Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex...
-
Upload
prosper-jones -
Category
Documents
-
view
216 -
download
0
Transcript of Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex...
![Page 1: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/1.jpg)
Threat Briefing
![Page 2: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/2.jpg)
Objectives• Appreciate the threat• To learn some of the more creative and
complex ways organizations are being attacked through the Internet today
• To understand how to organize more effective collaborative responses to these threats in the future
![Page 3: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/3.jpg)
Stages of computer attack
1. Reconnaissance (gather information about the target system or network)
2. Probe and attack (probe the system for weaknesses and deploy the tools)
3. Toehold (exploit security weakness and gain entry into the system)
4. Advancement (advance from an unprivileged account to a privileged account)
5. Stealth (hide tracks; install a backdoor)
6. Listening post (establish a listening post)
7. Takeover (expand control from a single host to other hosts on network)
“Catapults and grappling hooks: The tools and techniques of information warfare,” http://www.research.ibm.com/journal/sj/371/boulanger.html
![Page 4: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/4.jpg)
Attack Structure/Path
![Page 5: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/5.jpg)
Cost vs. Risk
Figures from the 2005 CSI/FBI Computer Crime Survey (http://www.usdoj.gov/criminal/cybercrime/FBI2005.pdf)
Ranked by Prevalence Ranked by Loss
![Page 6: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/6.jpg)
Principle Threat Categories
• Disruption• Extortion / crime• Espionage• Fraud
![Page 7: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/7.jpg)
Disruption• Denial of Service Attacks
– “Script kiddies” attackingfor pleasure
– Competitive Advantage– Extortion– Political statement
• Accident– Natural Disaster (flood,
earthquake, …)– Man-made
• Accidental (digging up fiber optic cable)• For Malicious Purposes
![Page 8: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/8.jpg)
Extortion
• Distributed Denial of Service (DDoS) attacks– Online gaming industry, Porn sites…– Anything time sensitive (e.g., stock trading,
holidays, major sporting events), or when majority of revenue derived online, are potential targets
• Encryption of files on hard drivehttp://news.com.com/Antivirus+expert+Ransomware+on+the+rise/2100-7355_3-6157092.html
![Page 9: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/9.jpg)
Espionage• Targeted “spam” with trojan horse, dropped
USB thumb drives, etc.– Executable attachments– Media files, documents, embedded content– Key loggers or “root kits” installed– Data exfiltrated by POST or reverse tunnel
through firewall• Wireless sniffing• Surplused equipment!
http://www.computer.org/portal/cms_docs_security/security/v1n1/garfinkel.pdf
![Page 10: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/10.jpg)
Fraud
• Unauthorized access to steal data, media
• Phishing (social engineering via email)• Key logging, or screen capture (attack
virtual keyboards)• Attacking Javascript cryptography• HTTP POST interception
![Page 11: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/11.jpg)
Victim sites
![Page 12: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/12.jpg)
Responding
• The OODA Loop• Coordination• Working with Law Enforcement• Striking back?
![Page 13: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/13.jpg)
The OODA Loop
O
A
DOObserve
Orient
Decide
Act
Time
![Page 14: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/14.jpg)
Observe & Orient
![Page 15: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/15.jpg)
Decide & Act
Source: AF2025 v3c2, http://csat.au.af.mil/2025/volume3/vol3ch02.pdf
![Page 16: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/16.jpg)
Controlling speed through the OODA Loop
• To speed up your loop– Get better information
sooner– Access new and stored
information quicker– Correlate and fuse
information quickly– Increase understanding
of tools/tactics– Automate decision
making and actions
• To slow down your adversary’s loop– Change the landscape
(force reconnaissance)– Act in unobservable
ways– Mix conventional/
unconventional actions– Give the adversary false
information (and/or “noise”)
– Keep the adversary guessing
![Page 17: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/17.jpg)
Coordination• Data Collection• Data Fusion• Data Dissemination• Action in relationship
(time, location, function)• Capacity to work
together• OPSEC considerations
(attacker reading your email)
![Page 18: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/18.jpg)
Working with LE
MilitaryIntelligenceCommunity
Law Enforcement
Private Sector• Law Enforcement
central to integrated public/private response
• LE can do things that private sector cannot (e.g., search/seizure)
• International LE coordination on cybercrime is working (e.g., Zotob case in Turkey)
![Page 19: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/19.jpg)
“Strike-back” vs. other Active Response Actions
• Fight DDoS with DDoS (No way)• Pre-emptive DoS (Highly unlikely)• Retribution (Very risky)• Back tracking (Risky)• Information gathering (Less risky)• Ambiguity/dynamism (Least risky)
![Page 20: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/20.jpg)
Conclusions• Future responses must be MORE collaborative,
LESS isolated• Identifying the structure of attack, and acting in
deliberate ways (rather than simply reacting to discrete events) is important
• Increase training, outreach capacity• Collaborative/cooperative response will become
essential (lots of opportunities to optimize)• There is much research and learning left to do…
![Page 21: Threat Briefing. Objectives Appreciate the threat To learn some of the more creative and complex ways organizations are being attacked through the Internet.](https://reader035.fdocuments.net/reader035/viewer/2022062720/56649efb5503460f94c0e9c8/html5/thumbnails/21.jpg)
Questions