ITU Regional Cybersecurity Forum for Asia-Pacific

Similar documents
Bradford J. Willke. 19 September 2007

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Legal Foundation and Enforcement: Promoting Cybersecurity

Senator the Hon Stephen Conroy Minister for Broadband, Communications and the Digital Economy. Deputy Leader of the Government in the Senate

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Gujarat Forensic Sciences University

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

CYBER RESILIENCE & INCIDENT RESPONSE

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cyber Crime Update. Mark Brett Programme Director February 2016

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience - Protecting your Business 1

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Ingram Micro Cyber Security Portfolio

Commonwealth Cyber Declaration

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Automated Context and Incident Response

The University of Queensland

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Emerging Issues: Cybersecurity. Directors College 2015

The APEC Model. Global Partnership through Regional Initiatives

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

locuz.com SOC Services

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Phishing Activity Trends Report October, 2004

Cyber Security Roadmap

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

New Zealand National Cyber Security Centre Incident Summary

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

The commission communication "towards a general policy on the fight against cyber crime"

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Crisis Management Plan

Cyber Security in Smart Commercial Buildings 2017 to 2021

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cyber Attack: Is Your Business at Risk?

IT Security Trends. The Australian Perspective. a presentation by. Viviani Paz, Security Assurance Manager

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Advanced IT Risk, Security management and Cybercrime Prevention

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Stakeholders Analysis

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Are we breached? Deloitte's Cyber Threat Hunting

About Issues in Building the National Strategy for Cybersecurity in Vietnam

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Information Security Controls Policy

A practical guide to IT security

POSITION DESCRIPTION

Best Practices in Public Information Management in Sri Lanka. Presented by Nimal Athukorala D.C. Dissanayake

Cybersecurity Auditing in an Unsecure World

The GenCyber Program. By Chris Ralph

Australian Government Cyber-security Activities in the Pacific

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

NHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17)

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Cybersecurity The Evolving Landscape

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

CYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation

RSA INCIDENT RESPONSE SERVICES

Cyber Security Updates and Trends Affecting the Real Estate Industry

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

Understanding the Changing Cybersecurity Problem

Background FAST FACTS

AKAMAI CLOUD SECURITY SOLUTIONS

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Security & Phishing

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Cyber Threat Landscape April 2013

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Defining Computer Security Incident Response Teams

Implementation Strategy for Cybersecurity Workshop ITU 2016

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Cyber COBIT. Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM. December 2013

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Promoting Global Cybersecurity

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Security: Threat and Prevention

Phishing Activity Trends Report November, 2004

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

Security by Default: Enabling Transformation Through Cyber Resilience

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Transcription:

ITU Regional Cybersecurity Forum for Asia-Pacific Incident Management Capabilities Australia Country Case Study Graham Ingram General Manager AusCERT July 2008 Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 1

Responding to Attacks The nature of attacks have changed and Incident management/response has also changed Nature of attacks: Online identity theft (still) the number one threat to egovernment and ebusiness. Attacks on availability a close second State sponsored attacks and Terrorism The lines are blurred Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 2

Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 3

OECD A strategy for a global partnership against malware is needed to avoid it becoming a serious threat to the Internet economy and to national security in the coming years. Today, communities involved in fighting malware offer essentially a fragmented local response to a global threat. Malicious software, commonly known as malware, is software inserted into an information system to cause harm to that system or other systems, or to subvert them for uses other than those intended by their owners. Over the last 20 years, malware has evolved from occasional exploits to a global multi-million dollar criminal industry. Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 4

Technology Drivers Social Networking MSN Facebook Myspace Secondlife P2P Networking Web 2.0 Web Apps NGN Mobile Devices Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 5

National CERT Fire Brigade What is AusCERT doing? Monitoring and providing advice about threats and vulnerabilities Incident response and mitigation assistance for ongoing attacks Performing analysis of attacks and malware to understand the nature of the threat Central coordination and collation for data in order to develop metrics on how the threat is changing Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 6

Risk Management Stages Intelligence Used to inform all stages of the response chain by providing assessments of threats and vulnerabilities Deterrence A deterrence posture makes the attacker perceive the rewards as low and risks too high Prevention Preventative controls seek to minimise risk from vulnerabilities and exploitation Detection Detection works where prevention has failed. Early detection of high risk events minimises risk Response Detection has to be backed up by rapid response and mitigation Recovery Recovery seeks to minimise fraud risk and repair damage when previous steps have failed Not for further distribution without AusCERT permission. 7

Challenges for managing e- Security risks Low visibility of attackers, their tools, techniques, organisation & communications, end-to-end attack and response process Attacks can be difficult to detect, track and respond to Users can have little knowledge of how compromises took place and are often unwilling to confess to having disclosed information or infection Difficult to get comprehensive view of threats and impact of attacks across the enterprise Limited progress made in intelligence gathering and sharing with law enforcement Incident management is time consuming, isn t core business & requires specialist skills Not for further distribution without AusCERT permission. 8

Incident response To provide active support and reduce the impact for organisations and individuals who could not by themselves mitigate an attack or reduce their risk. Focuses on what is happening technically how to stop the incident often in real time What hosts (IP address) and domains are involved What is the technical functionality of the attack how to prevent it. Working with others Knowing who to contact Whether they can assist Having trust and credibility Getting them to assist Not for further distribution without AusCERT permission. 9

Incident response Agreed systematic handling procedures timely secure (eg, encryption) standardised and documented, eg, Consistent data acquisition and recovery forensically sound (if possible) Automated system monitoring and analysis tools For dealing with large volumes of complex incidents For automating incident response For generating reports of incidents and incident status Monitoring up and down times Consistent methodology over time Reduces duplication and improves timeliness and efficiencies Centralised data collection and submission Eg malware submission Standardised incident reports (eg structured web data) Not for further distribution without AusCERT permission. 10

Co-operative Response Structures Co-ordination Threat data repository Threat analysis Incident response Passive DNS Trend analysis Metrics Intelligence development CERTs Law enforcement But all parties must have a common agenda, methods and concepts, a shared purpose and a desire for the same outcome Banks, e-businesses Operational Co-ordination Network, Hosting, Domain Providers Academics, researchers Hardware /software providers Not for further distribution without AusCERT permission. 11

Model for Domestic and International Co-ordination Law Enforcement Law Enforcement National CERT National CERT Finance Sector Other Sectors Finance Sector Other Sectors LE CERT FS FS Not for further distribution without AusCERT permission. 12

Key requirements Better detection mechanisms to identify and track attacks Shared knowledge of attack methodologies and trends Rapid cross border incident response Better understanding of mitigation approaches Better access to quality data for analysis and assessments Capacity to deal with CERTs, industry (including vendors and ISPs), government and law enforcement Not for further distribution without AusCERT permission. 13

generic_picture_here Personal data Financial data Business data Copyright 2008 AusCERT Not for further distribution without AusCERT 14 permission. 14

Web app vulnerabilties The one class of server-side vulnerability that is still a hot favourite Largest volume attacks involve off-the-shelf PHP web applications Rather than scanning, specific vulnerabilities are searched for (e.g. using Google) then exploited Attack often automated bulk compromises Consequently, many cyber attacks are hosted on legitimate but compromised web sites. Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 15

Copyright 2008 AusCERT Not for further distribution without AusCERT permission. 16

On the web Copyright 2006 AusCERT Not for further distribution without AusCERT permission. 17 17

Copyright 2007 AusCERT Not for further distribution without AusCERT permission. 18

Crocs Case Study http://www.crocs.com.au/gd/images/pdmenu.php?sa=x iframe src http://analystic.cn/in.cgi?default meta-refresh http://analystic.in/mod/index.php http://analystic.in/mod/file.exe (.cn and.in same) 1 2 3 4 http://qipinfo.info/inc/ tasks/ac.txt (base64) Personal data Financial data Business data 8 http://frech.in/upd.exe http://frech.in/oi.exe http://frech.in/viola.exe Personal data Financial data Business data 5 star hotel in Moscow http://frech.in/img/c.php? userid=16062008_23230 3_168078 Copyright 2008 AusCERT Not for further distribution without AusCERT 19 permission. 19 5 6 7

Response Require initiatives that will improve cyber security and prevent and mitigate impact of cyber crime nationally and internationally, eg Improved detection and analysis methods and systems improved fraudulent domain deregistration procedures and timeliness Improved procedures for closure of bots (compromised machines being used to support cyber crime) Improved quality of security advice and awareness initiatives Need for better understanding of the nature of the cyber threats and vulnerabilities by those assessing risk Copyright 2007 AusCERT Not for further distribution without AusCERT permission. 20

Thank you. www.auscert.org.au auscert@auscert.org.au Copyright 2007 AusCERT

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback