SlideShare ist ein Scribd-Unternehmen logo

CyberTerrorism - A case study for Emergency Management

Ricardo Reis
Ricardo Reis

“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman

TechnologieBusiness
1 von 37
Downloaden Sie, um offline zu lesen
Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo
Presentation Developed By: Ricardo A. Reis ricardo.areis@unifesp.br ricardo.areis@gmail.com CCO, Federal University of São Paulo For use by: The International Consortium for Organization Resilience (ICOR)
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business Cyber Terrorism is defined as: “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman of the Technolytics Institute
Cyberterrorism Prepare, Plan and Stay in Business Emergency management is defined as: “Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.” Extension Disaster Education Network (EDEN)
Cyberterrorism Prepare, Plan and Stay in Business EMERGENCY MANAGEMENT LIFE CYCLE 1 - PREVENTION/MITIGATION 2 - PREPAREDNESS 3 - RESPONSE 4 - RECOVERY
Cyberterrorism Prepare, Plan and Stay in Business  Case Study Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software. From Wikipedia, the free encyclopedia
Cyberterrorism Prepare, Plan and Stay in Business  Case Study quot;A botnet is comparable to compulsory military service for windows boxesquot; Stromberg, http://www.honeynet.org/papers/bots/
Cyberterrorism Prepare, Plan and Stay in Business  Cyberterrorism & Botnet's  Distributed Denial-of-Service Attacks  Spamming  Sniffing Traffic  Keylogging  Spreading new malware  Installing Advertisement Addons  Browser Helper Objects (BHOs)  Google AdSense abuse  Attacking IRC Chat Networks  Mass identity theft
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business quot;We have seen offers that will allow a customer to send a million emails for under $100,quot; Henry says. quot;If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement.quot;
Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION  Compliance with Security Standards ISO 27001/27002  Think in Business Continuity and IT Infrastructure Recovery  Make a Computer Security Incident Response Team  Monitor IT Infrastructure  Internet Bandwidth  DNS Services  WEB Services  EMAIL Services  Pre-Contact with external agency  Upstream ISP  Regional Computer Security Incident Response Team (CSIRT)
Cyberterrorism Prepare, Plan and Stay in Business  PREPAREDNESS  Development and practice of multi-agency coordination and incident command  Development and practice Incident Response Plan
Cyberterrorism Prepare, Plan and Stay in Business  RESPONSE  Established Incident Command  Notify CSIRT  Active Incident Response Plan  Never use 100% of your CSIRT Team  Don't stop Triage Process  Communicate Major Events
Cyberterrorism Prepare, Plan and Stay in Business  RECOVERY  If necessary active Business Recovery Plan  Document the Major Event  Communicate the end of Major Events  Update all Plans
Cyberterrorism Prepare, Plan and Stay in Business A SIMULATED ? Distributed Denied of Service Attack
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business !!! REAL LIFE !!! Distributed Denied of Service Attack
Cyberterrorism Prepare, Plan and Stay in Business
Cyberterrorism Prepare, Plan and Stay in Business The main targets have been the websites of: · the Estonian presidency and its parliament · almost all of the country's government ministries · political parties · three of the country's six big news organisations · two of the biggest banks; and firms specializing in communications
Cyberterrorism Prepare, Plan and Stay in Business NUMBER’S Attacks Destination Address or owner 35 “195.80.105.107/32″ pol.ee 7 “195.80.106.72/32″ www.riigikogu.ee 36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee 2 “195.80.124.53/32″ m53.envir.ee 2 “213.184.49.171/32″ www.sm.ee 6 “213.184.49.194/32″ www.agri.ee 4 “213.184.50.6/32″ 35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance) 1 “62.65.192.24/32″ http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 21 2007-05-03 17 2007-05-04 31 2007-05-08 58 2007-05-09 1 2007-05-11 http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 17 less than 1 minute 78 1 min - 1 hour 16 1 hour - 5 hours 8 5 hours to 9 hours 7 10 hours or more http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
Cyberterrorism Prepare, Plan and Stay in Business BOTNET’S Command and Control
Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION ( AGAIN !!!!!! )  Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies )  Make a Computer Security Incident Response Team ( Your First Response Team)  Pre-Contact with external agency  Upstream ISP  Regional (CSIRT)
Cyberterrorism Prepare, Plan and Stay in Business Questions ?
Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo

Empfohlen

Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismBalvant Biradar
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceDr David Probert
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FuturePriyanka Aash
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismHiren Selani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbdul Rehman
 
Cyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_FahadCyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_Fahadaliuet
 

Empfohlen

Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismBalvant Biradar
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceDr David Probert
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FutureCyberterrorism. Past, Present, Future
Cyberterrorism. Past, Present, FuturePriyanka Aash
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismHiren Selani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbdul Rehman
 
Cyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_FahadCyber terrorism by_Ali_Fahad
Cyber terrorism by_Ali_Fahadaliuet
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismDeepak Pareek
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbhay Vijay
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismSai praveen Seva
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismKaustubhPathak11
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismanjalika sinha
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentationmerlyna
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosCommonwealth Telecommunications Organisation
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismMaria Parra
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorismloverakk187
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismYanis Mendez
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismSavigya Singh
 
1358619756 cyber terrorism
1358619756 cyber terrorism1358619756 cyber terrorism
1358619756 cyber terrorismGayatri Aryasomayajula
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismGanesh DNP
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorismbl26ehre
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismSuyash Shanker
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Tower of hanoi
Tower of hanoiTower of hanoi
Tower of hanoiIffat Anjum
 
I Mouse
I MouseI Mouse
I MouseUttej Kumar Palavai
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentationmerlyna
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismGanesh DNP
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorismbl26ehre
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 

Was ist angesagt? (20)

Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
1358619756 cyber terrorism
1358619756 cyber terrorism1358619756 cyber terrorism
1358619756 cyber terrorism
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber Terrorism
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 

Andere mochten auch

13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case Study13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case StudyRohit Rohan
 
WattzOn Whole Earth Simulator
WattzOn Whole Earth SimulatorWattzOn Whole Earth Simulator
WattzOn Whole Earth SimulatorRaffi Krikorian
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-CommerceHiep Luong
 
iMouse
iMouseiMouse
iMouseeeshak
 
Introduction to Genetic Algorithms
Introduction to Genetic AlgorithmsIntroduction to Genetic Algorithms
Introduction to Genetic AlgorithmsAhmed Othman
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)Kapil Khatiwada
 
Genetic Algorithm by Example
Genetic Algorithm by ExampleGenetic Algorithm by Example
Genetic Algorithm by ExampleNobal Niraula
 
Genetic algorithm
Genetic algorithmGenetic algorithm
Genetic algorithmgarima931
 
Genetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial IntelligenceGenetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial IntelligenceSahil Kumar
 
Sixth Sense Technology
Sixth Sense TechnologySixth Sense Technology
Sixth Sense TechnologyNavin Kumar
 
Ppt on World Of Smartphones
Ppt on World Of SmartphonesPpt on World Of Smartphones
Ppt on World Of SmartphonesPulkit Syal
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 

Andere mochten auch (20)

Tower of hanoi
Tower of hanoiTower of hanoi
Tower of hanoi
 
I Mouse
I MouseI Mouse
I Mouse
 
13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case Study13th December Parliament Attacks | Media Case Study
13th December Parliament Attacks | Media Case Study
 
WattzOn Whole Earth Simulator
WattzOn Whole Earth SimulatorWattzOn Whole Earth Simulator
WattzOn Whole Earth Simulator
 
Genetic Programming in Python
Genetic Programming in PythonGenetic Programming in Python
Genetic Programming in Python
 
Factors Influencing Knowledge Management
Factors Influencing Knowledge ManagementFactors Influencing Knowledge Management
Factors Influencing Knowledge Management
 
Organisational impacts of Knowledge Management on People, Processes, Products...
Organisational impacts of Knowledge Management on People, Processes, Products...Organisational impacts of Knowledge Management on People, Processes, Products...
Organisational impacts of Knowledge Management on People, Processes, Products...
 
i-Mouse
i-Mousei-Mouse
i-Mouse
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-Commerce
 
iMouse
iMouseiMouse
iMouse
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Introduction to Genetic Algorithms
Introduction to Genetic AlgorithmsIntroduction to Genetic Algorithms
Introduction to Genetic Algorithms
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)Genetic_Algorithm_AI(TU)
Genetic_Algorithm_AI(TU)
 
Genetic Algorithm by Example
Genetic Algorithm by ExampleGenetic Algorithm by Example
Genetic Algorithm by Example
 
Genetic algorithm
Genetic algorithmGenetic algorithm
Genetic algorithm
 
Genetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial IntelligenceGenetic Algorithms - Artificial Intelligence
Genetic Algorithms - Artificial Intelligence
 
Sixth Sense Technology
Sixth Sense TechnologySixth Sense Technology
Sixth Sense Technology
 
Ppt on World Of Smartphones
Ppt on World Of SmartphonesPpt on World Of Smartphones
Ppt on World Of Smartphones
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
 

Ähnlich wie CyberTerrorism - A case study for Emergency Management

Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsPuneet Kukreja
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutionsNoah Kline
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 

Ähnlich wie CyberTerrorism - A case study for Emergency Management (20)

Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutions
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
L123
L123L123
L123
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 

Kürzlich hochgeladen

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Kürzlich hochgeladen (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

CyberTerrorism - A case study for Emergency Management

  • 1. Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo
  • 2. Presentation Developed By: Ricardo A. Reis ricardo.areis@unifesp.br ricardo.areis@gmail.com CCO, Federal University of São Paulo For use by: The International Consortium for Organization Resilience (ICOR)
  • 4. Cyberterrorism Prepare, Plan and Stay in Business Cyber Terrorism is defined as: “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman of the Technolytics Institute
  • 5. Cyberterrorism Prepare, Plan and Stay in Business Emergency management is defined as: “Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.” Extension Disaster Education Network (EDEN)
  • 6. Cyberterrorism Prepare, Plan and Stay in Business EMERGENCY MANAGEMENT LIFE CYCLE 1 - PREVENTION/MITIGATION 2 - PREPAREDNESS 3 - RESPONSE 4 - RECOVERY
  • 7. Cyberterrorism Prepare, Plan and Stay in Business  Case Study Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software. From Wikipedia, the free encyclopedia
  • 8. Cyberterrorism Prepare, Plan and Stay in Business  Case Study quot;A botnet is comparable to compulsory military service for windows boxesquot; Stromberg, http://www.honeynet.org/papers/bots/
  • 9. Cyberterrorism Prepare, Plan and Stay in Business  Cyberterrorism & Botnet's  Distributed Denial-of-Service Attacks  Spamming  Sniffing Traffic  Keylogging  Spreading new malware  Installing Advertisement Addons  Browser Helper Objects (BHOs)  Google AdSense abuse  Attacking IRC Chat Networks  Mass identity theft
  • 11. Cyberterrorism Prepare, Plan and Stay in Business quot;We have seen offers that will allow a customer to send a million emails for under $100,quot; Henry says. quot;If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement.quot;
  • 12. Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION  Compliance with Security Standards ISO 27001/27002  Think in Business Continuity and IT Infrastructure Recovery  Make a Computer Security Incident Response Team  Monitor IT Infrastructure  Internet Bandwidth  DNS Services  WEB Services  EMAIL Services  Pre-Contact with external agency  Upstream ISP  Regional Computer Security Incident Response Team (CSIRT)
  • 13. Cyberterrorism Prepare, Plan and Stay in Business  PREPAREDNESS  Development and practice of multi-agency coordination and incident command  Development and practice Incident Response Plan
  • 14. Cyberterrorism Prepare, Plan and Stay in Business  RESPONSE  Established Incident Command  Notify CSIRT  Active Incident Response Plan  Never use 100% of your CSIRT Team  Don't stop Triage Process  Communicate Major Events
  • 15. Cyberterrorism Prepare, Plan and Stay in Business  RECOVERY  If necessary active Business Recovery Plan  Document the Major Event  Communicate the end of Major Events  Update all Plans
  • 16. Cyberterrorism Prepare, Plan and Stay in Business A SIMULATED ? Distributed Denied of Service Attack
  • 25. Cyberterrorism Prepare, Plan and Stay in Business !!! REAL LIFE !!! Distributed Denied of Service Attack
  • 27. Cyberterrorism Prepare, Plan and Stay in Business The main targets have been the websites of: · the Estonian presidency and its parliament · almost all of the country's government ministries · political parties · three of the country's six big news organisations · two of the biggest banks; and firms specializing in communications
  • 28. Cyberterrorism Prepare, Plan and Stay in Business NUMBER’S Attacks Destination Address or owner 35 “195.80.105.107/32″ pol.ee 7 “195.80.106.72/32″ www.riigikogu.ee 36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee 2 “195.80.124.53/32″ m53.envir.ee 2 “213.184.49.171/32″ www.sm.ee 6 “213.184.49.194/32″ www.agri.ee 4 “213.184.50.6/32″ 35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance) 1 “62.65.192.24/32″ http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 29. Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 21 2007-05-03 17 2007-05-04 31 2007-05-08 58 2007-05-09 1 2007-05-11 http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 30. Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 17 less than 1 minute 78 1 min - 1 hour 16 1 hour - 5 hours 8 5 hours to 9 hours 7 10 hours or more http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 31. Cyberterrorism Prepare, Plan and Stay in Business Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 32. Cyberterrorism Prepare, Plan and Stay in Business BOTNET’S Command and Control
  • 33. Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
  • 34. Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
  • 35. Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION ( AGAIN !!!!!! )  Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies )  Make a Computer Security Incident Response Team ( Your First Response Team)  Pre-Contact with external agency  Upstream ISP  Regional (CSIRT)
  • 36. Cyberterrorism Prepare, Plan and Stay in Business Questions ?
  • 37. Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo