3. Current CyberThreats
CyberThreats Summary
ThreatConvergence
▪ Digital world and physical world is now homogeneous
▪ CCTV, Door AccessControl, ID Badge, HVAC, Medical
Devices and other Automation System
Threat Summary of 2010
2011 Outlook
4. Economic condition continue to fluctuate
More people is out of job
Criminal has more incentive
Budget is tighten
Technology makes things faster, smaller, better,
cheaper and more available to those who never
ever had accessibility before.
Technology is easier to user but much more
sophisticated behind like an iceberg
New technology allows newer and innovative
threats
5. Individual
- Privacy
- Life
- Bank acc.
Enterprise
- Business
espionage
-Sabotage
- Fraud
- Financial loss
- Reputation
Industry
- Specific industry
sector damage i.e.
telecom,
healthcare, energy,
financial
Country
-CyberWarfare
- Sabotage
-Criminal
-Terrorism
- National symbol
Global
-Criminal
-Terrorism
7. The threat is out there and more and more
innocence users are getting on-board
More bandwidth (3G/4G)
More smarter devices
More users/subscribers
More innocence targets
More accessibility
More application (good & bad)
8. Criminal utilizes leading-edge
technology/methodology, while many people
still:
Using password as “password” or “12345”
Password length not less than 8, fine, then
“12345678”
Have to mix alphabet with number, ok,
“password123”
Leave theirWiFi router/AP no password
Leave their ADSL router configuration as default
9. Simple trick still work well
Win a Lotto
Celebs’ clip
Free ticket
FakeAntivirus
Malicious link
Bit.ly
Our_picture.zip
10. (National) Cybersecurity Day
Security awareness medias and contents in
local language
(National) Cybersecurity Awareness Program
11. Keep the bad guy out (from outside)
What if the bad guy is inside?
Strong external security perimeter
but weak internal control
12. From the response of over 10,000 executives around the globe
Organizations have more visibility on their environment as the number
of “Don’t know” decreases
13. The attacks aim more on the data
Network and system exploitations seem steady
From the response of over 10,000 executives around the globe
14. CEO’s or CFO’s may consider allocating budget not only for maintaining
current security level but to advance security capability of the whole
organization
From the response of over 10,000 executives around the globe
15. Board of directors need to hear from CISO
CISO and CIO has some contradict aspect of function (check and balance)
From the response of over 10,000 executives around the globe
16. Use custom software to
infiltrate computers
Steal information
Steal credential
Steal intellectual property
Key logger
BotNet
Virus/worm
Rootkit
17.
18. DEVICES
Network
Computer
Mobile phone
Home automation
IP camera
Access door
Building Automation System
(BAS)
Medical device
Implantable device
Power grid, power substation
SCADA/DCS/Industrial
Automation
Super car (Porsche 911)
Many many others
COMMONATTACK SURFACE
Network (protocol)
Operating system
Application
Implementation
23. 1. Attack to unpatched/outdated
OS/service/software/application
2. Operator screen taken over
3. Attack to database or file server
4. Password brute force
5. Malware propagation
6. Eavesdrop (sniff) information from the network
7. Incomplete implementation ofTCP/IP
8. Denial of Service (DOS)
9. Embedded web interface in the device
10. Default authentication password or no password at all
23
24. 1) More focus on Data Correlation
2)Threat intelligence analysis will become more important
3) Endpoint security becomes more important
4) Focusing in on proactive forensics instead of being reactive
5) Moving beyond signature detection
6) Users will continue to be the target of attack
7) Shifting from focusing on data encryption to key
management
8) Cloud computing will continue regardless of the security
concerns
9) New Internet protocols with increase exposure
10) Integrated/embedded security devices
25.
26.
27. M&A in IT Security Industry
More targeted custom malware attacks
More on the “white-list” approach rather than “black-
list”
More on hardware (design) security
Memory (RAM) attack (decrypted data, password, pin
and etc.)
As a result from PCI, HIPAA,GLBA that asked for
encrypting sensitive data at rest and in transit
Monitoring and AnalysisCapability will increase
Wireless in more other purposes
MoreCloud Computing Issues
Digital investigator job will be highly demanded
28. Emerging of legislation compliance requirement
Royal Decree (ETA.C25) (announced inSep. 2010 and will be enforced after 180 days)
ISO27001
Critical Infrastructure Sectors
BusinessContinuity
BS 25999
Increase of infosec workforce in government,
public sector and private sector
Raise awareness and inspiration in infosec career
in academic institutes
Increase user awareness of Thailand citizen