The document discusses lessons that can be learned from the Stuxnet cyber attack for defenders. It outlines various goals of attacks like espionage, damage, and loss of confidence. It then describes different types of soft and hard damage that can be done as well as false flag operations. The document provides suggestions for mapping people, networks, devices, and software that could be targeted. It also discusses concerns from an attacker's perspective and recommendations for defenses like deep network monitoring and maintaining separate network topographies.
EVOLVE to demand. demand to evolve by Igor VolovichEC-Council
Igor Volovich presently serves as Vice President and head of Information Security and Cyber Risk Management of Schneider Electric for the Americas region.
Schneider Electric is a global leader in energy, efficiency, process, and operations management, industrial automation software and systems, and energy and safety controls. Following a recent merger with Invensys plc, the combined enterprise represents more than 185,000 personnel working in over 120 countries, with annual revenues in excess of €23 billion.
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
Bobby Dominguez is an accomplished Internet pioneer and an acknowledged security, risk, and privacy expert. Mr. Dominguez has successfully integrated information security into top-level business initiatives at Home Shopping Network, PSCU Financial Services, and PNC Bank, where he implemented a new technology risk management framework. Under his leadership, the Sykes Global Security and Risk Management team was nominated and selected as one of the 5 best by 2008 SC Magazine “Best Security Team in the US.” Mr. Dominguez was also selected as one of the top 5 Chief Security Officers for the 2009, 2010, and 2013 SC Magazine “CSO of Year.” In 2012 he was a finalist for (ISC)2 Americas Information Security Leadership Awards.
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...EC-Council
John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO’s) of Fortune 500 companies and government organizations launch and expand their critical application security initiatives. His leadership has been instrumental in Denim Group being honored by Inc. Magazine as one of the fastest growing companies in the industry for five years in a row.
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky
On those slides I will show you 7 simple steps to test different McAfee ENS protection mechanism.
And as a bonus I will show you how to use MVISION Insights to react on SunBurst threat.
List of tests:
- OAS AMCore detection
- OAS GTI detection
- Access Protection
- Exploit Prevention
- Real Protect (ATP-RP)
- Dynamic Application Containment (ATP-DAC)
- Credential Theft Protection (ATP-RP-CTP)
All tests made for built-in rules and conducted without using real malware, so it is safe to repeat those steps in your environment.
#McAfee #MVISION #Insights #SunBurst #SolarWinds #supplychain
Join Paul Caiazzo, co-founder and CEO of TruShield Security Solutions, as he discusses the present state of cybersecurity, and how changing your thinking will change your business.
Over the past several years, a multitude of organizations, regardless of their size or investment in cybersecurity, have suffered massive data breaches. Why does this keep happening? Because the traditional way of approaching cybersecurity is fundamentally flawed. The majority of businesses view cybersecurity as a project – something to be completed and then forgotten. Many organizations are heavily focused on compliance, but only fulfilling compliance requirements doesn’t translate to a comprehensive cybersecurity program. Just look at all the big name organizations who were compliant but suffered breaches in 2016, such as CVS, Wal-Mart, AFLAC, and Wells Fargo.
As businesses become more reliant on the Internet of Things (IoT) devices and services, cybersecurity will need to become a contributing element to your organization in order to remain successful and connected.
While advancements in technology have greatly improved the speed, efficiency and capability of investment advisers’ and broker-dealers’ systems and workflows, these developments have also significantly increased operational and reputational risk. An isolated system intrusion can have dramatic consequences for a SEC or FINRA registrant including financial loss, ongoing liability to clients and investors and potential regulatory enforcement action. In today’s environment, if a “hacked” SEC or FINRA registrant has any hope of avoiding a regulatory enforcement action, it is imperative they can demonstrate that they have adequate policies and procedures to identify and test potential cybersecurity vulnerabilities and weaknesses. Such policies must also address the experience, security vetting process and the location of any external party performing such tests.
EVOLVE to demand. demand to evolve by Igor VolovichEC-Council
Igor Volovich presently serves as Vice President and head of Information Security and Cyber Risk Management of Schneider Electric for the Americas region.
Schneider Electric is a global leader in energy, efficiency, process, and operations management, industrial automation software and systems, and energy and safety controls. Following a recent merger with Invensys plc, the combined enterprise represents more than 185,000 personnel working in over 120 countries, with annual revenues in excess of €23 billion.
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
Bobby Dominguez is an accomplished Internet pioneer and an acknowledged security, risk, and privacy expert. Mr. Dominguez has successfully integrated information security into top-level business initiatives at Home Shopping Network, PSCU Financial Services, and PNC Bank, where he implemented a new technology risk management framework. Under his leadership, the Sykes Global Security and Risk Management team was nominated and selected as one of the 5 best by 2008 SC Magazine “Best Security Team in the US.” Mr. Dominguez was also selected as one of the top 5 Chief Security Officers for the 2009, 2010, and 2013 SC Magazine “CSO of Year.” In 2012 he was a finalist for (ISC)2 Americas Information Security Leadership Awards.
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...EC-Council
John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO’s) of Fortune 500 companies and government organizations launch and expand their critical application security initiatives. His leadership has been instrumental in Denim Group being honored by Inc. Magazine as one of the fastest growing companies in the industry for five years in a row.
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky
On those slides I will show you 7 simple steps to test different McAfee ENS protection mechanism.
And as a bonus I will show you how to use MVISION Insights to react on SunBurst threat.
List of tests:
- OAS AMCore detection
- OAS GTI detection
- Access Protection
- Exploit Prevention
- Real Protect (ATP-RP)
- Dynamic Application Containment (ATP-DAC)
- Credential Theft Protection (ATP-RP-CTP)
All tests made for built-in rules and conducted without using real malware, so it is safe to repeat those steps in your environment.
#McAfee #MVISION #Insights #SunBurst #SolarWinds #supplychain
Join Paul Caiazzo, co-founder and CEO of TruShield Security Solutions, as he discusses the present state of cybersecurity, and how changing your thinking will change your business.
Over the past several years, a multitude of organizations, regardless of their size or investment in cybersecurity, have suffered massive data breaches. Why does this keep happening? Because the traditional way of approaching cybersecurity is fundamentally flawed. The majority of businesses view cybersecurity as a project – something to be completed and then forgotten. Many organizations are heavily focused on compliance, but only fulfilling compliance requirements doesn’t translate to a comprehensive cybersecurity program. Just look at all the big name organizations who were compliant but suffered breaches in 2016, such as CVS, Wal-Mart, AFLAC, and Wells Fargo.
As businesses become more reliant on the Internet of Things (IoT) devices and services, cybersecurity will need to become a contributing element to your organization in order to remain successful and connected.
While advancements in technology have greatly improved the speed, efficiency and capability of investment advisers’ and broker-dealers’ systems and workflows, these developments have also significantly increased operational and reputational risk. An isolated system intrusion can have dramatic consequences for a SEC or FINRA registrant including financial loss, ongoing liability to clients and investors and potential regulatory enforcement action. In today’s environment, if a “hacked” SEC or FINRA registrant has any hope of avoiding a regulatory enforcement action, it is imperative they can demonstrate that they have adequate policies and procedures to identify and test potential cybersecurity vulnerabilities and weaknesses. Such policies must also address the experience, security vetting process and the location of any external party performing such tests.
Особенности использования современных СЗИ НСД для обеспечения информационной ...SelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 2
Электронное взаимодействие на финансовых рынках
Кузнецов Сергей Павлович, коммерческий директор ЦЗИ ООО «Конфидент»
Источник: http://ural.ib-bank.ru/materials_2015
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
APNIC Senior Security Specialist Adli Wahid spoke on the importance and role of CERTs in helping prevent cyber attacks at the Philippines Cybersecurity Conference 2021, held online from 13 to 29 October 2021.
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNSC42 Ltd
Whitehall media conference on cloud computing. Francesco Cipollone representing the Cloud Security Alliance provides an overview of the cloud transformation challenges
Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.
Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.
In this session I will cover:
* Common threats to web security with real world case studies of compromised sites,
* Simple approaches to mitigating common threats/vulnerabilities,
* Defence in depth – an overview of the various components of web security,
* Drupal specific measures that standard penetration testing often does not account for.
* An overview of how to benefit from:
* Security monitoring and log analysis
* Intrusion Detection Systems & Firewalls
* Security headers and Content Security Policies (CSP).
Comments: https://joind.in/talk/8bbea
Особенности использования современных СЗИ НСД для обеспечения информационной ...SelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 2
Электронное взаимодействие на финансовых рынках
Кузнецов Сергей Павлович, коммерческий директор ЦЗИ ООО «Конфидент»
Источник: http://ural.ib-bank.ru/materials_2015
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
APNIC Senior Security Specialist Adli Wahid spoke on the importance and role of CERTs in helping prevent cyber attacks at the Philippines Cybersecurity Conference 2021, held online from 13 to 29 October 2021.
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNSC42 Ltd
Whitehall media conference on cloud computing. Francesco Cipollone representing the Cloud Security Alliance provides an overview of the cloud transformation challenges
Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.
Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.
In this session I will cover:
* Common threats to web security with real world case studies of compromised sites,
* Simple approaches to mitigating common threats/vulnerabilities,
* Defence in depth – an overview of the various components of web security,
* Drupal specific measures that standard penetration testing often does not account for.
* An overview of how to benefit from:
* Security monitoring and log analysis
* Intrusion Detection Systems & Firewalls
* Security headers and Content Security Policies (CSP).
Comments: https://joind.in/talk/8bbea
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Technology Challenges of Virtual Worlds in Education & Training - Research di...Leonel Morgado
Talk at VS-GAMES 2013, Bournemouth University, closing the SLACTIONS workshop on Technology Challenges of Virtual Worlds in Education & Training towards widespread adoption. Roadmap towards the special issue on the same topic of the Journals of Educational Technology and Society, call open until November 2013.
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests📡 Sebastien Dudek
Presentation made at SecurityPWNing 2018 explaining how to intrude a company using radio attacks and real cases scenarios we encountered during our tests.
OSMC 2013 | Flapjack - monitoring notification system by Birger SchmidtNETWAYS
Flapjack flapjack-project.com setzt auf etablierten Monitoring Systemen auf und ermöglicht es, diese zu einem hoch skalierbaren Gesamtsystem aufzubauen.
Flapjack verarbeitet Monitoringergebnisse zu Benachrichtigungen. Damit werden Überwachung und Benachrichtigung entkoppelt.
Beispielsweise kann ein Mix aus verschiedenen Nagios-, Icinga- und Sensu-Instanzen checks ausführen und die Ergebnisse an Flapjack zur Verarbeitung weitergeben. Flapjack generiert daraus die Benachrichtigungen, die anschließend via PagerDuty, XMPP, E-Mail oder SMS zugestellt werden.
Die Funktionalität von Flapjack steht dank der API für andere Komponenten zur Verfügung.
Der Vortrag gibt Einblick in Motivation, Historie, Hintergründe und technischen Aufbau der Software.
Об угрозах информационной безопасности, актуальных для разработчика СЗИSelectedPresentations
Качалин Алексей Игоревич, эксперт МОО «АЗИ»
IV Форум АЗИ
«Актуальные вопросы информационной безопасности России»
г. Москва, Конгресс-Центр МТУСИ, 14 апреля 2015 года
Об угрозах информационной безопасности, актуальных для разработчика СЗИ
Stu t18 b
1. Session ID:
Session Classification:
▶ Slide▶ of 26
xxx-xxxx
xxxxxxxxxxxx
Stuxnet Lessons for
Defenders
William Cheswick
cheswick.com
http://www.cheswick.com/ches
1
Monday, February 18, 13
2. ▶ Presenter
Logo
▶ Slide▶ of 762
▶ I have never mounted a
sophisticated cyber attack, nor have I
been cleared for official training.
The observations here come from
twenty years of evil thoughts and
pondering offensive cyber activities.
Note:
Monday, February 18, 13
3. ▶ Presenter
Logo
▶ Slide▶ of 763
▶ “Security people are paid to think bad
thoughts”
▶ - Bob Morris
Monday, February 18, 13
4. ▶ Presenter
Logo
▶ Slide▶ of 26
Goals
Espionage
Damage
Loss of confidence
False flag operations
4
Monday, February 18, 13
5. ▶ Presenter
Logo
▶ Slide▶ of 26
Damage
Soft damage
Can be very subtle, and disrupt operations for
years.
Hard damage
best if replacement equipment is scarce
massive attack can overwhelm supply chains
It is also much harder to do
5
Monday, February 18, 13
6. ▶ Presenter
Logo
▶ Slide▶ of 26
Soft Damage
Erasing or changing data
Subverting or destroying backups.
Make operators take the wrong
action
Perhaps convince management
that the project is not worthwhile
6
Monday, February 18, 13
7. ▶ Presenter
Logo
▶ Slide▶ of 26
Hard Damage
Destroying hardware
disk crashes?
Flash has a limited number of writes
Damage or destroy equipment
Take out a dam, blow
transformers, etc.
7
Monday, February 18, 13
8. ▶ Presenter
Logo
▶ Slide▶ of 26
“Gremlin attack”
Reduce confidence in the venture
Make them reject certain
approaches
“Cursing” a technique, certain
equipment, or people
8
Monday, February 18, 13
9. ▶ Presenter
Logo
▶ Slide▶ of 26
False flag operations
Attribution is the major problem
in information warfare these days
Make it look like someone else is
doing something bad
9
Monday, February 18, 13
10. ▶ Presenter
Logo
▶ Slide▶ of 26
Exploits
Day 0 exploits are rare,
expensive, and have a shelf life
Standard attacks still work
Crypto
BBB
“social engineering” i.e. spy
techniques
10
Monday, February 18, 13
11. ▶ Presenter
Logo
▶ Slide▶ of 2611
software hacks
day 0 exploits
expensive, single use, has a shelf life
well-known exploits on old software
(which is common)
email/web injection
USB sticks
Gain access
Monday, February 18, 13
13. ▶ Presenter
Logo
▶ Slide▶ of 26
People
network administrators
key engineers/scientists
13
Monday, February 18, 13
14. ▶ Presenter
Logo
▶ Slide▶ of 26
the Official Map
ping/traceroute
SNMP dumps
reverse DNS
passive packet monitoring
activity of people (see above)
14
Network
Monday, February 18, 13
15. ▶ Presenter
Logo
▶ Slide▶ of 26
industrial controllers
network gear
client hosts
misc. devices
often not updated
15
Devices
Monday, February 18, 13
16. ▶ Presenter
Logo
▶ Slide▶ of 26
Feedback
Operational progress, i.e.
debugging
Espionage
16
Monday, February 18, 13
17. ▶ Presenter
Logo
▶ Slide▶ of 26
Exfiltrating Data
To the Internet
VPNs
stego: TCP headers, web requests, email, etc.
Depends on the volume, which can be huge
Over the cell network
USB sticks/laptops/cell phones?
strip search on your way out?
17
Monday, February 18, 13
18. ▶ Presenter
Logo
▶ Slide▶ of 26
Attacker’s concerns
Getting noticed
Getting caught
Expending exploits
Misleading information
the double agent problem
Wasting time and money
18
Monday, February 18, 13
19. ▶ Presenter
Logo
▶ Slide▶ of 26
Attacker’s concerns
Controlling exponential growth
Morris worm
Stuxnet got away, after a while
19
Monday, February 18, 13
20. ▶ Presenter
Logo
▶ Slide▶ of 7620
▶We know these attacks are real, and we know
that you don’t have to be separating uranium
isotopes to be worth all this effort.
Monday, February 18, 13
21. ▶ Presenter
Logo
▶ Slide▶ of 2621
You may well be a target
Attacks, even APT attacks, are
relatively cheap
There is virtually no downside for
the attackers
Monday, February 18, 13
22. ▶ Presenter
Logo
▶ Slide▶ of 26
There are weak points in
these attacks
Discovery phase can create brief
signatures on the network and in
hosts.
Secret honeypots and sentinels
can force attackers to show their
hand
Deception toolkits
22
Monday, February 18, 13
23. ▶ Presenter
Logo
▶ Slide▶ of 26
Some thoughts
Require deep monitoring of your
own people
Data exfiltration could be
detectable
Boot from clean operating
system sources
23
Monday, February 18, 13
24. ▶ Presenter
Logo
▶ Slide▶ of 26
Network monitoring
Detect all SNMP activity
Low TTL packets are highly
suspect (traceroute of any kind)
Any usual net activity
High-entropy packets and flows
Day 0 backups for comparisons
24
Monday, February 18, 13
25. ▶ Presenter
Logo
▶ Slide▶ of 26
Network topography
Internet gateway? Really?
Bulkheads and enclaves.
25
Monday, February 18, 13
26. Session ID:
Session Classification:
▶ Slide▶ of 26
xxx-xxxx
xxxxxxxxxxxx
Stuxnet Lessons for Defenders
William Cheswick
cheswick.com
http://www.cheswick.com/ches
26
Monday, February 18, 13