fixing cyber security imbalance cyber security... · •all threats targeting end users including...
TRANSCRIPT
![Page 1: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/1.jpg)
Fixing Cyber Security Imbalance
Sung-ting Tsai (TT)
2016 Taiwan Cyber Security Summit
June 2016
![Page 2: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/2.jpg)
Sung-ting Tsai (TT)
CEO at Team T5 Inc. • Frequent hacker conference speaker
• Vulnerability researcher and owner of several CVE ID
• 10+ years on security product development
• 8+ years experience on cyber threat research
• Organizer of HITCON (Hacks in Taiwan Security Conference)
![Page 3: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/3.jpg)
• How do we fix it? Understand type of cyber threats
Prioritize the threat
Get ready for the breach
Advise for security investment
Embracing hackers
• How dangerous is the cyber world Threats targeting everyone
Threats targeting enterprises
Threats targeting Government
• Why the cyber security is so unbalanced Threats vs security solutions
Actors vs target
Ignorance of vulnerability
Agenda
![Page 4: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/4.jpg)
How dangerous is the cyber world?
![Page 5: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/5.jpg)
Malvertisement + Ransomware
Ref: http://technews.tw/2016/03/18/web-advertising-ransomware-json/
![Page 6: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/6.jpg)
![Page 7: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/7.jpg)
Dropbox 100 Million Accounts
![Page 8: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/8.jpg)
Linkedin – 117 Million
![Page 9: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/9.jpg)
• Personally Identifiable Information• Botnet / adware Feel nothing basically
• Financial data stealing / phishing Credit card
Online baking / shopping / game
• Scam
• Ransomware
Threats Targeting Everyone (end users)
![Page 10: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/10.jpg)
• DDoS extortion
• Industrial / commercial espionage Intellectual property
Business / customer data
• State-sponsored espionage 情蒐
Spy, intelligence collection
• All threats targeting end users Including botnet, ransomware, etc.
• Server attacks Website defacement
Mail / File / Database server data stealing
• Scam / phishing
Threats Targeting Enterprises (Corporations)
![Page 11: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/11.jpg)
• State-sponsored espionage Spy, intelligence collection
• Cyber-terrorism Cyber sabotage
Critical (information) infrastructure attack
• All threats targeting end users Including botnet, ransomware, etc.
• Server attacks Website defacement
Mail / File / Database server data stealing
• DDoS from hacktivist
Threats Targeting Government
![Page 12: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/12.jpg)
OPM Hack
![Page 13: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/13.jpg)
Japan Pension Service Breach
![Page 14: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/14.jpg)
JTB Hack
![Page 15: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/15.jpg)
Why the cyber security is so unbalanced?
![Page 16: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/16.jpg)
Attack / Defense
Which one is easier?
(Technically speaking, DEFENSE is easier.)
(In reality, DEFENSE is at a disadvantage and expected to lose.)
![Page 17: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/17.jpg)
It is an unbalanced war.
![Page 18: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/18.jpg)
• Security vendors’ technology are advanced, and elegant.
• Countermeasures to all existing attacks.
• Vendors are responsible for the solutions they provided.
Attacks vs Security Solutions
![Page 19: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/19.jpg)
• Keep a perfect defense, always. is impossible.
New features, new systems, new people, brings
new weaknesses.
New vulnerabilities are disclosed everyday (for
example: 2012 struts2).
• Ignorance of vulnerability Vulnerability is critical to success or failure.
• ACTORs are experts, and target?
• ACTORs are Human (not just a malware)
HUMAN vs computer programs?
• ACTORs adapt and change rapidly. Actors usually bypass new defense quickly with
very low cost.
• Malware updates are always faster than security products. Speed of response and reaction.
ACTORs vs Targets (the imbalance)
![Page 20: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/20.jpg)
A story
https://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/
![Page 21: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/21.jpg)
Fixing the Imbalance
![Page 22: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/22.jpg)
Understand the type of threats
![Page 23: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/23.jpg)
• What kind of threat you should concern?
• Deal with high-priority threats first.
Prioritize the Threats
Cyber
Espionage
eCrime
Hacktivist
Botnet / Spam
![Page 24: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/24.jpg)
• Understand their Techniques, Tactics, and Procedures (TTP).
• Understand their purposes.
Understand your enemies
Ref: http://detect-respond.blogspot.tw/2013/03/the-pyramid-of-pain.html
![Page 25: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/25.jpg)
• You will be pwned, sooner or later.
• Be prepared.
• It is not all about defense, it also matters how fast you can mitigate the incident.
Get Ready for the Breach
![Page 26: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/26.jpg)
• Invest on people, not only software or hardware Your enemies are human. They are well-trained hackers. You
cannot rely on computer programs only.
You need good security strategy to defend. Only people can
make strategy.
• Invest on cyber threat intelligence Build your own threat intelligence program.
Continuously produce your own intelligence.
Gain advantages to against cyber threats.
Advise for security investment
![Page 27: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/27.jpg)
Embracing hackers is the key step to success in cyber security.
擁抱駭客,才是許多資安問題的最佳解法。
![Page 28: Fixing Cyber Security Imbalance Cyber Security... · •All threats targeting end users Including botnet, ransomware, etc. •Server attacks Website defacement Mail / File / Database](https://reader036.vdocument.in/reader036/viewer/2022071023/5fd85722e9acef22ab70eb46/html5/thumbnails/28.jpg)