April 21, 2017 Hacking Hollywood: How Safe Is Your Data? · PDF file · 2017-05-10April 21, 2017 Hacking Hollywood: How Safe Is Your Data? Mon. April 24, ... CEO at TV France

DXC Proprietary and Confidential

April 21, 2017

Hacking Hollywood: How Safe Is Your Data?

Mon. April 24, 2017 11:50 AM - 12:10 PM

Steve WongDirector of Business DevelopmentDXC Technology

April 21, 2017 2DXC Proprietary and Confidential

What is DXC Technology?

DXC Technology (NYSE: DXC) is the world’s leading independent, end-to-end IT services company. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and publicsector clients across 70 countries.

The company’s technology independence, global talent and extensive partner network combine to deliver powerful next-generation IT services and solutions.

DXC Technology provides:• Global, end-to-end IT security services• Technology independent advice• Global presence with 4000+ security professionals serving 70% of the top 100

companies in the Fortune 500


Who works for a company that has been hacked?


Who has had a credit card, social media or email compromised?


Agenda

1. Objective

2. Security Trends

3. Trending Attacks

4. Attack Life Cycle

5. Next steps


Objective

Why am I here?


Objectives

• You will learn what systems hackers go after.

• You will learn the risks of cybercrime.

• You will learn how users open the door to cyber criminals.

• You will learn how to stay safe in cyberspace.

• You will learn who to call when you have been breached.

Cybercrime is any criminal activity involving computers and networks.

California Penal Code 502 Unauthorized Access. Felony, Three Years, $10,000.00 fine.


Security Trends


The security conundrum: Facing your challenges

Primary challenges

2Regulatory pressuresIncreasing risk, cost, and complexity

Enhanced regulatory environment

NERC Sarbanes-Oxley Basel IIIPCI

3A New Style of ITDelivery and consumption changes

Mobility Big Data Cloud

Delivery

Traditional DC

1Nature and motivation of attacksHacktivist, nation, state

Research Infiltration Discovery Capture Exfiltration

A new type of adversary


Introduction to Enterprise Security

Acomprehensive

approach of Enterprise Security

Disruptadversaries before attacks occur

Managerisk and compliance issues

This approach:

− Strengthens security posture to minimize incidence impact

− Controls costs

− Expands insight for better decisions

Extendcapabilities to better allocate security resources


The Current State of Cyber-Security

FACT: Such an attack [as DDoS] can cost a targeted business over $40,000 per hour in lost revenue and additional expense.

- Forbes $40K/Hr.

FACT: Nearly 80% of media executives said that Web security is “very important” or “extremely important” to their organizations

- Digital Content Next

80%

FACT: 35% of traditional TV companies suffered cyber-attacks.

- nScreenMedia35%

FACT: The demand for information security analysts will grow 37% between 2012 and 2022.

- Bureau of Labor

Statistics

37%


The new normal brings new challenges

median time to detect breach146 days

average cost of breach$7.7M

46daysto respondto a breach

Sources: Mandiant M-Trends 2016 Report,Ponemon 2015 Cost of Cyber Crime Study: Global

daily cost ofresolving a breach$21,155



of breaches occur at the application layer84%

http://www.neowin.net/news/hp-discover-startling-security-statistics



Since 2010, time to resolve an attack has grown

71%Ponemon Cost of Cybercrime report


Industry research shows the scale of threats

1 Ponemon Institute: Mega Trends in Cyber Security Expert Opinion Study, May 20132 Ponemon Institute: Total Cost of Compliance Study, May 2012 (Organizations with more than 5,000 employees)3 Ponemon Institute: Dangerous Insider Study, November 2012

The size of the black market:

$104B1

Average fine is 270% of annual

compliance spend2

50% of employees use personally owned devices

to access the orginazation’s business-critical apps3


Trending Attacks


Who loves the free USB drives from NAB Exhibitors?


Who has a smart phone to access work e-mails?


Who loves the free Wi-Fi access?


Can you help? I just need this resume printed.


Do hackers hit broadcasters?

TV5 Monde - “The attack costs varied between €4.3 million and €5 million, with

€9.9million due to be spent over the next three years “- Yves Bigot, CEO at TV France (July 27,

2015 France.Info)

Channel 2- “Residents in northern Israel viewing Channel 2 via satellite TV reported that

during the evening broadcast someone took over central control of the broadcast” (NOVEMBER 29,

2016 Jerusalem Post)

BBC – 12/20/2013 Hacker “HASH” secretly took over a computer server at the BBC,

Britain’s public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. (Huffington Post 12/29/2013)


Cyber Threat to Broadcasters

Bonded Cell / Wi-Fi Camera backs

USB stick is a hacker's best friend

Personal information on remote productions

Smart Phones on Set


Cyber Threat to Broadcasters

Fusob

Fusob masquerades as a video player. When Fusob is installed, it proceeds on to lock the device and demand ransom $100 to $200 USD. Between April 2015 and March 2016, about 56 percent of accounted mobile ransomwares was Fusob.


Hollywood hospital pays $17,000 in bitcoin to hackers Feb. 5, 2016

“The malware locked systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and

obtain the decryption key,” - Allen Stefanek, Chief Executive Hollywood Presbyterian


Glaring insecurity of open Wi-Fi

Three approaches for uncovering private information.

1) A rogue access point — basically a wireless connection masquerading as the network to the phone. The IMSI is revealed during this interchange.

2) Masquerading as the operator’s endpoint where the Wi-Fi call is being directed.

3) A man-in-the-middle attack (attack where the attacker secretly relays and possibly alters the communication between two parties)


Wi-Fi Based IMSI Catcher

Source: Piers O’Hanlon Department of Computer Science Black Hat, London, 3rd November 2016

Techniques in Classic international mobile subscriber identity (IMSI) Catchers

2G-Exploits protocol flaws (nomutual authentication..)-Tracking & Interception-Easily available to buy online-Use of fake base station

3G/4G• Exploits architecture issues(Base station > UE..)• Tracking & difficult to intercepttraffic w.r.t 2G• Commercial products usuallyDowngrades• Use of legitimate base stationalso possible


Dyn is a DNS provider. It helps direct domain names back to certain IP addresses for many major companies (Twitter, Amazon, Reddit, Netflix ..)

The October 2016 Dyn DDoS attack is one of the biggest DDoS attacks ever.

10 million IP addresses

DDoS attack reached

1.2 terabits per second *

* The Guardian Wednesday 26 October 2016


"botnet" of infected IoT devices DDoS attack on Dyn

Malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.

The other dominant strain of IoT malware, dubbed “Bashlight,” functions similarly to Mirai in that it also infects systems via default usernames and passwords on IoT devices.

Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020

Over 30% of DDoS attacks now reach over 10 Gbps in throughput, which is enough to swamp most any business," “The Dyn attack reached over 1.2 terabits per second in size, enough to swamp any infrastructure provider.


Attack Life Cycle


Attack Life Cycle Overview

Their Ecosystem

ReconnaissanceStart Attack Delivery Exploit & Install

Command and Control

Persistence

Lateral Movement

Expand Access

Lateral Reconnaissance

Concealment

Exfiltration

Data Tampering

Denial of Service

Our Enterprise


The Attack

– Technology – Firewall– Intrusion Detection/Prevention (IDS)– Centralized Anti Virus (AV)– Network Scanner– Host Based Security-AV, FW, Encrypt (HBS)– Centralized Log Management (SIEM)– File Integrity Monitoring (FIM)– Data Loss Prevention (DLP)– Denial of Service (DDoS)

– Security Governance – Configuration Management (Secure Builds)– Patch Management– Vulnerability Management– Security Awareness Training– Incident Response– Breach Response

Denial of Service

Network DDoS

Protection

Your Preparation

Reconnaissance

Attack Delivery

Exploit & Install

Command & Control

Lateral Reconnaissance

Expand Access & Lateral Movement

Persistence & Concealment

Exfiltration


Next steps


Protect Yourself• Use strong (Long) passwords (different passwords) & secret (hard) questions

• Two Factor authentication

• Operate using STANDARD USER privileges instead of the ADMINISTRATOR privileges

• Use a trusted VPN service

• Minimize connecting to untrusted WIFI access points

• Update your devices

• Use anti-virus and firewall software

• Back up your data & Logs frequently (multi – device back up)

• Encrypt

• Do not open suspicious emails

• Establish security procedures & user agreements

• Train employees about security and their responsivities


Who do you call if you get hacked?

USSS: 213-533-4400FBI: 213-533-4787LAPD: [email protected]

Los Angeles Electronic Crimes Task ForceUSSS FBI LAPDLADA LASD CHP

DXC Proprietary and Confidential

Thank you for your time

Steve WongDirector of Business DevelopmentDXC Technology

[email protected]

[email protected]@SteveWongLA

Documents

April 21, 2017 Hacking Hollywood: How Safe Is Your Data? · PDF file · 2017-05-10April 21, 2017 Hacking Hollywood: How Safe Is Your Data? Mon. April 24, ... CEO at TV France