1 / 28

Cyber Attacks

Jacky Altal. Cyber Attacks. T O C. Hackers Terminology Cyber attacks in 2012 (so far…) Nations Conflict Cyber Motives Characteristics of CyberCrime DEMO – Client Side Attacks. Layer I The best of the best Ability to find Vulnerabilities

davis
Download Presentation

Cyber Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jacky Altal Cyber Attacks

  2. T O C • Hackers Terminology • Cyberattacks in 2012 (so far…) • Nations Conflict • Cyber Motives • Characteristics of CyberCrime • DEMO – Client Side Attacks

  3. Layer I • The best of the best • Ability to find Vulnerabilities • Ability to write exploit code and tools to override security measures • Layer II • IT Savvy • Ability to write scripts • Understand vulnerability and how they work • Layer III • Script Kiddie • Ability to download tools from the internet • Don’t have knowledge or willing to understand technology • The Hacker Terminology

  4. Cyber Attacks • Cyberattacks accompany physical attacks (Stuxnet) • Cyberattacks are increasing in volume, sophistication, and coordination • Cyberattacks are attracted to high-value targets (Sony, stratfort, Special Forces, CIA, FBI etc.)

  5. Cyber Attacks

  6. Cyber Attacks

  7. Cyber Attacks

  8. Cyber Attacks

  9. Cyber Attacks

  10. Cyber Attacks

  11. Cyber Attacks

  12. Physical  Conflicts and Cyber  Attacks • The  Pakistan/India Conflict • The Israel/(Palestinian, Turkish) Conflict • The Former Republic of Yugoslavia (FRY)/NATO Conflict in Kosovo • The U.S. – China Surveillance Plane Incident • The Turkish/France Conflict

  13. Cyber Threats • Against users, system administrators, hardware and software manufacturers. • Against documentation which includes confidential user information for hardware and software, administrative procedures, and policy documents, supplies that include paper and even printer cartridges • A cyber threats is an intended or unintended illegal activity, an unavoidable or inadvertent event that has the potential or could lead to unpredictable, unintended, and adverse consequences on a cyberspace resource.

  14. Most cyber attacks can be put in one of the following categories: • Natural or Inadvertent attack– including things like accidents originating from natural disaster like fire, floods, windstorms, and they usually occur very quickly without warning, and are beyond human capacity, often causing serious damage • Human blunders, errors, and omissions – including things like unintentional human actions • Intentional Threatslike illegal or criminal acts from either insiders or outsiders, recreational hackers, and criminal

  15. Types of e-attacks: • Penetration Attack Type -involves breaking into a system using known security vulnerabilities to gain access to any cyberspace resource – • There is steady growth of these attacks – see the CERT • Denial of Service Attacks – they affect the system through diminishing the system’s ability to function, capable of bringing a system downwithout destroying its resources.

  16. Motives of E-attacks • Revenge • Joke/Hoax/Prank • The Hacker's Ethics • Terrorism • Political and Military Espionage • Business ( Competition) Espionage • Hate (national origin, gender, and race) • Personal gain/Fame/Fun/Notoriety • Ignorance

  17. Potential  Cyber Attacks • Unauthorized Intrusions • Defacements • Domain Name Server Attacks • Distributed Denial of Service Attacks • Computer Worms – Zeus, Stuxnet • Routing Operations • Critical Infrastructures • Compound Attacks

  18. Critical  Infrastructures • Critical  infrastructures include gas, power, water,  banking and finance, transportation, communications • All dependent to some degree on information systems • Insider threat - specialized skills • Network attack – default passwords, unprotected device, un updated system.

  19. Topography of Attacks • One-to-One • One-to-Many • Many-to-One • Many-to-Many • Analysis of the motives and reasons why such attacks occur. • Study the most current security threats.

  20. Vulnerability Types • Computer based • Poor passwords • Lack of appropriate protection/or improperly configured protection • Network based • Unprotected or unnecessary open entry points • Personnel based • Temporary/staff firings • Disgruntled personnel • Lack of training • Facility based • Servers in unprotected areas • Inadequate security policies

  21. DEMO – Client Side Attack

  22. The dark net / dark side of the internet

  23. The dark net / dark side of the internet

  24. The dark net / dark side of the internet

  25. The dark net / dark side of the internet

  26. The dark net / dark side of the internet

  27. How to handle cyber threat • System-Aware Cyber Security Architecture • Addresses supply chain and insider threats • Embedded into the system to be protected • Includes physical systems as well as information systems • Requires system engineering support tools for evaluating architectures factors • To facilitate reusability requires establishment of candidate Design Pattern Templates and initiation of a design library • Security Design • System Impact Analyses

  28. THANKS FOR LISTENNING jacky@altalsec.com

More Related