2. All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
21 November 201610:06:06
2 of 39
Introduction
Setting the right
expectations
ONE
Top Cyber Threats
The current threat
landscape
TWO
Key Trends
asia pacific region
THREE
Mitigation
for the better
information security
FOUR
3. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
What is Cyber
Threat Landscape?
Threat Actor
Attack Vectors
Threat Agents
The Cyber Threat Landscape is a list of
threats containing information about
threat agents and attack vectors
affecting the Information Security
assurance and/or objective.
4. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
How many kinds of
Threat Landscape?
Region
Group of
assets
Sector
5. 5 of 39
21 November 201610:06:07
All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
Factors leading to change of threat landscape
Risks
Assets
Attack vectors
Vulnerabilities
Threats
Security control
Threat agents
use
based on
to
increase
thatexploit
give rise to
leading to
may be aware of these
impose
Wish to abuse and/or damage
reduce
reevaluate
reduced by
to
wish to minimise
Owners
6. 6 of 39
21 November 201610:06:07
All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
Risks
Assets
Attack vectors
Vulnerabilities
Threats
Security control
Threat agents
use
based on
to
increase
thatexploit
give rise to
leading to
may be aware of these
wish to minimise
impose
Wish to abuse and/or damage
reduce
reevaluate
reduced by
to
capabilities
change over
time
introduction of new
people, process and
technology
Owners
Factors leading to change of threat landscape
7. All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
21 November 201610:06:07
7 of 39
Introduction
setting the right
expectations
ONE
Top Cyber Threats
the current threat
landscape report
TWO
Key Trends
asia pacific region
THREE
Mitigation
for the better
information security
FOUR
8. 8 of 39
21 November 201610:06:07
All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
# cyber threat landscape 2014 and 2015
Overview and comparison of cyber threat landscape
Top Threats 2014 Ranking Top Threats 2015 Ranking Ranking Status
Malware Malware
Web-based attacks Web-based attacks
Web application attacks Web application attacks
Botnets Botnets
Denial of service Denial of service
Spam Physical damage/theft/loss
Phishing Insider threat
Exploit kits Phishing
Data breaches Spam
Physical damage/theft/loss Exploits kits
Insider threat Data breaches
Cyber espionage Ransomware
Ransomware Cyber espionage
Legends:
Trends: declining, Stable, Increasing
Ranking: Going up, Same, Going down
9. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
20 years old malware infection
(Microsoft Office documents via Visual Basic
macros)
CONFICKER still in the wild
(7 years old works leads to 37% infection)
Increasing of malicious URLs compared to
malicious email attachment
Mobile devices innovation slows down mobile
malware
Apple store and app stores remain as a main target
for “packaging” and spreading of malware
60% 60%
58% 58% 58%
Top Countries Infected
50%
12% 8% 5% 3%
Top Countries Hosting Malware
Top Cyber Threat:
malicious software
10. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Top Cyber Threat:
web based attack
Social networking and social media became
important tactics for infection campaigns
90% of bad URLs are used for spam
(change within hours or minutes)
Malicious advertising (malvertising) campaigns
uses 4000 different name and 500 domains
40%
6% 3% 2%
United State Russia Portugal Netherlands
Top Countries Hosting Maliciouis URLs
11. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Top Cyber Threat:
web application attack
30-55% web sites are vulnerable to web
application attack
Lack of transport layer protection, information
leakage, XSS, brute force, content sniffing, cross-
site request forgery and URL redirection
80%
7% 4% 9%
United State Brazil China Others
Top Targeted Countries
18% 28%
40%
LFI SQLi Shellshock
Top Web Attacks
12. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Top Cyber Threat:
Botnets
Between 20% and 40% of the DDoS attacks have
botnet fingerprint
Reached market maturity in the area of cybercrime-
as-a-service (CaaS)
Average lifetime of a botnet is estimated with 38
days, and average size of a single botnet is 1700
infected servers
Botnet operators are in favour of using rogue virtual
machines for C2 server infrastructure
US, Ukraine, Russia, The Netherlands, Germany,
Turkey, France, UK, Vietnam and Romania
13. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Top Cyber Threat:
Insider Threat
Reduced care, insufficient training, increased
work load, inconvenience of security policies,
users do not take security seriously
Many companies do not have an insider
threat prevention program
Increasing of monetization opportunities
created by cyber-criminals or cyber-
espionage
Ineffective security measure for Bring Your
Own Device (BYOD) and open Wi-Fi
14. All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
21 November 201610:06:09
14 of 39
Introduction
setting the right
expectations
ONE
Top Cyber Threats
the current threat
landscape report
TWO
Key Trends
asia pacific region
THREE
Mitigation
for the better
information security
FOUR
15. 15 of 39
21 November 201610:06:09
All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
Key trends: asia pacific region
Breaches in
APAC never
make the
news
headlines
Unprepared
to identify
and respond
to breaches
Detection
period too
long
Tools
exclusively
target
organizations
within APAC
Failed to
eradicate
16. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
APAC Incident responses
statistics for 2015
Characteristic Quantity (average)
Number of days compromise
went undiscovered
520
Number of machines analysed
in an organization
21,584
Number of machines
compromised by threat actor
78
Number of user accounts
compromised by threat actor
10
Number of admin accounts
compromised by threat actor
3
Amount of stolen data 3.7GB
17. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
APAC threat actor
main objectives
Email
40%
Sensitive Docs
20%
Personally
Identifiable
Information
(PII)
20%
Infrastructure
Docs
20%
18. 18 of 39
21 November 201610:06:10
All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
• Custom malware
• Command and
control
• Web-based backdoor
• Staging servers
• Data consolidation
• Data theft
• Credential theft
• Password cracking
• “Pass-the-hash”
• Local root/admin
exploitation
• Social engineering
• Internet-based
attack
• Via service provider
Case study: how it’s happened?
Attack lifecycle model with classic attacker techniques
Initial
Attack
Establish
Foothold
Internal
Recon
Escalate
Privileges
Complete
Missions
} {
• net use commands
• smbclient commands
• mount commands
• reverse shell access
• Backdoors
• VPN
• Sleeper malware
• Account abuse
• Service provider Lateral
movement
Maintain
Access
19. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
social engineering
Reconnaissance
Develop attack
vector
Distribution
medium
Remote Access
20. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
reconnaissance
passive
recon
4 pdf docs, 66
employee details
haveibeenpwned.com:
109 email addresses
used in different sites
208 employee details
(mostly email) from online
contacts database
105 profiles
780 email addresses
from an unprotected site
Search engines,
associated forums,
websites, social
networks etc.
passive
recon
Assistant manager HR services
Assistant Vice President
Company secretary
Executive secretary
Human resources dev & training consultant
Legal counsel
Project executive
Senior HR manager
Senior Vice President
Vice President
Clerk
21. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
develop attack vector
File type Status
EXE Quarantined/blocked
DLL Quarantined/blocked
JavaScript Quarantined/blocked
MSI File Quarantined/blocked
Double extension Quarantined/blocked
CVE-15-1641 doc Quarantined/blocked
PowerShell cmd Quarantined/blocked
Java code Quarantined/blocked
ASP code Quarantined/blocked
Docx (encrypted) Quarantined/blocked
Docx Quarantined/blocked
Phishing link Quarantined/blocked
Generic content
22. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
develop attack vector
Non-generic content
File type Status
EXE Quarantined/blocked
DLL Deleted
JavaScript Quarantined/blocked
MSI File Quarantined/blocked
Double extension Deleted
CVE-15-1641 doc Delivered
PowerShell cmd Delivered
Java code Delivered
ASP code Deleted
Docx (encrypted) Delivered
Docx Delivered
Phishing link Delivered
23. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
distribution medium
Email
Packet
injection
USB
drop
24. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
distribution medium
25. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Case study:
remote access
26. All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
21 November 201610:06:14
26 of 39
Introduction
setting the right
expectations
ONE
Top Cyber Threats
the current threat
landscape report
TWO
Key Trends
asia pacific region
THREE
Mitigation
for the better
information security
FOUR
27. 27 of 39
21 November 201610:06:14
All images used in this presentation are for educational purposes only. All images are either in the public domain and not
subject to copyright, or they have been purchased from the relevant websites. Any and all marks used throughout this
presentation are trademarksof their respective owners.
Technology is not enough
Listen to the expert
Security Technologies,
Cryptographer and Author
Bruce Schneier
“If you think technology can solve your
security problems, then you don’t understand
the problems and you don’t understand the
technology”
Chairman and CEO,
Google
Eric Schmidt
“The Internet is the first thing that humanity
has build that humanity doesn’t understand,
the largest experiment in anarchy that we
have ever had”
28. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
No single unique solution
to protect the people
People
Application
Presentation
Session
Transport
Network
Data Link
Physical
Lower
Layers
Upper
Layers
Most difficult to
secure and the
weakest link in
the security
chain
29. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Security
People
ProcessTechnology
Continue process
not a static state
30. All images used in this presentation are for educational purposes only. All images are
either in the public domain and not subject to copyright, or they have been purchased
from the relevant websites. Any and all marks used throughout this presentation are
trademarks of their respective owners.
Securing the human
it starts with you
Metric
Long term sustainment
Promoting awareness &
change
Compliance focused
Non-existent