SlideShare a Scribd company logo

Disruptionware-TRustedCISO103020v0.7.pptx

Download as PPTX, PDF
Debra Baker, CISSP CSSP
Debra Baker, CISSP CSSP

Distruptionware is a form of Ransomware. This presentation covers how to protect your company from it.

Technology
1 of 37
The Rise Of Disruptionware Debra Baker, vCISO 1 TrustedCISO
○ Debra Baker, CISSP CCSP ○ 20 years of practical experience in security starting in USAF > IBM > Entrust > Cisco > RedSeal ○ Founder of JHU Cryptographic Knowledge Base https://CryptoDoneRight.org ○ Distinguished SME in Information Security (ISC2) ○ Top 100 Women in Cybersecurity ○ Twitter: @deb_infosec 2
Hacking is Big Business Source: HPE The Business of Hacking Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. 3
4 • Anonymous • Easy • As a Service • CryptoPay • Nation State Threats
11/3/20 5 Institute for Critical Infrastructure Technology (ICIT) defines disruptionware as a “new category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity, and confidentiality of the systems, networks, and data belonging to the target.” What is Disruptionware?
6 In a Nutshell, ○ Sophisticated attacks ○ Halts an organization’s operations ○ Using a combination of known hacker tools o Ransomware o Network Reconnaissance Tools ▪ Network mapping tools ▪ Key loggers o Data Exfiltration o Wipers o Bricking Capabilities o Automated Components ▪ Botnets ▪ Credential Stuffing What is Disruptionware?
7 Example Wiper Attack at Aramco Shamoon (also known as Disttrack) Email Phishing
8 Garmin Ransomware Attack
9 ● Hit by WastedLocker Ransomware on July 23rd ● WastedLocker used by a Russian hacking group, known as Evil Corp. ● Many of their “online services were interrupted including website functions, customer support, customer facing applications and company communications,” ● Garmin said it had “no indication” that customer data was accessed, lost or stolen. The company said its services are being restored. ● The attack caused massive disruption to the company’s online services ○ Garmin Connect ○ flyGarmin Garmin Ransomware Attack - What happened?
10 Large Scale Ransomware Attack at UHS An emergency room technician at one UHS-owned facility tells WIRED that their hospital has moved to all- paper systems as a result of the attack.
11 Ransomware Attack at German Hospital Leads to Death German authorities say the hackers took advantage of a vulnerability in Citrix virtual private network software that was publicly known since January but which the hospital had failed to address.
12
Ransomware Total Cost 13 Source: Cybersecurity Ventures $- $5 $10 $15 $20 $25 2015 2016 2017 2019 2021 Ransomware Total Cost Billons
Top 5 Ransomware Source: securityboulevard.com 14
Top 5 Ransomware Source: bleepingcomputer.com 15
16
17 “Ransomware is Now a Data Breach” -BleepingComputer • The latest Ransomware (REvil) is sending the files to a remote server, so if you don’t pay the ransom, your data will be made publicly available. Courtesy of Bleeping Computer
Anatomy of an Attack – Pre-2020 ●Disruptionware is a combination of tools to disrupt operations 18 RDP SMB
What is RDP? 19 Remote Desktop Protocol (RDP) – RDP is a client-server communication protocol developed by Microsoft. It provides a user with a graphical interface and RDP client to connect to another RDP server. RDP server software exists for Unix and OSX. RDP Client RDP Server Port 3389 RDP
Censys.io Search port 3389 Exposed to Internet 20 How to Secure RDP • Use Strong Passwords • Use Two Factor Authentication o X.509 Certificates o Smartcard (Yubikey, RSA) • Block 3389 at Boundary Firewall • Limit Administrators who can login remotely; o by default all Admins have access
What is SMB? 21 Server Message Block (SMB) – SMB is a client – server communication protocol on port 445. Created by IBM in the 1980s, SMB is used for accessing shared resources such as printers, files, serial port and other resources on the network. Courtesy of docs.microsoft.com How to Secure SMB • Disable SMBv1.0 • Use SMB 3.0 and above • Block TCP port 445 at Boundary Firewall • Block UDP ports 137-138 & 139 (NetBios)
Anatomy of an Attack 2020 22 RDP SMB RDP SMB
11/3/20 23 Ransomware – How to Protect Yourself • Scheduled Backups; Keep offline backups • Host Defender ie. Windows Defender, Crowdstrike, Tanium • Turn if off! Remove host from Wired and Wireless Network • Don’t use Windows 98, XP, Windows 7 and Windows Server 2008 o No longer patched and frequently exploited. o Win 7 and 2008 stopped receiving security updates as of January 14, 2020 • Turn off Remote Desktop Protocol (RDP) port 3389 o Frequently exploited by Ransomware • Block port Ports 137-139, 445, & 3389 from external networks o Don’t use SMB 1.0, should be using SMB 3.0 >> WannaCry o If have SMB 3.0 in use, but have not disabled SMB 1.0, hackers could use SMB 1.0 • Check well known site like nomoreransom.org which may have the decrypt key o https:// nomoreransom.org o https://www.barkly.com/ransomware-recovery-decryption-tools-search
How to Protect Your Network? Get Back to the Basics 1. Multi-factor Authentication (MFA) 2. EDR 3. Multi-Factor Authentication 4. Know Your Network ■ Network Inventory (Solarwinds) ■ Discovery (RedSeal) 5. Segmentation (RedSeal) ■ Identify Your Critical Assets ■ Place High Value assets in high security segments 6. Vulnerability Management ■ Vulnerability Prioritization with Network Context (RedSeal) 7. Secure Configuration Network Devices ■ Center for Internet Security (CIS) (RedSeal) ■ STIGS (RedSeal) 8. Data Protection ■ Strong Cryptography 24 “Research from Gartner suggests that, through 2020, 99% of firewall breaches will be caused by simple firewall misconfigurations, not flaws.” -Infosecurity Magazine
“Almost every phishing attack that we’ve seen could have been prevented with multifactor authentication” Rory Sanchez, CEO of True Digital Security ○ Multi-factor Authentication ○ Strong Passwords o Use Special characters o Minimum of 12 characters recommended o Upper and Lower Case o Numbers ○ Training awareness ○ Use Argon2id for password hashing 11/3/20 25 Identity and Access Management Courtesy of Troubleshooting Windows 7 Inside Out
Identity and Access Management ○ Check against commonly used password lists > Have I have been pawned site ○ NIST 800-63B says only force new password when known breach occurs ■ Character and numbers only ○ Change user passwords at least once every 90 or 180 days ○ A 2010 study by Weir et al. found that users will simply capitalize the first letter of their password and add a “1” or “!” to the end, making the password no harder to crack. Any password cracker worth their salt knows about these patterns and has adjusted their tools accordingly. 26
○ Audit Logs > Security Information and Risk Management (SIEM) ie Splunk • Individual User Access to PII data • All actions taken with root or Administrator access. • Access to all audit logs • Invalid logical access attempts o Entering incorrect password o Trying to access a file you aren’t authorized to access o Trying to access a folder you aren’t authorized to access 11/3/20 27 Auditing
Back to the Basics: Asset Management & Discovery ● Managing hardware, software, and ephemeral devices o Service Now o SolarWinds o Axonius – Ephemeral o RedSeal – Discovery 28 Why it Matters? • Any endpoint open to internet could have an open port, unauthorized protocol, or vulnerability allowing access into your network • Leapfrog into other areas of your network o Marriott o Equifax o Capital One > $80 million fines
Prioritize Host Vulnerabilities Based on Network Context CVSS 6 CVSS 7 CVSS 9 CVSS 4 Is a critical asset Has access to critical assets No access to critical assets or untrusted networks Exposed to untrusted network Remediation Order: 1. 2. 3. 4. CVSS 9 CVSS 7 CVSS 6 CVSS 4 CVSS 7 CVSS 9 CVSS 6 CVSS 4 With RedSeal 29
● China 25 – NSA publishes top 25 exploits ▪ Citrix Netscaler CVE-2019-19781 ▪ Windows RDP Exploit (aka Bluekeep) CVE-2019-0708 ▪ Windows Zerologon CVE-2020-1472) ● Cisco ASA & FTD High Severity Security Flaw CVE-2020-3452 ● Cisco Jabber for Windows CVE-2020-3495 ● Cisco CDP CVE-2020-3119 ● Palo Alto VPN security flaw CVE-2020-2021 ▪ US Cyber Command has warned that nation states will exploit it ● Palo Alto Buffer Overflow when Captive Portal or MFA enabled CVE-2020-2040 ● Windows aka Bad Neighbor CVE-2020-1656 30 Top Remote Code Executable Flaws 2020
Understand Your Hybrid Environment GCP DMZ Azure AW S NSX ACI On Premise Internet 31
RedSeal Provides… Digital Twin of Network 32
Security Impact Queries - Testing Changes Prior to Approval 11/3/20 33 By running a Security Impact Query: Reviewers can see that no exposure would be created, and there is no downstream risk from this request However, a policy would need to be updated to reflect an allowable change.
Cyber Compliance – Network Segmentation Build network “digital twin” • Model across on-premise, cloud, and hybrid cloud • Validate network segmentation for PCI ⮚Create PCI/Custom Zones and Policies • Assess risks related to network and firewall changes ⮚ Test Segmentation and send alert if out of compliance and send an alert Policy for access to personal info – From User Zone A Approvals required All access forbidden Azure Zone A (No Personal Info) Azure Zone C (Customer Personal Info) Azure Zone B (Internal Personal Info) Server Zone A (No Personal Info) Server Zone C (Customer Personal Info) Server Zone B (Internal Personal Info) Internet User Zone A 34
11/3/20 35 Risk Management ⮚ Rank vulnerabilities, identify system/network misconfigurations by risk in reference to their exposure to threats ⮚ Filter vulnerabilities based on network context
Data Protection – Use Strong Cryptography ● Use Latest OpenSSL > o Note: The latest stable version is the 1.1.1 series. This is also our Long-Term Support (LTS) version, supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encourage to upgrade to 1.1.1 as soon as possible. ● TLS v1.2 or above is recommended ● TLSv1.3 - Best ● Hmac-sha-1 and above ● SHA-2 and above ● See Standards Table on Crypto Done Right for a Complete Listing of recommended ciphers https://cryptodoneright.org/articles/standards/standards_table.html 36
References ● https://www.ibmsystemsmag.com/Power-Systems/03/2020/Ransomware-Attacks-on-the-Rise ● Decryption Key Websites: ▪ https://www.barkly.com/ransomware-recovery-decryption-tools-search ▪ https://nomoreransom.org ▪ https://id-ransomware.malwarehunterteam.com/ ● https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-20th- 2019-attacks-everywhere/ ● https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to- uptick-in-fatal-heart-attacks/ ● https://technet.microsoft.com/en-us/library/security/ms17-010.aspx ● https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/ ● https://www.cnn.com/2019/11/12/tech/google-project-nightingale-federal-inquiry/index.html ● https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000- appointments-cancelled/ 37

Recommended

Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 

Recommended

Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network SecurityAnjan Mahanta
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
hacking
hackinghacking
hackingADAIKKAPPANS1
 
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Brian Bissett
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
The application security controller
The application security controllerThe application security controller
The application security controllerChris Swan
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsMehrdad Jingoism
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10Irsandi Hasan
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 

More Related Content

Similar to Disruptionware-TRustedCISO103020v0.7.pptx

Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network SecurityAnjan Mahanta
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Brian Bissett
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
The application security controller
The application security controllerThe application security controller
The application security controllerChris Swan
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018randomuserid
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsMehrdad Jingoism
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10Irsandi Hasan
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 

Similar to Disruptionware-TRustedCISO103020v0.7.pptx (20)

Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network Security
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
hacking
hackinghacking
hacking
 
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
The application security controller
The application security controllerThe application security controller
The application security controller
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypots
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 

Recently uploaded

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 

Recently uploaded (20)

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 

Disruptionware-TRustedCISO103020v0.7.pptx

  • 1. The Rise Of Disruptionware Debra Baker, vCISO 1 TrustedCISO
  • 2. ○ Debra Baker, CISSP CCSP ○ 20 years of practical experience in security starting in USAF > IBM > Entrust > Cisco > RedSeal ○ Founder of JHU Cryptographic Knowledge Base https://CryptoDoneRight.org ○ Distinguished SME in Information Security (ISC2) ○ Top 100 Women in Cybersecurity ○ Twitter: @deb_infosec 2
  • 3. Hacking is Big Business Source: HPE The Business of Hacking Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. 3
  • 4. 4 • Anonymous • Easy • As a Service • CryptoPay • Nation State Threats
  • 5. 11/3/20 5 Institute for Critical Infrastructure Technology (ICIT) defines disruptionware as a “new category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity, and confidentiality of the systems, networks, and data belonging to the target.” What is Disruptionware?
  • 6. 6 In a Nutshell, ○ Sophisticated attacks ○ Halts an organization’s operations ○ Using a combination of known hacker tools o Ransomware o Network Reconnaissance Tools ▪ Network mapping tools ▪ Key loggers o Data Exfiltration o Wipers o Bricking Capabilities o Automated Components ▪ Botnets ▪ Credential Stuffing What is Disruptionware?
  • 7. 7 Example Wiper Attack at Aramco Shamoon (also known as Disttrack) Email Phishing
  • 9. 9 ● Hit by WastedLocker Ransomware on July 23rd ● WastedLocker used by a Russian hacking group, known as Evil Corp. ● Many of their “online services were interrupted including website functions, customer support, customer facing applications and company communications,” ● Garmin said it had “no indication” that customer data was accessed, lost or stolen. The company said its services are being restored. ● The attack caused massive disruption to the company’s online services ○ Garmin Connect ○ flyGarmin Garmin Ransomware Attack - What happened?
  • 10. 10 Large Scale Ransomware Attack at UHS An emergency room technician at one UHS-owned facility tells WIRED that their hospital has moved to all- paper systems as a result of the attack.
  • 11. 11 Ransomware Attack at German Hospital Leads to Death German authorities say the hackers took advantage of a vulnerability in Citrix virtual private network software that was publicly known since January but which the hospital had failed to address.
  • 12. 12
  • 13. Ransomware Total Cost 13 Source: Cybersecurity Ventures $- $5 $10 $15 $20 $25 2015 2016 2017 2019 2021 Ransomware Total Cost Billons
  • 14. Top 5 Ransomware Source: securityboulevard.com 14
  • 15. Top 5 Ransomware Source: bleepingcomputer.com 15
  • 16. 16
  • 17. 17 “Ransomware is Now a Data Breach” -BleepingComputer • The latest Ransomware (REvil) is sending the files to a remote server, so if you don’t pay the ransom, your data will be made publicly available. Courtesy of Bleeping Computer
  • 18. Anatomy of an Attack – Pre-2020 ●Disruptionware is a combination of tools to disrupt operations 18 RDP SMB
  • 19. What is RDP? 19 Remote Desktop Protocol (RDP) – RDP is a client-server communication protocol developed by Microsoft. It provides a user with a graphical interface and RDP client to connect to another RDP server. RDP server software exists for Unix and OSX. RDP Client RDP Server Port 3389 RDP
  • 20. Censys.io Search port 3389 Exposed to Internet 20 How to Secure RDP • Use Strong Passwords • Use Two Factor Authentication o X.509 Certificates o Smartcard (Yubikey, RSA) • Block 3389 at Boundary Firewall • Limit Administrators who can login remotely; o by default all Admins have access
  • 21. What is SMB? 21 Server Message Block (SMB) – SMB is a client – server communication protocol on port 445. Created by IBM in the 1980s, SMB is used for accessing shared resources such as printers, files, serial port and other resources on the network. Courtesy of docs.microsoft.com How to Secure SMB • Disable SMBv1.0 • Use SMB 3.0 and above • Block TCP port 445 at Boundary Firewall • Block UDP ports 137-138 & 139 (NetBios)
  • 22. Anatomy of an Attack 2020 22 RDP SMB RDP SMB
  • 23. 11/3/20 23 Ransomware – How to Protect Yourself • Scheduled Backups; Keep offline backups • Host Defender ie. Windows Defender, Crowdstrike, Tanium • Turn if off! Remove host from Wired and Wireless Network • Don’t use Windows 98, XP, Windows 7 and Windows Server 2008 o No longer patched and frequently exploited. o Win 7 and 2008 stopped receiving security updates as of January 14, 2020 • Turn off Remote Desktop Protocol (RDP) port 3389 o Frequently exploited by Ransomware • Block port Ports 137-139, 445, & 3389 from external networks o Don’t use SMB 1.0, should be using SMB 3.0 >> WannaCry o If have SMB 3.0 in use, but have not disabled SMB 1.0, hackers could use SMB 1.0 • Check well known site like nomoreransom.org which may have the decrypt key o https:// nomoreransom.org o https://www.barkly.com/ransomware-recovery-decryption-tools-search
  • 24. How to Protect Your Network? Get Back to the Basics 1. Multi-factor Authentication (MFA) 2. EDR 3. Multi-Factor Authentication 4. Know Your Network ■ Network Inventory (Solarwinds) ■ Discovery (RedSeal) 5. Segmentation (RedSeal) ■ Identify Your Critical Assets ■ Place High Value assets in high security segments 6. Vulnerability Management ■ Vulnerability Prioritization with Network Context (RedSeal) 7. Secure Configuration Network Devices ■ Center for Internet Security (CIS) (RedSeal) ■ STIGS (RedSeal) 8. Data Protection ■ Strong Cryptography 24 “Research from Gartner suggests that, through 2020, 99% of firewall breaches will be caused by simple firewall misconfigurations, not flaws.” -Infosecurity Magazine
  • 25. “Almost every phishing attack that we’ve seen could have been prevented with multifactor authentication” Rory Sanchez, CEO of True Digital Security ○ Multi-factor Authentication ○ Strong Passwords o Use Special characters o Minimum of 12 characters recommended o Upper and Lower Case o Numbers ○ Training awareness ○ Use Argon2id for password hashing 11/3/20 25 Identity and Access Management Courtesy of Troubleshooting Windows 7 Inside Out
  • 26. Identity and Access Management ○ Check against commonly used password lists > Have I have been pawned site ○ NIST 800-63B says only force new password when known breach occurs ■ Character and numbers only ○ Change user passwords at least once every 90 or 180 days ○ A 2010 study by Weir et al. found that users will simply capitalize the first letter of their password and add a “1” or “!” to the end, making the password no harder to crack. Any password cracker worth their salt knows about these patterns and has adjusted their tools accordingly. 26
  • 27. ○ Audit Logs > Security Information and Risk Management (SIEM) ie Splunk • Individual User Access to PII data • All actions taken with root or Administrator access. • Access to all audit logs • Invalid logical access attempts o Entering incorrect password o Trying to access a file you aren’t authorized to access o Trying to access a folder you aren’t authorized to access 11/3/20 27 Auditing
  • 28. Back to the Basics: Asset Management & Discovery ● Managing hardware, software, and ephemeral devices o Service Now o SolarWinds o Axonius – Ephemeral o RedSeal – Discovery 28 Why it Matters? • Any endpoint open to internet could have an open port, unauthorized protocol, or vulnerability allowing access into your network • Leapfrog into other areas of your network o Marriott o Equifax o Capital One > $80 million fines
  • 29. Prioritize Host Vulnerabilities Based on Network Context CVSS 6 CVSS 7 CVSS 9 CVSS 4 Is a critical asset Has access to critical assets No access to critical assets or untrusted networks Exposed to untrusted network Remediation Order: 1. 2. 3. 4. CVSS 9 CVSS 7 CVSS 6 CVSS 4 CVSS 7 CVSS 9 CVSS 6 CVSS 4 With RedSeal 29
  • 30. ● China 25 – NSA publishes top 25 exploits ▪ Citrix Netscaler CVE-2019-19781 ▪ Windows RDP Exploit (aka Bluekeep) CVE-2019-0708 ▪ Windows Zerologon CVE-2020-1472) ● Cisco ASA & FTD High Severity Security Flaw CVE-2020-3452 ● Cisco Jabber for Windows CVE-2020-3495 ● Cisco CDP CVE-2020-3119 ● Palo Alto VPN security flaw CVE-2020-2021 ▪ US Cyber Command has warned that nation states will exploit it ● Palo Alto Buffer Overflow when Captive Portal or MFA enabled CVE-2020-2040 ● Windows aka Bad Neighbor CVE-2020-1656 30 Top Remote Code Executable Flaws 2020
  • 31. Understand Your Hybrid Environment GCP DMZ Azure AW S NSX ACI On Premise Internet 31
  • 32. RedSeal Provides… Digital Twin of Network 32
  • 33. Security Impact Queries - Testing Changes Prior to Approval 11/3/20 33 By running a Security Impact Query: Reviewers can see that no exposure would be created, and there is no downstream risk from this request However, a policy would need to be updated to reflect an allowable change.
  • 34. Cyber Compliance – Network Segmentation Build network “digital twin” • Model across on-premise, cloud, and hybrid cloud • Validate network segmentation for PCI ⮚Create PCI/Custom Zones and Policies • Assess risks related to network and firewall changes ⮚ Test Segmentation and send alert if out of compliance and send an alert Policy for access to personal info – From User Zone A Approvals required All access forbidden Azure Zone A (No Personal Info) Azure Zone C (Customer Personal Info) Azure Zone B (Internal Personal Info) Server Zone A (No Personal Info) Server Zone C (Customer Personal Info) Server Zone B (Internal Personal Info) Internet User Zone A 34
  • 35. 11/3/20 35 Risk Management ⮚ Rank vulnerabilities, identify system/network misconfigurations by risk in reference to their exposure to threats ⮚ Filter vulnerabilities based on network context
  • 36. Data Protection – Use Strong Cryptography ● Use Latest OpenSSL > o Note: The latest stable version is the 1.1.1 series. This is also our Long-Term Support (LTS) version, supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encourage to upgrade to 1.1.1 as soon as possible. ● TLS v1.2 or above is recommended ● TLSv1.3 - Best ● Hmac-sha-1 and above ● SHA-2 and above ● See Standards Table on Crypto Done Right for a Complete Listing of recommended ciphers https://cryptodoneright.org/articles/standards/standards_table.html 36
  • 37. References ● https://www.ibmsystemsmag.com/Power-Systems/03/2020/Ransomware-Attacks-on-the-Rise ● Decryption Key Websites: ▪ https://www.barkly.com/ransomware-recovery-decryption-tools-search ▪ https://nomoreransom.org ▪ https://id-ransomware.malwarehunterteam.com/ ● https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-20th- 2019-attacks-everywhere/ ● https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to- uptick-in-fatal-heart-attacks/ ● https://technet.microsoft.com/en-us/library/security/ms17-010.aspx ● https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/ ● https://www.cnn.com/2019/11/12/tech/google-project-nightingale-federal-inquiry/index.html ● https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000- appointments-cancelled/ 37