sentient cyber security

46
Sentient Cyber security Per Cochrane www.cochrane.org.uk “The ultimate war of good v evil, machine & biological adaptability”

Upload: peter-cochrane

Post on 21-Jan-2018

467 views

Category:

Technology


0 download

TRANSCRIPT

Sentient

Cyber

security

Peter Cochranewww.cochrane.org.uk

“The ultimate war of good v evil, machine & biological adaptability”

what we know for sure

Attacks are escalatingThe Dark Side is winningThe attack surface is increasingCyber disruption costs are growingCompanies do not collaborate and shareThe attackers operate an open marketAll our security tools are reactiveAttacker rewards are on the upPeople are the biggest riskThere are no silver bullets

It is time to rethink our strategy and solution space

More of the same butbetter & faster will not

change the game…

…we have to think anew-get out of the boxand do something verydifferent !

Malware protectionOS & App updatesFirewall settingsPassword hellMulti-devicesCloudsBMOBBYOD

Time for automation NOT coping

Mobile workingFlexi-workingVirtualisationGlobalisationRapid changeCompetition

Dynamic techMulti-teamsTravelling

WiFi, 3,4 GBlueTooth

Authentication

“People have a lot on their plat and need to be relieved of the security burden…and we have to get it all automated and dynamically secure”

THE DARK SIDEShares and sells everything

(Fully Undetectable Server)THE DARK SIDE

People = BIGGEST THREAT

NaiveFalibleIgnorantHabitualCareless

Insiders, outsiders, alongsiders, visitors, hackers

EvilOpenClosedHonestInnocent

SlowLimitedConstrainedIrresponsibleUnresponsive

+++ and awful lot more!

People = BIGGEST THREATSocial engineering, casual observation, careless

34% divulge their passwords @ first pass98% use 1 or 2 very weak passwords and PINs95% leave PC/Laptop/Tablet/Mobile open & unlocked25% divulge their passwords during a smart conversation65% unaware of shoulder surfing & are exposed at ATMs

123456password12345678qwerty12345123456789football12341234567baseballwelcome1234567890abc1231111111qaz2wsx

dragonmastermonkeyletmeinlogin

Most common passwords

People = BIGGEST THREATSocial engineering, casual observation, careless

34% divulge their passwords @ first pass98% use 1 or 2 very weak passwords and PINs95% leave PC/Laptop/Tablet/Mobile open & unlocked25% divulge their passwords during a smart conversation65% unaware of shoulder surfing & are exposed at ATMs

123456password12345678qwerty12345123456789football12341234567baseballwelcome1234567890abc1231111111qaz2wsx

dragonmastermonkeyletmeinlogin

Most common passwords

Sarah < 1 s

Sarah56 = 13 hoursSarahRoger = 1 month

Sarah+Roger = 97 yearsSarah+R0ger = 400 years

5arah+R0ger = 485k years<5arah+R0ger> = 47M years

<?5arah+R0ger?> = 428 Bn years

Password Strength - Time to Crack

Make it hard for the enemy

Mixed letters, numbers & symbolsHigh entropy, no nouns, no repeats

D i s p e r s e d g u e r r i l l a a r m y

Strategy = overall plan of actionTactics = methods to achieve an end

the dark side

Lone AmateursLone Anarchists

GreyCompaniesDisrupter GroupsAnarchistic GroupsRouge GovernmentsFriendly GovernmentsCriminal Organisations

Strategy & FastEvolving Tactics

Chancers!

AnonymousNo constraintsSharing cultureHighly adaptableMoney motivatedDark NetworkedMoney motivated

H e a v y i n ve s t o r s i n R & D a n d t h e l a t e s t t e c h n o l o g i e sthe dark s ide Is very r icH

Malware breeding and speciation of successful strains is now their most advanced tool to defeat the far slower and behind the wave defenders

H e a v y i n ve s t o r s i n R & D a n d t h e l a t e s t t e c h n o l o g i e sthe dark s ide Is very r icH

Malware breeding and speciation of successful strains is now their most advanced tool to defeat the far slower and behind the wave defenders

Rio 2016

London 2012

>80M >800M

exponential cyber HITSEvolving machine dominated attacks are now the norm

>1.78x per year

Today >> 1G

IoT + AI = THREATs to come

FixedMobileSecureOn-lineOff-lineEvolvingInsecureSpecialisedGeneral purpose

Dispersed, fixed, mobile, dumb, intelligent…

EvilOpenClosedHonestInnocent

DisconnectedAutonomous

ConnectedIntelligentComplex

IsolatedSimpleDumbSmart

+++ a vast and growing attack surface ~50Bn things ~2020

OldSafeNewStableUnsafeVolatileReliableResilientUnreliable

>99.7% of all Apps

have ⍩ 1 day one

vulnerability/ies

Insecure Irony !

All down to a small

configuration error..

“Provides a cyber security ranking and certification service”

Member of youth division of Soviet Communist PartyStudent Technical Faculty of the KGB Higher SchoolSoftware Engineer in Soviet military intelligence service Met his wife at a KGB vacation resort in 1987

What a BIO !!!Give this man a .gov job??

I’m, not paranoid but,

excuse me *******

****

some ancient WISDOMS

Strategy without tactics is the slowestroute to victory

Tactics without strategy is the noisebefore defeat

Be so subtle that you are invisible

Be so mysterious you are intangible

Then you will control your rivals’ fate

Supreme art of war - subdue the enemy without fighting

~5C BC

behav i oural analys is

“To know your enemy you must become your enemy”

A key from the past, but now far more diverse & important

This now applies to people, organisations, machines and networks!

“The ultimate test is to attack yourself using what you know” (PC)

b e h av i o u ra l a n a lys i sPeople, devices, networks, components, things are habitual

Habituality identifies us

Any deviation indicates some form of change

b e h av i o u ra l a n a lys i sNetwork data shows a marked increase in activ ity

222120191817161514131210987654

Attack generated data

Normal data

two pr i mary w eapons

two pr i mary w eaponsBOT Local - PC/Laptop/LAN - Outgoing traffic dominates

- Everything slows down

- Operations take longer

- Power consumption up

- Electronics runs hotter

Wider Implications - Target disabled/overwhelmed

- Some servers less responsive

- Points of network congestion

- Overall net traffic peaks/limits

- Increases other security risks

MALWARE Spreading

WannaCry 2017 Windows 7 Windows XP Windows Server 2003

CodeRed 2001 CodeRed II 2001 Nimda 2001 Beast 2002 MS Windows Specific

NSA EternalBlue April 07 >>> WannaCry May 07 >200k machines in 150 countries

CodeRed Worm July 2001

Local - Machines lock up

- Normal traffic ceases

- New spreading traffic

- People report issues

Wider - LAN traffic > 0

- Net traffic changes

- Groups are isolated

- IT receive reports

- ISPs receive reports

• Telkom (South Africa)[152]

• Timrå Municipality, Sweden[153]

• Universitas Jember, Indonesia[154]

• University of Milano-Bicocca, Italy[155]

• University of Montreal, Canada[156]

• Vivo, Brazil[142]

• Andhra Pradesh Police, India[119]

• Aristotle University of Thessaloniki, Greece[120]

• Automobile Dacia, Romania[121]

• Cambrian College, Canada[122]

• Chinese public security bureau[123]

• CJ CGV[124]

• Dalian Maritime University[125]

• Deutsche Bahn[126]

• Dharmais Hospital, Indonesia[127]

• Faculty Hospital, Nitra, Slovakia[128]

• FedEx[129]

• Garena Blade and Soul[130]

• Guilin University Of Aerospace Technology[125]

• Guilin University Of Electronic Technology[125]

• Harapan Kita Hospital, Indonesia[127]

• Hezhou University[125]

• Hitachi[131]

• Instituto Nacional de Salud, Colombia[132]

• Lakeridge Health[133]

• LAKS[134]

• National Health Service (England)[139][86][88]

• NHS Scotland[86][88]

• Nissan Motor Manufacturing UK[139]

• O2, Germany[140][141]

• Petrobrás[142]

• PetroChina[13][123]

• Portugal Telecom[143]

• Q-Park[144]

• Renault[145]

• Russian Railways[146]

• Sandvik[127]

• São Paulo Court of Justice[142]

• Saudi Telecom Company[147]

• Sberbank[104]

• Shandong University[125]

• State Governments of India

• Suzhou Vehicle Administration[125]

• Sun Yat-sen University, China[127]

• Telefónica[150]

• Telenor Hungary, Hungary[151]

• LATAM Airlines Group[135]

• MegaFon[136]

• Ministry of Internal Affairs of Russian Fed[137]

• Ministry of Foreign Affairs (Romania)[138]

wannacry v ict ims>200k machines in >150 countries - All MS

• Telkom (South Africa)[152]

• Timrå Municipality, Sweden[153]

• Universitas Jember, Indonesia[154]

• University of Milano-Bicocca, Italy[155]

• University of Montreal, Canada[156]

• Vivo, Brazil[142]

• Andhra Pradesh Police, India[119]

• Aristotle University of Thessaloniki, Greece[120]

• Automobile Dacia, Romania[121]

• Cambrian College, Canada[122]

• Chinese public security bureau[123]

• CJ CGV[124]

• Dalian Maritime University[125]

• Deutsche Bahn[126]

• Dharmais Hospital, Indonesia[127]

• Faculty Hospital, Nitra, Slovakia[128]

• FedEx[129]

• Garena Blade and Soul[130]

• Guilin University Of Aerospace Technology[125]

• Guilin University Of Electronic Technology[125]

• Harapan Kita Hospital, Indonesia[127]

• Hezhou University[125]

• Hitachi[131]

• Instituto Nacional de Salud, Colombia[132]

• Lakeridge Health[133]

• LAKS[134]

• National Health Service (England)[139][86][88]

• NHS Scotland[86][88]

• Nissan Motor Manufacturing UK[139]

• O2, Germany[140][141]

• Petrobrás[142]

• PetroChina[13][123]

• Portugal Telecom[143]

• Q-Park[144]

• Renault[145]

• Russian Railways[146]

• Sandvik[127]

• São Paulo Court of Justice[142]

• Saudi Telecom Company[147]

• Sberbank[104]

• Shandong University[125]

• State Governments of India

• Suzhou Vehicle Administration[125]

• Sun Yat-sen University, China[127]

• Telefónica[150]

• Telenor Hungary, Hungary[151]

• LATAM Airlines Group[135]

• MegaFon[136]

• Ministry of Internal Affairs of Russian Fed[137]

• Ministry of Foreign Affairs (Romania)[138]

wannacry v ict ims>200k machines in >150 countries - All MS

2016 Ransome Ware Growth > 600% Earnings > $1Bn

2017 Ransome Ware Growth > ??%

Earnings > $10Bn ?

GROWTHNo one i s s a f e

we are in a cyber warEngaged in a full on, and accelerating, arms race

The old defencesMaintainedUpgradedImproved

Dynamic Combatants

Active Defenders

Passive Defenders

Full on Aggressors ?

The new defencesEvolutionary

Pro-ActiveIntelligentAdaptable

Situational AwarenessAutomated and predictive at every operating level

Behavioural Analysis 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks

Organisations Companies

Platforms Groups People Mobile

Fixed

Deviations andexceptions to

long termequilibriuminvestigated

and analysedby multiple AIs

in real time withthreat identification

and automated reaction

Auto-immunityMirrors biological forebears

Behavioural Analysis 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks

Organisations Companies

Platforms Groups People Mobile

Fixed

Broadcasting Malware

Responding with updated

protection Wider Network Updated

Latest Solution Update

Dynamic isolation of infected devices and components

leading to repairA mix o f c l ean and in fec tedAuto-immunity

A Multiplicity of channelsAttack detection/exposure/thwarting using access diversity

BlueTooth Short Range Device to Cloud Device to Device

SatCom Broadcast

WiFi, WiMax Medium Range WLAN/Cloud

Integrated and intelligent security systems embedded

into all products and componentsZigBe/Other ?? Car-to-Car Direct Communications

Defence opportunities in channel/device/system diversity

A wide plurality of channel detection and protection

Attacks almost never isolated or single sourced

Not restricted to single channel/attempt

Secure attack and infection isolation

Diverse immunity/support access

Distributed info sharing

GEO info location

3, 4, 5 G Long Range

Device to Net Device to Cloud

SPACE

AIR

SEA

LAND

CYBER

Dominated by Government

Forces

Dominated by Industry and Whitehats?

Warfare continues to rapidly evolve, but governments does not have the frameworks to deal with the growing Cyber Threat

The big defence challenge is to make all infrastructures, facilities and peoples safe from simultaneous attack across any and all domains - civil and military

theatres of warNo longer a so l e m i l i ta ry p rese rve

CYBER warfare A new and rea l l y b i g game changer

DO MORE THAN THIS !Typical industry advice given by experts

• Conduct live fire drills • Enact penetration testing • Reward your responsive people • Introduce staff training/tutorials/briefings • Get ‘White Hats’ to hack your organisation

• Don’t stop adapting • Build multi-layer security • Use the best hosting companies • Employ the best support and ISPs • Use the latest security technologies • Create ‘what if ’ - attack/penetration strategies

Live fire & EducationMake it real, make it effective and up to date

War Games - Spoof Attacks Rewards for the Alert Regular Briefings Constant Watch

The miltary play all

day and go into war

now and again

We are in a war every

day but never play !

Supporting MaterialsSlide sets, blogs, papers, tutorial publications

Slide Sets

https://www.slideshare.net/PeterCochrane/evolving-it-security-threats-and-solutions

https://www.slideshare.net/PeterCochrane/from-identity-to-ownership-theft

https://www.slideshare.net/PeterCochrane/the-infinite-security-of-clouds

https://www.slideshare.net/PeterCochrane/block-chain-basics

Papers/Blogs/Tutorials

http://cochrane.org.uk/publications/articles-lectures-preprints-and-reprints/cyber-security-auto-immunity/

http://cochrane.org.uk/publications/articles-lectures-preprints-and-reprints/blockchain-ultimate-ledger/

https://www.financialdirector.co.uk/financial-director/opinion/2402924/it-strategy-ownership-theft-will-eclipse-identity-threat-epidemics

https://www.computing.co.uk/ctg/opinion/2474472/need-to-know-or-need-to-share-the-dark-side-is-winning-and-the-industry-needs-to-act

http://insights.wired.com/profiles/blogs/cybercrime-security-and-the-risks-of-the-future#ixzz2mmRGO2Bv