hidden vulnerabilities industrial networks in 30 minutes
Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester [LPT] OSSTMM Professional Security Tester [OPST] Manager BrainCap Cyber Security Industrial Cyber Security
Cyber Security introduction What is hacking and how does it work? What are vulnerabilities and how do we find them? Visibility and Control Security Operations Center Demo Industrial Cyber Security
Cyber Security Definition of hacking
Cyber Security Definition of hacking Intentionally accessing a computer without authorization or exceeding authorized access
Cyber Security Mindset of a hacker
Cyber Security Types of hackers White hat Grey hat Black hat Hacktivist Script Kiddie
Cyber Security Phases of ethical hacking Phase 1 - Reconnaissance Phase 2 - Scanning Phase 3 - Gaining Access Phase 4 - Maintaining Access Phase 5 - Covering Tracks
Cyber Security Cyber Crime Facts average discovery time breach is > 200 days 57 million paid in case of ransomware 2010 2015 23 million paid in case of ransomware 2015 209 million paid in Q1 2016 70% data loss by inside jobs social engineering a hackers favorite increase hacking IoT devices increase hacking ICS/SCADA devices 2010 - Stuxnet 2015 - BlackEnergy3 2016 - Crash Override (Industroyer)
Cyber Security Internet of Things
Internet of Things I.o.T. where the: S stands for Security P stands for Privacy
Internet of Things Internet of Targets? Internet of Trouble? Internet of Toys?
Internet of Things idiot! I Don t I.o.T.
Internet of Things XiongMai Technologies - Sold to downstream vendors - Millions of devices - Hard coded credentials
ICS\SCADA Industrial Control Systems Supervisory Control and Data Acquisition
ICS\SCADA devices SIEMENS ALLEN BRADLEY HIRSCHMANN
Vulnerable ICS\SCADA device ESC 8832 Data Controller - Web-based SCADA system - Not possible to upgrade firmware - Multiple vulnerabilities - Publicly available exploits - Commonly used product
Gain info about target OS, Applications, Environment, Users, Social Media Known vulnerabilities? CVE-database, SHODAN, Google Hacking Database, Passwords Exploits available? Passwords? Common mistakes? Exploit and/or gain access Install backdoor or Crypto Currency Miner, Create user, Steal data Patch vulnerability Cover tracks remove log entries Keep for own use or sell compromised target on Darkweb industrial networks How does it work?
How does it work? https://www.exploit-db.com
How does it work? https://www.shodan.io
How does it work? https://haveibeenpwned.com
How does it work? Implant device with 4G SIM to call home
How does it work? Implant device with VPN to call home
How does it work? Steal credentials with Man in the Middle attack
VPN Cloud Office industrial networks Visibility and Control ICS/SCADA VPN 2FA Vulnerability Scanner
Visibility and Control Next Generation Firewalls Next Generation Endpoint Protection Vulnerability Management Security Policy Security Awareness
Visibility and Control Next Generation Firewalls Port open/closed Traffic monitoring Threat prevention Exploit protection Anomaly detection User ID Application ID Alerting
Visibility and Control Next Generation Endpoint Protection Signature based Traffic monitoring Threat prevention Exploit protection Anomaly detection Alerting TRAPS
Visibility and Control Vulnerability Management Unknown Vulnerabilities Known Vulnerabilities Patch management Risk Management Compliancy Passive Vulnerability Scanning
Visibility and Control Security Policy and Security Awareness No protection System is missing patches No policy awareness or enforcement No security awareness Click on all links Use of weak passwords Use of the same passwords multiple times Protected secure environment System is up-to-date Policy enforcement Security awareness Use of strong unique passwords Use of Two Factor Authentication
Remediation Security assessment Security Assessment discover vulnerabilities identify and prioritize security risks technical-, social- and operational PEN-test business risk based executive report detailed technical report and advise ec-council certified personnel international methodology
Remediation - Controls Security Network Monitoring risk mitigation incident response ISO2700x, PCI vulnerability assessment weekly security incident report monthly compliance report
Security Operations Centers Beverwijk Bosschenhoofd
MyHomeNetwork??? FreeWiFi KPN Fon mcdonalds MyHomeNetwork industrial networks Demo Browser history Passwords Cookies Form data Images
Thank you for your time! Better safe than sorry