A Close Encounter with the Dark Side - A CIO's Account
Transcript of A Close Encounter with the Dark Side - A CIO's Account
A Close Encounter with the Dark Side - A CIO's Account
7 Nov 2016
Ken SohCIO, BH Global Corporation Ltd
• Supply Chain Management, Design, Manufacturing & Engineering Services for the Marine, Offshore, Oil & Gas Industry
• Since 1963, SGX Mainboard Listed in September 2005• Certified ISO 9001:2000, Global clienteles• Record turnover of SGD 101.6 million• 2,000+ active marine and offshore customers
Today’s Reality – Due To Advanced Threats
Think About It …
Attacks No Longer Limited To Enterprise Networks, but Critical Infra-Structures
Global Challenges
10 Mar 2015 Curtin SG’s website defaced by hackers claiming to represent ISIS14 Oct 2014 SMRT’s webpage hacked redirecting users to another page16 Sep 2014 The personal data of > 300,000 customers’ K Box posted online06 Jun 2014 Businessman fined S$8,000 for hacking into Istana website02 Jun 2014 SingPass: >1,500 users may have their accounts illegally accessed20 Nov 2013 The websites of 13 schools were defaced11 Nov 2013 Website of the Seletar Airport hacked08 Nov 2013 Webpage of the Istana hacked07 Nov 2013 Website of Prime Minister Office PMO hacked01 Nov 2013 A section of the Straits Times website was hacked28 Oct 2013 Official website of the Ang Mo Kio Town Council17 Oct 2013 People’s Action Party’s Community Foundation’s webpage
: :
Closer to Home: We Are Not Spared
Closer to Home: SME the Weakest Link
Case Study #1 - Common Ransomware
Case Study #1 - Common Ransomware
Case Study #1 - Common Ransomware
Case Study #1 - Common Ransomware
Case Study #1 - Common Ransomware
It could have been worse
• "There has been a spike in the number of ransomware cases reported this year," said Dan Yock Hau, director, operations, CSA.
• "In the whole of 2015, there were only 2 reported cases. In comparison, in the first eight months of 2016, 17 cases of ransomware have been reported to SingCERT.“
• "We believe that the number of victims is much higher as most cases tend to go unreported," said Mr Dan.
• "Hence, judging by global trends, the numbers are likely to escalate rapidly, given that ransomware has proven to be a lucrative monetisation tool," said Mr Dan.
Ransomware - Key Learning Points
•Off-line Backups
•Education and Awareness
•Strong Access Control
•Don’t Pay the Ransom
•Good Security Posture(Basic Assurance Framework)
-----Original Message-----
From: BHG – CEO [mailto:[email protected]]
Sent: Monday, October 03, 2016 5:27 PM
To: BHG - CFO <mailto:[email protected]>
Subject: Re: Transfer
CFO,
Can you make an international bank transfer today? Let me know so I can send the information to the bank account.
SINCERELY
CEO
Case Study #2 - CEO Phishing Scam
•Verification Process for Sensitive Functions
• Education and Awareness
•Attack could be multi-vector, e.g. Socially Engineered
•Good Security Posture(Basic Assurance Framework)
CEO Phishing Scam - Key Learning Points
Enterprise Network
Internet
Case Study #3 - Advanced Threats
Command & Control
Expert in SCADA Security Vulnerability Testing, Training and Education
Case Study #3 - Advanced Threats
The Dam Gate Control Function was penetrated and accessed via internet within 7 hours of consented hacking
Case Study #3 - Advanced Threats
World-Class Hacking Competition Winner Since 2010
Case Study #3 - Advanced Threats
Enterprise Network
Internet
Vulnerability Assessment & Pen Testing (VAPT)
Case Study #3 - Advanced Threats
We Have Uninvited Guests!
-------------+---------------+----------------------------+--------------------------------------------------------------+---------------------+---------------------+| Name | ID | E-mail | Password -<?=password_hash("passwd", PASSWORD_DEFAULT); ) | Reg Date | Last Login Date |+---------------+---------------+----------------------------+--------------------------------------------------------------+---------------------+---------------------+| Super User | admin | [email protected] | $2yA10$ROt5Isp2LF0RDMmTG7FuQeKPpfyM2ZxpcrBLZ/4RwI/6sfoNErBIa | 2014-10-07 02:09:37 | 2015-11-26 08:34:30 || Admin User| adminuser | [email protected] | $2y$10$TnrsCCJ7FctmvCgcptJQqOgFzOb75AX1dWebiwc2v5Mt5PbWpUe9. | 2014-10-21 08:27:57 | 0000-00-00 00:00:00 || Ajihxtyax | Ajihxtyax | [email protected] | $2y$10$J9sCVn3aq9RNLGDpJ3kll.1P9.Z1aEdPZ55qVUI3OF8EDCC6Jf70K | 2014-12-25 19:49:18 | 0000-00-00 00:00:00 || acdrgbddrejos | acdrgbddrejos | [email protected] | $2y$10$reJFb.VUR0ohe0rE5ml1jeHiTCzvFMfSZCdI/Vr0Efs5p2S5D.XWy | 2015-08-03 06:31:41 | 0000-00-00 00:00:00 |+---------------+-------------
Case Study #3 - Advanced Threats
• Importance of VAPT
• Education and Awareness
• Basic Assurance Framework
Advanced Threats - Key Learning Points
Basic Assurance Framework – The “Do’s”
• Deep Cyber VAPT Risk AssessmentAlways Unique, Track Record
• Non-conventional Protection InstrumentsBeyond just ”Detect and Eliminate”
• OT and IT Security AwarenessSpecialized IT & OT Security Training
• Breach Response “Emergency Button” Part of BCM and ERM framework
• Coverage and Protection Financial, Reputational loss etc
Deep Cyber VAPT
IncidentResponse
Multi-level Training
SanitizationIsolation Tools
CyberInsurance
Common Don’t Don’t
• Don’t Respond to Phishing e-Mails
• Don’t Open Suspicious e-Mail Attachments
• Don’t Download from Unfamiliar Websites
• Don’t Visit Undesirable Websites
• Don’t Write your Password Anywhere
• Don’t Respond to any Password Request
• Don’t Leave your PC Unlocked Unattended
• Don’t Login to Accounts in Public PCs
• Where is our off-line backup?
Ken Soh
Disclaimer: The opinions expressed in this presentation are solely those of the presenter and not necessarily
those of BH Global Corporation Ltd nor Athena Dynamics Pte Ltd. Neither BH Global Corporation Ltd, Athena
Dynamics Pte Ltd nor the presenter guarantees the accuracy or reliability of the information provided herein.
Not for Distribution. No part of this presentation materials may be distributed/reproduced without the presenter's
expressed consent
Thank You