MODERN MALWARE, MODERN DEFENSES AND PROTECTION

Similar documents
InfoSec Risks from the Front Lines

Understanding the Changing Cybersecurity Problem

Designing and Building a Cybersecurity Program

NW NATURAL CYBER SECURITY 2016.JUNE.16

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

CYBERSECURITY MATURITY ASSESSMENT

Emerging Issues: Cybersecurity. Directors College 2015

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Copyright 2011 Trend Micro Inc.

External Supplier Control Obligations. Cyber Security

Cybersecurity Today Avoid Becoming a News Headline

ANATOMY OF AN ATTACK!

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Appendix A. Syllabus. NIST Cybersecurity Foundation. Syllabus. Status: First Draft

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Securing Industrial Control Systems

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Compliance vs Competence: Cyber Security Management for Data Centers. Dr. Suku Nair University Distinguished Professor and Chair, SMU

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Critical Hygiene for Preventing Major Breaches

June 2 nd, 2016 Security Awareness

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

National Policy and Guiding Principles

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

ABB Ability Cyber Security Services Protection against cyber threats takes ability

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Certified Ethical Hacker (CEH)

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

The Office of Infrastructure Protection

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

IT Security Update on Practical Risk Mitigation Strategies

Defending Our Digital Density.

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Medical Device Cybersecurity: FDA Perspective

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cyber Security & Homeland Security:

Building Resilience in a Digital Enterprise

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Cyber Fraud What can you do about it?

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Implementing Executive Order and Presidential Policy Directive 21

A Common Cyber Threat Framework: A Foundation for Communication

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

CYBER SECURITY AIR TRANSPORT IT SUMMIT

IT Security Update on Practical Risk Mitigation Strategies

2017 Annual Meeting of Members and Board of Directors Meeting

10 FOCUS AREAS FOR BREACH PREVENTION

Cybersecurity The Evolving Landscape

Cybersecurity Survey Results

Cyber Risk in the Marine Transportation System

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Port Facility Cyber Security

EFFECTIVE DEFENCE In a connected world. Philippe COTELLE, Airbus Defence and Space 2016, Nov 4th

K12 Cybersecurity Roadmap

Certified Information Security Manager (CISM) Course Overview

Cybersecurity in Government

Must Have Items for Your Cybersecurity or IT Budget in 2018

Cybersecurity and Nonprofit

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Cyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security

Next Generation Authentication

Stopping Advanced Persistent Threats In Cloud and DataCenters

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

NOSAC. Phase I and Phase II FINAL REPORT

CloudSOC and Security.cloud for Microsoft Office 365

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cybersecurity for Health Care Providers

CISO as Change Agent: Getting to Yes

Assessing Your Incident Response Capabilities Do You Have What it Takes?

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

IoT & SCADA Cyber Security Services

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Critical Infrastructure Sectors and DHS ICS CERT Overview

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Transcription:

MODERN MALWARE, MODERN DEFENSES AND PROTECTION Mario Chiock, CISSP, CISM, CISA chiock@slb.com

TAKEAWAYS Current Cybersecurity Landscape Recent data breaches / incidents Executive Order 13636 / Cybersecurity Framework Strategies to better protect the Oil & Gas industry

Traditional Security is Insufficient Advanced Persistent Threats (BYOD) Empowered Employees (CLOUD) Elastic Perimeter Copyright 2012 Trend Micro Inc.

LIFE CYCLE OF A MODERN ATTACK Threat Actor Command and Control System Drop Site Look for victims Targeting Infiltration Cmd & Control Communications Exfiltration Initial Intrusion Maintain Persistence Dropper malware with embedded RAT Obtain user Credentials Reconnaissance Install utilities Propagation Lateral Movements Privilege Escalation Data Collection

FIND TARGETS Google Wikipedia Zabasearch Shodam Robtex ZoomInfo Facebook Tweeter LinkedIn Yelp Google+ Pinterest

STEP ONE : BAIT AN END USER Use a Zero Day exploit Spear Phishing Social Media

STEP TWO : EXPLOIT A VULNERABILITY

STEP THREE: DOWNLOAD A BACKDOOR

PEER TO PEER BOTNET

WHACK-A-MOLE SECURITY

ACTORS USING EXPLOSIONS IN BOSTON AS A LURE

MOST COMMON TYPES OF CYBER ATTACKS

DATA BREACHES

SAUDI ARAMCO - SHAMOON 30,000 machines Insider Exploiting privilege account Use of default passwords Use of share accounts

MALWARE THREATENING OFFSHORE RIG SECURITY http://fuelfix.com/blog/2013/02/25/malware-on-oil-rig-computers-raises-security-fears/

http://www.houstonchronicle.com/business/energy/article/malware-on-oil-rig-computers-raises-security-fears-4301773.php OTHER CYBER ATTACK TO OIL & GAS http://www.computerweekly.com/news/1280095257/exxon-shell-bp-hacked-in-night-dragon-attacks

HACKERS BREAK INTO CORPORATE SYSTEMS THROUGH VENDING MACHINES AND ONLINE RESTAURANT MENUS http://www.allgov.com/news/unusual-news/hackers-break-into-corporate-systems-through-vending-machines-and-online-restaurant-menus-140409?news=852874

PHISHING STILL HOOKS ENERGY WORKERS http://fuelfix.com/blog/2013/12/22/phishing-still-hooks-energy-workers/

INSURERS WON T COVER ENERGY COMPANIES BECAUSE THEIR CYBERSECURITY IS TOO WEAK http://it-lex.org/insurers-wont-cover-energy-companies-cybersecurity-weak/

EXECUTIVE ORDER 13636 Executive Order 13636 Improving Critical Infrastructure Cybersecurity Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and Resilience NIST - Cybersecurity Framework (the Framework) DHS - The Critical Infrastructure Cyber Community C3 C2M2 - Cybersecurity Capability Maturity Model

EXECUTIVE ORDER -- IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY ( FEBRUARY 12, 2013) Calls for improved cybersecurity Critical Infrastructure Systems & Assets/ Virtual or Physical that could impact national security Calls to enhance resiliency Policy Coordination Follow Presidential Policy Directive 1 ( PPD1) of Feb. 13, 2009 Cybersecurity Information Sharing ISAC s Privacy and Civil Liberties Protections Consultative Process The Secretary shall establish a consultative process to coordinate improvements to the cybersecurity of Critical Infrastructure. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure Voluntary Critical Infrastructure Cybersecurity Program. Identification of Critical Infrastructure at Greatest Risk. Adoption of Framework

PRESIDENTIAL POLICY DIRECTIVE/PPD-21 CRITICAL INFRASTRUCTURE SECURITY AND RESILIENCE 1. Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience; 2. Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and 3. Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure.

NIST CYBERSECURITY FRAMEWORK HTTP://WWW.NIST.GOV/CYBERFRAMEWORK/

NIST CYBERSECURITY FRAMEWORK Function Unique Identifier ID PR DE RS RC Function Identify Protect Detect Respond Recover Category Unique Identifier AM BE GV RA RM AC AT DS IP PT AE CM DP CO AN MI IM RP IM CO Category Asset Management Business Environment Governance Risk Assessment Risk Management Access Control Awareness and Training Data Security Information Protection Processes and Procedures Protective Technology Anamolies and Events Security Continuous Monitoring Detection Processes Communications Analysis Mitigation Improvements Recovery Planning Improvements Communications

DHS - THE CRITICAL INFRASTRUCTURE CYBER COMMUNITY C3 HTTP://WWW.US-CERT.GOV/CCUBEDVP

CYBERSECURITY CAPABILITY MATURITY MODEL HTTP://ENERGY.GOV/OE/CYBERSECURITY-CAPABILITY-MATURITY-MODEL-C2M2

STRATEGIES TO BETTER PROTECT THE OIL & GAS INDUSTRY Upgrade defenses with next-generation tools Layer protection base on need (example segment ICS from corporate network) Protect your data at rest ( HD Encryption / Digital Rights Management ) Use Multi Factor authentication - Passwords alone no longer secure Invest on Preparedness Join the ONG-ISAC Manage Privilege access

QUICK LOW COST SOLUTIONS & COUNTERMEASURES Remove Privilege access from users DNS sinkhole (http://handlers.sans.edu/gbruneau/sinkhole.htm ) Enable UAC ( User Account Control ) to max Enable / use AppLocker Block execution of tools like PsExec, PsLoggedOn, PsService & PsInfo Browser Check (https://browsercheck.qualys.com ) SNORT (http://www.snort.org ) Implement SPF (Sender Policy Framework - http://www.openspf.org )

WHAT ELSE CAN WE DO? Use Application white listing ( Antivirus is not effective ) Careful with your 3 rd Party User Next-Generation tools ( NGFW Next-Gent Threat prevention ) Phishing Social Engineering Invest in Preparedness First, Training & Awareness, Prevention Encrypt your Hard Drive Use Data Centric protection (Digital Rights Management) Watermark & Fingerprint highly sensitive documents

USEFUL ORGANIZATIONS TO JOIN InfraGard https://www.infragard.org/ ISSA http://www.issa.org/ ISACA https://www.isaca.org ICS-CERT US-CERT STOP-Think-Connect (http://www.dhs.gov/stopthinkconnect)

Questions?

WATCH OUT FOR Mobile devices malware Industrial controls Systems Automation equipment (Drilling Automation) Vehicles Internet of things Medical devices

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback