The speech for NTU students at NTU CSIE

1. IBM X-Force Threat Intelligence Index 2017
Jie Liau, June 2017
http://w3-01.ibm.com/sales/ssi/cgi-bin/ssialias?htmlfid=WGL03140USEN

2. Who am I

3. Defining Year of Security
● More than 4 billion records were leaked in 2016
– More than the combined total from the 2 past years
– But...
– 12% decrease in attacks in 2016 compared to 2015
– 48% decrease in security incidents in 2016
compared to 2015

4. Huge Impact on Real World
● Panama Paper
– Prime Minister of Iceland stepped down
● Hillary Clinton email controversy
– President Trump
● Ukraine's power outage
– Took place during an ongoing Russian-Ukrainian war
– BlackEnergy3 is used by Sandworm team
● First bank ATMs cashed out
– Thailand and Europe

6. ● Phishing
– First step to attack
● Malware
– Ransomware
● SQL Injection (SQLi)
– Yahoo / Linkedin / Dropbox leak
● Distributed Denial of Service (DDoS)
– Not long ago, 100Gbps attacks were unprecedented
– But...
– DNS provider, Dyn was attacked by Mirai botnet
– France-based hosting provider OVH was hit by 1Tbps DDoS attack, Dec 2016
– 650Gbps DDoS attach from Leet botnet
– China Great Cannon
● Undisclosed
– Exploits that do not yet have defined signature or cannot be remediated by a software patch

7. ● Among malicious attachment to spam, ransomware accounted
for the vast majority – 85%
● Hollywood hospital pays 40 bitcons to unlock encrypted files

8. Record Numbers of Vulnerability
disclosures
● Web application vulnerability disclosures
made up 22% of the total in 2016

9. Top Attack Types
● Inject unexpected items
– SQLi, OS CMDi
● Manipulate data structures
– Buffer overflow
● Indicator
– Either an attempted or a successful attack
● Employ probabilistic techiques
– Brute-force password attack
●
Engage in deceptive interaction
– Phishing

10. ● Top-Targeted Industries
● Where are the “BAD GUYS” ?

11. High-Level Trend
● Slow and steady wins the race
● Cyber gangs sharpen the focus on business
accounts
● Commercial malware making the rounds
● Venturing into additional cybercrime realms

12. Extra Bonus ...

13. OWASP
● Open Web Application Security Project
● Free and open software security community
● OWASPBWA
– Broken Web Applications produces a virtual
machine running a variety of applications with
known vulnerabilities
– https://sourceforge.net/projects/owaspbwa/files/

14. China Great Cannon
GreatFire: https://github.com/greatfire
CN-NY Times: https://github.com/cn-nytimes/

15. TOR Network
● A group of volunteer-operated servers that allows
people to improve their privacy and security on
the internet

16. wannacry
WannaCrypt0r:
https://drive.google.com/xxxx/x/xxxxxxxxxxxxxxxxxxxxxxxxxxx/view?usp=sharing
Reverse:
https://anhkgg.github.io/wannacry-analyze-report/

17. https://www.facebook.com/jie.liau
https://www.linkedin.com/in/jieliau/
https://github.com/jieliau
https://twitter.com/JieLiau
https://www.facebook.com/ibmsecurity/
https://www.linkedin.com/showcase/164263/
https://twitter.com/IBMSecurity
https://www.ibm.com/security/