SlideShare a Scribd company logo

S4 krotofil afternoon_sesh_2017

Download as PPTX, PDF
Marina Krotofil
Marina Krotofil

Security Analysis of Cyber Attacks in Ukraine

Internet
1 of 23
SECURITY ANALYSIS OF CYBER ATTACKS IN UKRAINE Marina Krotofil Lead Security Researcher Honeywell Industrial Cyber Security Lab S4x17 Miami, Dec 10 2017 Oleksii Yasynskyi Principal Researcher & Head of ISSP Labs ISSP group
Recap: Dec 2016 Power failure in Ukraine https://www.youtube.com/watch?v=AUoiKZBqIo0 Electrical transmission-level substation Pivnichna (330kV) suddenly cut off from main power grid Dec 17th 2016, at 23:53 (11:53 pm)
My Collaboration with Ukraine- How it Began Feb 24-26, 2016 Invited to Ukraine by ISACA Kyiv Chapter − Delivered 4 talks on ICS & Smart Cities security Conference on Critical Infrastructure Protection − Government − Enterprises, financial sector, utilities − Researchers Ongoing collaboration in several areas − Security governance and policies − Education and international collaboration − Research exchange Alexey Yankovski President ISACA Kyiv Chapter
About ISSP  ISSP – Information Systems Security Partners − A group of companies, specialized in cybersecurity, data management solutions, managed security services, professional training and security research  Research Center & ISSP Lab − Specialization on malware analysis and advanced computer forensics. Provides research facilities for cybersecurity students and scientists, est. 2015  Cyber Academy − Educational institution whose aim is to enhance quality of cybersecurity and data science in academia, est. 2016
In this talk…  We are not sharing the details about the power grid hack yet − But we focus on steps leading to these kind of consequences, which are well studied and understood  Discovering KillDisk in your network is already too late − The attackers are already having a very reliable distributed foothold in your network − Cleanup/eradication is almost impossible  It is critical to detect malicious invasion at early stages − The very subtle traces left behind by the attackers − Behavioral patterns
New wave of infection via spear fishing July 14, 2016 Angry customer complains about email from Diamantbank. He supposedly has a large unpaid debt with the bank which is now threatening him with legal action. Although the customer understood it was a scam, he OPENED the attachment. Financial Portal Don’t send me this scam again!
Anti-spam detection Malicious code is embedded into romantic lyrics to avoid detection by the spam detection algorithms (e.g. ratio of text to code)
Signature-based detection evasion Nesting doll: code in the code These pieces of code will eventually assemble into malicious line of code https://eugenebicyclist.files.wordpress.com/2012/04/nestingdolls.jpg
Macros grows aware of its surroundings SandBox and ISP detection routines ISP detection PowerShell start Malicious URL SandBox detection HTTP request for detecting public IP of target
Obfuscation techniques Making code looking like a pure noise
Video Oleksii Yasynskyi
Customization: your computer is special!  And the attacker is interested to get to know it as intimately as possible  They put all their efforts to win system trust and use it maximum to its potential − 500 builds in just two weeks! Hancitor
Detection challenges: permutations (1) http://www.learnhowtosolvearubikscube.com/how-to-solve-a-rubiks-cube-solution-overview/ Is it still a Rubik's Cube? Are these parts of Rubik’s Cube? Rubik's Cube http://rubiks.wikia.com/wiki/Disassembling_a_Rubik's_cube
This element in the entire code extracting main code Detection challenges: permutations (2) This is a KillDisk, malware with tiny task with multiple faces
Fills in blank spaces after few operations Register which points to the memory location in where to unfol d the virus It is similar to a process of putting together a puzzle Blank spaces which will be filled in the next iterations as the virus unfolds itself Detection challenges: permutations (2)
Detection opportunities  Devising signatures for the whole malware sample is ineffective due to malware mutation Instead  Develop signatures for specific attack techniques  Hash-based function calls − Approach proposed in ~ 2006 − LoadLibraryA & GetProcAddress are commonly used in malware code Win32/Spy.Bebloh (banking trojan) Win32/PSW.Fareit (Trojan for stealing passwords) Win32/Rustock (Backdoor) Win32/TrojanDownloader.Carberp (Dropper of banking trojan Carberp) Win32/Kelihos (Spam sender)
Meanwhile, back at the ranch… SPEAR PHISHING ATTACK HITS INDUSTRIAL COMPANIES  ~500 organizations from 50 countries (active campaign) − Vendors of industrial automation & field equipment − Integrators and support contractors  Very determined attacker − Appears to target smaller companies first so that it can send legitimate looking emails to larger companies  Old tools carefully packed into new container − Earlier unseen crypter for delivery of initial payload − An array of tools for almost everything (remote administration, recon, data and file collection, etc.)
Take aways (1)  You will get hacked guests on your network − E-commerce sector is already moving away from “end user host is taken” attacker model to “end user application is taken” − Detection/defenses at the level of work-flows and business processes thetoptenz.net/animal-camouflage/ https://bybio.wordpress.com/tag/batesian-mimicry/ YOU AGAIN?  Camouflage and mimicry − The adversary will blend into your infrastructure as quickly as possible − Business process owners must be included for defining known “good” and “not good”
Uncovering disguise Number of sessions under legitimate service account
Take aways (2) http://hdcdnsun2.r.worldssl.net/sites/www.hypnosisdownloads.com/files/broken-heart-image.jpg  Disjointed infrastructure monitoring approach is dead − Bird eye look: real-time holistic monitoring across multiple security and performance tools/applications − And use their synergies
The most important take away  In 1st investigation reconstructing timeline took 4 months − No tools (had to be developed) − No previous similar experience  Reconstructing timeline now takes 2 weeks − With even greater detail − You spare time and gain knowledge to work on defenses http://cdn.quotesgram.com/img/99/0/1555958381-lemons.jpg
Acknowledgement  Honeywell team for incredible work environment and support  Roman Sologub, General Manager, ISSP  Aleksey Baranovsky, Head of Cyber Academy, ISSP  Vladimir Dashchenko, Kaspersky Lab & ICS-CERT And dear hackers for securing our jobs ;-)
Thank you Marina Krotofil marina.krotofil@honeywell.com @marmusha Oleksii Yasynskyi oyasynskyi@isspgroup.com @Aleksey_yas https://socprime.com/en/blog/

Recommended

Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 

Recommended

Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012AVEVA
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
CV_case-study_cryptolocker_web
CV_case-study_cryptolocker_webCV_case-study_cryptolocker_web
CV_case-study_cryptolocker_webJeff Geissler
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert serviceMinh Le
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET Journal
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security
 
Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz Asia Pte Ltd
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017Marina Krotofil
 
New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016Marina Krotofil
 
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫАТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫNamik Heydarov
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Invincea, Inc.
 

More Related Content

What's hot

Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012AVEVA
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
CV_case-study_cryptolocker_web
CV_case-study_cryptolocker_webCV_case-study_cryptolocker_web
CV_case-study_cryptolocker_webJeff Geissler
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert serviceMinh Le
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET Journal
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security
 
Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz Asia Pte Ltd
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 

What's hot (17)

Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in Perspective
 
CV_case-study_cryptolocker_web
CV_case-study_cryptolocker_webCV_case-study_cryptolocker_web
CV_case-study_cryptolocker_web
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirus
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slides
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection Netpluz - Managed Firewall & Endpoint Protection
Netpluz - Managed Firewall & Endpoint Protection
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 

Viewers also liked

S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017Marina Krotofil
 
New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016Marina Krotofil
 
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫАТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫNamik Heydarov
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Invincea, Inc.
 
Ataki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychAtaki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychPawel Rzepa
 
War between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber spaceWar between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber spaceuisgslide
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityBoston Global Forum
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
 
Cisco Cyber Threat Defense
Cisco Cyber Threat DefenseCisco Cyber Threat Defense
Cisco Cyber Threat DefenseCisco Russia
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Обнаружение необнаруживаемого
Обнаружение необнаруживаемогоОбнаружение необнаруживаемого
Обнаружение необнаруживаемогоAleksey Lukatskiy
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 

Viewers also liked (15)

S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017S4 krotofil morning_sesh_2017
S4 krotofil morning_sesh_2017
 
New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016
 
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫАТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
АТАКИ НА БРОКЕРСКИЕ И РАСЧЕТНЫЕ СИСТЕМЫ
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
 
Ataki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowychAtaki po stronie klienta w publicznych punktach dostępowych
Ataki po stronie klienta w publicznych punktach dostępowych
 
Cyber attacks in Ukraine
Cyber attacks in UkraineCyber attacks in Ukraine
Cyber attacks in Ukraine
 
War between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber spaceWar between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber space
 
MKAD_black_V2
MKAD_black_V2MKAD_black_V2
MKAD_black_V2
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber security
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
 
Cisco Cyber Threat Defense
Cisco Cyber Threat DefenseCisco Cyber Threat Defense
Cisco Cyber Threat Defense
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Обнаружение необнаруживаемого
Обнаружение необнаруживаемогоОбнаружение необнаруживаемого
Обнаружение необнаруживаемого
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 

Similar to S4 krotofil afternoon_sesh_2017

Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...ForgeRock
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hackingparag101
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...HackIT Ukraine
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Youve been hired as a network and information security officer for a.pdf
Youve been hired as a network and information security officer for a.pdfYouve been hired as a network and information security officer for a.pdf
Youve been hired as a network and information security officer for a.pdffamilycitymen
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCase IQ
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in MaySathish Kumar K
 
Securing Your Business #2 - Role Of The Vendor
Securing Your Business #2 - Role Of The VendorSecuring Your Business #2 - Role Of The Vendor
Securing Your Business #2 - Role Of The VendorDatapipe
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 

Similar to S4 krotofil afternoon_sesh_2017 (20)

Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care Providers
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for Startups
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Youve been hired as a network and information security officer for a.pdf
Youve been hired as a network and information security officer for a.pdfYouve been hired as a network and information security officer for a.pdf
Youve been hired as a network and information security officer for a.pdf
 
jhon ibrahim.ppt
jhon ibrahim.pptjhon ibrahim.ppt
jhon ibrahim.ppt
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in May
 
Securing Your Business #2 - Role Of The Vendor
Securing Your Business #2 - Role Of The VendorSecuring Your Business #2 - Role Of The Vendor
Securing Your Business #2 - Role Of The Vendor
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 

More from Marina Krotofil

S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsicsS4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsicsMarina Krotofil
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevMarina Krotofil
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...Marina Krotofil
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S..."Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...Marina Krotofil
 
Mission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMarina Krotofil
 
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINALBlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINALMarina Krotofil
 
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_LarsenDefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_LarsenMarina Krotofil
 

More from Marina Krotofil (11)

S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsicsS4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsics
 
Dhs icsjwg 2015_v3
Dhs icsjwg 2015_v3Dhs icsjwg 2015_v3
Dhs icsjwg 2015_v3
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsev
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
 
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S..."Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
 
S4x16_Europe_Krotofil
S4x16_Europe_KrotofilS4x16_Europe_Krotofil
S4x16_Europe_Krotofil
 
presentation_sas2016_V3
presentation_sas2016_V3presentation_sas2016_V3
presentation_sas2016_V3
 
Mission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control SystemsMission Impact Assessment for Industrial Control Systems
Mission Impact Assessment for Industrial Control Systems
 
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINALBlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
 
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_LarsenDefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
 

Recently uploaded

The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfMilind Agarwal
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 

Recently uploaded (20)

young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 

S4 krotofil afternoon_sesh_2017

  • 1. SECURITY ANALYSIS OF CYBER ATTACKS IN UKRAINE Marina Krotofil Lead Security Researcher Honeywell Industrial Cyber Security Lab S4x17 Miami, Dec 10 2017 Oleksii Yasynskyi Principal Researcher & Head of ISSP Labs ISSP group
  • 2. Recap: Dec 2016 Power failure in Ukraine https://www.youtube.com/watch?v=AUoiKZBqIo0 Electrical transmission-level substation Pivnichna (330kV) suddenly cut off from main power grid Dec 17th 2016, at 23:53 (11:53 pm)
  • 3. My Collaboration with Ukraine- How it Began Feb 24-26, 2016 Invited to Ukraine by ISACA Kyiv Chapter − Delivered 4 talks on ICS & Smart Cities security Conference on Critical Infrastructure Protection − Government − Enterprises, financial sector, utilities − Researchers Ongoing collaboration in several areas − Security governance and policies − Education and international collaboration − Research exchange Alexey Yankovski President ISACA Kyiv Chapter
  • 4. About ISSP  ISSP – Information Systems Security Partners − A group of companies, specialized in cybersecurity, data management solutions, managed security services, professional training and security research  Research Center & ISSP Lab − Specialization on malware analysis and advanced computer forensics. Provides research facilities for cybersecurity students and scientists, est. 2015  Cyber Academy − Educational institution whose aim is to enhance quality of cybersecurity and data science in academia, est. 2016
  • 5. In this talk…  We are not sharing the details about the power grid hack yet − But we focus on steps leading to these kind of consequences, which are well studied and understood  Discovering KillDisk in your network is already too late − The attackers are already having a very reliable distributed foothold in your network − Cleanup/eradication is almost impossible  It is critical to detect malicious invasion at early stages − The very subtle traces left behind by the attackers − Behavioral patterns
  • 6. New wave of infection via spear fishing July 14, 2016 Angry customer complains about email from Diamantbank. He supposedly has a large unpaid debt with the bank which is now threatening him with legal action. Although the customer understood it was a scam, he OPENED the attachment. Financial Portal Don’t send me this scam again!
  • 7. Anti-spam detection Malicious code is embedded into romantic lyrics to avoid detection by the spam detection algorithms (e.g. ratio of text to code)
  • 8. Signature-based detection evasion Nesting doll: code in the code These pieces of code will eventually assemble into malicious line of code https://eugenebicyclist.files.wordpress.com/2012/04/nestingdolls.jpg
  • 9. Macros grows aware of its surroundings SandBox and ISP detection routines ISP detection PowerShell start Malicious URL SandBox detection HTTP request for detecting public IP of target
  • 10. Obfuscation techniques Making code looking like a pure noise
  • 12. Customization: your computer is special!  And the attacker is interested to get to know it as intimately as possible  They put all their efforts to win system trust and use it maximum to its potential − 500 builds in just two weeks! Hancitor
  • 13. Detection challenges: permutations (1) http://www.learnhowtosolvearubikscube.com/how-to-solve-a-rubiks-cube-solution-overview/ Is it still a Rubik's Cube? Are these parts of Rubik’s Cube? Rubik's Cube http://rubiks.wikia.com/wiki/Disassembling_a_Rubik's_cube
  • 14. This element in the entire code extracting main code Detection challenges: permutations (2) This is a KillDisk, malware with tiny task with multiple faces
  • 15. Fills in blank spaces after few operations Register which points to the memory location in where to unfol d the virus It is similar to a process of putting together a puzzle Blank spaces which will be filled in the next iterations as the virus unfolds itself Detection challenges: permutations (2)
  • 16. Detection opportunities  Devising signatures for the whole malware sample is ineffective due to malware mutation Instead  Develop signatures for specific attack techniques  Hash-based function calls − Approach proposed in ~ 2006 − LoadLibraryA & GetProcAddress are commonly used in malware code Win32/Spy.Bebloh (banking trojan) Win32/PSW.Fareit (Trojan for stealing passwords) Win32/Rustock (Backdoor) Win32/TrojanDownloader.Carberp (Dropper of banking trojan Carberp) Win32/Kelihos (Spam sender)
  • 17. Meanwhile, back at the ranch… SPEAR PHISHING ATTACK HITS INDUSTRIAL COMPANIES  ~500 organizations from 50 countries (active campaign) − Vendors of industrial automation & field equipment − Integrators and support contractors  Very determined attacker − Appears to target smaller companies first so that it can send legitimate looking emails to larger companies  Old tools carefully packed into new container − Earlier unseen crypter for delivery of initial payload − An array of tools for almost everything (remote administration, recon, data and file collection, etc.)
  • 18. Take aways (1)  You will get hacked guests on your network − E-commerce sector is already moving away from “end user host is taken” attacker model to “end user application is taken” − Detection/defenses at the level of work-flows and business processes thetoptenz.net/animal-camouflage/ https://bybio.wordpress.com/tag/batesian-mimicry/ YOU AGAIN?  Camouflage and mimicry − The adversary will blend into your infrastructure as quickly as possible − Business process owners must be included for defining known “good” and “not good”
  • 19. Uncovering disguise Number of sessions under legitimate service account
  • 20. Take aways (2) http://hdcdnsun2.r.worldssl.net/sites/www.hypnosisdownloads.com/files/broken-heart-image.jpg  Disjointed infrastructure monitoring approach is dead − Bird eye look: real-time holistic monitoring across multiple security and performance tools/applications − And use their synergies
  • 21. The most important take away  In 1st investigation reconstructing timeline took 4 months − No tools (had to be developed) − No previous similar experience  Reconstructing timeline now takes 2 weeks − With even greater detail − You spare time and gain knowledge to work on defenses http://cdn.quotesgram.com/img/99/0/1555958381-lemons.jpg
  • 22. Acknowledgement  Honeywell team for incredible work environment and support  Roman Sologub, General Manager, ISSP  Aleksey Baranovsky, Head of Cyber Academy, ISSP  Vladimir Dashchenko, Kaspersky Lab & ICS-CERT And dear hackers for securing our jobs ;-)
  • 23. Thank you Marina Krotofil marina.krotofil@honeywell.com @marmusha Oleksii Yasynskyi oyasynskyi@isspgroup.com @Aleksey_yas https://socprime.com/en/blog/

Editor's Notes

  1. Similar to Ukraine spear fishing email had financial content – WORKS ALWAYS