Upload
nguyenkhanh
View
225
Download
4
Embed Size (px)
Citation preview
Fixing Cyber Security Imbalance
Sung-ting Tsai (TT)
2016 Taiwan Cyber Security Summit
June 2016
Sung-ting Tsai (TT)
CEO at Team T5 Inc. • Frequent hacker conference speaker
• Vulnerability researcher and owner of several CVE ID
• 10+ years on security product development
• 8+ years experience on cyber threat research
• Organizer of HITCON (Hacks in Taiwan Security Conference)
• How do we fix it? Understand type of cyber threats
Prioritize the threat
Get ready for the breach
Advise for security investment
Embracing hackers
• How dangerous is the cyber world Threats targeting everyone
Threats targeting enterprises
Threats targeting Government
• Why the cyber security is so unbalanced Threats vs security solutions
Actors vs target
Ignorance of vulnerability
Agenda
How dangerous is the cyber world?
Malvertisement + Ransomware
Ref: http://technews.tw/2016/03/18/web-advertising-ransomware-json/
Dropbox 100 Million Accounts
Linkedin – 117 Million
• Personally Identifiable Information• Botnet / adware Feel nothing basically
• Financial data stealing / phishing Credit card
Online baking / shopping / game
• Scam
• Ransomware
Threats Targeting Everyone (end users)
• DDoS extortion
• Industrial / commercial espionage Intellectual property
Business / customer data
• State-sponsored espionage 情蒐
Spy, intelligence collection
• All threats targeting end users Including botnet, ransomware, etc.
• Server attacks Website defacement
Mail / File / Database server data stealing
• Scam / phishing
Threats Targeting Enterprises (Corporations)
• State-sponsored espionage Spy, intelligence collection
• Cyber-terrorism Cyber sabotage
Critical (information) infrastructure attack
• All threats targeting end users Including botnet, ransomware, etc.
• Server attacks Website defacement
Mail / File / Database server data stealing
• DDoS from hacktivist
Threats Targeting Government
OPM Hack
Japan Pension Service Breach
JTB Hack
Why the cyber security is so unbalanced?
Attack / Defense
Which one is easier?
(Technically speaking, DEFENSE is easier.)
(In reality, DEFENSE is at a disadvantage and expected to lose.)
It is an unbalanced war.
• Security vendors’ technology are advanced, and elegant.
• Countermeasures to all existing attacks.
• Vendors are responsible for the solutions they provided.
Attacks vs Security Solutions
• Keep a perfect defense, always. is impossible.
New features, new systems, new people, brings
new weaknesses.
New vulnerabilities are disclosed everyday (for
example: 2012 struts2).
• Ignorance of vulnerability Vulnerability is critical to success or failure.
• ACTORs are experts, and target?
• ACTORs are Human (not just a malware)
HUMAN vs computer programs?
• ACTORs adapt and change rapidly. Actors usually bypass new defense quickly with
very low cost.
• Malware updates are always faster than security products. Speed of response and reaction.
ACTORs vs Targets (the imbalance)
A story
https://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/
Fixing the Imbalance
Understand the type of threats
• What kind of threat you should concern?
• Deal with high-priority threats first.
Prioritize the Threats
Cyber
Espionage
eCrime
Hacktivist
Botnet / Spam
• Understand their Techniques, Tactics, and Procedures (TTP).
• Understand their purposes.
Understand your enemies
Ref: http://detect-respond.blogspot.tw/2013/03/the-pyramid-of-pain.html
• You will be pwned, sooner or later.
• Be prepared.
• It is not all about defense, it also matters how fast you can mitigate the incident.
Get Ready for the Breach
• Invest on people, not only software or hardware Your enemies are human. They are well-trained hackers. You
cannot rely on computer programs only.
You need good security strategy to defend. Only people can
make strategy.
• Invest on cyber threat intelligence Build your own threat intelligence program.
Continuously produce your own intelligence.
Gain advantages to against cyber threats.
Advise for security investment
Embracing hackers is the key step to success in cyber security.
擁抱駭客,才是許多資安問題的最佳解法。
Thank You