Professional Documents
Culture Documents
8 10 23 Lecture 1 - Cybersecurity Landscape
8 10 23 Lecture 1 - Cybersecurity Landscape
Landscape
LECTURE
LECTURE
CYBERSECURITY LANDSCAPE
OBJECTIVES
4
IBM Skills Academy / © 2020 IBM Corporation.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
C Y B E R S E C U R I T Y I N T H E W O R L D T O D A Y
Real-world impact
What lessons can we learn from devastating NotPetya cyberattack? CBS This Morning – Aug 22nd 2018. WATCH THIS VIDEO AT -> www.youtube.com/watch?v=jwW3tDcsf6g
IBM
IBM Skills
Skills Academy
Academy// © © 2020 IBM Corporation
Corporation
55 IBM
IBM Security
Security
Course materials
Course may
materials notnot
may bebe
reproduced in in
reproduced whole oror
whole in in
part without
part withoutthe
theprior
2019 IBM
priorwritten
written permission
permission of
of IBM
IBM
C Y B E R S E C U R I T Y I N T H E W O R L D T O D A Y
Source: Wavestone
$10 billion
globally in 2017 Zeus 28%
Neverquest17%
Gozi 16%
Dridex11%
Ramnit9%
Redirection attacks are considered an
GozNym 7%
advanced modus operandi because they Tinba 6%
bypass bank security measures, hijacking Gootkit 3%
victims before they ever reach the bank’s site Qadars2%
and redirecting them to a malicious website. Ronvix 1%
These attacks can therefore be very effective
in tricking bank customers and elevating online
banking fraud successrates. Figure 1. The most prevalent financial malware families globally
Source: The IBM X-Force researchers, who monitoralmost three hundred million protected endpoints across the globe, have been seeing some shifts in the usual undercurrents of the cybercrime
arena. Those developments are the subject of this report.
resulted in millions of infected endpoints around the globe The largest national economy in
Europe and the fourth largest
economy by GDP in the world.
AUSTRALIA
Dridex is known for diverse target lists, and its recent Australian
infection campaigns were launched alongside campaigns in the
UK, France and Ireland.
NEW
Dridex take interest in credit unions and deploys click-shot attacks on those
ZEALAND banks in Australia. In such attacks, click shots are taken every time the infected
user taps the left mouse button on a link inside the bank’s website. Used in place
of the heavier video-grabbing modules, the tactic allows attackers to familiarize
themselves with a legitimate flow of events on the bank’s site.
INDONESIA
Organized gangs like the Dridex and the TrickBot crews are
including more UAE banks on their target lists, as did Dyre
before them.
UAE
Key reasons:
UAE resembles Singapore in a sense: it is a global center of business,
and its population is considered to have above average wealth.
Also, businesses and individuals in the region tend to operate in both
English and their local languages, allowing malware operators to
employ their existing English-language attack tools.
19
IBM Skills Academy / © 2020 IBM Corporation.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
C Y B E R T H R E A T S T A X O N O M Y
1. Military: countries and nation-states attacking targets for offensive and defensive reasons
̶ Potential targets: power grids, battlefield systems, military bases, government organizations
̶ Example: Stuxnet (ca 2011) believed to have been joint American-Israeli operation targeted at Iranian nuclear
program
3. Hacktivism: politically motivated; involves cyber sabotage and subversion to promote an agenda
5. Legitimate research: ‘White Hat’ organizations and individuals seeking to defeat ’Black Hats’
̶ Examples: X-Force, ethical hackers, anti-malware vendors, penetration testing, invasive vulnerability scanners
Physical
Access
Incidents where
the attacker
acquires access
to physical
system, this
could include
from phones,
computers or
server, to ATMs,
elevators, cars,
airplanes, CCTV,
homes, and
health monitors)
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Brute
Force
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
2 billion records exposed
Misconfiguration 424% raise in records compromised as a result of these
Or human error types of incidents in 2017 than the previous year.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Malvertising
Using
sophisticated
tools to conceal
malware within
objects or
images in
advertising
network ads,
getting into user’s
computer, even if
they doesn’t click
on the ad.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Watering
Hole
A cyber attack in
which the
attacker seeks
to compromise a
specific group
of end users by
infecting
websites that
members of the
group are known
to visit.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Phishing
Tricking a user
into providing
protected
information or
downloading a
malware by
typically using
email that
appears to be
from a trusted
or reputable
source.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
SQL Injection
The attack
inserts SQL
commands in
client
applications,
allowing the
hacker to read
and modify
sensitive data,
execute
database
administration
operations.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Denial of
Service (DDoS)
These attacks
overload online
networks and
systems with
massive traffic
consuming
resources and
bandwidth,
eventually
shutting down
their online
capabilities.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Malicious
software
Includes: programmed to
• Viruses attack a target
• Worms computer. It
• Trojans can block
• Ransomware access, steal
• Adware data, make
• Spyware bots systems
• Bugs inoperable and
• rootkits. even physically
destroy them.
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Attack types
Physical Brute Misconfig. Malvertising Watering Phishing SQLi DDoS Malware Undisclosed
access force Hole
Size of circle estimates relative impact of incident in terms of cost to business, based on publicly disclosed information
regarding leaked records and financial losses.
Cover Image: Sampling of security incidents by attack type, time and impact, 2015 through 2017.
3. Cybersecurity Domains
4. Summary
32
IBM Skills Academy / © 2020 IBM Corporation.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
C Y B E R S E C U R I T Y D O M A I N S
Anyck Turgeon
Global Cyber-Resiliency & Security Evangelist
1. 2018 Cost of a Data Breach Study: Global Overview, Ponemon Institute, July 2018
• Year-by-year shifts in the cybercrime arena do not necessarily mean that much is changing
in the way online fraud works or the tools cybercrime gangs are using to work it.
• The cybercriminal lifecycle has to be shortened to render it less and less lucrative over
time. The faster we react to cybercrime findings and share them across theentire
community, the less time each malware variant will realize successful fraud attacks.
85 45 1.5
MILLION
unfilled security positions
security tools from vendors by 2020
68
PERCENT of CEOs are
reluctant to share incident
information externally
Network visibility
Incident response
Data access control Data monitoring
Sandboxing
Content security
Application security management
Access management
IP reputation
Log, flow, data analysis Antivirus
Firewalls
Criminal detection
Incident and threat management Entitlements and roles
Transaction protection
Vulnerability management
Workload protection
Application scanning
Identity management
Cloud access
Device management Anomaly detection security broker
THREAT IDENTITY
Integrated - collaboration across & ACCESS
INTEL
companies and competitors, to
understand global threats and ADVANCED
data, and adapt to new threats. FRAUD
Network Security
IoT
MOBILE APPS
NETWORK DATA
SECURITY
They support our global economy and communications INTELLIGENCE
infrastructure in which our society relies today.
MOBILE APPS
NETWORK DATA
SECURITY
There we stored our personal data and sense the events INTELLIGENCE
happening in real time in the world we live in.
Attacks
Security Immune System
• Physical access, Misconfiguration, Malvertising,
Malware, phishing
Application Security
IoT
MOBILE APPS
NETWORK DATA
SECURITY
Applications rule all the access points to data and INTELLIGENCE
transactions required to interact with different systems.
Attacks
Security Immune System
• Malware, SQLi, Watering Hole, Misconfiguration
MOBILE APPS
NETWORK DATA
SECURITY
It contains confidential information that could be sold, or INTELLIGENCE
leveraged as intelligence to commit crimes and financial
fraud.
THREAT IDENTITY
INTEL & ACCESS
Targets
ADVANCED
• Large organizations that store valuable information: FRAUD
Cloud Security
IoT
MOBILE APPS
ADVANCED
Targets FRAUD
Attacks
Security Immune System
• Misconfiguration, Ransomware, Malware
MOBILE APPS
NETWORK DATA
thousands of concurrent incidents. SECURITY
INTELLIGENCE
ADVANCED
FRAUD
Targets
• Government and corporate multinational
organizations challenged to interpret billions of events
each day to uncover attacks
Threat Hunting
IoT
MOBILE APPS
NETWORK DATA
SECURITY
The act of proactively and aggressively identifying, INTELLIGENCE
intercepting, tracking, investigating and eliminating cyber
adversaries as early as possible in the Cyber Kill
Chain. The earlier you locate and track your adversaries
THREAT IDENTITY
Tactics, Techniques and Procedures (TTPs) the less HUNTING & ACCESS
impact these adversaries will have on your business.
ADVANCED
FRAUD
Targets
• Every industry is impacted by cybercrime and affects
everything that we do in our lives today, so it is a
responsibility of everyone to be part of the solution.
Tools
48
IBM Skills Academy / © 2020 IBM Corporation.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
S U M M A R Y A N D R E S O U R C E S
Summary
• Global financial crime is the biggest motivation for cybercriminals and their
organizations to attack companies around the world.
• Malware is malicious software. It’s the chief weapon of a cyber attack and
includes viruses, worms, trojans, ransomware, adware, spyware bots, bugs
and rootkits.
• The real change has to come from the defenders’ side. The cybercriminal
lifecycle has to be shortened to render it less and less lucrative over time.