Cyber Security in the Brave New World

Abhishek DeEtihad Aviation Group

THE WHISTLERS

THE WHISTLERS

THE WHISTLERS

50 YEARS LATER… 

WHOSE HACK is it ANYWAY

Old school Identity Hacks IRS Scam

Easy like Friday Morning Apple Facetime bug

Smart and Discreet British Airways Hack Homograph Attack – Unicode Characters

State SponsoredRansomware - WannaCry/NotPetya/Stuxnet

Futuristic (or is it)Wireless Carjacking

Homograph Attack

Homograph attack is a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters.

Try opening this website on Chrome 58 (and earlier) or any version of Firefox

https://xn‐‐80ak6aa92e.com/

Homograph Attack

Homograph Attack

Looks perfectly valid , however examining the certificate reveals something else

Punycode is a way to represent Unicode within thelimited character subset of ASCII used for Internet hostnames. This allows the display of internationalizeddomain names (IDNs) in languages that don’t use theLatin alphabet .For example the Punycode domain “xn‐‐bcher‐kva.ch“ will show up in your browser as“Bücher.ch“.

Browsers have mechanisms in place to limit IDNhomograph attacks, however the mechanism fails ifevery characters is replaced with a similar character froma single foreign language. The domain "аррӏе.com",registered as "xn–80ak6aa92e.com", bypasses the filterby only using Cyrillic characters

Things that make you go HMMMMMM

A proposition – The internet enabled toothbrush

Traditional Security Layers -

Network PerimeterNetwork Perimeter

Internal Network

Hosts

Applications

Data

Network Perimeter

Internal Network

Hosts

Applications

Data

Additional Security Layers -

Network PerimeterGovernance, Policies , Procedures & Awareness

Governance, Policies , Procedures & Awareness

Environmental & Physical Security

Network Perimeter

Internal Network

Hosts

Applications

Data

Cyber Kill Chain Methodology

Cyber Kill Chain MethodologyPHASE Detective Controls Preventive Controls

Reconnaissance Firewall , Perimeter Security

IPS, APT

Malware Analysis

SIEM configuration

Web Application Firewall

Endpoint Detection and Response 

Audit Logs/File Integrity

DLP/UTM

SOC Effectiveness

Red team/Blue team exercises

Security Awareness

Network Segregation

Trust Zones

Systematic Patching

Sandboxing

Privilege Management

Weaponization

Delivery

Exploitation

Installation

C&C

Actions on Objective

Building Resilience – a few pointers

Identification of Entry/Exit Points Internet Public facing applications/IP’sWireless Integration with ‘Trusted’ parties Cloud integration

Network & Infrastructure Asset Inventory Controls Network Access Controls Minimum Baseline Security Configuration Administrative privileges control Patching Endpoint Detection & Response Credential Management Encryption ( data at rest) Email Controls (Spoofing/Spearphishing)

Building Resilience – a few pointers

End User Controls Endpoint Detection & Response Centralized Identity Management Credential Management Internet Access/ Email Access Employee Separation

Security Awareness Computer Based Training/Learning Acceptable Use Spot Awareness – Screensavers/Corporate Communication Information Security Newsletter

And lastly TEST, TEST and TEST and then TEST , TEST and TEST again !!!

THANK YOU