Transforming Cybersecurity, Risk and Control for Evolving Threats
• Analysing cybersecurity vulnerabilities, threats and risks and their associated risk based control categorisation
• Integrating cybersecurity governance with overall Information Security Governance, Risk and Assurance in line with life cycle approach of preparing, investigating, response and transforming cybersecurity (PIRT)
• Developing the cybersecurity paradigm by developing communication with the top management and all relevant stakeholders
• Transforming cybersecurity using COBIT 5 and real case study demonstrations
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
Cybersecurity Nexus Liaison
ISACA, Indonesia
4. First Scenario:
• Attacker do a dictionary attack to the 1st victim. The victim has a weak password quality problem.
• Attacker take a look of victim’s data / information after take over the server.
• Attacker get the web server information (which is Jboss).
Second Scenario:
• Attacker use the victim’s machine to exploit jboss’s server (since the Attacker doesn’t know the
password)
• Attacker gain the access and could take a look the content of the server.
Third Scenario:
• SSH-key
Fourth Scenario: Anti virus AVG2014 bypass http://goo.gl/F70KIH
SCENARIO
5. Q and A:
• Q: How if the victim (on Linux Machine with root:toor) change their password?
• A:
MANAGINGACCESS
6. Q and A:
• Q: How if the victim (on Linux Machine with root:toor) change their password?
• A: The Attacker just need to:
1. Change .ssh’s target.
2. Generate authorize key on our machine and paste it into .ssh’s target.
If we do this, every time we would like to connect into the target’s machine via ssh, we
don’t need to input the password anymore even the target already changed their
password.
MANAGINGACCESS
7. Q: Do you have change your password?
Q: Is it possible that the 2nd scenario happened in the Internet area (not internal?)
Q: Do you ever see your authorized SSH keys on your server?
TEASERQ&A
15. CYBERVULNERABILITIES,THREATANDRISK
Vulnerability Threat Risk and Impact
Spear phising Attacker may gain access through phish
phish payload or combined social-technical
technical follow-up
Initial data loss or leakage leading to secondary
secondary impact
Water holing Attacker may gain control of websites and
and subsequent control of visitor
Initial behavior errors leading to secondary
impact
Wireless/Mobile APT Compromise wireless channel to enable
enable control
Partial or full control of wireless or mobile;
direct/indirect impact on service and application
Zero-day Use zero-day to circumvent defences Partial / full control of application and underlying
underlying system
Excessive priviledge Inside attack Full and (technically) legitimate control outsite
outsite GRC, secondary impacts
Home user APT Attack use home environment may less well
well protected than organization
environment
Partial or full control of wireless or mobile;
direct/indirect impact on service and application
16. CYBERVULNERABILITIESINCONTEXT
Vulnerability Motive Opportunity Effort
Spear phising Financial, espinage, data theft, prepratory to
prepratory to main attack
Email access to target Mediumtohigh, depending on
on quality of phish
Water holing Financial, espinage, data theft, prepratory to
prepratory to main attack
Email access to target,
control of web sites
High, depending on precision
precision of targeting
Wireless/Mobile APT Financial, espionage, extortion, theft of
personally identifiable information
Proximity to target Low to medium
Zero-day Financial, operational, data theft, extortion,
extortion, control of technical infrastructure
Availability of suitable
zero-day exploits,
organized handling of
exploit
Medium to high
Excessive priviledge Financial, personal, data theft, extortion,
reputational
Deficiencies in IDM,
corruption
Low to medium
Home user APT Financial, espionage, extortion, theft of
personally identifiable information
Physical or logical access to
access to target
Low to high, depending on
level of protection of target
environment