15
Conventional Defence to Unconvent ional Threats [AKA ‘Converting H20 to Bits & By[i]tes’] White Hat – London – 06/03/15 Professor John Walker

White Hat 6 March 2015 v2.2

Embed Size (px)

Citation preview

Page 1: White Hat 6 March 2015 v2.2

Conventional Defence to Unconventional Threats

[AKA ‘Converting H20 to Bits & By[i]tes’]

White Hat – London – 06/03/15

Professor John Walker

Page 2: White Hat 6 March 2015 v2.2

The Majority have already been Hacked

The Minority are aware they have been Hacked

There are many suffering on-going Compromise of their Systems

Some know they are suffering Compromise

Some don’t

Accept the FACTS

Page 3: White Hat 6 March 2015 v2.2

Lets Talk - Proven Capabilities – [EUROPOL Q/1/15]To date OSINT technology has achieved a 100% success rate with identification of Security Vulnerabilities and Exposures on deployments which had been utilising the conventional methods of applying security by testing the known knowns, as opposed to the new age methodologies of locating the unknown unknowns, which can, and do expose Corporate assetsto support an attack and/or compromise. The following are some examples of discoveries of what were unknown unknownswhich hosting threats, or which had already suffered compromise by external actors:

Compromised Bank Network: Identification of a major breach in which .com.cn Chinese Servers had attached to the core switch of the Bank with remote login capabilities.

Exposed Government Agency: An International Sensitive Government Intelligence Agency who was suffering internalCompromise at a Third Party site through a flawed and insecure DNS configuration.

PCI-DSS Exposed: The secure PCI-DSS Bank who were not aware of the deployment of an Insecure SAMBA Share, or an insecure Cloud Service which exposed PCI-DSS Client and Account Data.

Local Authority: In this case a Local Authority were considered to be secure post multiple sessions of PenetrationTesting, yet were exposing 29 Servers to the Internet which were unknown and vulnerable.

MI5 Data Exposed: Government Agency who released information under FOI – without realising its implicated associations with the Security Services [thus making other parties a potential Wet Target for Terrorists].

Page 4: White Hat 6 March 2015 v2.2

The Threat

We now accept that the Cyber Risk against companies is significant, the impact of which is evidenced by the attacks,breaches, and security compromises against some of the biggest brands on the planet.

This is not scaremongering but fact!

Whilst conventional security delivers what is meant to be technological, and procedural security defences to safeguardassets from attack, it falls short of underpinning the capabilities to discover the unknown unknowns which may [and do]expose Deployments, Third Parties, Associates, or Assets to the potential of exploitation and compromise.

It is in this capacity where Pre Event, and Post Attack Cyber Intelligence can be of significant benefit to:

Identify the Unknown Unknowns of risksDiscover Data LeakageLocate opportunities of exposure to Social EngineeringFind technical exposures at the unknown perimeter of the organisationBrand ProtectionProvision granular Alert & Reporting capabilitiesSupport Post Attack CSIRT OperationsPerform Social Media Brand Monitoring

Page 5: White Hat 6 March 2015 v2.2

Welcome to the Madcap World of off-the-wall ideas which can [and do] sometimes work!

NLP [Neuro-Linguistic Programming] – Its time to change!However – NLP can have both Positive & Negative outcomes

NLP may extend into what I call subliminal NVP [Neuro-Visual-Programming]

Converting H20 to Bits & By[i]tes – Turning Water into Data [Intelligence]

People Power – It’s the ONLY Way

Page 6: White Hat 6 March 2015 v2.2

Mind Manipulation – Its Everywhere

Page 7: White Hat 6 March 2015 v2.2

Unpatched People - Conversion of H20 into Bits & By[i]tes

The homosapien is made up of between 55-60% of water, and these represent the Wet Target which can be theweakest link in the Security Lifecycle – I know, I have exploited them – and they can be easy targets!

Furthermore, whilst a lot of effort goes into patching applications, systems, and hardware, this landscape of vulnerable and Intelligent targets are forgotten, and so are an ideal target-layer to support circumvention of any deployed security posture.

And the emergence of High Grade threats is continuous – e.g. ROVNIX & its updated Twin VAWTRAK

See SC Magazine News – 26/02/15:

http://www.scmagazineuk.com/banking-trojan-vawtrak-spotted-in-the-wild/article/400317/

And - See SC Magazine News – 5/03/15

http://www.scmagazineuk.com/banking-trojan-vawtrak-spotted-in-the-wild/article/400317/
Page 8: White Hat 6 March 2015 v2.2

Get it into Perspective

No matter the Firewalls, IPS, IDS, DLP, and the Security Infrastructure – which is proven to be failing – add to this Complexity,Acquisitions, and High Technological Dependency, and you can start to appreciate the problem [or benefit] depending –on your objective.

Big Data Credit Reference Agency based in Nottingham: Complex Firewalling made it impossible to identify all cableStart, and Termination points!

Houses of Parliament: Comment on the BBC week commencing 23/02/14 – Can’t terminate cabling as it could be an MP talking to the Kremlin!

Government Department: GSi link connected into a Hostile Region.

NHS Migration of Data Access: No comment!

Page 9: White Hat 6 March 2015 v2.2

Unconventional Hacker Thinking

Consider the element of H2O, and the tension at the Presentation Layer.

Page 10: White Hat 6 March 2015 v2.2

Robust MitigationOne of the current challenges facing organisations today with engagement of the Cyber Threat is that they are applying the conventional rules of yesterday to protect against the unconventional vectors of attack in 2015 and onward. In this area multiples of successful Cyber Attacks and Incursions have been identified as a major component in the compromise.

To counter the threats we need to go beyond [and compliment] Penetration Testing and consider:

Identifying the unknown unknowns by applying multiple specialist applications, techniques, and streaming to support both Proactive [before the event], and Reactive [where a Security Incident has occurred] to both defend and mitigate the exposure of Corporate and Sensitive Assets.

Monitor for indications and threats through leverage of Cyber Intelligence to for purpose of Brand Protection – again by applying a methodology of seeking out the unknown unknowns and turning them into Defensive Collateral.

Have an assured Computer Security Incident Response Team [CSIRT] First Responder Capability to engage Cyber Attacks, and Security Breaches.

Assume you ARE Compromised/Hacked – You know it makes sense

Page 11: White Hat 6 March 2015 v2.2

We Need ‘Minority Reporting’

Effective Cyber Intelligence capabilities which musttry to emulate a style of Minority Reporting

Page 12: White Hat 6 March 2015 v2.2

The Approach

DarkWeb applies the same rules as would a potential attacker and run multiples bespoke tools, applications, and Cyber Intelligence Methodologies to identify what we refer to as OoII [Objects of Intelligence Interest].

Page 13: White Hat 6 March 2015 v2.2

Exploit the DarkWeb

The DarkWeb can be leveraged to for purpose of Cyber Monitoring Capabilities to enable users to understand the most current threats before they go public.

25/03/15

Page 14: White Hat 6 March 2015 v2.2

Be Offensive – Have Bad Thoughts

The New Age of Unconventional Cyber Threats do dictate that we view security from an obtuse perspective of the Offensive:

SECURITY

Have Bad Thoughts – Think like Bad People – Apply Their Rules NOT Yours – Throw Convention to the WIND

Page 15: White Hat 6 March 2015 v2.2

i + e + v = c


SoapUI. Manual de Usuario v2.2

SoapUI. Manual de Usuario v2.2

Documents
Chapa v2.2

Chapa v2.2

Documents
Kockás 56. (2013) V2.2

Kockás 56. (2013) V2.2

Documents
Non functional performance requirements v2.2

Non functional performance requirements v2.2

Technology
Intro Neuzilla V2.2

Intro Neuzilla V2.2

Documents
Pxs Setup v2.2

Pxs Setup v2.2

Documents
DMB Vouraie V2.2

DMB Vouraie V2.2

Documents
dissertacao - Rafael -V2.2

dissertacao - Rafael -V2.2

Documents
Apresentação Estática v2.2

Apresentação Estática v2.2

Business
White hat march15 v2.2

White hat march15 v2.2

Presentations & Public Speaking
Bolters v2.2

Bolters v2.2

Documents
Kockás 58. (2013) V2.2

Kockás 58. (2013) V2.2

Documents
WAHT-CRI-016 V2.2

WAHT-CRI-016 V2.2

Documents
Climatic Chiller v2.2 Francais

Climatic Chiller v2.2 Francais

Documents
Metodi Numerici v2.2

Metodi Numerici v2.2

Documents
Haz clickaqui v2.2

Haz clickaqui v2.2

Business
Automatizarea Instalatiilor v2.2

Automatizarea Instalatiilor v2.2

Documents
DMB Marillet V2.2

DMB Marillet V2.2

Documents
Lineamientos Manifiesto Aereo V2.2

Lineamientos Manifiesto Aereo V2.2

Documents
Ti vipedia v2.2 mode d'emploi

Ti vipedia v2.2 mode d'emploi

Documents
DPARSF Advanced Edition V2.2

DPARSF Advanced Edition V2.2

Documents
Krispy Kreme V2.2

Krispy Kreme V2.2

Documents
Heebon Työnhakuopas - v2.2

Heebon Työnhakuopas - v2.2

Career
Soteria 4 crowdfunder presentation v2.2

Soteria 4 crowdfunder presentation v2.2

Economy & Finance
PDA Controler v2.2 JOHN

PDA Controler v2.2 JOHN

Documents
2_Semicondutores de Potência v2.2

2_Semicondutores de Potência v2.2

Documents
Prosiect llythrennedd gwybodaeth cymru v2.2

Prosiect llythrennedd gwybodaeth cymru v2.2

Education
White&Dwarfs:& The&mostinteres2ng&boring& … · 2017. 3. 7. · White&Dwarfs:& The&mostinteres2ng&boring& objects&in&the&universe& F.M.&Walter& 3&March&2017&

White&Dwarfs:& The&mostinteres2ng&boring& … · 2017. 3. 7. · White&Dwarfs:& The&mostinteres2ng&boring& objects&in&the&universe& F.M.&Walter& 3&March&2017&

Documents
Exac04 Esercizimaffucci Retiinregimesinusoidale v2.2

Exac04 Esercizimaffucci Retiinregimesinusoidale v2.2

Documents
WCAC SOP v2.2

WCAC SOP v2.2

Documents