50
2019 Welcome to SecTor “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks” Solomon Sonya @Carpenter1010 1
![Page 1: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/1.jpg)
2019
Welcome to
SecTor
“Navigating Cyberspace:
Identifying A New Path to
Defeating Tomorrow’s Attacks”
Solomon Sonya
@Carpenter1010
1
![Page 2: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/2.jpg)
Whoami…
2 Disclaimer: The views presented are those of the speaker and do not necessarily represent the
views of the United States Department of Defense (DoD) or the US Air Force.
![Page 3: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/3.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
3
Assistant Professor, Computer Science, United States Air Force Academy
Research Scholar, University of Southern California, Los Angeles
Director, Intrusion Response, Air Force Enterprise Computer Emergency Response Team
Senior Enterprise Network Defense Manager
Software Reverse Engineer
Software Developer
Education: M.S. Computer Science, Air Force Institute of Technology
M.S. Information Systems Engineering, Western International University
B.S. Computer Science, Texas Christian University
Hobbies: Cyber Security, Exploitation, Data Protection, Net Defense Paradigms
Whoami
![Page 4: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/4.jpg)
Framing the Problem…
4
![Page 5: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/5.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
Tomorrow’s attacks may be worse than today… Malware, system exploitation, unintentional data loss
continue to increase in prevalence and sophistication
The security state of an arbitrary protection system is indecipherable (H a r r i s o n & R u z z o “ P r o t ec t i o n i n O per a t i n g S y s t ems ” - 1 9 7 6 )
Weaknesses will always exist even in defense-in-depth
deployments
Understanding these weaknesses should be the motivation towards designing better security paradigms tomorrow
Framing the Problem…
![Page 6: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/6.jpg)
Understanding the
Attack Domain
6
![Page 7: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/7.jpg)
SecTor – October 2019 | Toronto, Canada
Reconnaissance/Research
Penetration
Pivot
Pillage Paralyze
Privileges++
Water-Hole
Drive-By
Phishing
XSS
Trojan
Ping Sweep
ARP Scan
Port Knock
Active & Passive
DNS Lookups
IP Reservations
Embedded Devices
Management Protocols
Insider
Evade Detection Maintain Access
Protocols
Source: Solomon Sonya @Carpenter1010
Stage Exploits Social Engineering Scan Targets
Hardware
![Page 8: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/8.jpg)
500 BC “The Art of War” Inventor of Agile Warfare
Sun Tzu
Know Thy Enemy, Know thyself
![Page 9: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/9.jpg)
11
![Page 10: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/10.jpg)
Brief Evolution of Malware
12
![Page 11: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/11.jpg)
Slammers (Search && Destroy)
Email and Social Networking propagation (e.g. Ad dispersal)
Ubiquitous Command and Control (e.g. Conficker)
Mobile Resident and Propagating Malware
PUNT!!!
Source: Solomon Sonya @Carpenter1010
Brief Evolution of Malware
![Page 12: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/12.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
14
When was the last time you audited permissions granted to your apps?
Is all of this necessary to show a light? (I don’t think so…)
Cell Phones: A data trove for exploitation…
http://www.snoopwall.com/wp-content/uploads/2014/10/Flashlight-
Spyware-Appendix-2014.pdf
14
http://www.snoopwall.com/wp-content/uploads/2014/10/Flashlight-
Spyware-Appendix-2014.pdf
Really?!!!
Really?!!!
![Page 13: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/13.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
15
“At the he ight of the ir operat ions, a
[Russian Nat ional] hacker ar rested last year
repor tedly used an Android banking t roj an
[Banks at your f inger t ips] to steal between
$ 1,500 and $ 8,000 from vict ims on a dai ly
basis. With over 2 bi l l ion users est imated to
access banking ser vices through their mobi le
devices, c ybercr iminals see [ce l l phones] as a
data t rove they can monet ize .”
– TrendMicro 201 8 Annual Threat Repor t
How much security do you apply to
your phone that you also use for
banking, shopping, surfing,
and email t ransact ions?
Cell Phones: A data trove for exploitation…
![Page 14: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/14.jpg)
Slammers (Search && Destroy)
Email and Social Networking Propagation (e.g. Ad dispersal)
Ubiquitous Command and Control (e.g. Conficker)
Mobile Resident and Propagating Malware
Data Theft (e.g. Zeus, Duqu)
Point-of-Sale
Ransomware
Hardware Resident Malware (Fileless)
Cryptocurrency-Mining Malware
Living-off-the-Land (LotL)
Brief Evolution of Malware
Source: Solomon Sonya @Carpenter1010
![Page 15: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/15.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
17
Did you know…
![Page 16: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/16.jpg)
- 2013 Exposed China’s multiyear (7+) attacks on 141 different industries. Exposed
3k indicators: domains, malware, X.509 certs; malware resurfacing today
APT1
- China’s attack on Aerospace & Defense, Construction & Engineering, High Tech,
Telecoms, Transportation industries. Exposed malware, TTPs, C2 infrastructure
APT3
- China’s espionage group using malware and phishing
campaings to target Construction, Engineering, Aerospace,
governments in Us, EU, JP
APT10
- China’s espionage group using malware
and phishing campains to target
Construction, Engineering, Aerospace,
governments in Us, EU, JP
APT18
- N.Korea’s world wide
attacks on Financial
institutions
APT38
- Iran’s wide-spread cyber-espionage
attacks on governments, financial,
energy, chemical, telecom institutions
in the Middle East APT34
- China’s attack to harvest data across air-
gapped networks (removable media).
Adapted malware since 2005
APT30
APT[n]
![Page 17: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/17.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
19
2019 Annual Threat Reports & Trends
2019
CrowdStrike
Annual Report
2019
FireEye
Annual Report
2019
Symantec
Annual Threat
Report
2019 ClearSky
Events
Summary
2019 Forcepoint
Cyber
Predictions
2019 US Intel
WorldWide
Threat
Assessment
2019 Annual
Security
Roundup
2019 Sonic
-Wall Annual
Threat Report
F-Secure
Annual
Report 2018
Some argue attacks of tomor row will no longer
exist due to advancement in detection
and prevention technologies…
But if this is the case, why does the evidence reveal the contrary?
Attacks cont inue to increase, new malware is on the r ise.
![Page 18: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/18.jpg)
Central Malware Evolution Themes…
20
![Page 19: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/19.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
21
Central Malware Evolution Themes…
![Page 20: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/20.jpg)
Adjust your view of the World…
22
![Page 21: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/21.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
23
Adjust your view of the World…
Stuxnet
![Page 22: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/22.jpg)
Tomorrow’s attacks will be asymmetric
and unconventional in nature…
24
![Page 23: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/23.jpg)
October 31, 1999 - EgyptAir Flight 990 from
Los Angeles, CA to Cairo International
Airport, Egypt crashed into the Atlantic
Ocean killing all 217 passengers and crew on
board. The Egyptian Civil Aviation Agency
(ECAA) ruled the crash a result of
mechanical failure. US’ NTSB ruled crash
apparent suicide by the First Officer…
![Page 24: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/24.jpg)
9/11: A Brief Case Study of Missed Indications…
![Page 25: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/25.jpg)
9/11: A Brief Case Study of
Missed Indications…
27
![Page 26: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/26.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
28
Between 1998-2001, at least 12 intelligence reports indicated Bin Laden planned to use aircraft and crash into buildings in NYC and Washington DC
Several indicators were present, however multiple agencies were not able to connect the dots to see a looming, imminent threat on the horizon
FBI admitted action could have been taken to harden cockpits and train pilots to resist hostile take over
May 18, 1998, FBI’s Chief pilot in Oklahoma City observed a “recent phenomenon” of Middle Eastern men taking f light training which “may be related to planned terrorist activity…” – his memo was not sent to FBI HQ
Subsequently, it was reported the hijackers in f light training were not interested in takeoff or landings, only wanted to quickly learn how to control a large aircraft after takeoff and sought to purchase advanced flight simulators
Intelligence started to reveal intentions of attack by aircraft, however analysts judged such an operation unlikely, because it did not offer opportunity of extremists to accomplish key goals
9/11: A Brief Case Study of Missed Indications…
![Page 27: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/27.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
29
Byzantine Failure: Lack of imagination coupled
with inability to red team procedures and view
how indicators could fit into a larger picture
contributed to how warning signs were missed
regarding this attack
9/11: A Brief Case Study of Missed Indications…
![Page 28: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/28.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
34
A Byzantine Failure Approach…
![Page 29: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/29.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
35
Which failures lead to compromise?
Attacks of Tomorrow from a Byzantine Perspective…
![Page 30: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/30.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
36
Which failures lead to compromise?
Attacks of Tomorrow from a Byzantine Perspective…
System
Prog
App
Prog
User
Prog
Library Routines
System Calls
Operating System
Kernel Firmware HAL
Hardware
![Page 31: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/31.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
37
Attacks of Yesteryear started here…
Attacks of Tomorrow from a Byzantine Perspective…
System
Prog
App
Prog
User
Prog
Library Routines
System Calls
Operating System
Kernel Firmware HAL
Hardware
![Page 32: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/32.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
38
Then evolved here…
Attacks of Tomorrow from a Byzantine Perspective…
System
Prog
App
Prog
User
Prog
Library Routines
System Calls
Operating System
Kernel Firmware HAL
Hardware
![Page 33: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/33.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
39
Then evolved here…
Attacks of Tomorrow from a Byzantine Perspective…
System
Prog
App
Prog
User
Prog
Library Routines
System Calls
Operating System
Kernel Firmware HAL
Hardware
![Page 34: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/34.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
40
What happens when the entire system is compromised?
Attacks of Tomorrow from a Byzantine Perspective…
System
Prog
App
Prog
User
Prog
Library Routines
System Calls
Operating System
Kernel Firmware HAL
Hardware
![Page 35: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/35.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
41
“Amateurs attack systems, Experts attack people…”
And let’s never forget the User!
System
Prog
App
Prog
User
Prog
Library Routines
System Calls
Operating System
Kernel Firmware HAL
Hardware
USER
![Page 36: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/36.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
42
Measured in the Billions per year! [BILLIONS]
The impact cost of these attacks are huge!
![Page 37: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/37.jpg)
1869-1930 “The Command of the Air” Air War Strategist
Giulio Douhet Victory smiles upon
those who anticipate
the change in the
character of war, not
upon those who wait to
adapt themselves after
the changes occur.
![Page 38: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/38.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
44
Adjust your view of the World…
Stuxnet
![Page 39: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/39.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
45
IoT: Could These Be Future Cyber Attack Platforms?
Home Security Systems
Amazon Echo, Google Home…
Smart TVs
Smart Devices
Smart Homes
Smart Watches
![Page 40: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/40.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
46
Could These Be Future Cyber Attack Platforms?
Medical Devices: • Brain Neurostimulators
• Cochlear Implants
• Gastric Stimulators
• Cardiac Pacemakers
• Insulin Pumps
• EKG Monitoring
Aviation Automation
Transportation & Delivery
Automation
![Page 41: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/41.jpg)
SecTor – October 2019 | Toronto, Canada 47
What does right look like?
![Page 42: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/42.jpg)
1879-1955 “Journal of Transpersonal Psychology” Theoretical Physicist
Albert Einstein We cannot solve our
problems with the
same level of
thinking we
used when
we created
them
![Page 43: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/43.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
49
New technologies (SDN)
New security paradigms (e.g. Actionable -ThreatIntel, AI)
New Secure Access Protection Systems
New DLP Stack: data -at { rest, motion, transit}, platforms, and users
Greater education (if defenders, developers, and attackers had the same knowledge… would exploits still exist?)
Shift towards Prevention, Data isolation, Sandboxing, Segregation
Non-attribution collaboration and information sharing (Best -practices)
What does YOUR recursive byzantine approach look like for: ORGANIZATION: Macro-analysis of data entering and leaving (which components are
used to provide access data e.g. email, infrastructure, Internet, BYOD, WiFi/Bluetooth (and errant signals…), insiders, outsourcing, etc?) – trace how info can enter and leave the organization
SYSTEMS: Micro-analysis of how components/devices/functions used to create/access/modify information (e.g. computer systems, devices, applications and programs, authentication protocols, integrity verification mechanisms, etc)
What does right look like?
![Page 44: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/44.jpg)
Tomorrow’s Victory is in Your Hands
52
![Page 45: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/45.jpg)
Solomon Sonya * @Carpenter1010 * SecTor , Canada * @sectorca “Navigating Cyberspace: Identifying A New Path to Defeating Tomorrow’s Attacks”
53
I need you to be better ; Hackers are getting better, faster, smarter, more
sophisticated… why not you?
I need you to be curious; be bold; question the security paradigm; explore
new options
Explore the possibilities the unconventional attacker may introduce into
your organization; what d id you pre vious ly d i smiss as imposs ib le?
Recognize the indications of the next cyber attack
Raise the cost of the adversary just a little…
Change your approach: Detection is too late Shift to prevention
and resiliency
Given an already compromised environment, discover how we can
still assure our tradecraft
My Charge to You!
![Page 46: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/46.jpg)
54
![Page 47: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/47.jpg)
55
![Page 48: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/48.jpg)
SecTor – October 2019 | Toronto, Canada
Solomon Sonya @Carpenter1010
Registration
Information
whois lookup
City
Lat/Lon
Zip
State
Country
IP
Domain
Domain
Name Admin
Contact
Create
Date Update
Date
Tech
Contact Registrar
Domain
Status Name
Servers Registrant
Contact
IPv4
server list
Domain
Name
IPv6
server list
www.domain.com
What artifacts can we extract
from a single domain?
Name Server
Information
nslookup
GEO
Location
![Page 49: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/49.jpg)
SecTor – October 2019 | Toronto, Canada
Excalibur Current Use Cases:
Aggregate whois data
from large domain
name data sets
Derive geo-location
and nslookup info for each
whois retrieval
Uniform-structured data
set from thousands of
different registrars
System Analysis sets
correlating all artifacts
based on identification
Convert large data sets of
unknowns into most
relevant IOCs
Produce visualization
graphs to derive
meaning from data
Hunt for malicious
indicators via Sim_Ref,
XREF correlation
Connectors to addt’l
Data Sources (VirusTotal,
ThreatExpert, etc)
57
Data enrichment via
autonomous aggregation
from DDS
Interface w/sensors
applying IOCs for real-time
identification
Maximize your utility by understanding Excalibur’s Use Cases
![Page 50: Welcome to SecTor...[Russian National] hacker arrested last year reportedly used an Android banking trojan [Banks at your fingertips] to steal between $1,500 and $8,000 from victims](https://reader031.documents.pub/reader031/viewer/2022011913/5fafa455d489ba627e2bad31/html5/thumbnails/50.jpg)
SecTor – October 2019 | Toronto, Canada
Sensor - Pack et Captu re Library (actu al ly in tercept t raff ic)
Wrapper/Packager (format, encrypt, transport data to analyzers)
Parser (analyzes sensory data)
Profiles Network Traffic, Generate Alerts, Instigate Protection routines
Threat Intelligence Engine (Excalibur Mark I)
Data enrichment: Feeds resolutions and IOC into the analyzer for real -time protection
58
Cyber Threat Detection System Components
![freedom at your fingertips one-click! at your fingertips · PDF fileat your fingertips freedom Sign up for online bill pay [Financial Institution Name] at your fingertips freedom Sign](https://static.documents.pub/doc/80x56/5a7122a07f8b9ac0538c9b67/freedom-at-your-fingertips-one-click-at-your-fingertips-nbsppdf-fileat.jpg)
