2. #whoami
My name is Vlad.
From 2016 I am Technical Lead of OptiData team.
Implementation and support of Trellix (McAfee) solutions.
I like to do dynamic malware analysis.
Also I make education courses for our customers.
vr@optidata.com.ua
radetskiy.wordpress.com
pastebin.com/u/VRad
slideshare.net/Glok17
VR
5. I not ask you to came in Ukraine to fight our enemies
I not ask you for help. We appreciate your support
I ask you about one simple favor. Not for me.
In the name of all civilians who died in this brutal war
Attention!
6. Please, do not make any business
with people from Russia and Belarus.
Attention!
7. Russians & Belarusians didn’t care about casualties.
They cry only for closed IKEA, KFC, McDonalds etc.
Each of them share responsibility for this WAR.
Some of them just stay and watch, others – kills us.
Attention!
8. Russian bomb was dropped on theatre not by Putin, no.
Bomb was dropped by Russian pilot. He saw “children”.
He could abort mission, reject order or just miss target.
Russians and Byelorussians kill innocent women an
children consciously
Attention!
10. Avoid any business with people from Russia and Belarus
Do not use / buy their products
Do not trust them
If you can`t avoid them, i.e. if they need your
services/products – at least make double price for them
Attention!
11. 1. How WAR change aspects of cybersecurity?
2. Threat model for business during WAR
3. OpSec for each employee
4. Main cyber threats for business in War zone
5. Protection measurements (cybersec. solutions)
6. Conclusions
Agenda:
12. How WAR change aspects of cybersecurity?
1. Physical threats to employees and their families (captivity, bombing)
2. Physical threats to factories or real estate (demolition)
3. Switching to remote work for 99% staff (like during COVID-19)
4. Disruption of logistics, finance operations and Internet access
5. Involving your staff in to homeland defense (military service)
6. Increase level of target and chaotic cyber attacks by enemy
13. How WAR change aspects of cybersecurity?
1. Physical threats to employees and their families (captivity, bombing)
2. Physical threats to factories or real estate (demolition)
3. Switching to remote work for 99% staff (like during COVID-19)
4. Disruption of logistics, finance operations and Internet access
5. Involving your staff in to homeland defense (military service)
6. Increase level of target and chaotic cyber attacks by enemy
18. ✓ GSM and SMS are nonencrypted. Conversation by cell phone are “open”
✓ Mandatory MFA, but not SMS! – application or token
✓ Signal, Threema, WhatsApp, Facebook Messenger – clean history
✓ Do not use rogue Wi-Fi and / or USB / charger
✓ When possible – use mobile access point + VPN – ProtonVPN
✓ Do not send docs in plain text – Trellix FRP or at least 7z + passwd
OpSec for each employee #1
20. • VirusTotal – file (docs) reputation check. 50/50, better than nothing
• Intezer Analyse – static & dynamic PE analysis (very good)
• urlscan – URL reputation and web content check
• Haveibeenpwned (Troy Hunt) – compromised account check
• Google Authenticator – establish MFA for Android & iOS
OpSec for each employee #3
21. 1. Malware delivery by fake emails (spear phishing)
2. Malware delivery by IM or/and by social networks (mostly by URL)
3. Software & Hardware vulnerabilities, esp. published to Internet
4. Intrusion by compromised contractor or service provider / supply chain
5. DDoS or/and deface of webpages
Main cyber threats for business in War zone:
25. 1. Locked boot device priority, BIOS passwd, Drive Encryption (Trellix)
2. Block anomaly behavior on endpoints and servers (Trellix)
3. Legit (licensed) software with regular updates
4. Strict filters for Web content (reputation + category) (Trellix)
5. Strict filters for Email (AntiSPAM + by file type) (Trellix)
Protection measurements #1
26. 6. Mandatory MFA (GA/Token) for each corporate & personal accounts
7. None “naked” RDP or other internal services without VPN & PAM
8. Vulnerability scanner + Patch Management solution
9. EDR, SIEM, Sandbox, SOAR – OK, but 1st you need PAM solution
10. Continuous online education about actual cyber threats (examples)
11. Shutdown, cut all non mission critical
Protection measurements #2
27. 1. Main parts of cybersecurity are not changed
2. War just disrupt logistics, communication and force you to adopt
3. You must adopt not only cybersec but all business processes
4. Your technical stuff needs to be exchangeable (people & knowledge)
5. Spear phishing, critical vulnerabilities, DDoS, Deface, remote workers
PS + Data Backups in cloud + Backup communication channels
Conclusions:
28. • My thoughts about Viber & Telegram + Smartphone Security
• 50 shades of spear phishing
• The art of protection (case about compromised contractor)
• why I use and implement McAfee ? (ENS how to)
• McAfee ENS10.6 vs IE exploit
• How to block scripts an other harmful files from archives
• McAfee ENS 10.7 – enforced malware protection
• How to test all parts of McAfee ENS
My publications about security