modern adversaries (amplify partners)
TRANSCRIPT
![Page 1: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/1.jpg)
Modern AdversariesWhy modern hackers are winning the battle and how we can still win the war
Andy Manoske, Principal
![Page 2: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/2.jpg)
Who is Amplify Partners?
We are an early stage, entrepreneur-focused venture capital firm investing in technical teams solving technical problems
@AmplifyPartnerswww.amplifypartners.com
![Page 3: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/3.jpg)
About the Author
Andy Manoske
Product @ AlienVault (Open Threat Exchange, AlienVault Labs Research)
Product @ NetApp(Product Security, Cryptography)
Principal, Amplify Partners
Economics & Computer Science @ SJSU(Mathematic Economics, Information Security)
@a2d2
![Page 4: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/4.jpg)
Cyberattack Reports to US-CERT by Year
0
17500
35000
52500
70000
2006 2007 2008 2009 2010 2011 2012 2013 2014
Successful cyberattacks are on the rise…
Source: US CERT
![Page 5: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/5.jpg)
…because we are facing more sophisticated
attackers
Source: Verizon DBIR 2014
![Page 6: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/6.jpg)
The modern hacker is an advanced adversary…
but not necessarily because it’s better than previous generations of attackers.
(Sorry, Neo)
![Page 7: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/7.jpg)
Instead, modern hacking tools are more advanced and more available than ever before
Source: Axiomatic Design/Design Patterns Mashup: Part 2 (Cyber Security)
![Page 8: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/8.jpg)
These tools make even novice modern hackers….
…incredibly dangerous
![Page 9: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/9.jpg)
Modern adversaries are able to strike highly defended targets
because hacking tools have advanced faster than security systems that detect and stop attacks
![Page 10: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/10.jpg)
Anthem was well defended
200 person Information Security Staff
$50 Millionspent on security per year
Source: Indianapolis Business Journal
![Page 11: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/11.jpg)
But they were not prepared for their adversary’s complex attack
>12 Months Access to sensitive user data
80 MillionRecords stolen
Source: Crowdstrike, NYT
![Page 12: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/12.jpg)
To build new security systems that can defend against complex attacks
We need to build software that can detect, and stop, modern tools used by modern adversaries
![Page 13: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/13.jpg)
Who are Modern Adversaries?
![Page 14: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/14.jpg)
The modern hacker is frequently a professional
…who attacks private businessesfor financial gain
Source: Hackmageddon
![Page 15: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/15.jpg)
Most modern attacks target companies to steal valuable data:
Source: Hackmageddon
most frequently financial data or intellectual property.
![Page 16: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/16.jpg)
Hackers then sell this stolen data on the black market
and that data is used increasingly to commit identity theft, espionage, and possibly even acts of terrorism.
Reported PII theft and fraud, 2006-2014
![Page 17: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/17.jpg)
Not every cyberattack is focused on profit.
Defacing or destroying online property remains a key objective for many advanced adversaries
![Page 18: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/18.jpg)
Reported PII theft and fraud, 2006-2014There are typically three types of modern adversary
State SponsoredHackers
Organized Crime Hacktivists
![Page 19: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/19.jpg)
Reported PII theft and fraud, 2006-2014State Sponsored Adversary: Energetic Bear / Dragonfly
Russian hacking group either supported or directly managed by Russian state intelligence
● Unpublicized attack on petroleum pipeline operator to steal energy infrastructure information
● Unpublicized Industrial Control System (ICS) sabotage of EU-based energy management operator to cause future attacks and outages
![Page 20: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/20.jpg)
Reported PII theft and fraud, 2006-2014
Organized Crime Adversary: Solntsevskaya Bratva
Largest crime syndicate of the Russian mob heavily involved in cybercrime, with >$3B in annual revenue from hacking
● 2014 JP Morgan Chase data breach targeting wealth management and credit card user data
● 2008 cyberattacks to spread disinformation on Georgian government websites during Russia’s invasion of South Ossetia
![Page 21: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/21.jpg)
Reported PII theft and fraud, 2006-2014Hacktivist Adversary: AntiSec
Anarchist campaign of former members of hacking group Lulzsec and members of the Anonymous community.
● 2014 data breach of the US International Association of Chiefs of Police to leak personnel data in response to investigations on Occupy Wall Street protestors.
● 2011 compromise of Fox News’ Twitter account to spread fake story that President Obama had been injured in a Terrorist bombing.
![Page 22: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/22.jpg)
Most attacks are being perpetrated by organized crime hackers and hacktivists
Source: Hackmageddon
![Page 23: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/23.jpg)
Attacker Sophistication
Attacker Resources
Hacktivists
Organized Crime
State Sponsored Hacking
Which means most attacks are from less individually sophisticated adversaries…
![Page 24: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/24.jpg)
…who employ less sophisticated attacks…
…reliant upon pre-made tools and malware
![Page 25: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/25.jpg)
To confront the majority of attacks from advanced adversaries
We must detect and stop modern hacking tools
![Page 26: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/26.jpg)
Unfortunately, modern hacking tools and malware are good at evading detection
EncryptionModern malware is frequently encrypted to defeatsignature-based intrusion detection systems
BotnetsModern hacking tools and malware hide behind legions of slaved “zombie” computers
![Page 27: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/27.jpg)
But while botnets and encryption may hide most tools and malware
The command and control (or “C2”) structure behind those tools generally
remains the sameSource: Cisco
![Page 28: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/28.jpg)
Source: AlienVault
Example: Attackers who struck the US Office of Personnel Management (OPM)
used the same C2 server…
![Page 29: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/29.jpg)
…that was used to attack
as well as several US companies in…
Defense Aviation
Oil and GasInfrastructure
Source: AlienVault, Symantec
![Page 30: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/30.jpg)
There is a lot of things the security industry can do to confront modern threats…
![Page 31: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/31.jpg)
…but if we want to stop most attacks from advanced adversaries we need to build software that
SHARES DATA ON ATTACKERSAutomatically shares analysis data to open-source platforms to be used in security defenses
PERFORMS DYNAMIC ANALYSISIntrospects incoming files and traffic forpossible C2 infrastructure
![Page 32: Modern Adversaries (Amplify Partners)](https://reader033.vdocument.in/reader033/viewer/2022042706/587c48591a28ab5a1d8b80b9/html5/thumbnails/32.jpg)
TL;DRA new generation of modern adversaries is driving a hacking boom
This generation has access to powerful, easy to use hacking tools
If we do not rethink our approach and update our security systems, the advantage enjoyed by modern adversaries will continue to grow