Advanced Cyber AttacksInnovative Security Summit 2018

7th May 2018

Aidmar Househ, CISSP, CEH, ECSA, PMPSr. Systems Engineer

What would you do if youhad 101 days of time?

©2018 FireEye | Private & Confidential

Zoom in to EMEA

©2018 FireEye | Private & Confidential

EMEA organizations investigated in 2017, by industry

4

7%

5%

18%

7%

4%

22% 12%2%

24%

Other

Business &

Professional Services

Energy

Healthcare

High Tech

Government

Retail &

Hospitality

Entertainment &

Media

Financial

©2018 FireEye | Private & Confidential

Notification by Source

5

External Notification

Internal Notification

©2018 FireEye | Private & Confidential

Newly Named APT Groups

Mar. 20, 2017 Nov. 14, 2017

TEMP EVIL TRACKING X 1000s

Aug. 21, 2017 Dec. 15, 2017

TTP TargetProfile

AttackMotivation

SponsoringNation

The raise of Iran

7

©2018 FireEye | Private & Confidential

Uniquely Positioned to Understand AttackersAn unparalleled knowledge repository on all stages of attacker operations

Adversary IntelligenceDeploying global researchers

with local knowledge

• 22 countries

• 30+ languages

• 150+ analysts and

researchers

Machine IntelligenceGenerating attack telemetry globally

• 15,000 network sensors

• 56 countries

• Generating tens of millions of MVX

detonations per hour

Victim Intelligence

Responding to the most significant

breaches

• 14+ years of investigative

expertise

• 200+ of the Fortune 500

• 26 countries with consultants

Campaign Intelligence

Witnessing attacks as they unfold

• 7 Security Operations Centers

• 99m+ events ingested

• 21m+ alerts validated by Intel

• 33,700+ incidents dispositioned

©2018 FireEye | Private & Confidential

Strengthen

Position within

Target

Establish

Foothold

Package and

Steal Target Data

Complete

Mission

Initial

Compromise

Lateral

Movement

Maintain

Presence

Initial

Recon

Steal Valid User

Credentials

Escalate

Privileges

Identify

Target Data

Internal

Recon

Identify

Exploitable

Vulnerabilities

Gain Initial

Access

Into Target

Attack Lifecycle

PREVENTION

DWELL TIME / IMPACT 175 Days!

RESPONSE

DETECTION

Malware Problem Human Attacker Problem

Endpoint EPP Endpoint EDR

Tactical Intelligence Operational Threat Intelligence

MSSP Managed Defence

Breach

©2018 FireEye | Private & Confidential

Detection and Investigation… along the Attack Lifecycle

10

Att

ac

k L

ife

cy

cle

Ph

ase

s

14%

22%

20%

10%

7%

19%

8%

0% 5% 10% 15% 20% 25%

Complete Mission

Maintain Persistence

Lateral Movement

Internal Reconnaissance

Escalate Privileges

Establish Foothold

Initial Compromise

Percentage of Evidence Provided

LESSONS LEARNED AND OUTLOOK

11

©2018 FireEye | Private & Confidential

IT’S ALL ABOUT THE PLAN-HYGIENE

ASSESS & PLAN

Security Risk

Management

Identity and

Access Mgmt

Data

Protection

Incident

ResponseNetwork, Cloud

& DC ProtectionHost and Endpoint

Protection

©2018 FireEye | Private & Confidential

INTELLIGENCE

INTELLIGENCE LED SECURITY AS A PROGRAM

Threat Profile

Threat Modeling Defensive Planning

Tactical Prioritization

Automated Workflows

Response Efficiency

Proactive Hunting

©2018 FireEye | Private & Confidential

VISIBILITY

YOU NEED TO SEE, TO UNDERSTAND

Network

Host

Application

©2018 FireEye | Private & Confidential

RESPONSIVENESS

TIME, TIME IS ALL ABOUT TIME

Thank you!Aidmar.househ@fireeye.com