OilRig is an advanced persistent threat (APT) group backed by the Iranian government that engages in cyber espionage. It has targeted various private sector organizations across multiple industries and some government agencies. OilRig employs techniques like phishing and uses malware like Helminth to covertly obtain sensitive information from its victims. While posing a threat to businesses, OilRig also raises public policy concerns due to its ties to Iran and the potential for stolen data to be used for political or military advantage. Policymakers should consider imposing further economic sanctions on Iran and crafting international treaties to deter such espionage activities in the future.
The Ocean Lotus APT group is a hacker group operating against both private and government organizations and their opponents since 2014.
Vietnam-based threat actor that has been the group which has compromised various industries like manufacturing, network security, technology infrastructure, banking, media, and consumer products. Their signature malware payload includes WINDSHIELD, KOMPROGO, SOUNDBITE, and PHOREAL..
Ocean Lotus Main Motive is Information theft & Espionage.
Ocean Lotus uses Hacking Methods Like Watering Hole, Spear Phishing, APT32 [Mandiant], Ocean Lotus [SkyEye Labs].
Other Names of Ocean Lotus are Ocean Buffalo [Crowd Strike], Tin Woodlawn [SecureWorks].
The targets of the Ocean Lotus group are generally foreign companies with sure success and interests in Vietnam’s hospitality, manufacturing, and consumer goods sectors. As well as the private sector, the Ocean Lotus group targets politicians and journalists opposed to the Vietnamese government.
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
This deck goes through what Log4j is from ground-level concepts up, explains how Log4j works, how it is vulnerable, how the Log4shell exploit works, how to mitigate the risk and defend against exploitation, and some current observations through the Bugcrowd platform and predictions about what happens next.
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
This Cybersecurity Foundation level course is designed for those who want to embark a career path in this domain but not sure how to start and move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
The Ocean Lotus APT group is a hacker group operating against both private and government organizations and their opponents since 2014.
Vietnam-based threat actor that has been the group which has compromised various industries like manufacturing, network security, technology infrastructure, banking, media, and consumer products. Their signature malware payload includes WINDSHIELD, KOMPROGO, SOUNDBITE, and PHOREAL..
Ocean Lotus Main Motive is Information theft & Espionage.
Ocean Lotus uses Hacking Methods Like Watering Hole, Spear Phishing, APT32 [Mandiant], Ocean Lotus [SkyEye Labs].
Other Names of Ocean Lotus are Ocean Buffalo [Crowd Strike], Tin Woodlawn [SecureWorks].
The targets of the Ocean Lotus group are generally foreign companies with sure success and interests in Vietnam’s hospitality, manufacturing, and consumer goods sectors. As well as the private sector, the Ocean Lotus group targets politicians and journalists opposed to the Vietnamese government.
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
This deck goes through what Log4j is from ground-level concepts up, explains how Log4j works, how it is vulnerable, how the Log4shell exploit works, how to mitigate the risk and defend against exploitation, and some current observations through the Bugcrowd platform and predictions about what happens next.
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
This Cybersecurity Foundation level course is designed for those who want to embark a career path in this domain but not sure how to start and move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Networking Fundamental Course by Haris ChughtaiHaris Chughtai
This Networking Foundation level course is designed for those who want to embark a career path in this domain but not sure where to start and how to move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
Cognitive Computing: Company presentation by Tomer Weingarten, Co-Founder & CEO of SentinelOne at the NOAH Conference 2019 in Tel Aviv, Hangar 11, 10-11 April 2019.
Our deep dive into OceanLotus’s latest marauding campaigns shows that the group isn’t letting up in its efforts and combines legitimate code and publicly available tools with its own harmful creations.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Networking Fundamental Course by Haris ChughtaiHaris Chughtai
This Networking Foundation level course is designed for those who want to embark a career path in this domain but not sure where to start and how to move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
There are hyperlinks in the deck for quick access to useful information, you will have to download it to have links available to you.
Cognitive Computing: Company presentation by Tomer Weingarten, Co-Founder & CEO of SentinelOne at the NOAH Conference 2019 in Tel Aviv, Hangar 11, 10-11 April 2019.
Our deep dive into OceanLotus’s latest marauding campaigns shows that the group isn’t letting up in its efforts and combines legitimate code and publicly available tools with its own harmful creations.
What a dramatic cyber soap opera we've witnessed with the Alpha ransomware group, also known by their edgy alias, BlackCat. It's like a game of digital whack-a-mole, with the FBI and friends swinging the mallet of justice and the ransomware rascals popping up with a cheeky "unseized" banner as if they're playing a high-stakes game of capture the flag.
The FBI's initial victory lap was cut short when AlphV's site reemerged, now mysteriously devoid of any incriminating victim lists.
Will the FBI finally pin the cyber tail on the Black Cat, or will these digital desperados slip away once more? Stay tuned for the next episode of "Feds vs. Felons: The Cyber Chronicles."
-------
This document presents a analysis of the Alpha ransomware site, associated with the ransomware group also known as BlackCat. The analysis covers the ransomware technical details, including its encryption mechanisms, initial access vectors, lateral movement techniques, and data exfiltration methods.
The insights gained from this analysis are important for cybersecurity practitioners, IT professionals, and policymakers. Understanding the intricacies of AlphV/BlackCat ransomware enables the development of more effective defense mechanisms, enhances incident response strategies.
Application security meetup data privacy_27052021lior mazor
"Application Security Meetup - Data Privacy", hear about Data Protection and Privacy in Modern times, recent Cyber Fraud attacks and data theft, and practical methods of implementing Data Protection in the process development life cycle.
Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009, qui è presentato un sommario dello Studio.
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application.
The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
Due to the high value of its supply chain, commodities, transactions, and intellectual property, the oil and gas industry is an ideal target for socially-engineered email attacks. Oil producers, brokers, and transporters must learn how to use preventative measures to mitigate the risks of falling prey to a spear phishing attack.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
If last year’s presentation on the SANS 20 felt like more of a rant than a practical application of elite IT knowledge, Ian Trump’s technical track presentation is going to unleash GFI MAX as a security dashboard like nothing you have seen.
The Octopi team has leveraged network scanning and event log checks, and Ian takes the GFI MAX dashboard to a whole new level. MSP’s can take his code and research and immediately apply it to their practices to secure their customers from cyber threats. Dehydrated from the summer information security conferences, Ian will give you the threat intel you need to be on the lookout for in the months ahead.
Besides all the GFI MAX goodness, being part of a live demo to find APT, and seeing Ian link Human Rights, Market Research, Ice, Law, Iggy Azalea, War Ferrets, Christian Studies, Event Auditing, Security Tools, Taylor Swift and How we can all fix the cyber problem into one epic presentation – well, you don’t want to miss this.
The frequency and impact of cyber attacks have escalated cybersecurity to the top of Board agendas. Institutions are no longer asking if they are vulnerable to cyber attacks. Instead, the focus has shifted to how the attack might be executed, risks and impact. Most importantly, their organisational readiness and resilience to such threats.
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
The Internet of Things (IoT) has the potential to drive new innovation in products, services, and improve "how things are done" in manufacturing. However IoT also brings-to-light safety and security issues when purpose-built computing and network devices are exposed to the internet. This session will review case studies of IoT enabled exploits, explore some of the underlying cause of the vulnerabilities, and briefly review of steps vendors and end-users are taking to mitigate the risk.
From the 2014 Taking Shape Summit: The Internet of Things & the Future of Manufacturing.
What Makes Web Applications Desirable For HackersJaime Manteiga
For years’ unethical hackers have preferred Web Applications as the favorite pattern of attack. In this webinar, we will take a look inside the mind of an attacker — including uncovering their motivation and hacking techniques. Web Applications become compromised all the time; additionally, organizations seem to be repeating mistakes when it comes to application security. This webinar will serve as a baseline to establish appropriate web information security controls and mitigation strategies by thinking like an unethical hacker.
https://www.venkon.us/
Similar to Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx (20)
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Monitoring Java Application Security with JDK Tools and JFR Events
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
1. Final Project for the
Cybersecurity for Everyone
Course: Oilrig
By: Mustofa Abdulhafiz Ahmed
2. Hackers are not all the same; they range in skill, resources, and capability and often
go by different names. How would you classify this threat actor? Do they go by any
aliases? Where are they from? How would you rate the skill level and resources
available to this threat actor?
OilRig has been classed as an Advanced Persistent Threat due to the multiple attacks it has
undertaken, each of which has varied in efficacy (APT). The Iranian government is behind OilRig.
Cobalt Gypsy is one of their other identities, while others include IRN2, Helix Kitten, Twisted Kitten,
and APT34.
According to a Forbes article from the Israeli IT business ClearSky, OilRig's roots may be traced back
to Iran, and the Counter Threat Unit of the cyber intelligence company SecureWorks is positive that
the group is tied to the Iranian government. They've had success in the Middle East while doing the
majority of their business elsewhere. OilRig targets businesses outside of Iran, whereas the vast
majority of Iranian threat actors target government institutions and opposition figures.
OilRig is confident in its ability to carry out any activity that is expected to benefit Iran because it
works with or for the (Islamic Republic of) Iran. Similarly to the Mabna Institute incident, the Islamic
Revolutionary Guard Corps enlisted an Iranian institution (Mabna Institute) to carry out a massive
spear phishing campaign, resulting in the loss of 31.5 gigabytes of academic data and 3.4 billion
dollars in intellectual property (IP).
3. Hackers are motivated to act for specific reasons. What are the motivations of your
threat actor? What is the specific geo-political context they are operating in and what
insight does that give you for why they are operating in this manner?
OilRig espionage, according to the Council on Foreign Relations, targets private-sector and
government organizations. According to Merriam-Webster, espionage is the action of spying or
utilizing spies to obtain information about a foreign government's or a competing enterprise's goals
and operations. The Cambridge Economic English Dictionary defines it as "the act of secretly
obtaining and reporting information, particularly covert political, military, business, or industrial
intelligence."
According to the Middle East Institute (MEI), "many countries stopped doing business with Iran as a
result of the Iranian Revolution of 1979, and so stealing academic and corporate information from
around the world allows it to renew infrastructure and build technologies that it simply cannot
purchase abroad, ranging from weaponry to airplane parachute."" Because Iran is subject to
economic sanctions, they rely on what many refer to as "soft war" (less regulated and low-level
combat for lengthy periods of time) in cyberspace with public and commercial sectors of adversary
nations as their objective. MEI also anticipated that Iran-linked organisations will focus on two cyber
activities in the medium and long term: international election meddling and widespread intellectual
property theft (IP).
4. OilRig Attack Case Studies: The Hacking Process Tactics on Their Targets
and the Primary, Secondary, and Second Order Effects
• Attack 1: An attack on an oil rig utilizing AI Squared software.
• Attack 2: An Oilrig assault masquerading as Oxford University
• Attack 3-Attack on Al Elm and Samba Financial Group by OilRig
• Attack 4-Attack on Job Seekers by Oil Rigs
• Attack 5-Attack on Israeli IT providers by OilRig
5. Attack 1-AI Squared software is used in an oil rig attack
• AI Squared, a tiny, mission-driven tech business based in Vermont, developed software to aid
visually impaired internet users. According to Forbes, security firm Symantec told AI Squared that
certifications for technology used to authenticate its authenticity had been compromised,
implying that a threat actor (OilRig) obtained AI Squared's signing key and certificates and used
them to hide their own malware.
• The plan was to use the visually impaired software as a surveillance tool while seeming genuine
to security systems in the Middle East, Europe, and the United States. When the digital certificate
required to certify newer ZoomText and Window-Eyes software products was compromised, their
certification was cancelled, according to a notice on the AI Squared website in 2017.
6. Attack 1
• Reconnaissance: The AI Squared tech business, according to OilRig, has software that will allow the gang to
quickly locate its victims in the Middle East, Europe, and the United States, where they have a large number
of targets.
• Weaponization: Oilrig is said to have gotten AI Square's signing key and certificate and is using it to construct
their own malware. The majority of individuals have considered adopting AI Square's (previously hacked)
software to assist the visually handicapped in accessing the internet.
• Installation and Exploitation: To guarantee that the program works properly, users must install and test it on
their PCs.
• Command and Control: By installing the program (malware) unknowingly, victims give the OilRig gang with
information that may be exploited to gain access to bigger networks.
• OilRig has infected blind software with malware for espionage purposes. The fundamental result is that the
end host gets exploited.
• As a result, the following income, reputation, and macroeconomic effects have occurred: Sales would be
lower than predicted since Oilrig's spying spyware tainted the application. Customers would then utilize
reputation to locate new software that provides the same sort of service. Macroeconomics: If the program
becomes polluted, the personnel working on it may change.
• Second Order Information/Perception Effect: Anyone with access to the programmer could get the
impression that the business is just a cover for spying.
7. Attack 2 - Attack by OilRig posing as Oxford University
• In November 2016, the OilRig group registered two phoney Oxford University pages, according to
ClearSky. The first is a website for registering for conferences, while the second claims to offer
employment within the company.
• On both pages, there was a download button that visitors could use. The fictional event's
registration form is in one file, and an Oxford University CV builder is in the other. After clicking,
victims unknowingly give data to Helminth, the malware that OilRig uses to hijack the PC and steal
data, without even realising it.
8. Attack 2
• Reconnaissance - OilRig created bogus Oxford University websites to attack multiple targets at once.
• Weaponization - Two fictitious Oxford University websites were made by OilRig, one of which appeared to be
a job board and the other to be a place to sign up for conferences.
• Delivery - People who are interested in working for Oxford or attending a conference that Oxford is hosting
are sure to adhere to the fictitious page requirements.
• Installation and Exploitation - The victims, once on the fake website/s are encouraged to fill-up what seem to
be a normal registration form and download files that are infected by OilRig’s surveillance malware.
• Control & Command - OilRig now has access to the computers with Helminth malware infections and has
gathered the basic information of their victims because people registered and downloaded files from the
bogus websites.
• Initial Impact - Utilization of the End Host: OilRig considered gathering personal data through the fictitious
Oxford website they developed.
• Secondary Impact on Credibility: Oxford University's reputation will undoubtedly suffer as a result of the fake
website's use of their name and other identifiers.
• Second-order effects on perception and information: Everyone who provided personal information and
registered on the fictitious Oxford websites would now choose different universities to be affiliated with,
which is a regrettable development.
9. Attack 3 - Attack by the OilRig on Samba Financial Group and Al Elm
• According to a 2017 Forbes article, the group started conducting phishing attacks in May 2016
from servers owned by Saudi Arabian contractor and IT security Al-Elm. The email was inserted
into a discussion between Saudi Arabian lender Samba Financial Group and Al-Elm. The email had
an Excel attachment called "notes.xls," which when opened by the recipient would launch a
Helminth surveillance kit from OilRig.
• In the case of Al-Elm, analysis of the phishing emails' headers revealed that they originated from
within the sender's company and that "the threat actor previously compromised those
organisations," according to SecureWorks intelligence analyst Allison Wikoff.
10. Attack 3
• Reconnaissance - Here, the Samba Financial Group is highlighted, which reported a profit of $290 million for
the most recent quarter of the previous year.
• Weaponization -The OilRig group decided to use Al-"previously Elm's compromised" network to
communicate with Samba Financial Group.
• Delivery - Al-Elm and Samba Financial Group exchanged emails, and one of them contained the OilRig's
Helminth spying programme.
• Installation and Exploitation: After the email has been sent, anyone who opens the "notes.xls" excel
attachment will have the Helminth surveillance kit installed on their computer.
• Control & Command - After opening the email, everything might appear to be in order, but OilRig has
installed the surveillance kit, giving them access to that computer and perhaps the company's network.
• Initial Impact - Use of the End Host: OilRig sent emails containing Helminth surveillance kits to Al-Elm
Security and Samba Financial Group through phishing attacks.
• Secondary effects on reputational damage and remediation Remediation: Depending on how badly it was
affected, the infected devices from both ends would now be scanned, cleaned, and possibly replaced.
Reputation: Threat actors should be prevented from interfering with IT security companies' client
relationships, which will have an impact on those companies' reputations.
• Second-order effects on perception and information: Due to the phishing emails sent, both businesses will
now proceed with great caution when creating new business alliances.
11. Attack 4 - Attack by oil rig on job seekers
• The cyber intelligence firm SecureWorks, which refers to the OilRig crew as Cobalt Gypsy, asserts
in the same report from the earlier incident that the group has been sending emails containing
malware from legitimate email addresses belonging to two Egyptian and one of the biggest IT
service providers in Saudi Arabia, the National Technology Group, and the National Technology
Group.
• These email addresses were used to send emails to an unnamed Middle Eastern organization with
links to job offers. The attachments contained PupyRAT, an open-source remote access trojan
(RAT) that works on Android, Linux, and Windows platforms.
12. Attack 4
• Reconnaissance - The OilRig intended to attack an unnamed entity, but they decided to go after the Middle
East instead.
• Weaponization - OilRig Group decided to send a malicious email using National Technology Group, a Saudi
Arabian IT supplier, and ITWorx, an Egyptian IT service provider.
• Delivery - OilRig sent their victims alluring job offers via email accounts owned by IT firms.
• Installation and Exploitation – When recipients clicked on the email's link attachment, an opensource remote
access trojan was waiting for them.
• Control & Command - After the link has been clicked, the malware will start to gather login information from
the user and the computer.
• Initial Impact - Use of the End Host: OilRig sent emails to a range of targets that were infected with an open-
source remote access trojan and contained links to job offers from reputable IT companies.
• Reputational consequences as a byproduct: - Candidates should think twice before accepting a position with
an IT company, even though the job offers might be legitimate now that they can track the PupyRAT's origin
and link it to their own devices.
• Effect of second order on information and perception: The companies run the risk of developing a negative
reputation for monitoring both past and present customers.
13. Attack 5 - Attack by the OilRig on Israeli IT vendors
• The research team at ClearSky claims that OilRig used a compromised account to send emails to a
number of targeted Israeli IT vendors.
• The victim is asked to install a genuine Juniper VPN programme after entering their login
information, and this programme has been bundled with Helminth, malware that the group
frequently employs for surveillance.
• It is a simple email asking for assistance with details regarding the fictitious customer.
14. Attack 5
• Reconnaissance - The OilRig believes that because Israel is their intended target, attacking IT vendors will
assist them in breaking into crucial networks.
• Weaponization -It's a given that OilRig already has access to hacked user accounts from different Israeli IT
vendors.
• Delivery - In an email to the vendors, the group poses as a real customer and requests assistance.
• Installation and Exploitation - The victim is then prompted to download a Juniper VPN in order to continue
when they attempt to access the user's account using the provided credentials. They include their
trustworthy Juniper VPN along with the spying malware Helminth.
• Control & Command - OilRig would then have access to the device and many other client/customer emails
that utilise their services after a successful installation.
• Initial Impact - Utilization of the End Host: OilRig disguised themselves as customers who needed help
because they were interested in breaking into Israeli networks.
• Secondary Impact on Cleanup: Remediation - Some employees of the company may have carried out the
threat actor's instructions because it is their responsibility to maintain customer satisfaction. As a result,
businesses may need to inspect, maintain, or upgrade their equipment.
• Effect of second order on information and perception: People who use the VPN may be concerned that their
devices have the surveillance malware Helminth because it is connected to a legitimate Juniper VPN.
15. Not all hackers represent a strategic problem for policy makers. How would you
characterize your threat actor, are they chiefly a private problem for businesses or a
public concern for policy makers? How should policy makers respond?
• The range of OilRig's targets makes them an Advanced Persistent Threat (APT). Their primary
activity is espionage; instead of erasing or altering anything they gain access to, they simply sit
back and relax while their Helminth malware completes its work. They have used compromised
email to obtain stolen information for the majority of their espionage operations. Targeting
private industries is something OilRig is interested in doing, and they use mostly subtle methods
like phishing. They pose a clear threat to businesses, but because these organisations have
connections with both private and public institutions, one email could give them access to a
powerful corporation or government office, making them both a private issue and a public one.
They pose a clear threat to businesses, but because these organisations are connected to both
private and public institutions, one email could give them access to a powerful corporation or
government office, making them a problem for both individuals and the general public. The best
course of action would be to impose more economic sanctions since OilRig has been identified as
an Iranian threat actor.
16. Not all hackers represent a strategic problem for policy makers. How would you
characterize your threat actor, are they chiefly a private problem for businesses or a
public concern for policy makers? How should policy makers respond?
• The amount of pressure that one nation could exert on Iran to make good on any harm caused by
cyber espionage was limited. It is feasible, but it could take a very long time, and once any secrets
are compromised, they cannot be replaced. If Iran agrees or if other nations share their concerns,
policymakers could work together to craft treaties that would penalise and deter threat actors
from coming from Iran. There should be clear punishments for any cyber-related activities, such
as espionage, coming from any group that could be traced back to or is supported by Iran, rather
than financial incentives, if a group of nations wants to rewrite the Iran Nuclear Deal in the
future.