SlideShare a Scribd company logo

Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)

Shah Sheikh
Shah Sheikh

HP Secure Print Event 2018

Internet
1 of 21
Cyber Security 101: Back to the Basics Shah H. Sheikh – Founder / Sr. Cyber Security Consultant / Advisor MEng CISSP CISA CISM CRISC CCSK CPSA (CREST UK) E: shah@dts-solution.com https://www.linkedin.com/in/shahsheikh/
AGENDA • Introduction to Cyber Security 101 • The Cyber Incidents and Breaches that made the headlines • Types of Cyber Threats and Threat Actors in the Region • Facts and Figures – Cyber Security • Industries impacted by cyber threats and its implication • Overview on Local Regulation and Industry Standards • The Cyber Security MYTHS and how we need to go back to the BASICS – 101 • Q&A
CYBER SECURITY 101 “By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity” Source: Gartner “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” Stephane Nappo
CYBER SECURITY 101 What is Cyber Security? • Protection of mission and business critical assets in the form of logical security controls (this is not physical security) to ensure no adverse impact of any kind to the business. Why is it important? • Globalized Digital Data – Every organization has digital information data, many enterprises trade and carry business transactions online, each and every enterprise is connected to the internet in one form or another – cyber security threats can materialize from external and internal boundaries. Critical Infrastructure needs to be protected….
• Cybersecurity is getting worse, not better • Damages expected to double to $6 trillion by 20211 • New threats easily evade outdated security models • Investment continues in redundant, ineffective solutions • Business & consumer confidence is declining • 66% of businesses have experience a data breach2 • Average annual costs = $9.5M, up 21%3 • 64% of US consumers experienced data theft4 Today’s Security Situation 1. Cybersecurity Ventures Report, 2. Thales Security, 3. 451 Research, 4. Pew Research “Despite more and more money spent on security each year, our collective problems continue to worsen” - 451 Research
North Korean banking theft from Bangladesh SWIFT Exploited Linux BASH Shell vulnerability Shell Shock Spear phishing against Middle East nations Syrian Electronic Army Targeted Iranian nuclear program StuxNET Ransomware variant Bad Rabbit Apache Struts vulnerability Equifax DNS Server memory attack Linux System-D Precursor to WannaCry Adylkuzz Massive scale SMB ransomware exploit WannaCry EternalBlue exploit of SMBv1 flaw Petya & NotPetya Exploits Linux Stack Guard flaw Linux Stack Clash Industrial Control System attack Industroyer Breached by Chinese hackers OPM Exploited SSL vulnerability Heartbleed DoublePulsarEternalBlue EternalRock EternalRomance DewDrop Orangutan Reticulum Ongoing leaks of NSA toolkits Shadow Brokers Attacks Massive Scale Leaks & Tools • Massive increase in quantity and damage caused • Fileless techniques bypass conventional security • Advanced attacks have become mainstream • High-value, critical infrastructure increasingly at risk Leaks of NSA toolkits Snowden 2010 201720162012 2014 Sophisticated Fileless Attacks
Cyber Incident Dwell Time 106 days in Middle East in Y2016 175 days in Middle East in Y2017
Cyber Threat Actors
Y2018-2021 Predictions 1 Artificial Intelligence (AI) will be weaponized to create mass scale attacks. Large Scale Massive Data Breaches will continue. IoT ty Crypto-jacking and malware created to perform cryptocurrency mining will significantly rise. File-less Attacks will continue to rise and increase in severity that target the memory of endpoint / devices. 2 3 4
Y2018-2021 Predictions 4 Cyber-Physical Attacks on National Critical Infrastructure will prevail and bring down city wide infrastructure. Key government elections will be hacked causing civil unrest. Laws and Regulations will be stricter leaving organizations no choice but to take cybersecurity seriously. Board members or C-level executives will be on legal trial for negligence due to a data breach 5 6
Chemicals Emergency Service Healthcare Electricity and Water Financial Services Nuclear Power Plants ICT Government ( Public Administration ) Transportation OIL AND GAS Industry Verticals
NESA / SIA DESC ADSSSA National Mandate for Cyber Security
Story Time … We were involved in an internal cyber security penetration test exercise for a large enterprise IT environment – RED TEAMING. Our goal was to demonstrate to the executive management team, that we can physically ‘hack’ into the customer IT environment and ”PWN” the infrastructure – thereby simulating what a real threat actor would do. We were given 5 days to accomplish this task.
Phase 1: RECON.&.DISCOVERY • Phase one was performing a recon and discovery activity of the target facility (Tower Block) and if time permits to ethically intrude; • Reception (Sign-In with Emirates ID) • Receptionist calls the client to confirm meeting • Access Card to enter Security Controlled Turnstile • Access the relevant floor to meet your client • Next to the receptionist was a directory of all floors and tenants in the building • Our target was any one of the following departments; • Supply Chain / Procurement • Finance • HR
Phase 2: STAGE.&.LAUNCH • After being given the necessary information post-recon phase, it was time to stage and launch the attack. Our RED TEAM went in to deliver a fake RFP response to the procurement team; • The delivery man had a ‘stammer’ (our expert pen-tester) and left his wallet in the car • After much deliberation the receptionist “human empathy” allowed the delivery man to bypass all checks (exception: filling in visitor log book) and was given the go-ahead with the security guard opening the turnstiles. • The pen-tester accessed the floor where the procurement department were located
Phase 2: STAGE.&.LAUNCH 1 Identify Network Access Port (obtain network access) • Data VLAN (not possible – NAC was deployed and enforced) • VoIP VLAN (possible – access to the VOIP network but restricted to VOIP network only) • Disconnected a MFP – got access by SPOOFING the MAC Address (sticker on the back panel) • Printer Network on the same User Data Network 2 With DHCP we got the IP address and DNS servers • Scanning and Recon Activities on the endpoints and servers • Identified multiple MFPs across the same network • MFP had a default web interface; • Status Page • Admin Panel (password protected) • Bruteforced in 2 minutes • MFP was integrated with 3rd party Print Management Suite • We obtained the IP address of the 3rd party Print Management Suite and exploited a vulnerable input registration form leading to SQLi to obtain admin credentials • Once logged into the PMS as admin, we discovered it was integrated with corporate Active Directory • The web application was poorly developed – the AD LDAP string was encoded in the HTML source • We obtained the SERVICE ACCCOUNT used by this 3rd party PMS
Phase 3: EXPLOIT.&.INSTALL 3 We were now able to make LDAP queries to the AD • Enumerated all Domain Users and Domain Computers • Identify all privileges given to the SERVICE ACCOUNT for the 3rd party PMS • One of them was remote access (RDP) to a server 4 We continued with RDP to that server using the compromised SERVICE account (still NO DOMAIN ADMIN yet) • Once logged in with POWERSHELL we executed MIMIKATZ to DUMP passwords in memory (sysadmin) • Create a domain admin privileged user • We obtained SAM and SYSTEM file to obtain local admin password HASH • We performed PASS-THE-HASH attack on all servers including Domain Controller • We performed the same attack vector on endpoints / devices and obtained all the local password HASH • With Anti-Virus / Anti-Malware protection • No Administrative Privileges • No Removable Media • We installed a ‘dummy’ fake process on one machine to make an encrypted call-back to our cloud (“HOOK”)
Phase 4: PERSIST 5 Once call-back was successful, the compromised machine was now “hooked” and in our control and we could then send remote instruction and continued with the penetration test offsite. Persistence and lateral movement now prevails. All of this took one day…. The cyber kill chain RECON STAGE LAUNCH EXPLOIT INSTALL CALLBACK PERSIST target COMPROMISE BREACH File Trajectory Give me six hours to chop down a tree and I will spend the first four sharpening the axe. Abraham Lincoln
Security is a Process not an Appliance …
Cyber Security Myths…. • If I have an Anti-Virus solution I am protected… • Small and Medium Enterprises / Business are not real targets… • Only certain industries are prone to cyber-attacks • I have never been breached before … • A strong password is sufficient to protect me … • Cyber threats originate from the outside • Cyber security is the responsibility of IT … • You will know right away if your endpoint device is infected…. • Complete cyber security can be achieved …
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)

Recommended

DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 

Recommended

DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 

More Related Content

What's hot

DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 

What's hot (20)

DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
 

Similar to Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)

Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA PresentationEric Favetta
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaShivamSharma909
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineerShivamSharma909
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 

Similar to Cyber Security 101 - Back to Basics (HP Secure Print Event 2018) (20)

Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineer
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 

More from Shah Sheikh

DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....Shah Sheikh
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayShah Sheikh
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting Shah Sheikh
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0Shah Sheikh
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
SeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysSeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysShah Sheikh
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 

More from Shah Sheikh (17)

DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
DTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job WayDTS Solution - Hacking ATM Machines - The Italian Job Way
DTS Solution - Hacking ATM Machines - The Italian Job Way
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
SeGW Whitepaper from Radisys
SeGW Whitepaper from RadisysSeGW Whitepaper from Radisys
SeGW Whitepaper from Radisys
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 

Recently uploaded

Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 

Recently uploaded (9)

Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 

Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)

  • 1. Cyber Security 101: Back to the Basics Shah H. Sheikh – Founder / Sr. Cyber Security Consultant / Advisor MEng CISSP CISA CISM CRISC CCSK CPSA (CREST UK) E: shah@dts-solution.com https://www.linkedin.com/in/shahsheikh/
  • 2. AGENDA • Introduction to Cyber Security 101 • The Cyber Incidents and Breaches that made the headlines • Types of Cyber Threats and Threat Actors in the Region • Facts and Figures – Cyber Security • Industries impacted by cyber threats and its implication • Overview on Local Regulation and Industry Standards • The Cyber Security MYTHS and how we need to go back to the BASICS – 101 • Q&A
  • 3. CYBER SECURITY 101 “By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity” Source: Gartner “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” Stephane Nappo
  • 4. CYBER SECURITY 101 What is Cyber Security? • Protection of mission and business critical assets in the form of logical security controls (this is not physical security) to ensure no adverse impact of any kind to the business. Why is it important? • Globalized Digital Data – Every organization has digital information data, many enterprises trade and carry business transactions online, each and every enterprise is connected to the internet in one form or another – cyber security threats can materialize from external and internal boundaries. Critical Infrastructure needs to be protected….
  • 5. • Cybersecurity is getting worse, not better • Damages expected to double to $6 trillion by 20211 • New threats easily evade outdated security models • Investment continues in redundant, ineffective solutions • Business & consumer confidence is declining • 66% of businesses have experience a data breach2 • Average annual costs = $9.5M, up 21%3 • 64% of US consumers experienced data theft4 Today’s Security Situation 1. Cybersecurity Ventures Report, 2. Thales Security, 3. 451 Research, 4. Pew Research “Despite more and more money spent on security each year, our collective problems continue to worsen” - 451 Research
  • 6. North Korean banking theft from Bangladesh SWIFT Exploited Linux BASH Shell vulnerability Shell Shock Spear phishing against Middle East nations Syrian Electronic Army Targeted Iranian nuclear program StuxNET Ransomware variant Bad Rabbit Apache Struts vulnerability Equifax DNS Server memory attack Linux System-D Precursor to WannaCry Adylkuzz Massive scale SMB ransomware exploit WannaCry EternalBlue exploit of SMBv1 flaw Petya & NotPetya Exploits Linux Stack Guard flaw Linux Stack Clash Industrial Control System attack Industroyer Breached by Chinese hackers OPM Exploited SSL vulnerability Heartbleed DoublePulsarEternalBlue EternalRock EternalRomance DewDrop Orangutan Reticulum Ongoing leaks of NSA toolkits Shadow Brokers Attacks Massive Scale Leaks & Tools • Massive increase in quantity and damage caused • Fileless techniques bypass conventional security • Advanced attacks have become mainstream • High-value, critical infrastructure increasingly at risk Leaks of NSA toolkits Snowden 2010 201720162012 2014 Sophisticated Fileless Attacks
  • 7. Cyber Incident Dwell Time 106 days in Middle East in Y2016 175 days in Middle East in Y2017
  • 9. Y2018-2021 Predictions 1 Artificial Intelligence (AI) will be weaponized to create mass scale attacks. Large Scale Massive Data Breaches will continue. IoT ty Crypto-jacking and malware created to perform cryptocurrency mining will significantly rise. File-less Attacks will continue to rise and increase in severity that target the memory of endpoint / devices. 2 3 4
  • 10. Y2018-2021 Predictions 4 Cyber-Physical Attacks on National Critical Infrastructure will prevail and bring down city wide infrastructure. Key government elections will be hacked causing civil unrest. Laws and Regulations will be stricter leaving organizations no choice but to take cybersecurity seriously. Board members or C-level executives will be on legal trial for negligence due to a data breach 5 6
  • 11. Chemicals Emergency Service Healthcare Electricity and Water Financial Services Nuclear Power Plants ICT Government ( Public Administration ) Transportation OIL AND GAS Industry Verticals
  • 12. NESA / SIA DESC ADSSSA National Mandate for Cyber Security
  • 13. Story Time … We were involved in an internal cyber security penetration test exercise for a large enterprise IT environment – RED TEAMING. Our goal was to demonstrate to the executive management team, that we can physically ‘hack’ into the customer IT environment and ”PWN” the infrastructure – thereby simulating what a real threat actor would do. We were given 5 days to accomplish this task.
  • 14. Phase 1: RECON.&.DISCOVERY • Phase one was performing a recon and discovery activity of the target facility (Tower Block) and if time permits to ethically intrude; • Reception (Sign-In with Emirates ID) • Receptionist calls the client to confirm meeting • Access Card to enter Security Controlled Turnstile • Access the relevant floor to meet your client • Next to the receptionist was a directory of all floors and tenants in the building • Our target was any one of the following departments; • Supply Chain / Procurement • Finance • HR
  • 15. Phase 2: STAGE.&.LAUNCH • After being given the necessary information post-recon phase, it was time to stage and launch the attack. Our RED TEAM went in to deliver a fake RFP response to the procurement team; • The delivery man had a ‘stammer’ (our expert pen-tester) and left his wallet in the car • After much deliberation the receptionist “human empathy” allowed the delivery man to bypass all checks (exception: filling in visitor log book) and was given the go-ahead with the security guard opening the turnstiles. • The pen-tester accessed the floor where the procurement department were located
  • 16. Phase 2: STAGE.&.LAUNCH 1 Identify Network Access Port (obtain network access) • Data VLAN (not possible – NAC was deployed and enforced) • VoIP VLAN (possible – access to the VOIP network but restricted to VOIP network only) • Disconnected a MFP – got access by SPOOFING the MAC Address (sticker on the back panel) • Printer Network on the same User Data Network 2 With DHCP we got the IP address and DNS servers • Scanning and Recon Activities on the endpoints and servers • Identified multiple MFPs across the same network • MFP had a default web interface; • Status Page • Admin Panel (password protected) • Bruteforced in 2 minutes • MFP was integrated with 3rd party Print Management Suite • We obtained the IP address of the 3rd party Print Management Suite and exploited a vulnerable input registration form leading to SQLi to obtain admin credentials • Once logged into the PMS as admin, we discovered it was integrated with corporate Active Directory • The web application was poorly developed – the AD LDAP string was encoded in the HTML source • We obtained the SERVICE ACCCOUNT used by this 3rd party PMS
  • 17. Phase 3: EXPLOIT.&.INSTALL 3 We were now able to make LDAP queries to the AD • Enumerated all Domain Users and Domain Computers • Identify all privileges given to the SERVICE ACCOUNT for the 3rd party PMS • One of them was remote access (RDP) to a server 4 We continued with RDP to that server using the compromised SERVICE account (still NO DOMAIN ADMIN yet) • Once logged in with POWERSHELL we executed MIMIKATZ to DUMP passwords in memory (sysadmin) • Create a domain admin privileged user • We obtained SAM and SYSTEM file to obtain local admin password HASH • We performed PASS-THE-HASH attack on all servers including Domain Controller • We performed the same attack vector on endpoints / devices and obtained all the local password HASH • With Anti-Virus / Anti-Malware protection • No Administrative Privileges • No Removable Media • We installed a ‘dummy’ fake process on one machine to make an encrypted call-back to our cloud (“HOOK”)
  • 18. Phase 4: PERSIST 5 Once call-back was successful, the compromised machine was now “hooked” and in our control and we could then send remote instruction and continued with the penetration test offsite. Persistence and lateral movement now prevails. All of this took one day…. The cyber kill chain RECON STAGE LAUNCH EXPLOIT INSTALL CALLBACK PERSIST target COMPROMISE BREACH File Trajectory Give me six hours to chop down a tree and I will spend the first four sharpening the axe. Abraham Lincoln
  • 19. Security is a Process not an Appliance …
  • 20. Cyber Security Myths…. • If I have an Anti-Virus solution I am protected… • Small and Medium Enterprises / Business are not real targets… • Only certain industries are prone to cyber-attacks • I have never been breached before … • A strong password is sufficient to protect me … • Cyber threats originate from the outside • Cyber security is the responsibility of IT … • You will know right away if your endpoint device is infected…. • Complete cyber security can be achieved …