hidden vulnerabilities

Transcription

1 hidden vulnerabilities industrial networks in 30 minutes

2 Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester [LPT] OSSTMM Professional Security Tester [OPST] Manager BrainCap Cyber Security Industrial Cyber Security

3 Cyber Security introduction What is hacking and how does it work? What are vulnerabilities and how do we find them? Visibility and Control Security Operations Center Demo Industrial Cyber Security

4 Cyber Security Definition of hacking

5 Cyber Security Definition of hacking Intentionally accessing a computer without authorization or exceeding authorized access

6 Cyber Security Mindset of a hacker

7 Cyber Security Types of hackers White hat Grey hat Black hat Hacktivist Script Kiddie

8 Cyber Security Phases of ethical hacking Phase 1 - Reconnaissance Phase 2 - Scanning Phase 3 - Gaining Access Phase 4 - Maintaining Access Phase 5 - Covering Tracks

9 Cyber Security Cyber Crime Facts average discovery time breach is > 200 days 57 million paid in case of ransomware million paid in case of ransomware million paid in Q % data loss by inside jobs social engineering a hackers favorite increase hacking IoT devices increase hacking ICS/SCADA devices Stuxnet BlackEnergy Crash Override (Industroyer)

10 Cyber Security Internet of Things

11 Internet of Things I.o.T. where the: S stands for Security P stands for Privacy

12 Internet of Things Internet of Targets? Internet of Trouble? Internet of Toys?

13 Internet of Things idiot! I Don t I.o.T.

14 Internet of Things XiongMai Technologies - Sold to downstream vendors - Millions of devices - Hard coded credentials

15 ICS\SCADA Industrial Control Systems Supervisory Control and Data Acquisition

16 ICS\SCADA devices SIEMENS ALLEN BRADLEY HIRSCHMANN

17 Vulnerable ICS\SCADA device ESC 8832 Data Controller - Web-based SCADA system - Not possible to upgrade firmware - Multiple vulnerabilities - Publicly available exploits - Commonly used product

18 Gain info about target OS, Applications, Environment, Users, Social Media Known vulnerabilities? CVE-database, SHODAN, Google Hacking Database, Passwords Exploits available? Passwords? Common mistakes? Exploit and/or gain access Install backdoor or Crypto Currency Miner, Create user, Steal data Patch vulnerability Cover tracks remove log entries Keep for own use or sell compromised target on Darkweb industrial networks How does it work?

19 How does it work?

20 How does it work?

21 How does it work?

22 How does it work? Implant device with 4G SIM to call home

23 How does it work? Implant device with VPN to call home

24 How does it work? Steal credentials with Man in the Middle attack

25 VPN Cloud Office industrial networks Visibility and Control ICS/SCADA VPN 2FA Vulnerability Scanner

26 Visibility and Control Next Generation Firewalls Next Generation Endpoint Protection Vulnerability Management Security Policy Security Awareness

27 Visibility and Control Next Generation Firewalls Port open/closed Traffic monitoring Threat prevention Exploit protection Anomaly detection User ID Application ID Alerting

28 Visibility and Control Next Generation Endpoint Protection Signature based Traffic monitoring Threat prevention Exploit protection Anomaly detection Alerting TRAPS

29 Visibility and Control Vulnerability Management Unknown Vulnerabilities Known Vulnerabilities Patch management Risk Management Compliancy Passive Vulnerability Scanning

30 Visibility and Control Security Policy and Security Awareness No protection System is missing patches No policy awareness or enforcement No security awareness Click on all links Use of weak passwords Use of the same passwords multiple times Protected secure environment System is up-to-date Policy enforcement Security awareness Use of strong unique passwords Use of Two Factor Authentication

31 Remediation Security assessment Security Assessment discover vulnerabilities identify and prioritize security risks technical-, social- and operational PEN-test business risk based executive report detailed technical report and advise ec-council certified personnel international methodology

32 Remediation - Controls Security Network Monitoring risk mitigation incident response ISO2700x, PCI vulnerability assessment weekly security incident report monthly compliance report

33 Security Operations Centers Beverwijk Bosschenhoofd

34 MyHomeNetwork??? FreeWiFi KPN Fon mcdonalds MyHomeNetwork industrial networks Demo Browser history Passwords Cookies Form data Images

35 Thank you for your time! Better safe than sorry