Cyber Security and Internet Governance
|
|
- Eleanore Joseph
- 8 years ago
- Views:
Transcription
1 Cyber Security and Internet Governance SC Leung CISSP CISA CBCP
2 Who am I? Director, Internet Society Hong Kong SC Leung Work: Information Security ISP Banking Telecom Software Distributor School Teacher
3
4 Working Groups Internet Accessibility Internet technology, e.g. IPv6, DNSSEC Internet Security & Privacy Copyright and Creativity Startup Activities Seminar, conference, campaign (IPv6 in Action) and workshops, startup award, policy paper
5 What can be hacked?
6 Do you buy this argument? Everything has a computer in it. Every computer can be hacked. Source: Apple Daily July
7 Students faked GPS signals to Hijack $80M yacht Source: Networkworld July 29, 2013
8 Can this be hacked? Which has more attack surfaces?
9 Can this be hacked?
10 What is Cyber Security Risks? TERMS Attacks Explicit action to damage Threats Dangers, Motives to attack Vulnerabilities Security Holes Impacts The damage done to the victim Risks -- Probability of damage/loss/negative effects
11 Hong Kong s Internet Profile
12 Internet and Economy of Hong Kong Internet s contribution to HK economy (2009): USD12.4B (5.9% GDP) 1/3 consumption 1/3 govt. /private investment in Internet-related goods/ services 1/3 net exports of e-commerce and hardware Projected 7% per year Source: Study by Boston Group, commissioned by Google
13 Hong Kong Communication Statistics Internet Services (2015 Jan, CenStatD) Internet penetration rate 73% (5.75M) Household broadband penetration rate 83.2% Public Wi-Fi access points 30,297 Mobile Services (2014 Nov, CenStatD) Mobile subscribers 17.5M Mobile penetration rate (Nov 2014) 241.7% Smartphone users accessing Internet daily 96% Facebook Users (2014 Jan, TNS) 4.4M
14 Internet Speed and Attack Economies with fastest Internet speed Hong Kong 1 st : 84.6Mbps Singapore 2 nd : 83Mbps South Korea 3 rd : 74.2Mbps Japan 4 th : 65.1Mbps Economies with highest portion of attack traffics Source: Akamai 2014-Q3 Internet Report
15 The Attackers The Threat
16 Traditional Attackers Script Kiddies Genius Hackers Disgruntled Workers Business Rivals
17 Modern Attackers Cyber Criminal Hacktivist Nation State Image credits: Infographics of WatchGuard
18 Modern Attackers Cyber Criminal Motive: $$$ Underground economy Crime-as-a-Service Botnet infrastructure Advanced (banking) Trojan Moving to mobile and cloud Image credits: Infographics of WatchGuard
19 Cybercriminal Underground Economy Sales ranking on underground economy Source: Symantec
20 Modern Attackers Hacktivist } Motive: Ideological } High profile } Crowdsourcing } Data leakage à DDoS Image credits: Infographics of WatchGuard
21 Anonymous Hacktivist Group
22 Modern Attackers Motive: Political/Military Nation State Targeted critical infrastructure Advanced malware / attacks Low profile Espionage Image credits: Infographics of WatchGuard
23 Critical infrastructure at Risk Stuxnet botnet (2010) Designed to overcome the network gap Targeted programmable logic controllers in the Natanz nuclear facilities in Iran Supervisory Control and Data Acquisition (SCADA) Water and sewage system Hospital Telecommunication Transport Critical infrastructure
24 Targeted Attack on Critical Infrastructure of Trust Stolen digital certificates by Stuxnet (Jan 2011) and Duqu (Oct 2011) RSA SecurID hacked (Mar 2011) Cause a global replacement of tokens in years Certificate Authorities attacks Comodo (Mar 2011), DigiNotar (Aug 2011), DigiCert Malaysia (Nov 2011) More Dutch CAs: Getronic KPN CA (Nov 2011) GenNet (Dec 2011) Consequence Root certificate of these CAs are distrusted or removed from the browsers/os Some out of business after attack Attack down to the root of trust of the Internet
25 Impacts of the new chemistry Nation X Nation Y Lower hurdle to access sophisticated attack technologies collateral damages Provide attack services to hacktivists Image credits: Infographics of WatchGuard
26 Vulnerabilities Image credit:
27 Software Vulnerabilities Source: Security bulletins in
28 Mac OS Security Vulnerabilities Some people think We don t need anti-virus for Mac OS Is this true? Flashback Trojan for OS X Appear in Sep 2011, pretended to be Adobe Flash installer Evolved to target Java runtime vulnerability of MAC computers in 2012 Said to have infected 500,000 Mac computers. JAVA vulnerability targeted by Flashback Oracle announce in Nov 2011 Apple not patched till Apr Conclusion Do not believe in this myth Apple does not need antivirus
29 Who are you really talking to? Social Engineering uses a lot of identity theft
30 Spoofing
31 Threats, Vulnerabilities, Risks and Risk Mitigations Threats (Disasters, Attackers) Threats (Disasters, Attackers Risks Attacks Attacks Risks Vulnerabilities (System / Human) Risk Mitigations (Technology / Awareness) Compromised Your System / System Data / Data Your System / Data
32 Attacks
33 Malware Propagation channels Executables Document Malware Website Fake security software Fake video player codec
34 Malware Propagation channels Executables Document Malware Embedded malware in PDF or Office files Botnet served PDF malware Website Image by Websense
35 Malware Propagation channels Executables Document Malware Website Legitimate and trusted websites compromised Web admin incapable to detect and mitigate the risks
36 Multi-stage infection (drive-by download) Web server (injected) Exploit server Malware Hosting Web request Browser p p Exploits imported from other servers via iframes, redirects When compromised, dropper download and install the actual bot malware
37 Threat: Botnet (robot Network Command & Control Centre Bot Herder Services Manage Update Survive the adverse C&C Bots bot bot bot attacks Your computers! victim victim
38 Reflective DDoS using Open DNS resolvers (2) A spoofs a DNS query by Server B domain.com TYPE = ANY Packet size = 20 bytes Attacker A Misconfigured DNS open resolvers C (1) A wants to attack B without being identified Server B under attack (3) Reply to query of unauthorized domain; Amplified DNS Reply Packet size = 1,200 bytes
39 Reflective DDoS using Open DNS resolvers Misconfigured DNS open resolvers Bots Server under attack
40 Hong Kong Security Profile
41 Critical Attacks in Hong Kong Recent Cases 第 一 亞 洲 商 人 金 銀 業 有 限 公 司 (Feb-2012) HK Stock Exchange 披 露 易 (Aug-2011)
42 Civil e-voting Campaigns targeted Attack bandwidth up to 400Gbps (source: CloudFlare)
43 Territory-wide attack no longer a myth Hong Kong came across a territory-wide attack in October the Operation Hong Kong campaign initiated by a hacktivist group Many websites targeted, both government and nongovernment In form web defacement, DDoS attacks and intrusion of information system Also brought about collateral damages to other users in neighbouring networks.
44 Security Incident Reports Handled in the past 10 years 3,443 2, % 1,605 1,797 1,255 1,304 1, ,189 1, % of incident reports in 2014 were referred by external parties
45 Incident Reports Breakdown in 年 保 安 事 故 報 告 的 分 佈 Total 總 數 : 3,443 l Botnet ( 殭 屍 網 絡 ): 1,973 (57%) l Phishing ( 釣 魚 網 站 ): 594 (17%) l Malware ( 惡 意 軟 件 ): 298 (9%) l Defacement ( 網 頁 塗 改 ) : 146 (4%) l Distributed Denial-of-Service (DDoS) ( 分 散 式 阻 斷 服 務 攻 擊 ): 125 (4%) 9% 4% 9% 4% 17% 57% Botnet 殭 屍 網 絡 Phishing 釣 魚 網 站 Malware 惡 意 軟 件 Web Defacement 網 頁 塗 改
46 Prediction
47 Mobile Malware China statistics 2012, 95 % of mobile malware targeting Android (NQ Mobile) Infected 32.8M smartphones 28% collect personal data for $$ Mostly from unofficial app store Package malware into normal apps and put on app store
48 Mobile banking is it secure? Two factor authentication using SMS? Some banks start to use as the client tool Loss of out-of-band communication when using SMS as soft token à token device is recommended Unauthenticated mobile Apps Hackers ported Zeus botnet to mobile Zeus: botnet targeting financial institutions Man in the Mobile attack (Mitmo)
49 More ios malware Wirelurker infected JB & non-jb devices Infections via synchronization with desktop Host Mac malware on piracy app store 麥 芽 地 Mac malware monitor USB connection, and sync with ios device to infect it with WireLurker Use Enterprise provision profile to install malware not published on Apple app store
50 Security Implications of Internet of Things
51 IoT Security Outlook l Hackers now control Internet devices to steal data, or use them to launch attacks IP Camera leaking personal privacy Broadband routers launch DDoS TV Box compromised by preloaded malware l Potential threats for Internet of Things ( 物 聯 網 ) Smart Home, Smart Watch or Industrial Control System (ICS) connected to the Internet
52 Smart Home Remote Control Mobile Devices Personal Cloud Managed Service Home Gateway Home Devices Reference: Amdocs_Connected_Home-SmartCity-2012-June.pdf
53 Smart Home Google Nest thermostat hacked University of Central Florida) Can boot via USB to bypass verification and install any code Can read log file that contains local Wifi credentials in plaintext Can block sending log back to server
54 Smart Car security BMW Issues Security Patch for ConnectedDrive after Unlocking Hack Discovered (Feb 2015) Hack: use fake cellphone base to intercept mobile network traffic to send forged command to BMW server to open the car window
55 CyberSecurity Freedom and Privacy
56 The Internet 911? Cybersecurity A national defense strategy Countries want more control Internet Freedom and Privacy Human Rights
57 Edward Snowden on digital surveillance General Surveillance justified for National Security? Data Privacy concerns Data in transmission Data in storage Snowden said strong encryption helps Data sovereignty issue Brazil regulating cloud firms to open local data centre for Brazil citizens (Nov 2013)
58 Risks to Privacy Big Data Lenovo SuperFish Adware Preinstalled adware leaking personal data GreyFish Disk Firmware leaking personal data Xiaomi phone update data to cloud
59 Some trend worth to note Internet had contributed greatly to Globalization Lack of Trust à Localization is emerging? Use our digital products Train our own professional Do our own research and not sharing Mandate code review of foreign products Fragmented Internet Filtering content
60 Arab Spring 2010 and afterwards Most popular Twitter hashtags in the Arab region: Egypt, Jan25, Libya, Bahrain and protest in 2010, Million Arab Users on Facebook Arab Social Media Report 2011 March 9 in 10 Egyptians and Tunisians used Facebook to organise protests or spread awareness Image credit:
61 Internet Governance becomes hot debate Internet Governance: currently a distributed model ITU World Conference on International Telecom (WCIT) December 2012 Debate on the new International Telecomm Regulation (ITR) to include regulation of the Internet
62 WCIT 2012 Dubai The Dubai meeting became a hotspot -- some member states tabled very controversial proposals, including: Extending ITU s regulatory authority from telecommunication to include the Internet. Some African member states even proposed to expand further to anything relating ICT. Requiring the member states to address cyber security and anti-spam issues Permitting member states to impose restrictions on the routing of Internet traffic and collect subscriber identity information
63 Cold War in the Dubai Meeting One camp proposed to regulate the Internet -- included Russia, China, some Arab and African countries. Another insisted to maintain a multi-stakeholder governance model for open and free Internet. camp including United States, Canada, EU countries and their allies The two camps stalled in a tug-of-war. Finally, The Chairman then announced the new regulations with effect on January 1, 2015.
64 Signature of the Final Acts 89 signed, 55 not signed
65 After the Dubai Meeting Internet Society published the report of Global Internet User Survey % agreed or agreed strongly that access to the Internet should be considered a basic human right. 89% agreed or agreed strongly that Internet access allows freedom of expression on all subjects, and 86% agreed or agreed strongly that freedom of expression should be guaranteed. The European Union published the Cyber Security Strategy in February 2013 Human rignts being a fundamental of cybersecurity
66 Internet Governance ICANN: a distributed governance model with inputs from multiple stakeholders: governments, public organizations and the netizens.
67 Governments, Public Organizations, Business, Common People
68 Thank You
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationCurrent counter-measures and responses by CERTs
Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationCybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat www.etda.or.th
Cybersecurity: Thailand s and ASEAN s priorities Soranun Jiwasurat www.etda.or.th Cyber Threat Landscape Overview 2 Cyber threat a hostile act using computers, electronic information and/or digital networks
More informationDDoS Attacks Can Take Down Your Online Services
DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationWeb 2.0 and Data Protection. Paul Tsang Security Consultant McAfee
Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationAdvanced Persistent Threats
Emilio Tonelli Senior Sales Engineer South Europe WatchGuard Technologies, Inc. Advanced Persistent Threats the new security challenge Are you protected? Current Threat Landscape 2 Global Threat Landscape:
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationCyber Threats to e-commerce. S.C. Leung CISSP CISA CBCP
Cyber Threats to e-commerce S.C. Leung CISSP CISA CBCP Who are we? HKCERT Established in 2001. Operated by HK Productivity Council Provide Internet users and SME services (free-of-charge) Scope of services
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures
More informationTutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationBotnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
More informationCERT-GOV-GE Activities & International Partnerships
CERT-GOV-GE Activities & International Partnerships Zurich, Switzerland 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge CERT-GOV-GE - Structural unit was formed within the Information Security and
More informationDNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS
DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationPhishing Activity Trends Report June, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationHow To Protect Your Network From Threats From Your Network (For A Mobile) And From Your Customers (For An Enterprise)
Plugging the Holes in Mobile Security: The Rising Threat Jennifer M. Pigg, VP of Research, Yankee Group Nick Wade, Group Product Manager, Symantec June 2011 Copyright 2011. Yankee Group Research, Inc.
More informationMobile Malware Network View. Kevin McNamee : Alcatel-Lucent
Mobile Malware Network View Kevin McNamee : Alcatel-Lucent Agenda Introduction How the data is collected Lies, Damn Lies and Statistics Windows PC Malware Android Malware Network Impact Examples of malware
More informationCyber and Mobile Landscape, Challenges, & Best Practices
Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationINFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!
INFOCOMM SEC RITY is INCOMPLETE WITHOUT Be aware, responsible secure! U HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD FASTEN UP!
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationWeb Security. Discovering, Analyzing and Mitigating Web Security Threats
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
More informationSome Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org
Some Perspectives On Cybersecurity Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org Agenda What is the Internet Society (ISOC) On the IETF Cyber Security Themes
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationMOBILE MALWARE REPORT
TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014 CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores
More informationthe Council of Councils initiative
Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationSentinelOne Labs. Advanced Threat Intelligence Report. 2015 Predictions
SentinelOne Labs Advanced Threat Intelligence Report 2015 Predictions 2014 Rearview More, Better Malware The past 12 months were characterized by the extension of threats that emerged in 2013: more sophisticated,
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationPenetration Testing The Red Pill
Penetration Testing The Red Pill Mehis Hakkaja, Mait Peekma www.clarifiedsecurity.com Agenda What is security testing, penetration testing (pen-testing)? Why pentest? Threat landscape Web application attacks
More informationAnthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa
SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern
More informationPhishing Activity Trends Report for the Month of December, 2007
Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease
More informationComputer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance
Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit
More informationWin the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business
Win the Internet Security War Keep Internet Criminals Out of Your Network and Protect Your Business Takeaways Cyber-criminals are using emails & social engineering to infiltrate your network Your team
More informationProtecting against Mobile Attacks
2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile
More informationBUGAT TROJAN JOINS THE MOBILE REVOLUTION
BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationCyber liability threats, trends and pointers for the future
Cyber liability threats, trends and pointers for the future Tim Smith Partner, BLM t: 020 7865 3313 e: tim.smith@blm-law.com February 2013 Cyber liability threats, trends and pointers for the future The
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationEnterprise Mobile Threat Report
Enterprise Mobile Threat Report The State of ios and Android Security Threats to Enterprise Mobility I. Introduction This report examines enterprise security threats for ios and Android. While Android
More informationAttackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only
Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors Microsoft Confidential for internal use only Wall Street Journal, JP Morgan, Lockheed, Bushehr nuclear
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationSECTOR 2015 Malware Activity in Mobile Networks Kevin McNamee (Alcatel-Lucent)
SECTOR 2015 Malware Activity in Mobile Networks Kevin McNamee (Alcatel-Lucent) Agenda How the data is collected Lies, Damn Lies and Statistics Windows PC Malware Android Malware Examples of malware Conclusion
More informationAttacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES. Session Classification:
Attacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES Session ID: SPO1-303 Session Classification: General Interest Welcome to RSA 2013.
More informationWhere is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011
The Internet is for Everyone. Become an ISOC Member. Cyber Security Symposium 2011 Where is Hong Kong in the secure Internet infrastructure development Warren Kwok, CISSP Internet Society Hong Kong 12
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table
ARP and DNS Both protocols do conversions of a sort, but the distinct difference is ARP is needed for packet transfers and DNS is not needed but makes things much easier. ARP Address Resolution Protocol
More informationSITUATION REPORT 1/2007 1 (5) 11.4.2007 INFORMATION SECURITY REVIEW 1/2007
1/2007 1 (5) INFORMATION SECURITY REVIEW 1/2007 During the first quarter of the year, received word about an unusual number of denial-ofservice attacks or attempts of those. The most noteworthy attacks
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationHow are we keeping Hackers away from our UCD networks and computer systems?
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
More informationCERT-GOV-GE Activities & Services
CERT-GOV-GE Activities & Services Tbilisi, Georgia 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge CERT-GOV-GE - Structural unit was formed within the Information Security and Policy division of
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationDragonfly: Energy Companies Under Sabotage Threat Symantec Security Response
Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Western Energy Companies Under Sabotage Threat 1 What is Dragonfly? Ongoing cyberespionage campaign Targeting the
More informationCyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security
Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationCITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS
CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS May 2012 As of April 30th, 2012 the Citadel Trojan was at its fourth upgrade with Version 1.3.4.0 already in the hands of its customers. Citadel s features, bug
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationCyber Attack Trend and Botnet
Cyber Attack Trend and Botnet S.C. Leung CISSP CISA CBCP Agenda Botnet and Cyber Attack Trends Botnet Attack Trends Commercialization of Cyber Crime Professionalization of Cyber Crimeware Social Engineering
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationIncident Response 101: You ve been hacked, now what?
Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape
More informationPrevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA
Prevent Malware attacks with F5 WebSafe and MobileSafe Alfredo Vistola Security Solution Architect, EMEA Malware Threat Landscape Growth and Targets % 25 Of real-world malware is caught by anti-virus Malware
More informationExactly the Same, but Different
Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0 Agenda Define Mobile Device Security o o Similarities Differences Things you Should
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationIBM Security Systems Trends and IBM Framework
IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1 Agenda IBM X-Force 2013 Mid Year Trend
More information2012 NORTON CYBERCRIME REPORT
2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,
More informationAdvancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
More informationAnnual Review 2011 31 January 2012 1
Annual Review 2011 31 January 2012 1 CERT-FI review 2011 Abstract annual The year 2011 was characterised by many information security breaches getting a lot of public attention. The information obtained
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More information