Upload
hadat
View
218
Download
1
Embed Size (px)
Citation preview
DXC Proprietary and Confidential
April 21, 2017
Hacking Hollywood: How Safe Is Your Data?
Mon. April 24, 2017 11:50 AM - 12:10 PM
Steve WongDirector of Business DevelopmentDXC Technology
April 21, 2017 2DXC Proprietary and Confidential
What is DXC Technology?
DXC Technology (NYSE: DXC) is the world’s leading independent, end-to-end IT services company. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and publicsector clients across 70 countries.
The company’s technology independence, global talent and extensive partner network combine to deliver powerful next-generation IT services and solutions.
DXC Technology provides:• Global, end-to-end IT security services• Technology independent advice• Global presence with 4000+ security professionals serving 70% of the top 100
companies in the Fortune 500
April 21, 2017 4DXC Proprietary and Confidential
Who has had a credit card, social media or email compromised?
April 21, 2017 5DXC Proprietary and Confidential
Agenda
1. Objective
2. Security Trends
3. Trending Attacks
4. Attack Life Cycle
5. Next steps
April 21, 2017 7DXC Proprietary and Confidential
Objectives
• You will learn what systems hackers go after.
• You will learn the risks of cybercrime.
• You will learn how users open the door to cyber criminals.
• You will learn how to stay safe in cyberspace.
• You will learn who to call when you have been breached.
Cybercrime is any criminal activity involving computers and networks.
California Penal Code 502 Unauthorized Access. Felony, Three Years, $10,000.00 fine.
April 21, 2017 9DXC Proprietary and Confidential
The security conundrum: Facing your challenges
Primary challenges
2Regulatory pressuresIncreasing risk, cost, and complexity
Enhanced regulatory environment
NERC Sarbanes-Oxley Basel IIIPCI
3A New Style of ITDelivery and consumption changes
Mobility Big Data Cloud
Delivery
Traditional DC
1Nature and motivation of attacksHacktivist, nation, state
Research Infiltration Discovery Capture Exfiltration
A new type of adversary
April 21, 2017 10DXC Proprietary and Confidential
Introduction to Enterprise Security
Acomprehensive
approach of Enterprise Security
Disruptadversaries before attacks occur
Managerisk and compliance issues
This approach:
− Strengthens security posture to minimize incidence impact
− Controls costs
− Expands insight for better decisions
Extendcapabilities to better allocate security resources
April 21, 2017 11DXC Proprietary and Confidential
The Current State of Cyber-Security
FACT: Such an attack [as DDoS] can cost a targeted business over $40,000 per hour in lost revenue and additional expense.
- Forbes $40K/Hr.
FACT: Nearly 80% of media executives said that Web security is “very important” or “extremely important” to their organizations
- Digital Content Next
80%
FACT: 35% of traditional TV companies suffered cyber-attacks.
- nScreenMedia35%
FACT: The demand for information security analysts will grow 37% between 2012 and 2022.
- Bureau of Labor
Statistics
37%
April 21, 2017 12DXC Proprietary and Confidential
The new normal brings new challenges
median time to detect breach146 days
average cost of breach$7.7M
46daysto respondto a breach
Sources: Mandiant M-Trends 2016 Report,Ponemon 2015 Cost of Cyber Crime Study: Global
daily cost ofresolving a breach$21,155
April 21, 2017 13DXC Proprietary and Confidential
The new normal brings new challenges
of breaches occur at the application layer84%
http://www.neowin.net/news/hp-discover-startling-security-statistics
April 21, 2017 14DXC Proprietary and Confidential
The new normal brings new challenges
Since 2010, time to resolve an attack has grown
71%Ponemon Cost of Cybercrime report
April 21, 2017 15DXC Proprietary and Confidential
Industry research shows the scale of threats
1 Ponemon Institute: Mega Trends in Cyber Security Expert Opinion Study, May 20132 Ponemon Institute: Total Cost of Compliance Study, May 2012 (Organizations with more than 5,000 employees)3 Ponemon Institute: Dangerous Insider Study, November 2012
The size of the black market:
$104B1
Average fine is 270% of annual
compliance spend2
50% of employees use personally owned devices
to access the orginazation’s business-critical apps3
April 21, 2017 17DXC Proprietary and Confidential
Who loves the free USB drives from NAB Exhibitors?
April 21, 2017 21DXC Proprietary and Confidential
Do hackers hit broadcasters?
TV5 Monde - “The attack costs varied between €4.3 million and €5 million, with
€9.9million due to be spent over the next three years “- Yves Bigot, CEO at TV France (July 27,
2015 France.Info)
Channel 2- “Residents in northern Israel viewing Channel 2 via satellite TV reported that
during the evening broadcast someone took over central control of the broadcast” (NOVEMBER 29,
2016 Jerusalem Post)
BBC – 12/20/2013 Hacker “HASH” secretly took over a computer server at the BBC,
Britain’s public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. (Huffington Post 12/29/2013)
April 21, 2017 22DXC Proprietary and Confidential
Cyber Threat to Broadcasters
Bonded Cell / Wi-Fi Camera backs
USB stick is a hacker's best friend
Personal information on remote productions
Smart Phones on Set
April 21, 2017 23DXC Proprietary and Confidential
Cyber Threat to Broadcasters
Fusob
Fusob masquerades as a video player. When Fusob is installed, it proceeds on to lock the device and demand ransom $100 to $200 USD. Between April 2015 and March 2016, about 56 percent of accounted mobile ransomwares was Fusob.
April 21, 2017 24DXC Proprietary and Confidential
Hollywood hospital pays $17,000 in bitcoin to hackers Feb. 5, 2016
“The malware locked systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and
obtain the decryption key,” - Allen Stefanek, Chief Executive Hollywood Presbyterian
April 21, 2017 25DXC Proprietary and Confidential
Glaring insecurity of open Wi-Fi
Three approaches for uncovering private information.
1) A rogue access point — basically a wireless connection masquerading as the network to the phone. The IMSI is revealed during this interchange.
2) Masquerading as the operator’s endpoint where the Wi-Fi call is being directed.
3) A man-in-the-middle attack (attack where the attacker secretly relays and possibly alters the communication between two parties)
April 21, 2017 26DXC Proprietary and Confidential
Wi-Fi Based IMSI Catcher
Source: Piers O’Hanlon Department of Computer Science Black Hat, London, 3rd November 2016
Techniques in Classic international mobile subscriber identity (IMSI) Catchers
2G-Exploits protocol flaws (nomutual authentication..)-Tracking & Interception-Easily available to buy online-Use of fake base station
3G/4G• Exploits architecture issues(Base station > UE..)• Tracking & difficult to intercepttraffic w.r.t 2G• Commercial products usuallyDowngrades• Use of legitimate base stationalso possible
April 21, 2017 27DXC Proprietary and Confidential
Dyn is a DNS provider. It helps direct domain names back to certain IP addresses for many major companies (Twitter, Amazon, Reddit, Netflix ..)
The October 2016 Dyn DDoS attack is one of the biggest DDoS attacks ever.
10 million IP addresses
DDoS attack reached
1.2 terabits per second *
* The Guardian Wednesday 26 October 2016
April 21, 2017 28DXC Proprietary and Confidential
"botnet" of infected IoT devices DDoS attack on Dyn
Malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.
The other dominant strain of IoT malware, dubbed “Bashlight,” functions similarly to Mirai in that it also infects systems via default usernames and passwords on IoT devices.
Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020
Over 30% of DDoS attacks now reach over 10 Gbps in throughput, which is enough to swamp most any business," “The Dyn attack reached over 1.2 terabits per second in size, enough to swamp any infrastructure provider.
April 21, 2017 30DXC Proprietary and Confidential
Attack Life Cycle Overview
Their Ecosystem
ReconnaissanceStart Attack Delivery Exploit & Install
Command and Control
Persistence
Lateral Movement
Expand Access
Lateral Reconnaissance
Concealment
Exfiltration
Data Tampering
Denial of Service
Our Enterprise
April 21, 2017 31DXC Proprietary and Confidential
The Attack
– Technology – Firewall– Intrusion Detection/Prevention (IDS)– Centralized Anti Virus (AV)– Network Scanner– Host Based Security-AV, FW, Encrypt (HBS)– Centralized Log Management (SIEM)– File Integrity Monitoring (FIM)– Data Loss Prevention (DLP)– Denial of Service (DDoS)
– Security Governance – Configuration Management (Secure Builds)– Patch Management– Vulnerability Management– Security Awareness Training– Incident Response– Breach Response
Denial of Service
Network DDoS
Protection
Your Preparation
Reconnaissance
Attack Delivery
Exploit & Install
Command & Control
Lateral Reconnaissance
Expand Access & Lateral Movement
Persistence & Concealment
Exfiltration
April 21, 2017 33DXC Proprietary and Confidential
Protect Yourself• Use strong (Long) passwords (different passwords) & secret (hard) questions
• Two Factor authentication
• Operate using STANDARD USER privileges instead of the ADMINISTRATOR privileges
• Use a trusted VPN service
• Minimize connecting to untrusted WIFI access points
• Update your devices
• Use anti-virus and firewall software
• Back up your data & Logs frequently (multi – device back up)
• Encrypt
• Do not open suspicious emails
• Establish security procedures & user agreements
• Train employees about security and their responsivities
April 21, 2017 34DXC Proprietary and Confidential
Who do you call if you get hacked?
USSS: 213-533-4400FBI: 213-533-4787LAPD: [email protected]
Los Angeles Electronic Crimes Task ForceUSSS FBI LAPDLADA LASD CHP
DXC Proprietary and Confidential
Thank you for your time
Steve WongDirector of Business DevelopmentDXC Technology
[email protected]@SteveWongLA