Surviving Cyber War2011

8/7/2019 Surviving Cyber War2011

1/17

IT-Harvest Confidential

Surviving Cyber War

Richard StiennonChief Research AnalystIT-Harvest

Blog: ThreatChaos.comtwitter.com/stiennon


2/17


Blog: www.ThreatChaos.com

twitter.com/cyberwar


3/17


Threathierarchy is a time line!

Information Warfare

CyberCrime

Hactivism

Vandalism

Experimentation


4/17


5/17


Chinese Thinking

Wang Qingsong, Modern Military-Use High Technology, 1993 Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High

Tech Conditions1994 Li Qingshan, New Military Revolution and High Tech War, 1995 Wang Pufeng, InformationWarfare and the Revolution in Military

Affairs, Beijing: 1995; Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the

New Military Revolution,1996; Li Qingshan, New Military Revolution and High Tech War, 1995 Dai Shenglong and Shen Fuzhen, Information Warfare and

Information Security Strategy, 1996

Shen Weiguang, On New War 1997


6/17


Goal: Information Dominance

The degree of information superiority that allows the

possessor to use information systems and capabilities toachieve an operational advantage in a conflict or to control

the situation in operations short of war, while denyingthose capabilities to the adversary.

-Field Manual 100-6 Information Operations,

August1996.


7/17


Cyber Defense Conditions

Cyber DefCon 5. Travel warnings. Governments issuewarnings about protecting data when travelling to foreignnations.

Cyber DefCon 4. Nation states probe each others networks forvulnerabilities.

Cyber Defcon 3. Wide spread information theft with intent tomine industrial as well as military and geo-political secretinformation.

Cyber DefCon 2. Targeted attacks against a nations militaryand government installations. Loss of critical data, collateral

damage. Cyber DefCon 1. Nation to nation attacks are malicious with

intent to destroy communication infrastructure and disablebusiness processes including financial markets.


8/17


Custom Trojans, tools of the trade

Michael Haephrati shows us how.


9/17


Ch

ina knowsT

rojans In the UK, the Home Office has warned about a spate of

attacks in recent months involving e-mail Trojans. "We havenever seen anything like this in terms of the industrial scale of

this series of attacks," said Roger Cumming, director ofNISCC


10/17


11/17


Ghost Net

1,200 computers including ministry and NATO machines

Looking for attribution

Attacks on the office of the Dalai Lama

A special purpose botnet.


12/17


Joint Strike Fighter


13/17


Project Aurora

Social networks used as vectorsto target Google employees.Zero-day vulnerability in IE.

Result

Loss of customer dataLoss of source code


14/17


Cyber sabotage: Stuxnet

Step 7 software DLL

Rootkit

DLLoriginal

Programmable Logic Controller

New data blocks added

s7otbxdx.dll s7otbxsx.dll


15/17


Surviving Cyber War for every

organization Same rules apply, only more so. As threats multiply,

investment is needed.

Appoint a cyber security commander

Defense in depth against multiple adversaries Complete network protection (UTM) Beaconing detection

End point whitelisting

DdoS defense is the ultimate engagement with the enemy.


16/17


UTM

is first line of defense

Deny all except that which is explicitly allowed

Connect policy to users

Block malware from URL's, email, Skype, Facebook

Prevent data exfiltration (DLP)

Detect, alert, and block beaconing


17/17


Blog: www.threatchaos.com

email: [email protected]

Twitter: twitter.com/cyberwar

Date post:	08-Apr-2018
Category:	Documents
Upload:	richard-stiennon
View:	217 times
Download:	0 times

Surviving Cyber War2011

Documents