This document discusses evolving cyber threats and how adversaries target organizations. It notes that criminals shift tactics to hit attractive soft targets, exploiting technical flaws and user interactions. One group discussed, called TheDarkOverlord, uses extortion by threatening to publish stolen data if ransom is not paid. The document stresses the importance of understanding adversaries' goals and capabilities in order to minimize risks and reduce vulnerabilities.
Corporate Treasurers Focus on Cyber SecurityJoan Weber
Treasury departments at large U.S. companies rank IT security as their top priority for 2015 - ahead of such critical issues as cost management and regulatory/compliance challenges.
These finding come from the results Greenwich Associates 2014 U.S. Large Corporate Finance Study, for which the firm interviewed CFOs or treasury department representatives at more than 500 large U.S. companies.
The study results suggest that U.S. companies are taking action to address security concerns and other IT issues with 63% of the participants saying their treasury departments will increase technology spending in the year ahead.
Article is your organisation ready for the next ransomware attack - paul wr...Paul Wright MSc
May 2020 – Paul Wright authour of the Article in the CXO Insight Middle East
"Is Your Organisation Ready For The Next Ransomware Attack?"
https://bit.ly/3tzwC6o
This Frost & Sullivan analyst report reveals how the legal and threat environment, combined with BYOD and cost factors, make multi-factor, risk-based authentication the logical approach to solving the security challenges posed by threat actors.
Corporate Treasurers Focus on Cyber SecurityJoan Weber
Treasury departments at large U.S. companies rank IT security as their top priority for 2015 - ahead of such critical issues as cost management and regulatory/compliance challenges.
These finding come from the results Greenwich Associates 2014 U.S. Large Corporate Finance Study, for which the firm interviewed CFOs or treasury department representatives at more than 500 large U.S. companies.
The study results suggest that U.S. companies are taking action to address security concerns and other IT issues with 63% of the participants saying their treasury departments will increase technology spending in the year ahead.
Article is your organisation ready for the next ransomware attack - paul wr...Paul Wright MSc
May 2020 – Paul Wright authour of the Article in the CXO Insight Middle East
"Is Your Organisation Ready For The Next Ransomware Attack?"
https://bit.ly/3tzwC6o
This Frost & Sullivan analyst report reveals how the legal and threat environment, combined with BYOD and cost factors, make multi-factor, risk-based authentication the logical approach to solving the security challenges posed by threat actors.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Your Sector Doesn’t Matter: Achieving Effective Threat PrioritizationPriyanka Aash
Many organizations’ security functions determine what threats they care about based on what threats are known to be affecting their sector, or comparably simple criteria. In reality, this approach is poorly suited to dealing with the significant security issues of today. Malicious actors scope their victims based on multiple factors, and understanding these factors is essential to managing risk.
(Source: RSA Conference USA 2017)
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
Billions are being spent on network and endpoint security each year and yet companies continue to get breached and become big news headlines. So the question remains: How can organizations protect their network and applications while detecting unwanted users and potential attackers? Join 451 Research and SecureAuth as we explore the current state of information security and discuss some of the emerging access control technologies that can help address these challenges.
In this informative webinar you will learn:
•Why the future of access control will require higher security while improving user experience
•How adaptive access control techniques can protect against an attack using multi-layered risk analysis
•How using Behavioral Biometrics can identify anomalous user behavior - continuously
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, at the January 27, 2017 meeting of (ISC)² Dallas Fort Worth Chapter.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Cyber Defense for SMBs offers guidance to help small and medium-sized businesses identify the most cost-effective best practices to help improve their business’s cybersecurity posture. Published by the Florida Center For Cybersecurity and written by cybersecurity experts from academia, private industry, government and the military.
Article the shifting face of cybercrime - paul wrightPaul Wright MSc
What is the foremost myth associated to cybercrime? One hundred per cent cyber security. Establishing a completely secure environment can be tough to achieve and should not, in an ideal world, be the objective. Instead, one must establish the capability and strategy to deal with incidents and minimise threat, loss and reputational damage.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Your Sector Doesn’t Matter: Achieving Effective Threat PrioritizationPriyanka Aash
Many organizations’ security functions determine what threats they care about based on what threats are known to be affecting their sector, or comparably simple criteria. In reality, this approach is poorly suited to dealing with the significant security issues of today. Malicious actors scope their victims based on multiple factors, and understanding these factors is essential to managing risk.
(Source: RSA Conference USA 2017)
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
Billions are being spent on network and endpoint security each year and yet companies continue to get breached and become big news headlines. So the question remains: How can organizations protect their network and applications while detecting unwanted users and potential attackers? Join 451 Research and SecureAuth as we explore the current state of information security and discuss some of the emerging access control technologies that can help address these challenges.
In this informative webinar you will learn:
•Why the future of access control will require higher security while improving user experience
•How adaptive access control techniques can protect against an attack using multi-layered risk analysis
•How using Behavioral Biometrics can identify anomalous user behavior - continuously
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, at the January 27, 2017 meeting of (ISC)² Dallas Fort Worth Chapter.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Cyber Defense for SMBs offers guidance to help small and medium-sized businesses identify the most cost-effective best practices to help improve their business’s cybersecurity posture. Published by the Florida Center For Cybersecurity and written by cybersecurity experts from academia, private industry, government and the military.
Article the shifting face of cybercrime - paul wrightPaul Wright MSc
What is the foremost myth associated to cybercrime? One hundred per cent cyber security. Establishing a completely secure environment can be tough to achieve and should not, in an ideal world, be the objective. Instead, one must establish the capability and strategy to deal with incidents and minimise threat, loss and reputational damage.
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
The single largest threat your organization faces today is network breach. Spear-phishing, poisoned search results, drive-by downloads, and legitimate sites being compromised to push malware are all part of our current reality. The most successful and common attacks vectors stem from targeted attacks on your employees. Organizations need to utilize solutions that protect their network from user error and support requirements for continuous monitoring, real-time situational awareness and providing actionable threat intelligence for their security teams.
Technical development is what most people think of when they think of attackers. This aspect of hacking requires computer-savvy actors performing development activities that include research to find zero-day vulnerabilities, development of exploits for these vulnerabilities, and tools to automate the different pieces of a hack (bot-nets, data exfiltration, etc.).
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
Introduction
Attackers are sophisticated. They are organized. We hear these statements a lot but what
do they mean to us? What does it mean to our businesses? When we dig deeper into the
“business of hacking,” we see that the attackers have become almost corporate in their behavior.
Their business looks a lot like ours. Cyber criminals look to maximize their profits and minimize
risk. They have to compete on quality, customer service, price, reputation, and innovation. The
suppliers specialize in their market offerings. They have software development lifecycles and
are rapidly moving to Software as a Service (SaaS) offerings. Our businesses overlap in so many
ways that we should start to look at these attackers as competitors.
This paper will explore the business of hacking: the different ways people make money by
hacking, the motivations, the organization. It will break down the businesses’ profitability and
risk levels, and provide an overall SWOT analysis. From this, opportunities for disruption will be
discussed and a competitive approach for disrupting the business of hacking will be laid out.
The information in this paper draws on data and observations from HPE Security teams, open
source intelligence, and other industry reports as noted.
Whether building in enterprise security or applying security intelligence and advanced analytics,
we can use our understanding of the business of hacking and the threats to our specific
businesses to ensure that we are investing in the most effective security strategy.
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskTony Martin-Vegue
Slides from Tony Martin-Vegue presentation at FAIRcon, Charlotte, NC: October 14, 2016
"Measuring DDoS Risk with FAIR (Factor Analysis of Information Risk)"
The Ugly Secret about Third Party Risk Management.pdfBreachSiren
Your current data provider doesn’t have federal, state and industry sources representing more than 75% of the US population and growing… but we do.
BreachSiren provides quality breach data to innovative risk and security companies looking to differentiate themselves from competitors. Contact us to learn more about our data breach database and enterprise API.
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
Most cybersecurity professionals know the CIS Top Five Critical Security Controls. Yet, the evidence that they are effective is slim. Using data on cyber-incidents, researchers looked at the attack paths used by adversaries and determined what controls could have disrupted these attack paths. The result is a new set of critical controls that organizations should implement on a priority basis.
Learning Objectives:
1: Understand evidence-based approach to selecting controls.
2: Understand why the “new top five” controls were selected.
3: Chart a pathway to implementing the new top five controls.
(Source: RSA Conference USA 2018)
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Similar to Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats (20)
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
Data breaches and cyber-attacks are often tied to vendors, partners, or other external organizations. Threat intelligence can help to shed a light on an organization's third-party risks and help to provide guidance on how to mitigate that risk.
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
Cyber threat intelligence can be used to help organizations to better manage their growing digital risk footprints and drive more effective risk decisions.
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
The digital presence of organizations continues to expand, and with that expansion comes greater exposure to digital risks. Visibility into those risks is critical in order to effectively manage that risk.
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
Network-enabled or "smart" IOT devices are commonplace these days, with commercial and residential buildings having smart light bulbs, smart locks, DVRs, security cameras and more. The potential of having multiple devices per building potentially translates into the largest digital footprint that is NOT under proper security management.
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
Threat intelligence needs to be in a language the business understands. SurfWatch Labs can help connect cyber threat intelligence to business operations in order to help manage cyber risk.
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...SurfWatch Labs
By using Cyber Threat Intelligence, organizations can understand what specific threats they face and use these insights to drive the most effective defense.
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...SurfWatch Labs
Credit Unions have to deal with the same cybercrime-related issues as large banks, but they often have less resources to address those risks. Cyber risk intelligence can help to make sure they use those limited resources wisely.
SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.
Point of Sale Insecurity: A Threat to Your BusinessSurfWatch Labs
PoS systems continue to be targeted by cybercriminals for card payment information as well as personally identifiable information. Even as organizations solidify their PoS security, cybercriminals evolve.
This presentation examines the State of PoS Insecurity. Read this to learn:
-Why situational awareness of your POS risks is a must
-Insights on the latest and trending POS cyber risks and impacts
-Fundamental security recommendations from SurfWatch Analysts
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskSurfWatch Labs
Today’s business world is online and as such is inherently chock full of cyber risks. Cybercriminals continue to take advantage of system vulnerabilities and social engineering to target personally identifiable information, credit card numbers, trade secrets and more. Although there are hundreds of security solutions, products and consultants that claim to solve and address data breaches, the traditional, tactical approach to security is not working. Evaluated cyber intelligence is trapped in your systems, applications and employees – and making that intelligence easily available and quickly understood can help your organization significantly reduce the cyber risks it faces and improve its business resilience.
This presentation examines how to reduce your cyber risks by unlocking the door to evaluated intelligence. Learn:
• Why the traditional threat intelligence approach is not addressing the problem
• Why it’s not just about adding on more security layers, but shifting your cybersecurity approach
• How to mine both your tactical and strategic cyber data for improved operational intelligence
• How to derive immediate visual insights of relevant trending cyber problems through security analytics
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
With the board room increasingly being held accountable for data breaches, it's crucial that they know and understand the cyber risks facing their organization.Connect board room to server room
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
3. 3
Tech Advances & User Demands
Creating a Cyber Crisis
VS.
Cyber Constraints
• Small cyber team & budget
• Limited understanding
• Culture problem
User Demands
• Speed to Market
• Consumer Adoption
• Ease of Use
6. 6
Criminals Play Copycat,
Slowly Shift Tactics
• When it comes to TTPs, malicious actors are not looking to reinvent the wheel
• The minutia of how they go about reaching their goals may change slightly year
to year, but major shifts in approach tend to be adopted slowly
• The major shifts that have occurred in recent years and appear to gaining more
traction in 2017 largely fall into three buckets:
- An increase in extortion-related attacks that can generate profits directly
from victims
- A shift towards phishing campaigns and data breaches that target those
higher up the food chain and provide larger returns
- The growth of cybercrime-as-a-service options and crimeware trade
among malicious actors
7. 7
Nation State:
• Typically leverage cyber capabilities to engage
in long term campaigns focusing on economic,
industrial, and government espionage; while
criminals are focused on monetary gain
Criminal:
• Cyber crime is a business - with a
very high return taking little effort
• Criminals target businesses that are
custodians of a commodity that can be
monetized:
- Identity information (Employee & Consumer)
- Financial Information (Payment, Banking, Gift
Card, Coupons, Entertainment accounts etc.)
Know Your Adversary
8. 8
• Criminals will target any business that
provides an avenue of approach to
high value entities
- Defense/Law Enforcement
- Does your organizational business model
provide products or services to the
Defense or Law Enforcement Industry?
- Critical Infrastructure
- Is you organization a part of a critical
infrastructure sector or supports a critical
infrastructure sector?
- Supply Chain
- Are you apart of the supply chain for an
organization that could potentially be a
high value target?
Know Your Adversary
9. 9
Completing Your
Cyber Risk Picture
Goals
Strategy
Tactics
Techniques
Procedures
Tools
What they
want
(INTENT)
How they
will get itCAPABILITY
Design
Implementation
Technical Flaws
User Interaction
Vulnerabilities
Present Due to:
Host & Network
Artifacts
Atomic Indicators
Evidence of
Presence
11. 11
Extortion Attacks Increase,
Along With Ransom Demands
• More targets than ever: The percentage of
extortion-related activity observed in 2017 has
more than doubled from 2015 and increased by
more than 40% when compared to 2016 levels.
• Higher ransom demands: In early 2016,
Hollywood Presbyterian Medical Center made
headlines for paying a $17,000 ransom. A similar
ransomware infection at Erie County Medical
Center in April 2017 demanded approximately
$44,000 in bitcoin.
• Double-dipping extortion: TheDarkOverlord was able to compromise an old computer
running Windows 7 at audio post-production company Larson Studios in December
2016 and stole dozens of unaired episodes belonging to Netflix, ABC, CBS, Disney, and
other studios. Larson Studios paid the group $50,000 in blackmail; nevertheless,
TheDarkOverlord attempted to extort the company’s clients over the same theft for
even more money.
12. TheDarkOverlord’s Use of Extortion
Exploits Organizations
with an Unhealthy
“Level of Presence”
• Similar to ransomware, but
instead of encrypting data the
adversary threatens to publish
the data
• TheDarkOverlord has used
social media to publicly
threaten organizations
12
13. Profiling TheDarkOverlord
Associated Twitter Handle(s): @tdohack3r (currently removed)
Gender: Unknown
Nationality: Unconfirmed but believed to be U.K
Overview:
• TheDarkOverlord is very careful about exposing information that could relate to their identity. This actor is smart and
calculated, but also has become bolder and more arrogant as evidenced in communication with recent victims.
Communication with TheDarkOverlord has shown that there is more than one member.
• Originally focused on health organizations, but has shown more recent attention towards entertainment companies.
13
14. 14
Profiling TheDarkOverlord
Actor Tactics
• Favors exploits that allow remote desktop control of a
network; has also taken data acquired by other actors and
exploited the clients found in these breached databases
• By garnering media attention they build their reputation and
apply pressure to the organizations they wish to extort
- There have been a few reports that the actor first
contacts his exploited entity and demands a ransom
- If an entity refuses, the database is listed on
TheRealDeal Marketplace and the media is alerted
• More recent activity has shown a slight shift in tactics
- Actor sends the victim, along with particular media
figures who request it, a sample of the breached data
- By involving security reporters and bloggers,
TheDarkOverlord lends credibility to their work while
causing panic in consumers who might be associated
with the breach
15. 15
Profiling TheDarkOverlord
The tone used by the group — both dismay that the “business” arrangement
didn’t work out and a veiled threat to future victims — has become more
prominent since TheDarkOverlord first began targeting healthcare organizations
in June 2016.
16. 16
TheDarkOverlord - Takeaways
• TheDarkOverlord represents the type of actors organizations may have to deal with in
the future – It is imperative that risk planners acknowledge this risk and plan for it
• It is important to identify cyber risk areas that are not just the traditional IT threats
• Plan and Prepare for threat scenarios! It is apparent in some instances that an
unprepared response can cause more harm then the actual impacted data itself.
Example – It was reported that Larson Studios paid TDO, 50 BC (~ $150-175k)
in return for keeping it quiet and not notifying their customers i.e. Netflix.
However, TDO reneged on the deal and released Orange is the New Black:
“We’re a professional outfit. Unfortunately, in any line of business, sometimes clients can become
disruptive to their own good. In this case, Larson Studios blatantly violated the terms of our agreement
by extensively cooperating with law enforcement. Our reaction was a direct result of the disregard
Larson Studios had for our contract.”
17. Cyber Risk
Self-Check Questionnaire
17
• What types of threats exist in my industry?
• What types of threats are occurring in my industry?
• How often do they occur?
• Are the threats changing over time?
• What threats affect my partners, suppliers or competitors?
• Who and Why would they attack us?
• Do our controls mitigate that vulnerability, are we applying the right resources
to the right controls?
• How would control failures impact the business?
• Are there different threats to different lines of business?
• How could these threats affect my supply chain?
18. 18
Conclusions and Courses of
Action to Minimize Your Risk
Your Threat Landscape Reality
• Greater digital risk footprint due to interconnectedness
• Malicious actors follow the money and there is money
to be made with ransomware and extortion campaigns
• One breach begets another - A major breach is rarely
isolated, and info stolen/leaked from one organization
can be leveraged to attack other organizations
Get Back to Cyber Security Basics
• Remove the Opportunity – minimize vulnerabilities and
your level of presence to reduce paths for attack
• Minimize your “technical debt”
19. Q&A and Additional
SurfWatch Labs Resources
19
SurfWatch Cyber Advisor:
www.surfwatchlabs.com/cyber-advisor
SurfWatch Threat Analyst:
www.surfwatchlabs.com/threat-intel
Dark Web Intelligence:
www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demo:
info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence
Editor's Notes
1:00: Allow 2 – 3 minutes for beeps and folks to come in
1:03: A few words from Andy introducing the webinar, referencing some of the work we’ve been doing to increase awareness on these issues for RE-ISAC members and give Adam and Kristi a couple minutes each to intro themselves.
Kristi will add specific details applying this to Media and Entertainment firms:
. The most severe impacts of attacks on any organization are those that could result in harm to people or human life itself. - Charlie Hebdo, revelation of confidential sources
From a business perspective, the highest priorities for news media firms are to be the first to discover new information, have the most accurate reports, confidentiality of sources, and an ongoing reputation for reliability, trust, and timeliness. Those for entertainment providers are similar: unique content and timely release of the material. While most news production firms wish to inform the public, some entertainment groups may choose to limit content to specific audiences. Either might charge subscription fees or require sponsorships to cover the cost of content production and delivery. Audiences of either demand reliability and consistency in the delivery of content. No one want’s the news to cut out in the middle of the story or to have large blocks of static in the middle of the movie. Talk radio fans do not want to hear their favorite hosts interrupted by the “Top 20” nor do music fans wish to have their tunes interrupted by political debates. And, while threats may manifest themselves in media and entertainment, the target, or otherwise disrupted organization, may be any member of the Commercial Facilities Sector – most notably members of the Sports Leagues Subsector – if they maintain a significant media presence, whether on television or on the Internet.
For Media and Entertainment firms, the public facing presence, technology Infrastructure and Supply chain are disproportionately huge compared with other types of organizations. Physical infrastructure and IoT (ICS) risks remain high as production equipment and facility management technology evolve to enhance connectivity and integration with other systems. More personnel in these organizations have a public facing presence as well.
They will use what works until it doesn’t work anymore, then, when we’ve forgotten about it and fail to maintain defenses for those tactics, they recycle them.
China, Russia, Iran, and North Korea have all conducted operations against the Entertainment and Media subsectors. - espionage, extortion, political messaging, sabotage/disruption – UAE vs Qatar
Chinese – NYT and Bloomberg
Russia – Cyber Caliphate attacks on French media
North Korea – Sony Pictures Entertainment
Iran – DDoS
Terrorists: SEA, AnonGhost
Criminals: malvertising, Lizard Squad, ddos extortion –
mischief and activism – ddos, website defacement, signal Hijacking
Competitors: espionage, disruption, attempts to harm reputation
Environment and Circumstances act as catalysts for malicious cyber activity. Elections in many countries, Economic sanctions, New legislation or regulatory rules (or the expiration of such laws/rules), natural disasters, wars, social controversy,
Also, your geographic area, country
Extortion is about exerting power or influence. It is also used by activists, terrorists, and nation states ot influence decision making – the QCF DDoS attacks were not about money, they were to hasten sanctions relief in the form of an IAEA deal.
1:45:
Adam, continuing w/ you, some closing thoughts for the group to think about before we move into Q&A? (two minutes)
And Kristi, some additional ideas from your end? (two minutes)