cyber war ( world war 3 )
TRANSCRIPT
World War 3
QuoteHuman has to learn only one thing from history. That they have not learnt anything from History.
World WarsWW
1WW
2 History says Mankind fight for new
space War fare & strategy
changes France defeated in 6
weeks even though 6 Bn franc defence set up before WW2 after WW 1 learning
Only unchanged and deciding factor in WAR is “Human”- Still not replaceable
Weapons•Machine Gun• Poison gas• Submarine• Airplane• TankStrategy• Fought from Trenches• Supported by army• Static with little
mobility
Weapons• All of WW1• Paratrooper• Nuclear bomb •Missiles • Advanced sub / Jet Planes / Radar• Encrypted communicationStrategy• Blitzkrieg• Propaganda• Kamikaze
WW3 is Cyber War
• Fight for new “space” is now “Cyber space”• War fare changed to “Information Technology” • With time strategy & weapons changed, can’t rely on old methods• CW involved country, government agency, extremely skilled people- All
fighting remotely, unseen by victims • Intentions: Destroy e-space, financial gains, e-terrorism, e-ransom, brand
destruction, people confidence shaking Remember Strategy and Skilled army together “Win” in history of manpower
Cyber War Scene• Battle field: Cyber space• Goals to win: Political and Financial - Crime + Sabotage + Espionage +
Intellectual property • Warfare: Intelligent unseen snipers using e-tools• Army: 60 Mn command and control centre. 67% are known CnCC,
204 countries involved• Research: 51 countries has cyber research espionage labs • Internal threats: Lots of inside trading and hedging in financial
markets No zero day defence by companies and new attacks are made with newly written non repeated malicious scripts
• Enemies: No one knows, almost every one on internet is suspected. Even your own government is watching and tracking all activity
• Allies: Can’t trust any country or human being • Defence is not knowing Offence Strategy and strength
Offence Evolution
Virus & WormsMalware for financial gain
APT- Advanced Persistent
Threats
Key and Certificate
based attacks1990
20002007
2010
State backed hacks
2012
MelissaCode Red
Mvdoom, Bagle,DM5v
Zeus, Aurora,Conflicker
Spyeye, Dugu,Diginotar, Comodo, Bit9
Stuxnet, Sony ,Iran nuclear, Extremist linked
Objective
Threats
Examples
IT disruption, User machine
damage
Hacker financial
gain
Focus company /
agency
Exploit mass users
Government backed
Network based
E mail, Application
based
Social Engineeringbased
Application based
Politically motivated
Consumerization, social, mobile, cloud, big data and IoT are all contributing an increased risk of security and data breaches
“With continuing trends in cloud, consumerization, mobility and the "next big thing", the way IT is delivered is changing. Each brings new threats and breaks old security processes.”–Gartner
“Information security must evolve from just an IT project to the core of critical business decisions. You must protect enterprise data from compromise and drive innovation at the same time.” –Gartner
“Increasing use of cloud-based services, user mobility and multiple devices is adding complexity to security, particularly identity management requirements.” –Ovum
New age technology brings newSecurity challenge and we need to device new defense strategy
New fronts of attacks pouring in
Timing: 24.11.14, planed for past one yearWhat was compromised: 100 TB of Data, unreleased movies, confidential communications and reports. Wiper malware installed to delete rest of data, salary data,Culprits: GOP (Guardian of Peace), North Korea backed hackers (Really??)Motive: Prevent release of film “Interview” on North Korea leaderOther damages: Network was down for days, employees were asked not to attend office, hackers posted 4 unreleased movies, legal proceedings against hackers, hiring of security agencies to damage control, controversies etc.
Case study - SonyWhen: April, 2011What was compromised: Personal information of millions of customers, including their names, email addresses, dates of birth and account passwordsCulprits: Hackers Motive: Financial gain, $ 171 Mn loss to SonyAftermath: Breach of UK Data protection act and penalty of GBP 250K, shaken customer confidence
Case studyTarget Corporation (Retail Company) When: November - December, 2013What was compromised: 40 millions of customers credit card and 70 Million other detailsMotive: Financial gainHow: Target was using BMC Remedy Performance Management tool. One user “BEST_USER” with Admin right and password “BACKUPU$R” was compromised. Hackers took away data through Internet.Impact: Sales down just before Christmas, CISO resigned, 3 other retails were attacked using similar technique
IRAN NUCLEAR FACILITY What was compromised: Centrifuge pumps in Iranian Nuclear secret facilityMotive: Political How: One USB was dropped at facility doped with “STUXNET”. It was highly sophisticated malware made by super skilled team backed by some nations. It spread and infected PLC in plant. Made all machines malfunction. Currently many modified versions of STUXNET available on Internet.
Stats - Analysis • About Defence in depth is just not enough• Hacking seen in spite of lots of traditional tools• Analysis by Human is inevitable• Continuous improvement in skills and tools is imperative to win• Complete information security life cycle protection required
Why you should worry about CW• Brand value at stake• Company potential target due to high business visibility • Reputed brand for country attracts enemy government • Loss to company can cause economical damage to country • Can attract lots of attention if hacked• Huge financial gain to attackers• Can shake client and investors confidence
Current Defence • Most companies are putting complicated
defence in depth defence - proxy, gateways, DLP etc.
• China 3 PLA and Russia RBN easily breached Defence in depth
• Offence and defence are completely dislocated
• Focus is on Tools implementation• Signature based 25 years old defence model • Human intelligence is not fully used• Attack mentality not understood to strategize
How to win the CW3
• Threat Modelling• Continuous upgrade of Security Strategy• Align with business• Are we sufficient resourceful to defend?• Defend after to study Hacker mindshare• Relook at Dash board• Automate security and operation activities to reduce human errors• Analyze every possible pattern to catch suspects
Sameer Paradia (CGEIT, CISM, CISSP) ([email protected])Practicing IT Security Services and Outsourcing for past 22+ yearsPhoto acknowledgment: https://www.flickr.com/photos/babalas_shipyards/5339531237/in/photostream/
http://www.flickr.com/photos/forgetmeknottphotography/7003899183/sizes/l/in/photostream/
Thank you so much!!