SlideShare ist ein Scribd-Unternehmen logo

Modern Adversaries (Amplify Partners)

Andrew Manoske
Andrew Manoske

The rise of a generation of new hackers has propelled a boom in successful cyberattacks and data breaches over the last decade. This generation of "modern adversaries" has caused billions of dollars in damages in the last few years, and both the pace and danger of their attacks continue to grow. This presentation analyzes modern hacker adversaries: who are they, how are they circumventing traditional security systems, and what can the information security industry do to detect and stop these new threats.

Technologie
1 von 32
Downloaden Sie, um offline zu lesen
Modern Adversaries Why modern hackers are winning the battle and how we can still win the war Andy Manoske, Principal
Who is Amplify Partners? We are an early stage, entrepreneur-focused venture capital firm investing in technical teams solving technical problems @AmplifyPartners
 www.amplifypartners.com
About the Author Andy Manoske Product @ AlienVault 
 (Open Threat Exchange, AlienVault Labs Research) Product @ NetApp
 (Product Security, Cryptography) Principal, Amplify Partners Economics & Computer Science @ SJSU
 (Mathematic Economics, Information Security) @a2d2

Cyberattack Reports to US-CERT by Year 0 17500 35000 52500 70000 2006 2007 2008 2009 2010 2011 2012 2013 2014 Successful cyberattacks are on the rise… Source: US CERT
…because we are facing more sophisticated attackers Source: Verizon DBIR 2014
The modern hacker is an advanced adversary… but not necessarily because it’s better than previous
 generations of attackers. (Sorry, Neo)
Instead, modern hacking tools are more advanced
 and more available than ever before Source: Axiomatic Design/Design Patterns Mashup: Part 2 (Cyber Security)
These tools make even novice modern hackers…. …incredibly dangerous
Modern adversaries are able to strike highly defended 
 targets because hacking tools have advanced faster than
 security systems that detect and stop attacks
Anthem was well defended 200 person 
 Information Security Staff $50 Million
 spent on security per year Source: Indianapolis Business Journal
But they were not prepared for their adversary’s complex attack >12 Months 
 Access to sensitive user data 80 Million
 Records stolen Source: Crowdstrike, NYT
To build new security systems 
 that can defend against complex attacks We need to build software that can detect, and stop,
 modern tools used by modern adversaries
Who are Modern Adversaries?
The modern hacker is 
 frequently a professional …who attacks 
 private businesses
 for financial gain Source: Hackmageddon
Most modern attacks target companies to steal valuable data: Source: Hackmageddon most frequently financial data or intellectual property.
Hackers then sell this stolen data on the black market and that data is used increasingly to commit identity theft, espionage, and possibly even acts of terrorism. Reported PII theft and fraud, 2006-2014
Not every cyberattack is focused on profit. Defacing or destroying online property remains a key objective for many advanced adversaries
Reported PII theft and fraud, 2006-2014There are typically three types of modern adversary State Sponsored
 Hackers Organized Crime Hacktivists
Reported PII theft and fraud, 2006-2014 State Sponsored Adversary: 
 Energetic Bear / Dragonfly Russian hacking group either supported or directly managed by Russian state intelligence ● Unpublicized attack on petroleum pipeline operator to steal energy infrastructure information ● Unpublicized Industrial Control System (ICS) sabotage of EU-based energy management operator to cause future attacks and outages
Reported PII theft and fraud, 2006-2014 Organized Crime Adversary: 
 Solntsevskaya Bratva Largest crime syndicate of the Russian mob heavily involved in cybercrime, with >$3B in annual revenue from hacking ● 2014 JP Morgan Chase data breach targeting wealth management and credit card user data ● 2008 cyberattacks to spread disinformation on Georgian government websites during Russia’s invasion of South Ossetia
Reported PII theft and fraud, 2006-2014Hacktivist Adversary: 
 AntiSec Anarchist campaign of former members of hacking group Lulzsec and members of the Anonymous community. ● 2014 data breach of the US International Association of Chiefs of Police to leak personnel data in response to investigations on Occupy Wall Street protestors. ● 2011 compromise of Fox News’ Twitter account to spread fake story that President Obama had been injured in a Terrorist bombing.
Most attacks are being perpetrated by organized crime hackers and hacktivists Source: Hackmageddon
Attacker Sophistication Attacker Resources Hacktivists Organized Crime State Sponsored Hacking Which means most attacks are from less individually sophisticated adversaries…
…who employ less sophisticated attacks… …reliant upon pre-made tools and malware
To confront the majority of attacks from advanced adversaries We must detect and stop modern hacking tools
Unfortunately, modern hacking tools and malware are good at evading detection Encryption Modern malware is frequently encrypted to defeat
 signature-based intrusion detection systems Botnets Modern hacking tools and malware hide behind 
 legions of slaved “zombie” computers
But while botnets and encryption may hide most tools and malware The command and control (or “C2”) structure behind those tools generally remains the same Source: Cisco
Source: AlienVault Example: Attackers who struck the US Office of Personnel Management (OPM) used the same C2 server…
…that was used to attack as well as several US 
 companies in… Defense Aviation Oil and Gas
 Infrastructure Source: AlienVault, Symantec
There is a lot of things the security industry can do to 
 confront modern threats…
…but if we want to stop most attacks from advanced 
 adversaries we need to build software that SHARES DATA ON ATTACKERS Automatically shares analysis data to 
 open-source platforms to be used in
 security defenses PERFORMS DYNAMIC ANALYSIS Introspects incoming files and traffic for
 possible C2 infrastructure
TL;DR A new generation of modern adversaries
 is driving a hacking boom This generation has access to powerful, 
 easy to use hacking tools If we do not rethink our approach and update
 our security systems, the advantage enjoyed
 by modern adversaries will continue to grow

Empfohlen

Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Supply Chain Coalition
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021redteamacademypromo
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 

Empfohlen

Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Supply Chain Coalition
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021redteamacademypromo
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4jNeo4j
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
 
The Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsThe Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsSai Huda
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 

Weitere ähnliche Inhalte

Was ist angesagt?

Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4jNeo4j
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
 
The Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsThe Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsSai Huda
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 

Was ist angesagt? (20)

Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 
The Top Three 2021 Cyber Threats
The Top Three 2021 Cyber ThreatsThe Top Three 2021 Cyber Threats
The Top Three 2021 Cyber Threats
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 

Ähnlich wie Modern Adversaries (Amplify Partners)

Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
A handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needsA handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needsSecuraa
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarMandy Cross
 
Craig wilson
Craig wilsonCraig wilson
Craig wilsonIPPAI
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Know _ Top 7 Cyber Security threat.pdf
Know _ Top 7 Cyber Security threat.pdfKnow _ Top 7 Cyber Security threat.pdf
Know _ Top 7 Cyber Security threat.pdfLindaWHill
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The InternetHeidi Maestas
 

Ähnlich wie Modern Adversaries (Amplify Partners) (20)

Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
A handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needsA handbook of the threat intelligence tools your company needs
A handbook of the threat intelligence tools your company needs
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attack
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
 
Craig wilson
Craig wilsonCraig wilson
Craig wilson
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Know _ Top 7 Cyber Security threat.pdf
Know _ Top 7 Cyber Security threat.pdfKnow _ Top 7 Cyber Security threat.pdf
Know _ Top 7 Cyber Security threat.pdf
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Cyber Malware Programs And The Internet
Cyber Malware Programs And The InternetCyber Malware Programs And The Internet
Cyber Malware Programs And The Internet
 

Kürzlich hochgeladen

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Kürzlich hochgeladen (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Modern Adversaries (Amplify Partners)

  • 1. Modern Adversaries Why modern hackers are winning the battle and how we can still win the war Andy Manoske, Principal
  • 2. Who is Amplify Partners? We are an early stage, entrepreneur-focused venture capital firm investing in technical teams solving technical problems @AmplifyPartners
 www.amplifypartners.com
  • 3. About the Author Andy Manoske Product @ AlienVault 
 (Open Threat Exchange, AlienVault Labs Research) Product @ NetApp
 (Product Security, Cryptography) Principal, Amplify Partners Economics & Computer Science @ SJSU
 (Mathematic Economics, Information Security) @a2d2

  • 4. Cyberattack Reports to US-CERT by Year 0 17500 35000 52500 70000 2006 2007 2008 2009 2010 2011 2012 2013 2014 Successful cyberattacks are on the rise… Source: US CERT
  • 5. …because we are facing more sophisticated attackers Source: Verizon DBIR 2014
  • 6. The modern hacker is an advanced adversary… but not necessarily because it’s better than previous
 generations of attackers. (Sorry, Neo)
  • 7. Instead, modern hacking tools are more advanced
 and more available than ever before Source: Axiomatic Design/Design Patterns Mashup: Part 2 (Cyber Security)
  • 8. These tools make even novice modern hackers…. …incredibly dangerous
  • 9. Modern adversaries are able to strike highly defended 
 targets because hacking tools have advanced faster than
 security systems that detect and stop attacks
  • 10. Anthem was well defended 200 person 
 Information Security Staff $50 Million
 spent on security per year Source: Indianapolis Business Journal
  • 11. But they were not prepared for their adversary’s complex attack >12 Months 
 Access to sensitive user data 80 Million
 Records stolen Source: Crowdstrike, NYT
  • 12. To build new security systems 
 that can defend against complex attacks We need to build software that can detect, and stop,
 modern tools used by modern adversaries
  • 14. The modern hacker is 
 frequently a professional …who attacks 
 private businesses
 for financial gain Source: Hackmageddon
  • 15. Most modern attacks target companies to steal valuable data: Source: Hackmageddon most frequently financial data or intellectual property.
  • 16. Hackers then sell this stolen data on the black market and that data is used increasingly to commit identity theft, espionage, and possibly even acts of terrorism. Reported PII theft and fraud, 2006-2014
  • 17. Not every cyberattack is focused on profit. Defacing or destroying online property remains a key objective for many advanced adversaries
  • 18. Reported PII theft and fraud, 2006-2014There are typically three types of modern adversary State Sponsored
 Hackers Organized Crime Hacktivists
  • 19. Reported PII theft and fraud, 2006-2014 State Sponsored Adversary: 
 Energetic Bear / Dragonfly Russian hacking group either supported or directly managed by Russian state intelligence ● Unpublicized attack on petroleum pipeline operator to steal energy infrastructure information ● Unpublicized Industrial Control System (ICS) sabotage of EU-based energy management operator to cause future attacks and outages
  • 20. Reported PII theft and fraud, 2006-2014 Organized Crime Adversary: 
 Solntsevskaya Bratva Largest crime syndicate of the Russian mob heavily involved in cybercrime, with >$3B in annual revenue from hacking ● 2014 JP Morgan Chase data breach targeting wealth management and credit card user data ● 2008 cyberattacks to spread disinformation on Georgian government websites during Russia’s invasion of South Ossetia
  • 21. Reported PII theft and fraud, 2006-2014Hacktivist Adversary: 
 AntiSec Anarchist campaign of former members of hacking group Lulzsec and members of the Anonymous community. ● 2014 data breach of the US International Association of Chiefs of Police to leak personnel data in response to investigations on Occupy Wall Street protestors. ● 2011 compromise of Fox News’ Twitter account to spread fake story that President Obama had been injured in a Terrorist bombing.
  • 22. Most attacks are being perpetrated by organized crime hackers and hacktivists Source: Hackmageddon
  • 23. Attacker Sophistication Attacker Resources Hacktivists Organized Crime State Sponsored Hacking Which means most attacks are from less individually sophisticated adversaries…
  • 24. …who employ less sophisticated attacks… …reliant upon pre-made tools and malware
  • 25. To confront the majority of attacks from advanced adversaries We must detect and stop modern hacking tools
  • 26. Unfortunately, modern hacking tools and malware are good at evading detection Encryption Modern malware is frequently encrypted to defeat
 signature-based intrusion detection systems Botnets Modern hacking tools and malware hide behind 
 legions of slaved “zombie” computers
  • 27. But while botnets and encryption may hide most tools and malware The command and control (or “C2”) structure behind those tools generally remains the same Source: Cisco
  • 28. Source: AlienVault Example: Attackers who struck the US Office of Personnel Management (OPM) used the same C2 server…
  • 29. …that was used to attack as well as several US 
 companies in… Defense Aviation Oil and Gas
 Infrastructure Source: AlienVault, Symantec
  • 30. There is a lot of things the security industry can do to 
 confront modern threats…
  • 31. …but if we want to stop most attacks from advanced 
 adversaries we need to build software that SHARES DATA ON ATTACKERS Automatically shares analysis data to 
 open-source platforms to be used in
 security defenses PERFORMS DYNAMIC ANALYSIS Introspects incoming files and traffic for
 possible C2 infrastructure
  • 32. TL;DR A new generation of modern adversaries
 is driving a hacking boom This generation has access to powerful, 
 easy to use hacking tools If we do not rethink our approach and update
 our security systems, the advantage enjoyed
 by modern adversaries will continue to grow