“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”
by Kevin G. Coleman
How AI, OpenAI, and ChatGPT impact business and software.
CyberTerrorism - A case study for Emergency Management
1. Cyberterrorism
A case study for Emergency Management
Ricardo A. Reis, Security Officer
&
Hospital São Paulo
2. Presentation Developed By:
Ricardo A. Reis
ricardo.areis@unifesp.br
ricardo.areis@gmail.com
CCO, Federal University of São Paulo
For use by:
The International Consortium
for Organization Resilience
(ICOR)
4. Cyberterrorism
Prepare, Plan and Stay in Business
Cyber Terrorism is defined as:
“The premeditated use of disruptive activities, or the
threat thereof, against computers and/or networks,
with the intention to cause harm or further social,
ideological, religious, political or similar objectives. Or
to intimidate any person in furtherance of such
objectives.”
by Kevin G. Coleman of the Technolytics Institute
5. Cyberterrorism
Prepare, Plan and Stay in Business
Emergency management is defined as:
“Comprehensive system of policies, practices, and
procedures designed to protect people and property
from the effects of emergencies or disasters.”
Extension Disaster Education Network (EDEN)
6. Cyberterrorism
Prepare, Plan and Stay in Business
EMERGENCY MANAGEMENT
LIFE CYCLE
1 - PREVENTION/MITIGATION
2 - PREPAREDNESS
3 - RESPONSE
4 - RECOVERY
7. Cyberterrorism
Prepare, Plan and Stay in Business
Case Study
Botnet’s is a jargon term for a collection of software robots, or bots,
that run autonomously and automatically. They run on groups of zombie
computers controlled remotely. This term can also refer to the network of
computers using distributed computing software.
From Wikipedia, the free encyclopedia
8. Cyberterrorism
Prepare, Plan and Stay in Business
Case Study
quot;A botnet is comparable to compulsory
military service for windows boxesquot;
Stromberg, http://www.honeynet.org/papers/bots/
9. Cyberterrorism
Prepare, Plan and Stay in Business
Cyberterrorism & Botnet's
Distributed Denial-of-Service Attacks
Spamming
Sniffing Traffic
Keylogging
Spreading new malware
Installing Advertisement Addons
Browser Helper Objects (BHOs)
Google AdSense abuse
Attacking IRC Chat Networks
Mass identity theft
11. Cyberterrorism
Prepare, Plan and Stay in Business
quot;We have seen offers that will allow a
customer to send a million emails for under
$100,quot; Henry says. quot;If you send more than
10 million, the price drops to under $80 per
million. There's a price war going on, and
Nugache is becoming the bargain
basement.quot;
12. Cyberterrorism
Prepare, Plan and Stay in Business
PREVENTION/MITIGATION
Compliance with Security Standards ISO 27001/27002
Think in Business Continuity and IT Infrastructure Recovery
Make a Computer Security Incident Response Team
Monitor IT Infrastructure
Internet Bandwidth
DNS Services
WEB Services
EMAIL Services
Pre-Contact with external agency
Upstream ISP
Regional Computer Security Incident Response Team
(CSIRT)
13. Cyberterrorism
Prepare, Plan and Stay in Business
PREPAREDNESS
Development and practice of multi-agency coordination and
incident command
Development and practice Incident Response Plan
14. Cyberterrorism
Prepare, Plan and Stay in Business
RESPONSE
Established Incident Command
Notify CSIRT
Active Incident Response Plan
Never use 100% of your CSIRT Team
Don't stop Triage Process
Communicate Major Events
15. Cyberterrorism
Prepare, Plan and Stay in Business
RECOVERY
If necessary active Business Recovery Plan
Document the Major Event
Communicate the end of Major Events
Update all Plans
16. Cyberterrorism
Prepare, Plan and Stay in Business
A SIMULATED ?
Distributed Denied of Service Attack
27. Cyberterrorism
Prepare, Plan and Stay in Business
The main targets have been the websites of:
· the Estonian presidency and its parliament
· almost all of the country's government ministries
· political parties
· three of the country's six big news organisations
· two of the biggest banks; and firms specializing in communications
28. Cyberterrorism
Prepare, Plan and Stay in Business
NUMBER’S
Attacks Destination Address or owner
35 “195.80.105.107/32″ pol.ee
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee
2 “195.80.124.53/32″ m53.envir.ee
2 “213.184.49.171/32″ www.sm.ee
6 “213.184.49.194/32″ www.agri.ee
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance)
1 “62.65.192.24/32″
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
29. Cyberterrorism
Prepare, Plan and Stay in Business
Attacks Date
21 2007-05-03
17 2007-05-04
31 2007-05-08
58 2007-05-09
1 2007-05-11
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
30. Cyberterrorism
Prepare, Plan and Stay in Business
Attacks Date
17 less than 1 minute
78 1 min - 1 hour
16 1 hour - 5 hours
8 5 hours to 9 hours
7 10 hours or more
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
31. Cyberterrorism
Prepare, Plan and Stay in Business
Attacks Bandwidth measured
42 Less than 10 Mbps
52 10 Mbps - 30 Mbps
22 30 Mbps - 70 Mbps
12 70 Mbps - 95 Mbps
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
32. Cyberterrorism
Prepare, Plan and Stay in Business
BOTNET’S Command and Control
33. Cyberterrorism
Prepare, Plan and Stay in Business
Shadow SERVER Project
34. Cyberterrorism
Prepare, Plan and Stay in Business
Shadow SERVER Project
35. Cyberterrorism
Prepare, Plan and Stay in Business
PREVENTION/MITIGATION ( AGAIN !!!!!! )
Compliance with Security Standards ISO 27001/27002
( Protect your infrastructure and other Companies )
Make a Computer Security Incident Response Team
( Your First Response Team)
Pre-Contact with external agency
Upstream ISP
Regional (CSIRT)
36. Cyberterrorism
Prepare, Plan and Stay in Business
Questions ?
37. Cyberterrorism
A case study for Emergency Management
Ricardo A. Reis, Security Officer
&
Hospital São Paulo