Targeted & Persistent Attacks in EU

•

1 like•419 views

The document discusses the need for improved coordination and information sharing between EU member states to address targeted and persistent cyber attacks. It outlines common tactics used by adversaries, including initial weak intrusions, spreading malware to undermine security monitoring and exfiltrate data while avoiding detection. The document argues for consolidating knowledge of adversaries across borders, establishing standards for secure information exchange, and properly containing incidents to effectively eradicate intruders.

Technology

Targeted & Persistent Attacks in EU

The need for coordination and information
sharing between EU member states

Eoghan Casey, CASEITE & DFLabs

2012 Copyright Eoghan Casey and CASEITE
All rights reserved
Attack against RSA -‐ http://blogs.rsa.com/rivner/anatomy-‐of-‐an-‐attack/

Large-‐scale credit card robbery
Initial intrusion into regional office
Weak internal security
Servers with well known vulnerabilities
Unrestricted access to central servers
Weak egress filtering
File transfer permitted from central servers to Internet
Weak system monitoring
Intruder created account on central server
Installed sniffer on server
Sniffer and file transfer log files created on server
Weak network monitoring
Network level logs recorded file transfers

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Coordinated Linux intrusions
Attacker's modus operandi
Repository of stolen SSH credentials
Privilege escalation
LKM rootkits & tricky backdoor
Trojanized SSH daemon
Resilient C2 and exfiltration
Destroy digital evidence

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Common mistakes
1) Underestimating the adversary
Too quick to containment

2) Lack of evidence
No centralized logging infrastructure

3) Improper evidence handling
Update antivirus and scan compromised systems

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Know the adversary
Initial intrusions not necessarily sophisticated
Spear phishing or vulnerable servers
Once inside, they spread virulently
Inside out attacks circumvent egress filtering
Undermine security monitoring
File system tampering
Multiple malware versions with custom packing
Blend in with normal traffic
Encrypt command, control and exfiltration
2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Quick containment?
Current recommendation:
When an incident has been detected and analyzed, it is
important to contain it before the spread of the
incident overwhelms resources or the damage increases.
Most incidents require containment, so it is
important to consider it early in the course of handling each
incident.

- NIST SP800-61 Rev. 1, page 3-19

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Managing a data breach effectively

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Effective eradication of intruders

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Cross border information sharing
Same attackers targeting
all EU member states >

Consolidate adversary knowledge
Trust between government and industry
Confidentiality agreements
More information to examine the better
Sanitize what is shared to protect victims
2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Information exchange standards
STIX Structured Threat Information eXpression

2012 Copyright Eoghan Casey and CASEITE
All rights reserved
STIX Whitepaper -‐ makingsecuritymeasurable.mitre.org/docs/STIX-‐Whitepaper.pdf

Get in touch

Eoghan Casey
DFLabs Business Partner
Risk Prevention and Response Co-‐manager

eoghan@dflabs.com
www.dflabs.com

2012 Copyright Eoghan Casey and CASEITE
All rights reserved

Data is the fuel that powers today’s application-driven businesses. But efficiently governing this data is becoming harder as it grows in volume and proliferates across cloud and on-prem environments. Questions like “Where is my sensitive data located?,” “How do we protect it from breach?” and “How do I ensure the right people have access to it?” are becoming more difficult to answer.

Ransomware: Why Are Backup Vendors Trying To Scare You?

marketingunitrends

Ransomware. The very word strikes fear into the hearts of admins, backup specialists, and security pros. Backup software vendors know if all your data is not protected, there is a good chance that if (when?) ransomware hits, you will most likely lose data. But, what should scare you more is less than half of ransomware victims fully recover their data, even with backup. What can you do to make sure you are not on the wrong side of a statistic?

The GDPR and What It Means to You

Delphix

Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World

Pro Mrkt

Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active Directory

Skyport Systems

With recent attacks on hospital data catching headlines, we wanted to provide some best practices in this webinar to keep your systems safe and sound! We will be co-presenting this webinar with our partners at Intellisuite IT Solutions. What you will learn: How-to use an Intranet to educate staff on IT security How-to Engage staff in pro-active thinking about IT and patient privacy with a social Intranet tools. How a proactive IT plan and an Intranet can help keep an organization safe from Ransomware Attacks How-to publish and ensure readership on HITECH, HIPPA and other IT policies across the entire hospital using a web based Policy Manager How an Intranet can alert staff of an attack and train staff on ways to prevent attacks How to leverage layered security to prevent ransomware attack Important elements of a layer security approach What to do if ransomware attack evades the initial layer Risks of vulnerable or unprotected system Organization’s recourse for getting back to production are restoring from backup or paying the ransom

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...

NetworkCollaborators

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation

NetworkCollaborators

David Tweedale - The Evolving Threat Landscape #midscybersecurity18

Pro Mrkt

Cisco Connect 2018 Vietnam - data center transformation - vn

NetworkCollaborators

Ransomware Has Evolved And So Should Your Company

Veriato

Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption. The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks? Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).

Security Kung Fu: SIEM Solutions

Joshua Berman

The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 1: SIEM Solutions In Part 1, we took an in-depth look at the cybersecurity climate businesses and currently facing and educated ourselves on the cybercrime industry as a whole. Using the Lockhead Martin Cyber Kill Chain® as an example, we discussed the role SIEM solutions play in identifying security threats and discussed the unique capabilities of such solutions to allow users to go back in time to conduct forensic analysis of security incidents and verified threats. Other Security Kung Fu Events: Part 2: Firewall Logs | http://bit.ly/2ql3l2A Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

Moving Beyond Zero Trust

scoopnewsgroup

A Migration Imperative With Windows 10 Enterprise-Grade Security

Insight

Cyber supply chain risk management ASDEEngineers Australia

Security Kung Fu: Firewall Logs

Joshua Berman

The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 2: Firewall Logs Part 2 of the series shifted our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack which have been demonstrated countless times by hackers, we showed how firewall log data can give notice of attempts at infiltrating a network, exfiltrating data, and more. Beyond that, we discussed how Network Change and Configuration Management solutions can too contribute to deeper IT security by helping to alert to config. changes on firewalls - and other network devices - in addition to a host of other capabilities which can help with this cause. Other Security Kung Fu Events: Part 1: SIEM Solutions | http://bit.ly/2qkwVWh Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

Cisco Connect 2018 Philippines - security keynote

NetworkCollaborators

GDPR Fast Start

Delphix

How to Recover from a Ransomware Disaster

Spanning Cloud Apps

Security Kung Fu: SIEM Solutions

SolarWinds

Protect your company from zero-day with ESET Dynamic Threat Defense

Adi Saputra

Security is HardMike Murray

Applying intelligent deception to detect sophisticated cyber attacks

Fidelis Cybersecurity

Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...

Pro Mrkt

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...

Shawn Tuma

Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline. The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle

Information Security Intelligence

guest08b1e6

SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana

What's hot

HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]

Stanton Viaduc

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...

NetworkCollaborators

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation

NetworkCollaborators

David Tweedale - The Evolving Threat Landscape #midscybersecurity18

Pro Mrkt

Cisco Connect 2018 Vietnam - data center transformation - vn

NetworkCollaborators

Ransomware Has Evolved And So Should Your Company

Veriato

Security Kung Fu: SIEM Solutions

Joshua Berman

Moving Beyond Zero Trust

scoopnewsgroup

A Migration Imperative With Windows 10 Enterprise-Grade Security

Insight

Cyber supply chain risk management ASDEEngineers Australia

Security Kung Fu: Firewall Logs

Joshua Berman

The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 2: Firewall Logs Part 2 of the series shifted our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack which have been demonstrated countless times by hackers, we showed how firewall log data can give notice of attempts at infiltrating a network, exfiltrating data, and more. Beyond that, we discussed how Network Change and Configuration Management solutions can too contribute to deeper IT security by helping to alert to config. changes on firewalls - and other network devices - in addition to a host of other capabilities which can help with this cause. Other Security Kung Fu Events: Part 1: SIEM Solutions | http://bit.ly/2qkwVWh Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

Cisco Connect 2018 Philippines - security keynote

NetworkCollaborators

GDPR Fast Start

Delphix

How to Recover from a Ransomware Disaster

Spanning Cloud Apps

Security Kung Fu: SIEM Solutions

SolarWinds

Protect your company from zero-day with ESET Dynamic Threat Defense

Adi Saputra

Security is HardMike Murray

Applying intelligent deception to detect sophisticated cyber attacks

Fidelis Cybersecurity

Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...

Pro Mrkt

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...

Shawn Tuma

What's hot (20)

HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation

David Tweedale - The Evolving Threat Landscape #midscybersecurity18

Cisco Connect 2018 Vietnam - data center transformation - vn

Ransomware Has Evolved And So Should Your Company

Security Kung Fu: SIEM Solutions

Moving Beyond Zero Trust

A Migration Imperative With Windows 10 Enterprise-Grade Security

Cyber supply chain risk management ASDE

Security Kung Fu: Firewall Logs

Cisco Connect 2018 Philippines - security keynote

GDPR Fast Start

How to Recover from a Ransomware Disaster

Security Kung Fu: SIEM Solutions

Protect your company from zero-day with ESET Dynamic Threat Defense

Security is Hard

Applying intelligent deception to detect sophisticated cyber attacks

Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...

Similar to Targeted & Persistent Attacks in EU

Information Security Intelligence

guest08b1e6

SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana

From SIEM to SA: The Path Forward

EMC

CasesAlexandra

Cloud SecurityTerell Jones

RSA: Security Analytics Architecture for APT

Lee Wei Yeong

Advanced Persistent Threat - Evaluating Effective Responses

NetIQ

Anti evasion and evader - klaus majewskiStonesoft

Transforming the Way People Work with Syncplicity

EMC

F5 Networks- Why Legacy Security Systems are Failing

Global Business Events

NetWitness

TechBiz Forense Digital

Databases and information Security presentation

FatimaJawaid9

Huawei Ransomware Protection Storage Solution Technical Overview Presentation...

LuisMiguelPaz5

Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...

Skybox Security

It’s a new era for IT security teams. Tasked with ensuring the success of business-changing IT initiatives from mobile and BYOD to virtualization and cloud services, CISOs are finding that existing security controls and processes create complexity instead of reducing risks. At the same time, highly publicized breaches and new forms of attacks have raised awareness of the business impact of cyber threats to the board level. It’s time for a hard look at your current security program. Can you demonstrate an effective security strategy that will protect your company’s vital services, systems and data? Gidi Cohen challenges you to reinvent your security approach. More than offering just a few ideas, Cohen will examine why some popular security controls are no longer effective at minimizing risks, and explore proven next-generation techniques to increase your ability to see, measure, and gain control over business risks. Presented by Gidi Cohen, CEO and Founder - Skybox Security at the CISO Summit in San Francisco, CA.

Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.

Tripwire

It's no secret that cybercriminals and the dynamic methods they use to do their dirty work are evolving faster than companies, governments and individuals are able to deal with them. Dexterity, unmatched domain expertise and the element of surprise creates advantages that grow each day. But what if IT security practitioners could use that power against their enemies, Jujitsu style? Dr. Eric Cole says this is not only possible, but it’s time to go on the offensive against attackers by using their intelligence, desire for attention, financial motivations and attack tendencies against them to strengthen your own security posture. Dr. Cole, a celebrated author, cyber security consultant for governments and the Fortune 100, and a former CIA security analyst, highlights some of the biggest IT security threats and the critical weaknesses that unleash them on corporations and governments. Cole, president of enterprise and government cyber consultancy Secure Anchor Consulting, discusses: Two of the most widely talked about threats in 2010, the ZeuS botnet and the Stuxnet worm. How you can fortify your defenses using the principles of Jujitsu to quickly identify your foes and neutralize them. How these principles can help you turn the motivations of your foes against them to achieve better security. How an integrated security information and event management (SIEM) and file integrity monitoring (FIM) solution can detect threats faster, find an attacker's footprints before a breach and seal off discovered weaknesses in real time through on demand remediation.

Ciso Platform Webcast: Shadow Data ExposedElastica Inc.

Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02

Mark Evertz

Best practices for automating cloud security processes with Evident.io and AWS

Amazon Web Services

Evident.io helps modern IT and DevOps teams implement and maintain security within the AWS shared responsibility model by enabling IT, Security, Engineering, and Operations with a continuous global view of security risk and actionable intelligence to rapidly remediate and secure AWS deployments. Hear how one of their customers combined the detection and analysis of misconfigurations, vulnerabilities, and risk with guided remediation and audit capabilities to gain visibility of their security environment, automate processes and meet compliance requirements. Eddie Borrero, Chief Information Security Officer, Robert Half International Phil Rodrigues, Security Solution Architect, AWS Craig Dent, Solutions Architect, Evident.io

Closing Often Missed Vulnerabilities that Leave Organizations Exposed

SecPod

From outliers in the IT infrastructure, unapproved software & devices, to incorrectly configured security controls & privileges, cyberattacks can occur from anywhere. Most of the time, these obvious attack vectors are right on the surface of your IT landscape but are often overlooked. While building a resilient cyberattack prevention program, it is essential that these aberrations, outliers, and deviations are discovered and acted upon to secure the IT network from massive cyberattacks. This research-driven webinar led by Dave Gruber, ESG Principal Analyst, Chandrashekhar CEO at SecPod, and Preeti Subramanian, Chief Architect and Director of R&D at SecPod, will explore the most obvious attack vectors in the IT landscape that needs to be discovered and eliminated.

Closing Often Missed Vulnerabilities that Leave Organizations Exposed

SecPod

Get a better understanding of IT and Security Posture. How to keep up with a growing attack surface? Learn the significance of deploying security strategies and a better understanding of the threat funnel and how it plays a vital role in maintaining a good security posture. Learn all about the new product from SecPod that is Continuous Posture Anomaly Management (CPAM) and how it can change your organization's Security Posture.

Similar to Targeted & Persistent Attacks in EU (20)

Information Security Intelligence

SegurançA Da InformaçãO Faat V1 4

From SIEM to SA: The Path Forward

Cases

Cloud Security

RSA: Security Analytics Architecture for APT

Advanced Persistent Threat - Evaluating Effective Responses

Anti evasion and evader - klaus majewski

Transforming the Way People Work with Syncplicity

F5 Networks- Why Legacy Security Systems are Failing

NetWitness

Databases and information Security presentation

Huawei Ransomware Protection Storage Solution Technical Overview Presentation...

Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...

Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.

Ciso Platform Webcast: Shadow Data Exposed

Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02

Best practices for automating cloud security processes with Evident.io and AWS

Closing Often Missed Vulnerabilities that Leave Organizations Exposed

More from DFLABS SRL

Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...

DFLABS SRL

DFlabs corporate profile 01-2013DFLABS SRL

Data Breach e Garante Privacy: Problemi e soluzioni

DFLABS SRL

In caso di distruzione o perdita dei dati personali società telefoniche e Internet provider avranno l'obbligo di avvisare gli utenti Società telefoniche e Internet provider dovranno assicurare la massima protezione ai dati personali perché tra i loro nuovi obblighi ci sarà quello di avvisare gli utenti dei casi più gravi di violazioni ai loro data base che dovessero comportare perdita, distruzione o diffusione indebita di dati. In attuazione della direttiva europea in materia di sicurezza e privacy nel settore delle comunicazioni elettroniche, di recente recepita dall'Italia, il Garante per la privacy ha fissato un primo quadro di regole in base alle quali le società di tlc e i fornitori di servizi di accesso a Internet saranno tenuti a comunicare, oltre che alla stessa Autorità, anche agli utenti le "violazioni di dati personali" ("data breaches") che i loro data base dovessero subire a seguito di attacchi informatici, o di eventi avversi, quali incendi o altre calamità. DFLabs propone un approccio integrato e modulare tra Consulenza (Policy e Procedure di Data Breach), Servizi (Incident Response) e Tecnologie di Incident management (IncMan Suite). In particolare, Incman consente di gestire interamente l'inventario e la reportistica sul data breach richiesta dal Garante Privacy.

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...

DFLABS SRL

L'evoluzione degli standard in materia di computer forensics e investigazioni...

DFLABS SRL

Dario Forte's SST Moscow Keynote

DFLABS SRL

Using Encase for Digital Investigations

DFLABS SRL

Proactively identifying and addressing covert/unknown threats Determining the capabilities and purpose of unknown files or running processes Identifying and recovering from polymorphic malware (e.g., Conficker) Signature-based detection tools are insufficient when faced with code that morphs to evade detection Quickly triaging and containing an identified threat Locating and rapidly responding to data leakage (PII, IP, etc.) Compliance with data protection and breach notification laws Malware attribution Records management

Iamers presentation-2

DFLABS SRL

IT GRC, Soluzioni Risk Management

DFLABS SRL

Cosa comporta ideare e individuare contromisure Quali tipi di contromisure prendere in considerazione e in quali circostanze: una proposta di risk mitigation framework. Organization and Technology soluzioni assicurative soluzioni contrattuali controllo interno Incident Management Valutare gli impatti delle contromisure Indicatori numerici di performance sulla sicurezza Come strutturare un controllo efficace sull’effettiva applicazione delle contromisure Il ruolo dell’Internal Auditing e del Risk Management nei sistemi di sicurezza interni Analisi di Casi di Studio Una proposta di Risk Mitigation Framework

PTK 1.0 official presentation

DFLABS SRL

D.I.M.

DFLABS SRL

More from DFLABS SRL (11)

Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...

DFlabs corporate profile 01-2013

Data Breach e Garante Privacy: Problemi e soluzioni

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...

L'evoluzione degli standard in materia di computer forensics e investigazioni...

Dario Forte's SST Moscow Keynote

Using Encase for Digital Investigations

Iamers presentation-2

IT GRC, Soluzioni Risk Management

PTK 1.0 official presentation

D.I.M.

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

DevOps and Testing slides at DASA Connect

Kari Kakkonen

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Free Complete Python - A step towards Data Science

RinaMondal9

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Generative AI Deep Dive: Advancing from Proof of Concept to Production

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

FIDO Alliance Osaka Seminar: Overview.pdf

20240605 QFM017 Machine Intelligence Reading List May 2024

DevOps and Testing slides at DASA Connect

National Security Agency - NSA mobile device best practices

Climate Impact of Software Testing at Nordic Testing Days

Communications Mining Series - Zero to Hero - Session 1

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Video Streaming: Then, Now, and in the Future

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

By Design, not by Accident - Agile Venture Bolzano 2024

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Free Complete Python - A step towards Data Science

Microsoft - Power Platform_G.Aspiotis.pdf

Targeted & Persistent Attacks in EU

1. Targeted & Persistent Attacks in EU The need for coordination and information sharing between EU member states Eoghan Casey, CASEITE & DFLabs

3. Large-‐scale credit card robbery Initial intrusion into regional office Weak internal security Servers with well known vulnerabilities Unrestricted access to central servers Weak egress filtering File transfer permitted from central servers to Internet Weak system monitoring Intruder created account on central server Installed sniffer on server Sniffer and file transfer log files created on server Weak network monitoring Network level logs recorded file transfers 2012 Copyright Eoghan Casey and CASEITE All rights reserved

4. Coordinated Linux intrusions Attacker's modus operandi Repository of stolen SSH credentials Privilege escalation LKM rootkits & tricky backdoor Trojanized SSH daemon Resilient C2 and exfiltration Destroy digital evidence 2012 Copyright Eoghan Casey and CASEITE All rights reserved

5. Common mistakes 1) Underestimating the adversary Too quick to containment 2) Lack of evidence No centralized logging infrastructure 3) Improper evidence handling Update antivirus and scan compromised systems 2012 Copyright Eoghan Casey and CASEITE All rights reserved

6. Know the adversary Initial intrusions not necessarily sophisticated Spear phishing or vulnerable servers Once inside, they spread virulently Inside out attacks circumvent egress filtering Undermine security monitoring File system tampering Multiple malware versions with custom packing Blend in with normal traffic Encrypt command, control and exfiltration 2012 Copyright Eoghan Casey and CASEITE All rights reserved

7. Quick containment? Current recommendation: When an incident has been detected and analyzed, it is important to contain it before the spread of the incident overwhelms resources or the damage increases. Most incidents require containment, so it is important to consider it early in the course of handling each incident. - NIST SP800-61 Rev. 1, page 3-19 2012 Copyright Eoghan Casey and CASEITE All rights reserved

10. Cross border information sharing Same attackers targeting all EU member states > Consolidate adversary knowledge Trust between government and industry Confidentiality agreements More information to examine the better Sanitize what is shared to protect victims 2012 Copyright Eoghan Casey and CASEITE All rights reserved

11. Information exchange standards STIX Structured Threat Information eXpression 2012 Copyright Eoghan Casey and CASEITE All rights reserved STIX Whitepaper -‐ makingsecuritymeasurable.mitre.org/docs/STIX-‐Whitepaper.pdf

Targeted & Persistent Attacks in EU

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Targeted & Persistent Attacks in EU

Similar to Targeted & Persistent Attacks in EU (20)

More from DFLABS SRL

More from DFLABS SRL (11)

Recently uploaded

Recently uploaded (20)

Targeted & Persistent Attacks in EU