Weitere ähnliche Inhalte Ähnlich wie Threat Actors and Innovators - Webinar (20) Kürzlich hochgeladen (20) Threat Actors and Innovators - Webinar 1. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
oTHREAT ACTORS AND
INDUSTRY TARGETS
Welcome to Live Webinar
Jeff Surratt – CISP, CDFE, CIST
Director – Cybersecurity Practice
Sparity Inc
2. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
About Sparity
About the speaker
Impact Analysis
Target Industries
Sources of Cyber Threats
Geographies
The cost to US business
Intelligence Driven Targeting process
Data Aggregation and the Targeting Process
Sparity’s solution for your security program
Agenda
3. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
We are a global technology enterprise specialized in providing Digital
Transformation and complex technology services to a wide range of
enterprises, unicorn startups and social institutions.
Established in 2010 with a goal to become a Global Innovation &
Development partner.
With nearly a decade of experience, we add compelling value through our
agile and collaborative approach across your digital value chain.
Next Generation Cyber Security for Connected Enterprises
4. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Jeff Surratt, CISSP, CDFE, CIST
Director of Cyber Security Practice, Sparity Inc.
Mr. Surratt has worked in Information Security for 20 years in various public and
private sector Information Technology positions. Before becoming a Director at
Sparity, he worked in the architecture team at CenturyLink advising clients on
corporate and multinational cyber security solutions paying attention to the GRC
requirements of the related industry. During his government career at the Naval
Criminal Investigative Service (NCIS) he had roles in Counterintelligence, Force
Protection, Supply Chain Risk and as Liaison to the Defense Intelligence Agency.
Throughout his 20 year career he has concentrated on threats from Russia and the
Asia Pacific region covering counterintelligence and cyber activities of Nation
States and the businesses that support them.
About the Speaker
5. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Discussions in the targeted business often revolves
around “what” happened, “when” it happened and
“what data was lost”
Discovery includes - ”methods” and “data loss” but
often the results focus on business impact and
ramifications and ignore the “Who did it” and
“Why”.
5
Impact analysis is only the
beginning
Impact Analysis
6. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Threat Actors and Industry Targets
Supply Chain
Supplychainattacksfundamentallyabusethe
trustedchannels we(everyone oneofus) have
withthe softwareprovidersandtheapplications
thatempower dailybusinessandpersonal
activities.
Utilities
From April toAugust,the unidentifiedhackershave
targetedatleast17.Thetallyjumpedfromthe three
utilitiesthe companyreportedon in Augustaftera
freshbatchofphishing emails wasfound.
Education
Valuableintellectual propertyfromcampusresearch
• Studentandemployeepersonalinformation
• Computerprocessing powerusedforBitcoin mining
Banking / Finance
In a2018survey, 78%offinancialinstitutionswere
confidentin theircybersecuritystrategies, yet1 ofevery
3 is successfullyattackedresulting in a72%increasein
monetaryloss.
Government
Government andmilitarysecuritybreachestendtobehigh-
profile.This sectoris targetedby:
• Foreign powerstryingtospyornegatively impacta
global competitor
• Hacktivistslooking tomakea politicalstatement
• Cybercriminalsseeking tomonetizetheabundant
personalinformationin federal,state,andlocal
databases
7. © 2018 Sparity Inc | For Webinar Use Only | Do Not Redistribute
HIGH
8. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Russia
STONTIUM
Operating since 2004 they launched a new campaign against the embassies and Ministry
of Foreign Affairs in Eastern Europe and Central Asian countries.
Sandworm
Only one Russian hacker group has actually caused real-world blackouts: Cybersecurity
analysts widely believe the hacker team called Sandworm, also known as Voodoo Bear and
Telebots, carried out attacks on Ukrainian electric utilities in 2015 and 2016 that
cut off power to hundreds of thousands of people.
Palmetto Fusion
The hackers behind the fresh series of attempted intrusions of US energy utilities
remain far more mysterious than Energetic Bear or Sandworm. The group has hit energy
utilities with "watering hole" and phishing attacks since 2015, with targets as far-
flung as Ireland and Turkey in addition to the recently reported American
COZY BEAR - Advanced Persistent Threat 28 and related threat actors sponsored by
the General Staff of the Armed Forces of the Russian Federation (GRC) and the
Federal Security Service FSB (ФСБ)
9. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
China
Gothic Panda is the first threat actor group
attributed with a high degree of confidence
directly to the Chinese
Ministry of State Security (MSS). They are
associated with Boyusec.
• China Information Technology Evaluation Center
(CNITSEC) is associated with ITSEC
• CNITSEC’s Director, Wu Shizhong – has a
corporate association with Huawei which is the
largest cellphone maker in Asia
Gothic Panda (Advanced Persistent Threat 3)
10. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
China
TICK (REDBALDKNIGHT)
Cyber espionage group that first became notice in 2008 and recently launched a
malware development campaign that targeted Government, Defense. While the main
focus of the attack was in Asia, it is interesting to note that they have become
active again.
WINNTI formerly WICKED PANDA (APT 17)
Cyber espionage group linked to the People’s Liberation Army (PLA) that first
became noticed in 2009 and recently launched attacks against shortening common
service such as Gmail to goo.gl
It is believed they are not sharing information with other Chinese based groups
and are not referred to Winnti Umbrella. Targets are often software
organizations in the United States, Japan and China.
11. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
TA407 (Silent Librarian associated with Iran)
Silent Librarian is a prolific financially motivated actor operating out of Iran. The group was
cited for “obtaining unauthorized access to computer systems, stealing proprietary data from those
systems, and selling stolen data to Iranian customers, including the Iranian government and Iranian
universities.”
TA407’s activities resulted in the following damages:
• Approximately $3.4 billion worth of intellectual property loss due to unauthorized access
• 31.5 terabytes of academic data and IP theft from compromised universities
• 7998 university accounts were successfully compromised worldwide
• 3768 accounts compromised that belonged to professors at US-based universities
Victims of the scheme included:
• Approximately 144 universities in the United States
• 176 foreign universities in 21 countries
• Five federal and state government agencies in the United States
• 36 private companies in the United States
• 11 foreign private companies
• Two international non-governmental organizations
12. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
About Sparity
INTELLIGENCE DRIVEN
TARGETING PROCESS
13. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Data Aggregation - Use of related information to develop target profiles
- High level executives
- Management
- Military Officers
- Civilian Employees
- Family
- Friends
- Memberships
Attacks have become target specific based upon passed success and desired
information.
1 – 2 Relationships
- Customer data
- Financial transactions
- Partner data
- International banks
and corporations face
regulations in each
Country of operation.
3 - 4 Finance
- Manipulation of
components
- Compromise of vendors
- IoT attacks
5 - 6 Supply Chain
- Banking and Finance
- Health Care
- Utilities
- Government
- Education
7 Industry
1
2
3
45
6
7
Data
Reposito
ry
14. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Data Aggregation and the Targeting Process
InformationCollection
Data Linkage
Corporate Knowledge
System Design
Part Diagram
Attack
Method decided by what the target is and what may have worked in
the past.
If it is custom, then usually pass to a different division orcodeis paid
for on the Dark WebTarget Analysis
Social Media
Corporate Directory
News
Who might nowabout the target
Result Evaluation
Relevant data acquired? Y or N
The Hunt Begins
Data Collection
15. © 2018 Sparity Inc | For Webinar Use Only | Do Not Redistribute
As the number of cyberattacks increase, and take more time to resolve, the
cost of cybercrime continues to rise.
In the last year, we have observed many stealthy, sophisticated and
targeted cyberattacks against public and private sector organizations.
Combined with the expanding threat landscape, organizations are seeing a
steady rise in the number of security breaches—from 130 in 2017 to 145 in
2018 (see Figure 1).
The impact of these cyberattacks to organizations, industries and society is
substantial. Alongside the growing number of security breaches, the total
cost of cybercrime for each company increased from US$11.7 million in
2017 to a new 2018 high of US$13.0 million—a rise of 12 percent (see
Figure 2).
The Cost to US Business
16. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
About Sparity
INTELLIGENCE DRIVEN
TARGETING PROCESS
SPARITY SOLUTIONS FOR
YOUR
SECURITY PROGRAM
17. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Our comprehensive portfolio under Vulnerability Management is focused on ensuring whether your enterprise can Identify,
Manage and Mitigate Vulnerabilities.
Threat and Vulnerability Assessment
18. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Cyber Analytics
Cyber Analytics is an approach to cybersecurity focused on the analysis of data to produce proactive security measures. For
example, monitored network traffic could be used to identify indicators of compromise before an actual threat occurs. Cyber
analytics can analyse security events and it is possible to detect a threat before it has a chance to impact your infrastructure
and bottom line.
19. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Implementation of our cyber framework, set of measured rules and practises, helps your organization to better manage and reduce
cybersecurity risk. Our strategy and framework are intended to cultivate communications between both inner and outer authoritative
partners.
Our Framework
• Asset Management
• Business Environment
Governance
• Risk Assessment
• Risk Management
Strategy
• Access Control
• Awareness & Training
• Data Security
• Info protection &
Procedures
• Maintenance
• Protective Tech
• Anomalies & Events
• Security Continuous
Monitoring
• Detection Process
• Response Planning
• Communications
• Analysis
• Mitigation
• Improvements
• Recovery Planning
• Improvements
• Communication
• Mitigation
• Improvements
20. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Implementation:
• Confirm that all necessary components are well defined and
link together
• Ensure that internal control frameworks, policies, and
procedures are appropriate
• Clearly define and communicate roles and responsibilities
• Use technology to facilitate implementation
• Address stakeholder expectations with confidence
Enterprise Risk Management
21. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
This made it past my SPAM filter last night!
22. © 2019 Sparity Inc | For Webinar Use Only | Do Not Redistribute
Q & A