4. mitigating a cyber attack
TRANSCRIPT
Mitigating a Cyber Attack
The New Era of Cyber Security University of Piraeus
8/12/2014
Γιάννης Κυπραίος CISSP, CISM, ISO-27005 CIRM
Υποδιεύθυνση Ασφάλειας Πληροφοριακών Συστημάτων Διεύθυνση Διακυβέρνησης Πληροφορικής Ομίλου ΕΤΕ
Agenda
• Cyber Attack Definition
• Cyber Attack Targets
• Cyber Criminals Profile
• Crime-as-a-Service
• Type of Cyber Attacks
• Critical Controls for effective Cyber Defense
• Cyber Attack Detection
• Reaction to a Cyber Attack
Cyber Attack Definition
Wikipedia
Cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.
Yale Law School
A Cyber-attack consists of any action taken to undermine the functions of a computer network for a political or national security purpose.
Yale: The Law of Cyber Attack
Cyber Attack Targets
• Control Systems
• Energy
• Finance
• Telecommunication
• Transportation
• Water
Cyber Attack Targets
• Stealing Information
• Wiping Data, Blocking Infrastructure
• Stealing money
• Damaging Company Reputation
• Financial Losses
Crime-as-a-Service
• Underground forums
• Criminal Services– Infrastructure-as-a-Service
– DDoS-as-a-Service
– Data-as-a-Service
– Pay-per-install Services
– Hacking-as-a-Service
– Malware-as-a-Service
– Translation Services
– Money Laundering-as-a-Service
Critical Controls for Effective Cyber Defense
Critical Security Controls - Version 51. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Malware Defenses
6. Application Software Security
https://www.sans.org/critical-security-controls/
Critical Controls for Effective Cyber Defense
Critical Security Controls - Version 57. Wireless Access Control
8. Data Recovery Capability
9. Security Skills Assessment and Appropriate Training to Fill Gaps
10.Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
11.Limitation and Control of Network Ports, Protocols, and Services
12.Controlled Use of Administrative Privileges
13.Boundary Defense
https://www.sans.org/critical-security-controls/
Critical Controls for Effective Cyber Defense
Critical Security Controls - Version 514.Maintenance, Monitoring and Analysis of Audit
Logs
15.Controlled Access Based on the Need to Know
16.Account Monitoring and Control
17.Data Protection
18.Incident Response and Management
19.Secure Network Engineering
20.Penetration Tests and Red Team Exercises
https://www.sans.org/critical-security-controls/
Cyber Attack Detection
There is no ”if”; only “when”!• “I am convinced that there are only two types of
companies:those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”R.S. Mueller III, Director of FBI
• “There are two types of law firms: those that know they’ve been hacked and those that do not;”Attorney V. Polley
Cyber Attack Detection (Logs)
• Network Firewalls
• AntiVirus
• Data Base Firewalls
• Web Application Firewalls
• Intrusion Prevention Systems
• Security Logs
SecurityInformation &EventManagement
Cyber Attack Detection (Behavior)
• Slow Internet
• Slow LAN
• Inaccessible Web Sites
• Computer Behavior Changes
• Unknown Services
• Unknown Connections
DoS / DDoS
Malware
Reaction to a Cyber Attack
Be Prepared
• Response Team
• Reporting
• Initial Response
• Investigation
• Recovery and follow-up
• Public Relations
• Law Enforcement
Mitigating a Cyber Attack
The New Era of Cyber Security University of Piraeus
8/12/2014
Ioannis Kypraios CISSP, CISM, ISO-27005 CIRM