Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Cyber Security Threats - Lowy Institute - richmedia

advertisement 
Cyber Security Threats
Dr Paul Twomey
The Lowy Institute for International Policy
8 September 2010
Property of Argo Pacific Pty Ltd
0
What is the Internet?
•
Three layers
•
All have vulnerabilities
Property of Argo Pacific Pty Ltd
1
The Transit Layer
Property of Argo Pacific Pty Ltd
2
Property of Argo Pacific Pty Ltd
3
The Application Layer
Property of Argo Pacific Pty Ltd
4
And while we have been going from this…
Property of Argo Pacific Pty Ltd
5
Property of Argo Pacific Pty Ltd
6
Business has been aggregating data and risk at an
unprecedented rate…
5. Fully Integrated
information based
Business
Degree of Data Digitization
4. Technology Integration
3. Transactional systems
2. Storing Information
1.Messaging
Spectrum of Risk
And our physical infrastructure has become
intertwined and reliant on our cyber infrastructure
Source: DHS, "Securing the Nation’s Critical Cyber Infrastructure
Property of Argo Pacific Pty Ltd
We have developed the myth that technology can be an
effective fortress – we can have security
Traditional focus on:
• Better Firewalls
• Boundary Intrusion Detection
• Critical Offsite Capacity
• Compliance Certification
False myths:
• IT staff = security staff
• Compliance failure is the main
source of risk
• Being compliant = being safe
Property of Argo Pacific Pty Ltd
9
But this concept of security is false – the Internet is
fundamentally open
Facts:
• We don’t know what’s on our own nets
• What’s on our nets is bad, and existing
practices aren’t finding everything
• Threat is in the “interior”
• Threat is faster than the response
• “Boundaries” are irrelevant
• We don’t know what is on our partner’s
nets nor on the points of intersection
• Compromises occur despite defenses
• Depending on the motivation behind
any particular threat, it can be a
nuisance, costly or mission threatening
Global Internet
The critical capability it do develop real time response
and resiliency
Property of Argo Pacific Pty Ltd
10
Some types of Cyber Threats
Type
Motivation
Target
Method
Information
Warfare
Military or political
dominance
Critical
infrastructure,
political and
military assets
Attack, corrupt,
exploit, deny,
conjoint with
physical attack
Cyber Espionage
Gain of intellectual
Property and
Secrets
Governments,
companies,
individuals
Advanced
Persistent Threats
Cyber Crime
Economic gain
Individuals,
companies,
governments
Fraud, ID theft,
extortion, Attack,
Exploit
Cracking
Ego, personal
enmity
Individuals,
companies,
governments
Attack, Exploit
Hactivism
Political change
Governments,
Companeis
Attack, defacing
Cyber Terror
Political change
Innocent victims,
recruiting
Marketing,
command and
control, computer
based voilence 11
Property
of Argo
Pacific Pty
Source:
analysis,
DrLtd
Irv
Lachov
Cyber crime and cyber espionage are having real
impacts
•
•
•
•
•
•
•
•
Estimated $1 Trillion of intellectual property stolen each year (Gartner & McAfee, Jan 20
09)
Cybercrime up 53% in 2008 (McAfee)
Topped $20 Billion at financial institutions
Reported cyber attacks on U.S. government computer networks climbed 40% in 2008
Sensitive records of 45,000 FAA workers breached (Feb 09)
Chinese stole design secrets of all U.S. nuclear weapons (Michelle Van Cleave)
U.S. nuclear weapons lab is missing 69 computers (Feb 09)
Cost to repair average 2008 data breach = $6.6 Million
Source: Report of the CSIS Commission on Cybersecurity for the 44th Presidency
Property of Argo Pacific Pty Ltd
12
Critical infrastructure and cyber attack
•
•
•
•
Infrastructure vulnerable to cyber
attack
– Power grid
– Water
– Communications
– Banking, etc.
Little barrier to skilled attackers
Software protections not current with
today’s threats
Coordinated physical and
cyber attack strategies could cripple
critical infrastructure
Source: Brenton Greene, Northrop Grumman
Property of Argo Pacific Pty Ltd
13
Corporate Brands Under Attack
•
•
•
•
U.S. companies have lost billions
in intellectual property to cyber
A third of companies surveyed said
a major security breach could put
them out of business
Terrorists finance their operations
Heartland Payment Systems (HPY)
suffered an intrusion that
compromised at least 130 million
consumer cards
Source: Brenton Greene, Northrop Grumman
Property of Argo Pacific Pty Ltd
14
The total cost of a data breach continues to rise.
Direct and Indirect data breach costs
US$ costs per record
Direct Cost: e.g. engaging forensic experts, outsourced hotline support, free credit
monitoring subscriptions, and discounts for future products and services.
Indirect Costs: e.g. in-house investigations and communication, and the value of customer
loss resulting from churn or diminished acquisition rates.
Property of Argo Pacific Pty Ltd
Source: The Ponemon Institute
15
The biggest cost growth is the churn of customers
affected or influenced by the breach
Component of Cost of data breach on a per victim basis
US$
•
•
Over the past four years lost business costs, created by abnormal churn or turnover of
customers, grew by more than $64 on a per victim basis, or a 38% overall percentage
increase.
Organizations in highly trusted industries such as banking, pharmaceuticals and
healthcare are more likely to experience high abnormal churn rates following a data
breach compared to retailers and companies with less direct consumer contact.
Property of Argo Pacific Pty Ltd
16
This is an international problem
Property of Argo Pacific Pty Ltd
17
Cyber risks are an increasing threat to sources of
enterprise capability and brand competitiveness
Extortion
• Phishing and pharming driving increased
customer costs, especially for financial
services sector
• DDOS extortion attacks
Now
Loss of intellectual
property/data
• National security information/export controlled
information
• Sensitive competitive data
• Sensitive personal/customer data
Now
Potential for disruption
• As part of cyber conflict
(i.e. Estonia)
• As target of cyber protest
(i.e. anti-globalization)
• eBusiness and internal administration
• Connections with partners
• Ability to operate and deliver core services
Emerging
Potential accountability for
misuse (i.e. botnets)
• Reputational hits; legal accountability
Now
Potential for data corruption
• Impact operations or customers through data
Future
Terrorism
• DDOS and poisoning attacks
• Focused attacks coordinated with physical
attacks
Emerging
Property of Argo Pacific Pty Ltd
18
Attacks are increasingly easy to conduct
Drivers: fear and impact
Email propagation of malicious code
Skill level needed by attackers
DDoS attacks
“Stealth”/advanced scanning techniques
Increase in worms
Sophisticated command
and control
Widespread attacks using NNTP to distribute attack
2008
Widespread attacks on DNS infrastructure
Executable code attacks (against browsers)
Anti-forensic techniques
Automated widespread attacks
Home users targeted
Distributed attack tools
Hijacking sessions
Internet social
engineering attacks
Widespread
denial-of-service
attacks
1990
Automated probes/scans
Packet spoofing
Increase in wide-scale
Trojan horse distribution
Techniques to analyze
code for vulnerabilities
without source code
Windows-based
remote controllable
Trojans (Back Orifice)
Attack sophistication
GUI intruder tools
Source: SE/CERT CC
Property of Argo Pacific Pty Ltd
19
Recent Incidents: Rise of the Professionals
Property of Argo Pacific Pty Ltd
20
Recent Incidents: Rise of the Professionals
•
•
•
•
F-35: WSJ article: “Computer spies have broken into the
Pentagon's $300 billion Joint Strike Fighter project -- the Defense
Department's costliest weapons program ever -- according to
current and former government officials familiar with the attacks” ...
China suspected
Google: Internet search company reveals existence of large-scale
computer intrusions, apparently coming from China with some
support from the state
US Electrical System: WSJ article: “Cyberspies have penetrated
the U.S. electrical grid and left behind software programs that could
be used to disrupt the system” … Russia and China suspected
Optus: In April 2010, customers of Optus, its partner internet
service providers, and a number of major corporate customers
suffered traffic degradation as a result of a distributed denial of
service attack sourced from China and aimed at a large,
unnamed Optus financial services customer.
Property of Argo Pacific Pty Ltd
21
Recent Incidents: Rise of the Professionals
•
•
•
Estonia: As part of unrest and pro-Russian riots in Tallinn, the
Internet-embracing nation undergoes massive online attacks from
ethnic Russians
Zeus Trojan: Zeus Trojan, capable of defeating the one-time
password systems used in the finance sector, targets commercial
bank accounts and has gained control of more than 3 million
computers, just in the US
Mariposa: "botnet" of infected computers included PCs inside more
than half of the Fortune 1,000 companies and more than 40 major
banks
Property of Argo Pacific Pty Ltd
22
Mass-scale hacking
•
•
•
•
•
It's ROI focused..
It's not personal. Automated attacks against mass targets, not specific individuals.
It's multilayer. Each party involved in the hacking process has a unique role and uses a
different financial model.
It's automated. Botnets exploit vulnerabilities and extract valuable data, conduct brute
force password attacks, disseminate spam, distribute malware and manipulate search
engine results.
Common attack types include:
• Data theft or SQL injections.
• Business logic attacks.
• Denial of service attacks.
Source: Amichai Shulman
Property of Argo Pacific Pty Ltd
23
Advanced Persistent Threats
•
•
•
•
•
It's very personal. The attacking party carefully selects targets based on political,
commercial and security interests. Social engineering is often employed.
It's persistent. If the target shows resistance, the attacker will not leave, but rather
change strategy and deploy a new type of attack against the same target.
Control focused. APTs are focused on gaining control of crucial infrastructure, such as
power grids and communication systems. APTs also target data comprised of intellectual
property and sensitive national security information.
It's automated, but on a small scale. Automation is used to enhance the power of an
attack against a single target, not to launch broader multi-target attacks.
It's one layer. One party owns and controls all hacking roles and responsibilities.
Source: Amichai Shulman
Property of Argo Pacific Pty Ltd
24
Cyber warfare?: Estonia cyber attacks
•
•
•
Started on April 27, 2007 and this attacks last about
3 weeks.
Series of attacks targeting government portals,
parliament portal, banks, ministries, newspapers and
broadcasters of Estonia.
Estonians claimed this attacks as a political attack
or revenge from Russians for the moving of a WWII
memorial.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
How the attacks took place
•
•
•
•
•
Weeks of cyber attacks followed, targeting government and banks,
ministries, newspapers and broadcasters Web sites of Estonia.
Some attacks took the form of distributed denial of service (DDoS)
attacks (using ping floods to expensive rentals of botnets).
128 unique DDOS attacks (115 ICMP floods, 4 TCP SYN floods and
9 generic traffic floods).
Used hundreds or thousands of "zombie" computers and pelted
Estonian Web sites with thousands of requests a second, boosting
traffic far beyond normal levels.
Attacker commanding other computers to bombard a web site with
requests for data, causing the site to stop working.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
How the attack took place …
•
The attack heavily affected infrastructures of all network:
 Routers damaged.
 Routing tables changed.
 DNS servers overloaded.
 Email servers mainframes failure, and etc.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
Impact
•
Inoperability of the following state and commercial bodies:
 The Estonian presidency and its parliament.
 Almost all of the country’s government ministries.
 Political parties.
 Three news organizations.
 Two biggest banks and communication’s firms.
 Governmental ISP.
 Telecom companies.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
How did Estonia respond?
•
•
•
•
•
Estonia's Computer Emergency Response Team (CERT) acted as a
coordinating unit, concentrating its efforts on protecting the most vital resources.
Closing down the sites under attacked to foreign internet addresses and
keep the sites only accessible to domestic users.
Cutting 99% of bogus traffic which was originated outside Estonia.
Implemented an online "diversion" strategy that made attackers hack sites that
had already been destroyed.
Implemented advanced filters to the traffic, then Cisco Guard was installed
to lower malicious traffic.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
Response included much help from others
•
•
•
•
•
Identification and further blockade of bots from root DNS servers.
CERT persuaded ISPs around the world to blacklist attacking computers which
overwhelm Estonia’s bandwidth.
Germany, Slovakia, Latvia, Lithuania, Italy and Spain supported and funded
CERT the hub in the Estonian capital Tallinn to protect the security.
Block all .ru domain.
The president gave up his own website and let them continue to attack it so
that they would not be able to destroying more critical things.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
International impact
•
•
•
•
The Estonian CERT analyze server logs and data to find out who is
behind the attacks.
NATO assisted Estonia in combating the cyber attacks and has voted to
work with member governments to improve cyber security.
NATO's new cyber-warfare center will be based in Tallinn.
Estonia called in July 2008 for an international convention on combating
computer-based attacks.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Property of Argo Pacific Pty Ltd
So who can do this?
State Actors
Definition: Nation States who engage in one or more types of cyber operations
Russian Federation
Kyrgyzstan
Ukraine
Estonia
Georgia
Ingushetia
Peoples Republic of
China
Taiwan
Israel
Iran
Palestinian National
Authority (Hamas)
Myanmar (Burma)
U.S.
Turkey
Pakistan
Germany
Zimbabwe
Australia
Source Jeffrey Carr, GreyLogic
Property of Argo Pacific Pty Ltd
State-Sponsored Actors
Definition: Non-state actors who are engaged by States to perform one or more
types of cyber operations.
Partial list of States known to or suspected of
sponsoring Actors
Russian Federation
Peoples Republic of China
Turkey
Iran
United States
Myanmar
Israel
Source Jeffrey Carr, GreyLogic
Property of Argo Pacific Pty Ltd
Non-State Actors
Definition: Non-state actors who engage in cyber crime and/or patriotic hacking
(aka hacktivists)
Too numerous too list
Source Jeffrey Carr, GreyLogic
Property of Argo Pacific Pty Ltd
War by proxy?
Kremlin Kids: We Launched the Estonian Cyber War
By Noah Shachtman
March 11, 2009 |
Wired.com
Like the online strikes against Georgia, the origins of the 2007 cyber
attacks on Estonia remain hazy. Everybody suspects the Russian
government was somehow behind the assaults; no one has been able
to prove it. At least so far. A pro-Kremlin youth group has taken
responsibility for the network attacks. And that group has a track record
of conducting operations on Moscow’s behalf.
Nashi ("Ours") is the "largest of a handful of youth movements created
by Mr. Putin’s Kremlin to fight for the hearts and minds of Russia’s
young people in schools, on the airwaves and, if necessary, on the
streets," according to the New York Times.
Yesterday, one of the group’s "commissars," Konstantin Goloskokov
(pictured), told the Financial Times that he and some associates had
launched the strikes. "I wouldn’t have called it a cyber attack; it was
cyber defense," he said. "We taught the Estonian regime the lesson that
if they act illegally, we will respond in an adequate way." He made
similar claims, in 2007.
If true, it would be only one in a long string of propaganda drives the
group has waged in support of the Kremlin. Not only has Nashi waged
intimidation campaigns against the British and Estonian ambassadors to
Moscow, and staged big pro-Putin protests. Not only has been it been
accused of launching denial-of-service attacks against unfriendly
newspapers. Last month, Nashi activist Anna Bukovskaya
acknowledged that the group was paid by Moscow to spy on other
youth movements. The project, for which she was paid about $1100 per
month, included obtaining "videos and photos to compromise the
opposition, data from their computers; and, as a separate track, the
dispatch of provocateurs," she told a Russian television channel.
Property of Argo Pacific Pty Ltd
35
The proliferation of capability into the hacker/criminal
world has enabled a blurring of actors and motivations
– a major challenge for any future international regime
for controlling national state cyber competition
Cyber
Warfare
Cyber
Espionage
Property of Argo Pacific Pty Ltd
Cyber
Crime
36
Strategic implications
•
•
•
•
Nation-states lose some control over conflict
Geopolitical analysis required
–Cyber conflict mirrors fighting on ground
Attribution and the false flag
–Concept: People’sWar
Is national security at risk?
–As with WMD, defense strategies unclear
–As with terrorism, success in media hype
Source: Cyberspace and the Changing Nature of Warfare
Kenneth Geers Nato Cooperative Cyber Defence Centre of
Excellence
Property of Argo Pacific Pty Ltd
37
The old rules collide with cyber reality
•
Foreign Relations Law(U.S.): “It is universally recognized, as a corollary of state
sovereignty, that officials in one state may not exercise their functions in the territory of
another state without the latter's consent.”
Source: Cyberspace and the Changing Nature of Warfare
Kenneth Geers Nato Cooperative Cyber Defence Centre of
Excellence
Property of Argo Pacific Pty Ltd
38
Australian Federal government response since 2009
Defence Signals Directorate
Reveal Their Secrets – Protect Our Own
Cyber Security Operations Centre (CSOC) ASIO
• DSD capability that serves all government
agencies.
• Provides government with a comprehensive
understanding of cyber threats against
Australian interests;
• coordinates operational responses to cyber
events of national importance across
government and critical infrastructure.
•embedded representation from a number of
other agencies involved in assessing the threat
to, and the protection of, Australian interests
from sophisticated threat actors.
•The CSOC will also assist CERT Australia
Attorney General’s Department
CERT Australia
•work with the private sector in
identifying critical infrastructure
and systems that are important to
Australia’s national interest,
based on an assessment of risk,
and to provide these
organisations with information
and assistance to help them
protect their information and
communication technology
infrastructure from cyber threats
and vulnerabilities.
•Sector Progams:
•banking and finance,
•control systems
•telecommunications
Property of Argo Pacific Pty Ltd
39
Up to the early 1990s in Australia
•
•
Government ran government networks. The government ran military networks. The
government owned Telecom Australia and OTC.
To expect DSD and/or ASIO to play the primary protection role was quite valid.
Property of Argo Pacific Pty Ltd
40
But today
•
•
•
•
•
•
Every business is connected to the Internet. Every business’s network is part of the
internet.
The capacity to interact with each other is a key part of their risk environment. Telcos,
businesses, universities, and households are all connected in different ways.
The government now owns a tiny minority of these networks.
If there were negligence causing damage, who would be liable? In the 1970s, 80s and
even the early 1990s you could make a case that somehow or other the government
would end up being the defendant. Today it would be the companies.
The big change for boards in Australia is that if somebody wants to bring a negligence
action for something that went bad on the network they are more likely to to be liable.
Cyber crime and cyber espionage pose increasing risk to the
Property of Argo Pacific Pty Ltd
41
Cyber crime and cyber espionage pose increasing risk
to
•
Operations
•
Reputation
•
Financial performance
•
Competitive position in the market
•
And managing risk is a Board responsibility
Property of Argo Pacific Pty Ltd
42
THANK YOU
Property of Argo Pacific Pty Ltd
43
Related documents
Amaqhawe Profile Presentation - Sci
Amaqhawe Profile Presentation - Sci
Designing your Social Media Recruitment Strategy
Designing your Social Media Recruitment Strategy
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Cyber Warfare Case Study: Estonia
Cyber Warfare Case Study: Estonia
solving national security challenges with information technology by
solving national security challenges with information technology by
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Internet SafetyK5
Internet SafetyK5
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
Download
advertisement