Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Modern Adversaries
Why modern hackers are winning the battle
and how we can still win the war
Andy Manoske, Principal
Who is Amplify Partners?
We are an early stage, entrepreneur-focused
venture capital firm investing in technical teams solv...
About the Author
Andy Manoske
Product @ AlienVault 

(Open Threat Exchange, AlienVault Labs Research)
Product @ NetApp

(P...
Cyberattack Reports to US-CERT by Year
0
17500
35000
52500
70000
2006 2007 2008 2009 2010 2011 2012 2013 2014
Successful c...
…because we are facing
more sophisticated
attackers
Source: Verizon DBIR 2014
The modern hacker is an advanced adversary…
but not necessarily because it’s better than previous

generations of attacker...
Instead, modern hacking tools are more advanced

and more available than ever before
Source: Axiomatic Design/Design Patte...
These tools make even novice modern hackers….
…incredibly dangerous
Modern adversaries are able to strike highly defended 

targets
because hacking tools have advanced faster than

security ...
Anthem was well defended
200 person 

Information Security Staff
$50 Million

spent on security per year
Source: Indianapo...
But they were not prepared for
their adversary’s complex attack
>12 Months 

Access to sensitive user data
80 Million

Rec...
To build new security systems 

that can defend against complex attacks
We need to build software that can detect, and sto...
Who are Modern
Adversaries?
The modern hacker is 

frequently a professional
…who attacks 

private businesses

for financial gain
Source: Hackmageddon
Most modern attacks target companies to steal valuable data:
Source: Hackmageddon
most frequently financial data or intelle...
Hackers then sell this stolen data on the
black market
and that data is used increasingly to
commit identity theft, espion...
Not every cyberattack is focused on profit.
Defacing or destroying online property remains a
key objective for many advance...
Reported PII theft and fraud, 2006-2014There are typically three types of
modern adversary
State Sponsored

Hackers
Organi...
Reported PII theft and fraud, 2006-2014
State Sponsored Adversary: 

Energetic Bear / Dragonfly
Russian hacking group eithe...
Reported PII theft and fraud, 2006-2014
Organized Crime Adversary: 

Solntsevskaya Bratva
Largest crime syndicate of the R...
Reported PII theft and fraud, 2006-2014Hacktivist Adversary: 

AntiSec
Anarchist campaign of former members
of hacking gro...
Most attacks are being perpetrated
by organized crime hackers and
hacktivists
Source: Hackmageddon
Attacker Sophistication
Attacker Resources
Hacktivists
Organized Crime
State Sponsored Hacking
Which means most attacks ar...
…who employ less sophisticated attacks…
…reliant upon pre-made tools and malware
To confront the majority of attacks from
advanced adversaries
We must detect and stop modern hacking
tools
Unfortunately, modern hacking tools and
malware are good at evading detection
Encryption
Modern malware is frequently encr...
But while botnets and encryption may hide
most tools and malware
The command and control (or “C2”)
structure behind those ...
Source: AlienVault
Example: Attackers who struck the US Office of Personnel
Management (OPM)
used the same C2 server…
…that was used to attack
as well as several US 

companies in…
Defense Aviation
Oil and Gas

Infrastructure
Source: AlienV...
There is a lot of things the security industry can do to 

confront modern threats…
…but if we want to stop most attacks from advanced 

adversaries we need to build software that
SHARES DATA ON ATTACKERS
A...
TL;DR
A new generation of modern adversaries

is driving a hacking boom
This generation has access to powerful, 

easy to ...
Nächste SlideShare
Wird geladen in …5
×

Modern Adversaries (Amplify Partners)

16.194 Aufrufe

Veröffentlicht am

The rise of a generation of new hackers has propelled a boom in successful cyberattacks and data breaches over the last decade. This generation of "modern adversaries" has caused billions of dollars in damages in the last few years, and both the pace and danger of their attacks continue to grow.

This presentation analyzes modern hacker adversaries: who are they, how are they circumventing traditional security systems, and what can the information security industry do to detect and stop these new threats.

Veröffentlicht in: Technologie
  • There is a useful site for you that will help you to write a perfect and valuable essay and so on. Check out, please ⇒ www.HelpWriting.net ⇐
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • I can advise you this service - ⇒ www.HelpWriting.net ⇐ Bought essay here. No problem.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Have u ever tried external professional writing services like ⇒ www.HelpWriting.net ⇐ ? I did and I am more than satisfied.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • My friend sent me a link to to tis site. This awesome company. They wrote my entire research paper for me, and it turned out brilliantly. I highly recommend this service to anyone in my shoes. ⇒ www.HelpWriting.net ⇐.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • If we are speaking about saving time and money this site ⇒ www.WritePaper.info ⇐ is going to be the best option!! I personally used lots of times and remain highly satisfied.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Modern Adversaries (Amplify Partners)

  1. Modern Adversaries Why modern hackers are winning the battle and how we can still win the war Andy Manoske, Principal
  2. Who is Amplify Partners? We are an early stage, entrepreneur-focused venture capital firm investing in technical teams solving technical problems @AmplifyPartners
 www.amplifypartners.com
  3. About the Author Andy Manoske Product @ AlienVault 
 (Open Threat Exchange, AlienVault Labs Research) Product @ NetApp
 (Product Security, Cryptography) Principal, Amplify Partners Economics & Computer Science @ SJSU
 (Mathematic Economics, Information Security) @a2d2

  4. Cyberattack Reports to US-CERT by Year 0 17500 35000 52500 70000 2006 2007 2008 2009 2010 2011 2012 2013 2014 Successful cyberattacks are on the rise… Source: US CERT
  5. …because we are facing more sophisticated attackers Source: Verizon DBIR 2014
  6. The modern hacker is an advanced adversary… but not necessarily because it’s better than previous
 generations of attackers. (Sorry, Neo)
  7. Instead, modern hacking tools are more advanced
 and more available than ever before Source: Axiomatic Design/Design Patterns Mashup: Part 2 (Cyber Security)
  8. These tools make even novice modern hackers…. …incredibly dangerous
  9. Modern adversaries are able to strike highly defended 
 targets because hacking tools have advanced faster than
 security systems that detect and stop attacks
  10. Anthem was well defended 200 person 
 Information Security Staff $50 Million
 spent on security per year Source: Indianapolis Business Journal
  11. But they were not prepared for their adversary’s complex attack >12 Months 
 Access to sensitive user data 80 Million
 Records stolen Source: Crowdstrike, NYT
  12. To build new security systems 
 that can defend against complex attacks We need to build software that can detect, and stop,
 modern tools used by modern adversaries
  13. Who are Modern Adversaries?
  14. The modern hacker is 
 frequently a professional …who attacks 
 private businesses
 for financial gain Source: Hackmageddon
  15. Most modern attacks target companies to steal valuable data: Source: Hackmageddon most frequently financial data or intellectual property.
  16. Hackers then sell this stolen data on the black market and that data is used increasingly to commit identity theft, espionage, and possibly even acts of terrorism. Reported PII theft and fraud, 2006-2014
  17. Not every cyberattack is focused on profit. Defacing or destroying online property remains a key objective for many advanced adversaries
  18. Reported PII theft and fraud, 2006-2014There are typically three types of modern adversary State Sponsored
 Hackers Organized Crime Hacktivists
  19. Reported PII theft and fraud, 2006-2014 State Sponsored Adversary: 
 Energetic Bear / Dragonfly Russian hacking group either supported or directly managed by Russian state intelligence ● Unpublicized attack on petroleum pipeline operator to steal energy infrastructure information ● Unpublicized Industrial Control System (ICS) sabotage of EU-based energy management operator to cause future attacks and outages
  20. Reported PII theft and fraud, 2006-2014 Organized Crime Adversary: 
 Solntsevskaya Bratva Largest crime syndicate of the Russian mob heavily involved in cybercrime, with >$3B in annual revenue from hacking ● 2014 JP Morgan Chase data breach targeting wealth management and credit card user data ● 2008 cyberattacks to spread disinformation on Georgian government websites during Russia’s invasion of South Ossetia
  21. Reported PII theft and fraud, 2006-2014Hacktivist Adversary: 
 AntiSec Anarchist campaign of former members of hacking group Lulzsec and members of the Anonymous community. ● 2014 data breach of the US International Association of Chiefs of Police to leak personnel data in response to investigations on Occupy Wall Street protestors. ● 2011 compromise of Fox News’ Twitter account to spread fake story that President Obama had been injured in a Terrorist bombing.
  22. Most attacks are being perpetrated by organized crime hackers and hacktivists Source: Hackmageddon
  23. Attacker Sophistication Attacker Resources Hacktivists Organized Crime State Sponsored Hacking Which means most attacks are from less individually sophisticated adversaries…
  24. …who employ less sophisticated attacks… …reliant upon pre-made tools and malware
  25. To confront the majority of attacks from advanced adversaries We must detect and stop modern hacking tools
  26. Unfortunately, modern hacking tools and malware are good at evading detection Encryption Modern malware is frequently encrypted to defeat
 signature-based intrusion detection systems Botnets Modern hacking tools and malware hide behind 
 legions of slaved “zombie” computers
  27. But while botnets and encryption may hide most tools and malware The command and control (or “C2”) structure behind those tools generally remains the same Source: Cisco
  28. Source: AlienVault Example: Attackers who struck the US Office of Personnel Management (OPM) used the same C2 server…
  29. …that was used to attack as well as several US 
 companies in… Defense Aviation Oil and Gas
 Infrastructure Source: AlienVault, Symantec
  30. There is a lot of things the security industry can do to 
 confront modern threats…
  31. …but if we want to stop most attacks from advanced 
 adversaries we need to build software that SHARES DATA ON ATTACKERS Automatically shares analysis data to 
 open-source platforms to be used in
 security defenses PERFORMS DYNAMIC ANALYSIS Introspects incoming files and traffic for
 possible C2 infrastructure
  32. TL;DR A new generation of modern adversaries
 is driving a hacking boom This generation has access to powerful, 
 easy to use hacking tools If we do not rethink our approach and update
 our security systems, the advantage enjoyed
 by modern adversaries will continue to grow

×