A Close Encounter with the Dark Side - A CIO's Account

A Close Encounter with the Dark Side - A CIO's Account

7 Nov 2016

Ken SohCIO, BH Global Corporation Ltd

[email protected]

• Supply Chain Management, Design, Manufacturing & Engineering Services for the Marine, Offshore, Oil & Gas Industry

• Since 1963, SGX Mainboard Listed in September 2005• Certified ISO 9001:2000, Global clienteles• Record turnover of SGD 101.6 million• 2,000+ active marine and offshore customers

Today’s Reality – Due To Advanced Threats

Think About It …

Attacks No Longer Limited To Enterprise Networks, but Critical Infra-Structures

Global Challenges

10 Mar 2015 Curtin SG’s website defaced by hackers claiming to represent ISIS14 Oct 2014 SMRT’s webpage hacked redirecting users to another page16 Sep 2014 The personal data of > 300,000 customers’ K Box posted online06 Jun 2014 Businessman fined S$8,000 for hacking into Istana website02 Jun 2014 SingPass: >1,500 users may have their accounts illegally accessed20 Nov 2013 The websites of 13 schools were defaced11 Nov 2013 Website of the Seletar Airport hacked08 Nov 2013 Webpage of the Istana hacked07 Nov 2013 Website of Prime Minister Office PMO hacked01 Nov 2013 A section of the Straits Times website was hacked28 Oct 2013 Official website of the Ang Mo Kio Town Council17 Oct 2013 People’s Action Party’s Community Foundation’s webpage

: :

Closer to Home: We Are Not Spared

Closer to Home: SME the Weakest Link

Case Study #1 - Common Ransomware

Case Study #1 - Common Ransomware

It could have been worse

• "There has been a spike in the number of ransomware cases reported this year," said Dan Yock Hau, director, operations, CSA.

• "In the whole of 2015, there were only 2 reported cases. In comparison, in the first eight months of 2016, 17 cases of ransomware have been reported to SingCERT.“

• "We believe that the number of victims is much higher as most cases tend to go unreported," said Mr Dan.

• "Hence, judging by global trends, the numbers are likely to escalate rapidly, given that ransomware has proven to be a lucrative monetisation tool," said Mr Dan.

Ransomware - Key Learning Points

•Off-line Backups

•Education and Awareness

•Strong Access Control

•Don’t Pay the Ransom

•Good Security Posture(Basic Assurance Framework)

-----Original Message-----

From: BHG – CEO [mailto:[email protected]]

Sent: Monday, October 03, 2016 5:27 PM

To: BHG - CFO <mailto:[email protected]>

Subject: Re: Transfer

CFO,

Can you make an international bank transfer today? Let me know so I can send the information to the bank account.

SINCERELY

CEO

Case Study #2 - CEO Phishing Scam

mailto:[email protected]



•Verification Process for Sensitive Functions

• Education and Awareness

•Attack could be multi-vector, e.g. Socially Engineered

•Good Security Posture(Basic Assurance Framework)

CEO Phishing Scam - Key Learning Points

Enterprise Network

Internet

Case Study #3 - Advanced Threats

Command & Control

Expert in SCADA Security Vulnerability Testing, Training and Education


The Dam Gate Control Function was penetrated and accessed via internet within 7 hours of consented hacking


World-Class Hacking Competition Winner Since 2010


Enterprise Network

Internet

Vulnerability Assessment & Pen Testing (VAPT)


We Have Uninvited Guests!

-------------+---------------+----------------------------+--------------------------------------------------------------+---------------------+---------------------+| Name | ID | E-mail | Password -<?=password_hash("passwd", PASSWORD_DEFAULT); ) | Reg Date | Last Login Date |+---------------+---------------+----------------------------+--------------------------------------------------------------+---------------------+---------------------+| Super User | admin | [email protected] | $2yA10$ROt5Isp2LF0RDMmTG7FuQeKPpfyM2ZxpcrBLZ/4RwI/6sfoNErBIa | 2014-10-07 02:09:37 | 2015-11-26 08:34:30 || Admin User| adminuser | [email protected] | $2y$10$TnrsCCJ7FctmvCgcptJQqOgFzOb75AX1dWebiwc2v5Mt5PbWpUe9. | 2014-10-21 08:27:57 | 0000-00-00 00:00:00 || Ajihxtyax | Ajihxtyax | [email protected] | $2y$10$J9sCVn3aq9RNLGDpJ3kll.1P9.Z1aEdPZ55qVUI3OF8EDCC6Jf70K | 2014-12-25 19:49:18 | 0000-00-00 00:00:00 || acdrgbddrejos | acdrgbddrejos | [email protected] | $2y$10$reJFb.VUR0ohe0rE5ml1jeHiTCzvFMfSZCdI/Vr0Efs5p2S5D.XWy | 2015-08-03 06:31:41 | 0000-00-00 00:00:00 |+---------------+-------------


• Importance of VAPT

• Education and Awareness

• Basic Assurance Framework

Advanced Threats - Key Learning Points

Basic Assurance Framework – The “Do’s”

• Deep Cyber VAPT Risk AssessmentAlways Unique, Track Record

• Non-conventional Protection InstrumentsBeyond just ”Detect and Eliminate”

• OT and IT Security AwarenessSpecialized IT & OT Security Training

• Breach Response “Emergency Button” Part of BCM and ERM framework

• Coverage and Protection Financial, Reputational loss etc

Deep Cyber VAPT

IncidentResponse

Multi-level Training

SanitizationIsolation Tools

CyberInsurance

Common Don’t Don’t

• Don’t Respond to Phishing e-Mails

• Don’t Open Suspicious e-Mail Attachments

• Don’t Download from Unfamiliar Websites

• Don’t Visit Undesirable Websites

• Don’t Write your Password Anywhere

• Don’t Respond to any Password Request

• Don’t Leave your PC Unlocked Unattended

• Don’t Login to Accounts in Public PCs

• Where is our off-line backup?

Ken Soh

[email protected]

Disclaimer: The opinions expressed in this presentation are solely those of the presenter and not necessarily

those of BH Global Corporation Ltd nor Athena Dynamics Pte Ltd. Neither BH Global Corporation Ltd, Athena

Dynamics Pte Ltd nor the presenter guarantees the accuracy or reliability of the information provided herein.

Not for Distribution. No part of this presentation materials may be distributed/reproduced without the presenter's

expressed consent

Thank You

A Close Encounter with the Dark Side - A CIO's Account

Documents

Transcript of A Close Encounter with the Dark Side - A CIO's Account