Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli...

www.defendza.com @defendzaltd

A Practical Approach to Threats & Detection

Are you ready for a Cyber Tsunami?

Harman Singh@digitalamli


What is the best place to hide a dead body?

of Google

Search results


Plan Calculus

First programming language

that used algorithms

1945

US ARPA

First Network to implement

TCP/IP Suite

1967

Personal Computers Invented

Kenbak-1 for 750$, sold 40

units. Micral N used

microprocessor

1970s

Alto Personal Computer

Xerox PARC developed Alto.

Bitmapped screen, and

demonstrated GUI

1973

WWW

Tim Berners-Lee created

World wide web at a swiss

laboratory

1990

Evolution of the field of computer science

reference: www.bestchoiceschools.com


SCADA

DCS

CNC Systems

Systems for monitoring & controlling

ICS

PLCs

RTUs

OT

Operational Technology


IT + OT Factories of future

Industrial Internet

CYBER SECURITY VIEW“Love is a temporary insanity curable by marriage.”


Make of that what you will…


tactics, techniques & procedures


• Basics - Circumvent censorship restrictions

Domain Fronting – Real World


❑ Straightforward process to setup domain front:o Define C2 in CDN distributions o Payload calls back to the CDNo CDN redirects C2 traffic to C2 servero Our payload will call back the ‘good’ CDN host,

that will redirect to C2 server

❑ Cloud providers say it’s ‘disabled’, it works.

Domain Fronting - Red Teaming Use Case


Single Factor

Two Factor

Multi-Factor

Something you know

Something you have

Something you are

Other flaws factors

Multi-Factor Authentication - Concepts

auth

In-Band Auth Out-of-Band Auth


Multi-Factor Authentication - Attacks

Social EngineeringUsing spear-phishing campaigns, for instance spoofed LinkedIn domain-based

phishing01Technology AttacksUnderlying technology in use for MFA factors such as SIM Swapping, SS7

attacks to capture SMS codes02

Endpoint AttacksUsing malicious software to steal the info such as codes, or stealing

cookies after authentication04Compromised 2FA SoftwareMore specialized technique using rogue software installation such as

drivers, smartcard-related software, by which it can manipulate or

replace the legit software.05

Integrated AssetsActive directory /smartcard , email hijacks06

Man-in-the-middle AttacksBy tricking the user into visiting a rogue website setup by an

attacker, and then stealing non-2FA token. 03


Phishing Attack Lifecycle

EMAILPhishing email containing link to

the spoofed page

MAGIC HAPPENSUser selects the file to run,.

LOGINUser is redirected to spoofed login

page to submit creds

C2 ESTABLISHEDConnected established with C2

servers

HARVESTCredentials are captured and sent

to the server.

User redirected to file download

prompt ‘Do you want to run

SSOLogin?’


Red Team Attack Overview

CS-2 [DNS] Internet

Attack Infra (Cloud) Target Organization

TS1 TS2

RSP Phish

C2-1 [CDN]CDN

Command Control Traffic

Phishing Link

Responder

TS1 , TS2 – AttackTeam serversC2-1 C2 using CDNC2-2 C2 using DNSPhish – Phish ServerRSP – Responder


security problems


No frills…


Business Side

➢Compliant but not secure▪ Do the ground work, no shortcuts will work.

➢ Tick Box Exercises▪ Understand business objectives and map to requirements

➢Golf Course Deals▪ Decision making to consider technical product evaluations▪ Examples


Example - Red Teaming isn’t for everyone. STOPwasting your budgets.

Golf course deals - Example


Business Side

➢ Lack of …▪ Stop cribbing, build a business case. If it’s management’s accountability, let

them own it. If it’s yours you must do it right.

Last but not the least, Remember that:

LESS IS MORERobert Browning’s ‘Andrea del Sarto’


Stop selling FUD. Sometimes it sells,

sometimes it doesn’t.

Vendor Side


A lame attempt at Indexing endless breaches….

AAdobe - 38 million worldwideApple - 225,000 users worldwide

BBritish Airways - 380,000 TransactionsButlin’s - 34,000 guest recordsBupa - 547,000 customers worldwide, 43,000 in UKBethesda- Unknown

CCash Converters 2 - Number affected was not revealedCathay Pacific - 9.4 million people

DDixons Carphone 2 - 10 million customers dataDeloitte


EEquifax - 15.2millionEvernote

FFacebook - 50 million worldwideFortnum and Mason - 23,000

GThe Government - 25 million child benefit recordUniversity of Greenwich - exposed the personal data around 20,000 students

HHSBC - undisclosed number of mortgage customersHSBC - Online Banking (USA So far)Heathrow Airport

…. So on

Source : https://community.monzo.com/t/the-hack-list/46880


the practical 10 pointer


Practical 10 Pointer Approach – 1/4

Essential component for a proactive web application

security conscious asset

THREAT MODELLING

Segregation is a must at code, network and privilege

level

SEGREGATION

Important to detect and prevent insecure coding

practices

SECURE CODING

Loads and loads of SME’s are in this bracket –

threat modelling should be integrative and agile

involving collaboration between security,

development, and operations teams

OWASP Thread Modelling is a good start

Deploy secure coding approaches that focus on

detecting unsafe and insecure coding practices

Secure coding should be integrated into the

development process regardless of the device,

or environment used while programming

Network level segregation b/w production and

corporate

Segregation where code is deployed and

staging environments



Secure hardening configuration , validation using

penetration testing and red teaming style exercises

SECURE INFRASTRUCTURE

Trusted partners of your business must be trusted

using technical controls

SUPPLY CHAIN

Privilege access management restricts access in a

number of scenarios such as stolen credentials, or

inside attackers

ACCESS MANAGEMENT

Penetration Testing for validation purposes. Eg,

AD based protection choices are massive now

Secure Hardening practices across end points,

server segments, networks, perimeter, etc.

Makes it easier before going live or enrolling

devices into production environment.

Privileged accounts should be more restrictive,

practice what you preach for IT teams

Least privilege principle along with defense in

depth approach

Third Party Supply Chain hacks are everywhere

No tick in the box please!

Enforce it via SLA’s.



Establish anti-malware defences at perimeter (if

there is one) and endpoint level

MALWARE PROTECTION

Having incident management plans along with

periodic testing during testing times

INCIDENT MANAGEMENT

Awareness of cyber risks would help improving the

weakest link in cyber kill chain

SECURITY AWARENESS

Producing relevant policies and establishing

anti-malware protections across the estates

Peripheral device usage restrictions

Go less on shopping, more solutions like

Applocker

Probably the weakest link in the cyber kill

chain?

Maintain continuous awareness and validation

to review your ongoing projects

Ensure ground level support by widening your

approach from senior management buyouts

Establish incident response and disaster

recovery /backup capability

TEST. TEST. TEST!

Provide trainings to the staff and report

criminal incidents to authorities. Don’t pay

ranoms



Logging relevant events and monitoring for

anomalies to help reduce the reaction time

LOGGING & MONITORING

Logging what you need, not what seems right.

Ensure it’s centralised or on separate

segments/devices than primary assets.

Monitoring is possible with good logging

combined with analysis job, to ensure

anomalies are caught in time. CONTINUOUSLY!


The following useful guides are available for free. ✓ Buyer’s guide to security✓ 10 Pointer Risk Management✓ Security Awareness Image Quotes

Drop an email to the below address:

[email protected] Innovation Forum,

51 Frederick Road

Salford M6 6FP

PHONE+ 0203 916 5444

+ 161 743 3495-97

EMAIL/[email protected]

@defendzaltd

WEBwww.defendza.com

(under construction )

mailto:[email protected]

http://www.defendza.com/

Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli...

Documents

Transcript of Are you ready for a Cyber Tsunami?...Are you ready for a Cyber Tsunami? Harman Singh @digitalamli...