practices like using unique passwords, antivirus software, firewalls, and backing up data. The CSDF aims to help overwhelmed users by stating clear actions and benefits. Future versions could tailor recommendations based on user profiles and provide time-bound or budget-bound "recipes" through distribution channels like the police or apps.
In the Line of Fire-the Morphology of Cyber AttacksRadware
Dennis Ulse's Presentation from SecureWorld Expo Atlanta that discusses Availability-based threats; Attacks on U.S. banks and other popular attack patterns and trends.
This document discusses cyber warfare and strategies related to cyber defense and offense. It covers the following key points in 3 sentences:
Cyber weapons and tools are discussed for various purposes like detection, prevention, targeting identification, and attack. Effective cybersecurity strategies include reactive, planned, and proactive behaviors to respond to known and unknown threats. Building an effective cyber force requires highly skilled experts, intelligence capabilities, and proper training structures and procedures to coordinate offensive and defensive cyber operations for national security.
This document summarizes key points from a presentation on trends and challenges in cybersecurity given by Chuck Brooks, Vice President of Sutherland Government Solutions. It discusses increasing cyber threats from a variety of sources, including hackers, insiders, nation states, and terrorists. Specific threats covered include viruses, worms, Trojans, ransomware, and others. The document also addresses challenges securing critical infrastructure and outlines the role of the Department of Homeland Security in cybersecurity efforts. Emerging technologies like the internet of things, big data, artificial intelligence, and augmented reality are discussed along with their potential impacts and policy issues.
HITB2013AMS Defenting the enterprise, a russian way!F _
Thank you for the summary. While technology can enable both helpful and harmful uses, focusing on understanding different perspectives and bringing more light than heat can help address challenges in a constructive manner.
In the Line of Fire - The Morphology of Cyber-AttacksRadware
Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
This document provides guidance for state, local, tribal, and territorial (SLTT) law enforcement on reporting cyber incidents to federal authorities. It outlines types of incidents that should be reported, such as those affecting critical infrastructure, national security, or public safety. The document details the information that should be included in reports, such as technical details about the incident and impacted systems. It also lists several ways for SLTT law enforcement to report incidents, including email, phone, or online portals, and specifies the federal agencies responsible for accepting different types of reports related to cybercrime, national infrastructure, or investigations.
This document provides an overview of cyber security threats facing businesses in the 21st century. It discusses the scale of cyber crime, changing threats from insiders, hacktivists, organized crime and nation-states. It also covers common forms of malware, how malware infects systems and steals credentials, and tips for businesses to prevent account takeover and avoid being victims of cyber attacks.
Katherine Cancelado is a cybersecurity consultant with over 3 years of experience in penetration testing, vulnerability assessment, and incident response. She has an MSc in Cyber Security and certifications in system security and digital forensics. The document discusses cybersecurity and privacy risks women face online due to their underrepresentation in cybersecurity fields and management of personal data. It provides tips for protecting personal information at home and work such as using encryption, anonymizing internet use, and securely disposing of unused data. The agenda covers women in the workforce, online risks, privacy and data protection, mitigation strategies, and takes questions.
This Imperva Hacker Intel report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The report offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized, as well as insights on the use of social media to recruit participants and coordinate the attack.
Data Breaches. Are you next? What does the data say? Phil Agcaoili
The document discusses cyber security risks facing the airline and airport industries. It notes that airports and airlines have complex IT systems used to manage passenger flow and exchange sensitive information in real-time, making them vulnerable to cyber attacks. The document presents several case studies of past cyber incidents affecting airports and airlines, including viruses that infected airport servers and drone fleets, and system failures at airports due to malware and technical issues. It stresses that all organizations must take basic steps to improve cyber hygiene and security.
This document summarizes a presentation on IT security threats, vulnerabilities, and countermeasures. It discusses the rise of cybercrime and how attacks have become more advanced, well-organized, technical, and well-financed. Various cyber threats are examined like the increase in cyber intelligence activities by nation-states. Common security vulnerabilities are also reviewed, such as the OWASP top 10 list and the SANS top 20 list. Specific threats like keyloggers and the WSNPOEM malware are discussed in more detail. The presentation emphasizes the importance of security awareness, training, patching, authentication, and implementing proper countermeasures and configurations to mitigate risks.
This document discusses security issues related to the Internet of Things (IoT) and smart buildings. It describes the various phases of an IoT system from data collection to delivery. It then discusses security threats in three dimensions: by phase (e.g. data leakage), by architecture (e.g. external attacks), and by component (e.g. sensors). Specific attacks like denial of service attacks and IP spoofing are explained. Finally, the document discusses privacy threats in smart buildings related to user behavior, location privacy from wireless networks and RFID, and visual privacy from video surveillance.
The document discusses the "Aurora Attack" on Google and other companies in 2009 by hackers in China. It then provides an overview of network security monitoring (NSM) including defining NSM, the role of computer incident response teams, capabilities of NSM, why intrusions can't always be prevented, and some drawbacks of NSM such as dealing with encrypted or high volume traffic.
This document provides an overview of cybersecurity topics including statistics on cyberattacks, common types of attacks, vulnerabilities, recent cyberattacks in the US and New Mexico, cybersecurity controls, frameworks, and initiatives. It begins with an agenda covering the internet landscape, statistics on 75% of attacks starting with email and global cybercrime costs reaching $10.5 trillion by 2025. Recent sections discuss the Colonial Pipeline and JBS Foods ransomware attacks, controls like strong passwords and encryption, the NIST Cybersecurity Framework, and potential state initiatives like a New Mexico cybersecurity agency. The presentation aims to raise awareness of cybersecurity risks and best practices.
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
This document provides a summary of an IT security presentation on threats, vulnerabilities, and countermeasures. The presentation discusses the evolving cyber threat landscape, including more advanced cyber crime and nation-state threats. It covers common vulnerabilities like cross-site scripting, SQL injection, and malicious file execution. It also summarizes the OWASP Top 10 security risks and the SANS Top 20 vulnerabilities. The presentation provides information on specific threats like keyloggers and the WSNPOEM malware and outlines mitigation strategies. It discusses finding the right balance of security based on risk and cost. Contact information is provided for follow up questions.
The document discusses emerging cybersecurity threats such as exploit kits, ransomware, and phishing scams. It provides an overview of the Angler exploit kit and how it has evolved, targeting vulnerabilities in Adobe Flash, Internet Explorer, and Silverlight. It also examines the CryptoWall ransomware version 4 and how it encrypts files and communicates with command and control servers. Additionally, it analyzes the SamSam ransomware attacks targeting healthcare organizations and the Rombertik malware which uses layers of obfuscation and anti-analysis techniques to propagate via spam and steal user credentials.
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
In an era where digital threats are ever-evolving, understanding the fundamentals of cybersecurity is crucial.
Highlights of the Event:
💡 Google Cybersecurity Certification Scholarship.
🎭 Cloning and Phishing Demystified
🚨 Unravelling the Depths of Database Breaches
🛡️ Digital safety 101
🧼 Self-Check for Cyber Hygiene
⏺️ Event Details:
Date: 18th December 2023
Time: 6:00 PM to 7:00 PM
Venue: Online
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
This document discusses cybersecurity threats facing critical US infrastructure sectors. It outlines several major threat actors including hackers, insider threats, hacktivists, foreign and state-sponsored espionage, and terrorists. It then examines specific cyber threats like Trojans, viruses, worms, DDoS attacks, and zero-day vulnerabilities. The document outlines critical infrastructure sectors including government, military, energy, transportation, finance, healthcare, and identifies recent cyber incidents targeting these sectors. It emphasizes the importance of securing critical infrastructure and outlines the roles of government agencies like DHS and initiatives like the CIS critical security controls in improving cybersecurity.
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
- The document discusses cyber threats and distributed denial of service (DDoS) attacks against Israel's internet infrastructure during a period of conflict in 2014. It provides statistics on the frequency and scale of cyber attacks against Israel.
- To defend against DDoS attacks, Israel monitored traffic, isolated malicious IP addresses, connected to anti-DDoS services, and filtered attack streams. Lessons learned include the need to continuously update threat intelligence and harden networks with intelligent monitoring along the connection path. The conclusion advocates adding anti-DDoS software and improving internet architectures to alleviate susceptibility to attacks.
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while bad cyber actors have not yet won, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against threats from quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from currently unsafe cryptography to quantum-safe and quantum-based solutions.
The Bangladesh bank heist was a cyberattack in 2016 where nearly $1 billion was stolen from the Bangladesh central bank. Hackers were able to breach the bank's systems and send fraudulent transfer requests via the SWIFT system. While most transfers were blocked, $81 million was successfully stolen and sent to accounts in the Philippines and Sri Lanka. An investigation found that the tools and techniques used match those of the Lazarus hacking group, which has been linked to North Korean state-sponsored cyberattacks. It was one of the largest bank heists in history and exposed vulnerabilities in the global banking system.
This document discusses threats to web security and approaches to mitigating them. It begins by defining denial of service (DoS) and distributed denial of service (DDoS) attacks against networks and applications. These attacks have grown exponentially in size and can flood sites with traffic to make them unavailable. The document then discusses attacks that steal data, such as SQL injection. It advocates a multi-layered approach using both on-premises and cloud-based defenses to secure against network-level DoS/DDoS attacks, application-layer attacks, and DNS attacks. Factors for choosing solutions include ability to defend against different attack types and vectors. The document concludes with recommendations around addressing common web vulnerabilities.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Cloud security From Infrastructure to People-wareTzar Umang
Understand Cloud Security in every level from infrastructure to people ware via understanding threats, hardening your servers and creating policies that will users be guided on securing themselves.
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
The document discusses how organizations can use the NIST Cybersecurity Framework (CSF) to help manage the risk of ransomware attacks, covering the five core functions of Identify, Protect, Detect, Respond, and Recover and providing examples of how each function can be applied to counter ransomware threats through practices like asset management, access control, training, monitoring and response planning.
How are you planning to secure your employees, your company, and your customers in 2019?
Prior to joining Cloudflare as its Chief Security Officer (CSO) in 2018, Joe Sullivan spent 5+ years as CSO for Facebook and 2.5 years as CSO for Uber. He also previously held security and legal roles at PayPal and eBay and served on the Obama Administration as a member of the Commission on Enhancing National Cybersecurity.
With over a decade of experience from some of the world’s most influential companies, Joe will share the core strategies he is taking to help protect Cloudflare and, as a result, its 12M domains who rely on its services for security and performance.
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
Codero is an Infrastructure-as-a-Service provider that offers dedicated, cloud, managed and hybrid hosting services to over 3,400 domestic and international customers from three data center locations. We are at an interesting vantage point where we see all sorts of interesting things – this presentation will focus as a ‘report from the field’ related to cybersecurity from our position.
Distributed Denial of Service, or DDoS is a cyber attack that makes a network, server, or a website unavailable by flooding it with traffic from multiple sources at the same time. In a DDoS attack, a large number of compromised devices or bots are used to flood the target system with traffic, disrupting its ability to function properly. This attack can result in serious consequences such as lost revenue, damaged reputation, and compromised security.
In the second chapter of Knowledge Ketchup at Gurzu, Engineer Aadit Shrestha talked briefly about DDoS attack.
Similar to Exploring DDoS Attacks: Impact to Community Financial Institutions (20)
Evaluating your Cybersecurity Preparedness - FFIEC AssessmentJay McLaughlin
The document discusses the FFIEC's cybersecurity assessment of financial institutions. It notes that cyber threats are rapidly evolving and attackers are becoming more adept at defeating security practices. The FFIEC assessment examines an institution's risk management and oversight, threat intelligence and information sharing, security controls, incident detection and response, and business continuity/resiliency. Financial institutions should expect to demonstrate understanding of cyber risks, articulate controls to address risks, and show maturity and preparation to adapt to threats. Executive management and boards must also be engaged in cybersecurity.
The virtual branch is the financial institution’s franchise. But satisfying the experience of your valuable customers while protecting against the latest threats brings new challenges in securing this critical channel. Cybercrime has transformed into a sophisticated, billion-dollar industry, and high-risk targets need to develop a security posture that can scale to the volume and maturity of cyber-attacks being carried out. Multi-layered security solutions are needed to protect your virtual branch from fraud - but what does this even mean? This presentation highlights tools and best practices on pressing issues - account takeover, social engineering, neural network monitoring, and emerging payments.
This document discusses securing mobile banking. It begins by outlining the growth of mobile technology and consumer adoption of mobile devices and apps. It then discusses the threats posed by mobile malware, insecure devices, and user exploitation. The document advocates for a layered security model for mobile banking that includes multi-factor authentication, transaction authorization, behavioral monitoring, and secure development practices. It emphasizes the need for financial institutions to get ahead of threats and secure the mobile channel as consumer usage increases.
This document is a presentation about how CIOs and CSOs are becoming mission-critical business partners. The presentation covers how information is the lifeblood of organizations and how events involving data loss are rising. It discusses moving to an information-centric security approach and developing critical partnerships across organizations. The presentation emphasizes that security is not about checking boxes for compliance, but rather focusing on behavior change through education and building relationships.
This document discusses social media infiltration in enterprises. It begins by defining social media and highlighting its widespread adoption, with billions of users on Facebook, Twitter and LinkedIn. The presenter argues that enterprises must embrace social media as that is where customers and prospects are increasingly engaging. Both opportunities and risks of social media for businesses are covered. The presentation emphasizes establishing social media policies and strategies to manage risks and prevent potential disasters, while leveraging benefits like improved collaboration and marketing reach. It concludes by arguing that doing nothing is not an option for enterprises, and a formal approach is needed to mitigate new security risks introduced by social media.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Full-RAG: A modern architecture for hyper-personalization
Exploring DDoS Attacks: Impact to Community Financial Institutions
1. September 9, 2013
DCI Annual Conference
DDoS Attacks:
The Impact to Community
Financial Institutions
Jay McLaughlin, CISSP
Senior Vice President, Chief Security Officer
2. September 9, 2013
Agenda
• Overview of Distributed Denial-of-Service Attacks
• Types of DoS attacks and why they are successful
• Understanding the motives behind recent attacks
• Detecting & Defending against an attack
• Preparation for response to an attack
• Steps to mitigate the attacks targeted to commit fraud
3. September 9, 2013
Types of Denial-of-Service Attacks
• SYN Floods/IP Floods
• connection attacks; half open connections do not complete the handshake
• HTTP GET/POST
• Application level flood attacks
• ICMP Attacks / ICMP Echo
• ping of death; Smurf attacks
• UDP Floods
• DNS amplification attacks
- send 64-byte query and return 3,363-byte return (50X amplification factor)
• Teardrop Attacks
• TCP packet fragmentation that attacks reassembly process
4. September 9, 2013
New Waves of State-Sponsored Attacks
• April 2007 began a three-week wave of massive cyber-
attacks on the small Baltic country of Estonia
• First known incidence of such an assault on a state
• Targeted the government, banks, news agencies, and
businesses
• Recent DDoS attacks have indicated sponsorship or
involvement of foreign nation states
5. September 9, 2013
“Hacktivism” on the Rise
•Definition: “Hacktivisim”
– Non-violent use of legal and/or illegal computers and computer
networks as a means in pursuit of political ends
– Term first coined in 1998 by Cult of the Dead Cow
•Most forms of political activism require the strength of masses;
hacktivism can often the result from the power of one, or small group
•Attacks often include defacement, sit-ins, e-mail bombs, & doxing
•Most often carried out anonymously, and can take place over trans-
national borders
6. September 9, 2013
H-Activists Attacks Organized by “Anonymous”
• Group formed in 2008 originally after an internal Church of
Scientology video was redacted from YouTube
• Gained public prominence in 2010 during its defense and
support of WikiLeaks and its leader Julian Assange
• Anonymous mobilized, unleashing its Low Orbit Ion Cannon
(LOIC) tool, with which anyone could participate in DDoS attacks
• Attacks waged against Mastercard, Visa, PayPal
• Since attacked various causes, from cartels in Mexico, child
pornography, protests against U.S. actions
• Government entities, CIA & FBI, Sony, Westboro Baptist Church
9. September 9, 2013
Waves of DDoS Attacks Against US Banks
• Bank of America, Chase, Citigroup, HSBC, Wells Fargo, US Bank,
Capital One, PNC Financial Services, Ally Bank, SunTrust Bank,
Regions Bank, BB&T, Fifth-Third Bank, etc.
• U.S. intelligence officials said they believe the attacks against the
banks have been carried out or condoned by the Iranian govt
• “Suspicions point towards a special unit of Iran’s Revolutionary Guard”
– Sen. Joe Lieberman (CSPAN interview, Sept. 2012)
• Experts cautioned it is difficult to accurately identify
10. September 9, 2013
Responsibility for the latest attacks against banks?
• Izz ad-Din Al-Qassam
• Syrian prophet who fought against the French, British and
Zionist elements in eastern Mediterranean regions in the
20’s and 30’s
• “Brigades” is military wing of the Islamic resistance movement
Hamas
• “Cyber Fighters” is the hacker collective
• Retaliation for the portrayal of Muslims in a series of movie
trailers posted to YouTube for the film “Innocence of Muslims.”
16. September 9, 2013
Why are DDoS Attacks Successful?
• Attackers are acquiring more bandwidth
• No longer compromise and recruit thousands or tens of thousands of end-user
PCs to carry out the distributed denial-of-service attacks
• Instead, targeting a handful of web servers that have more bandwidth and processing
power
• Yapping Chihuahuas morphed into fire-breathing Godzillas
• The extra horse power of servers can create peak floods exceeding 100Gbps, a
volume big enough to knock even large sites offline
17. September 9, 2013
Compromised Endpoints: Botnet Armies
• Researchers from the security firm Incapsula
researchers noticed a website located in the UK
that was exhibiting suspicious behavior
• Discovered a backdoor that had been planted
on it that was programmed to receive
instructions from remote attackers
• Website traffic was being directed to send a
flood of HTTP and UDP packets to major banks
including PNC HSBC, and Fifth Third Bank Source: Ars Technica; Jan. 2013
http://arstechnica.com/security/2013/01/secret-footsoldier-targeting-banks-
reveals-meaner-leaner-face-of-ddos/
18. September 9, 2013
Attacking The Stack
• DDoS security firm Prolexic reported they have found several
compromised servers were outfitted with “itsoknoproblembro”
• (pronounced "it's OK, no problem, bro”)
• DDoS tools that allowed the attackers to unleash network packets
based on the UDP, TCP, HTTP, and HTTPS protocols.
• These flooded the banks' routers, servers, and server applications
• Attacked layers 3, 4, and 7 of the networking stack
Source: Threatpost October 2012
http://threatpost.com/en_us/blogs/automated-toolkits-named-massive-ddos-attacks-against-us-banks-100212
20. September 9, 2013
What Can Be Done in Advance?
• DoS attacks cannot be prevented!
• Adversaries will launch attacks and no technology, provider, plans,
etc. can stop those actions from occuring
• Element of your Risk Assessment
• Risk 101:
• Risks can NEVER be eliminated…but they CAN be mitigated
21. September 9, 2013
Incident Response Planning
• Critical to establish your plans
• Don’t assume you won’t be a target
• Most banks cannot fight these attacks alone
• Relying on infrastructure will eventually help attacks achieve objectives
• Ensure that providers and ISPs are prepared
• Blocking source addresses and blacklisting traffic
from geographic regions must be done “upstream”
• Test plans to ensure preparedness (ex. tabletop testing)
22. September 9, 2013
Understanding Your Network
• Baseline network activity
• Without established baselines, it is difficult to be identify
when an onslaught or attack is starting
• Real-time monitoring of inbound TCP/UDP traffic
• Understand “normal” connection counts for web applications (e.g. OLB)
• Track bandwidth utilization – what is typical? Good? Bad?
23. September 9, 2013
Securing the Perimeter
• Load Balance Traffic
• Explicit access-control lists should permit only authorized traffic
• Immediately drop all malformed protocol requests
• Pre-built access-lists to block non-domestic inbound traffic or shun bad sources
• Set rate limits and embryonic connection thresholds
• DNS cat-mouse techniques
• Enhance monitoring of traffic (early detection, baselines)
• Work with your critical providers and ISPs in advance
25. September 9, 2013
Critical Distinction
• Politically-motivated attacks are a reality for prominent US institutions
• they are now at risk of being targeted for activities unrelated to their own business
• Different threat scenario for community banks
• Community banks will more likely be targeted in combination with an account
takeover event
• DDoS attacks are significantly mitigated with the absence of account
takeover fraud
• DDoS attacks represent ONLY the 2nd half of the equation
27. September 9, 2013
Account Takeover Fraud
• Account takeover is one of the more prevalent forms of fraud. It is the
result of an attacker taking over another person's account, first by
gathering information about the intended victim
• Estimates from the FBI project that financial fraud resulting from account
takeover attacks will exceed $1 billion this year
• Motivated by financial gain, this has become an extremely lucrative,
criminal business
28. September 9, 2013
•Defense-in-depth (“deep” or “elastic”)
•Derived from traditional military strategy
• requires that a defender deploy resources
at and well behind the front line
•Reliance on any single control or mitigating factor is not
sufficient
•Prevents shortfalls in any single defense control
Building a Layered Security Model
29. September 9, 2013
• Strong multi-factor authentication
• one-time passwords (OTPs), temporary access codes (TACs)
• Out-of-band transaction authorization
• Cannot only focus around authentication events
• Anomaly detection for suspicious transactions based on characteristics/patterns
• Dual Approval controls / Segregation of duties
• Enhanced controls over account activities
• Transactions limits, payment recipients, thresholds
Fighting Account Takeover Fraud
30. September 9, 2013
Out-of-Band Transaction Authorization
• FFIEC’s June 2011 Guidance states:
• “Out-of-band authentication means that a transaction that is
initiated via one delivery channel [e.g.. online] must be re-
authenticated or verified via an independent delivery channel [e.g..
telephone] in order for the transaction to be completed”
out-of-band authentication directed to through the same device
that initiates the transaction may not be effective since that
device may have been compromised
• Out-of-band authorization is can be extremely effective in
protecting customers against financial malware attacks and Trojans
31. September 9, 2013
Leverage Alerts
• Users must play a part and participate in fighting fraud
• Real-time alerts delivered to a victim are timely and provide the opportunity to
alert the financial institution of activity
• Transactional Alerting
Ex: creation, authorization
• Changes to profile settings
• Security Event Alerts
Ex: changes to delivery targets, failed logon attempts
32. September 9, 2013
Communicating with Customers
• FFIEC has been critical of the lack of communication provided by
banks and institutions that have been attacked
• This represents a fine line, as any public communication may
disclose response plans, details, or other information to attackers
• Establish general communication templates that will be used in the
event of an attack
• Know how and at what point to communicate
33. September 9, 2013
Summary & Wrap Up
• Hacktivists attacks have illustrated severity of DoS
• Better understanding of denial-of-service attacks
• DoS attacks are being used in multifaceted fraud
• Critical distinction between publicized attacks
• Establish and test your plans
• Reduce account takeover fraud with layered controls
34. September 9, 2013
“The future ain’t
what it used to be.”
-Lawrence “Yogi” Berra
New York Yankees, 1946-1964
Be Prepared
35. September 9, 2013
Declare var $response
if [?] >= ‘1’
then
$response = ‘answer’
else
$response = ‘thankyou’
end if;
Questions
1. SYN->SYN/ACK->ACK 2. Goal of an attack: make services unavailable; disruption! 3. Work by pounding on infrastructure
Riff over the Estonians' removal of the Bronze Soldier Soviet war memorial in central Tallinn
Doxing – exposing or “outing” and individual or organization
WikiLeaks came under fire from the U.S. government after the site obtained video footage from a U.S. helicopter strike in Iraq that killed two Reuters employees, as well as two children. Next, Assange began to coordinate--together with major newspapers in multiple countries--the release of hundreds of thousands of secret U.S. government cables beginning in December 2010. PayPal and credit-card processors MasterCard and Visa blocked payments to WikiLeaks, which relied on donations to lease server space and pay staff.
Low Orbit Ion Cannon is an open source network stress testing and denial-of-service attack application which floods a server with TCP packets or UDP packets
“ In [a] new phase [of coming attacks], the wideness and the number of attacks will increase explicitly; and [target banks] will not be able to imagine and forecast the widespread and greatness of these attacks.” The threat was delivered after weeks of silence following a slew of distributed denial-of-service (DDoS) attacks which spanned for more than a month against some of the nation’s largest financial institutions.
1)The controversial hacker known as The jester (th3j35t3r) claims that Anonymous hackers provided Izz ad-Din al-Qassam Cyber Fighters – the group who has been launching attacks against US banks – the necessary means to disrupt the financial institutions’ websites. 2)a DDOS attack lasting 5 hours would cost $15 (12 EUR), and one lasting for 1337 hours was priced at $300 (240 EUR).
Attackers don’t directly launch attacks on enterprise networks - instead they plant malicious code in several computer that act as zombies and they take control over the computers through botnets to launch DoS attacks simultaneously from many sources.
Attackers don’t directly launch attacks on enterprise networks - instead they plant malicious code in several computer that act as zombies and they take control over the computers through botnets to launch DoS attacks simultaneously from many sources.
-the administration password was simply "admin” -demonstration of how security in the internet is always determined by the weakest link -simply neglecting to manage an administrative password in a small site in the UK can be very quickly exploited by botnet shepherds operating obscurely out of Turkey
Other security firms have noted finding more automated toolkits installed on compromised servers
Last point: who will have your back when these attacks occur?
With a layered security model, the weakness in one control is compensated by the strength of another control. If the attacker breaches the perimeter, he is met with resistance as he attempts to advance further.
Relative to electronic banking, t his approach relies on different controls at different points in the transaction.
Jay intro, then Caity Out of band delivery is more effective Users must play a role in this – real time alerts can allow the user to be alerted to fraud before the FI knows about it Out of band delivery is more effective – highly recommend speaking to customers about setting these alerts up to be delivered to voice or SMS – email susceptible to being intercepted
use this information to promote additional safeguards that your customers can use as protection against ATO fraud