cyberoam - unified threat management unified threat management cyberoam © copyright 2007 elitecore...

Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam

© Copyright 2007 Elitecore Technologies Limited. All Rights Reserved.

Cyber Warfare : The World War III

By: Hemal PatelMD & CEO, Elitecore Technologies Ltd.



Presentation Sketch

What is Cyber crime / Cyber warfare?

Cyber Warfare - Weapons

Why Cyber Attacks Succeed

Is India ready?

Fighting Cyber Warfare



What is Cyber Crime / Warfare?



Cyber crime

“ any unlawful acts wherein the computer is either a tool or target or both.”

Cyber Warfare:

“Cyber Warfare is an attack on information in the information age”

War on Information is to gain knowledge and control over key information



Evolution of the Virtual Battleground



Evolution of the Real Battleground

The Next War Will not be Fought on Battlefields It will be on Cyber World



Battle Strategy

Spy

Bait

Ammunition

Battleground

Cyber War

Implant Intrusions

Spyware, Malware

Phishing, Pharming

Virus, Trojans

IP Networks

Artillery Botnets/ZombiesRoot-kits

Old Battleground vs. Cyber Battleground



Arms & Ammunitions

New Modern era tools and guns

Soldiers, commander in chief

Fort & Huge Walls

Cyber War

Traditional Firewall and security Softwares

Third Generation Firewall and UTM’s

Lawyers, cyber crime consultants and police force

Cyber Cell

Tools used for Protection

Old Battleground vs. Cyber Battleground



Who is the Target?



When? 2003 - 2005

Attacker Profile Professional writers and crime rings who got

down to business Designed attacks to commit financial fraud

Motive of the attack To hit large organizations – impacting their

business and crippling their customers To Sniff out personal information, such as a SSN

or bank account number To generate thousands of dollars from the

harvested data

Cyber Attacks are Getting Targeted



Who were the victims? Users, Employees of Large Organizations and

Financial Institutions

What were the attack vectors? Blending of email and web threats Social engineering – Phishing emails Weak Web and email applications

Example Paypal, Ebay, Authorize.net

Hitting the Financial Targets



When? 2005 onwards

Attacker Profile No longer mere individuals

Collaboration among professional programmers with access to greater pooled resources

Virtual Consortiums dedicated to creation and distribution of malicious software intended to steal money from individuals

Narrowing the targets: Cyber Attackers Working Smart



Motive of the attack To target Regional players and individuals – to

escape attention Attacks driven by financial motives To steal confidential information from specific

companies - Identity theft

Who are the victims? Small corporations, Key Individuals

What are the attack vectors? Spear phishing – exploiting individuals’ trust New hybrid combinations - spy phishing




Examples Bank Of India ICICI Bank ABC, XYZ…


Do you know about them?

Have you heard about such small regional attacks? Such Attacks Fly under the radar Have a prolonged Lifespan Cause significantly high financial damage to Victims



Targeted Attacks on Nation’s Networks

A Full-fledged Cyber Attack on a nation involves 4 steps. FIRECELL

1 Gain control over Network of Government and Defense Establishments

2 Bring down the Financial SystemsThe Stock Markets and Banks

3 Take Control of the Nations’ Utilities Power, Telecom

4 Take control over personal identities ITax / Passport data

Let’s see an instance - Movie Clip

The ResultCould Easily and Rapidly bring the Nation to a Standstill!



Why Cyber Attacks Succeed?



Insiders

Who are the Attackers ?

RoleInitiatorsVictimsConduits

MotivesMalicious Intent - GreedDisgruntled employees

– VengeanceUser Ignorance

External Attackers getting insider information

Targeting insider victims

Targeting insiders as conduits

External Attackers




Attacks - Tactics have changed

Attacks are becoming Targeted

Information of key personnel available publicly

Attacks are short-lived - Zero-day attacks

Cyber Warfare favors the attacker

Hackers say there’s always at least one machine that is unprotected. And it only takes one!




Defense - We are not well prepared

Lack of Security Awareness, Ignorance

Lack of national strategy on countering insurgency in the cyberspace

Even up-to-date systems totally miss cleverly disguised attacks

Unclear / loopholes in Cyberoam crime laws Unclear punishment

Lack of Dynamism in Formation of Cyber laws



Examples of Cyber Crime

Some Recent Examples



Is India Prepared?



Is India Prepared to fight Cyber War?

Not that nothing has been done to fight the Cyber War

• The question is how well are we prepared?

• Is there a clear direction?

Draft amendments to IT Act 2000 do not address Cyber-warfare or Cyber-terrorism



Check what the Hackers can do! What Happened?

After Pokhran II test in 1998, - Hackers called ’Milworm’ broke into BARC site and posted anti Indian and anti-nuclear messages

In 1999, website of Indian Science Congress Association was defaced and the hacker posted provocative comments about Kashmir

In 2002, 9 websites of India’s top telecom companies were defaced and were posted with content accusing India of Human Right violations

What can Happen?

The hacker can hack the network of utilities The hacker can intrude the network and steal the information being

exchanged between ministries Hacker can alter the public information that results in instability of the stock

market



Fighting the Cyber Warfare



Fighting the Cyber War - Cyber Counter Intelligence

Need for Central Nodal Agency

• National strategy on countering insurgency in the cyberspace• Creation of National Nodal Agency for IP Security deployments

Right Security Solution

• A solution which provides complete Internet Security• A solution which fights both Internal and External Threats• A solution which results in low Capex and Opex

Security Awareness

• About the most recent type of threats/attacks• About the do’s and don’ts of Internet usage• About preventing the leakage of confidential information



Fighting the Cyber WarfareThe Cyberoam Way



Cyberoam is the Identity based UTM solution that offers Integrated Internet Security with fine granularity through its unique identity - based policies.

It offers comprehensive threat protection with:

• Stateful-Inspection Firewall• VPN• IPS• Gateway Anti-virus• Gateway Anti-spam • Content filtering• Bandwidth management • Multi-Link Manager• Comprehensive Reporting

Cyberoam – Identity based Unified Threat Management



Thank You

To Know more about Cyberoam

Visit www.cyberoam.com

Email: [email protected]

cyberoam - unified threat management unified threat management cyberoam © copyright 2007 elitecore...

Documents

cyber battleground slide

cyber warfare slide

elitecore technologies

cyber world slide

cyber crime warfare

cyber warfare weapons

cyber crime consultants

virtual battleground