180 likes | 328 Views
TITLE HERE Subtitle here. NASACT 2013: Threat Landscape Discussion “The Redcoats Are Coming”. James Caulfield Program Manager: Advanced Threat Protection Program, Federal Reserve Bank Chairman: Threat Sharing and Analysis working Group (August 2011 – August 2013). Welcome to Boston !.
E N D
TITLE HERE Subtitle here NASACT 2013: Threat Landscape Discussion “The Redcoats Are Coming”
James Caulfield Program Manager: Advanced Threat Protection Program, Federal Reserve Bank Chairman: Threat Sharing and Analysis working Group (August 2011 – August 2013)
Ideological Groups Objectives: Social and political impact. Punishing actions judged by the collective as counter to their sense of justice. Methodologies: DDOS, social media reconnaissance, sophisticated attacks aimed at divulging sensitive data. Organized Crime Objectives: Money, Immediate Financial Gain. Methodologies: Spam , Malware, BotNets, DDOS, Social Media hijacking , Black Market Cyber-crime toolkit-based attacks APT Objectives: Espionage. The collection of market moving financial and economic data, Technology/IP and military Information Methodologies: social media reconnaissance, social engineering, malware infection and data extraction.
* Group 1: Organized Crime Partnerka!
Group 2: Ideological Groups Schadenfreude & Anarchy since 2003 Estimate on cost of 2011 breach: $171 Million (and climbing with legal actions still pending)
Group 3: APT Non-work webmail compromise? Who cares? Methodology: “the long con” APT
Understanding the Advanced Persistent Threat The “Kill Chain”
Actors and methodologies are not as distinct as we’d like them to be… *
The focus: Advanced cyber threats- Collaboration is key - no single organization can respond effectively Interviews with ACSC Members Attacks are increasingly sophisticated • The APT will customize their malware to target each specific organization…Malware is continually updated to ensure that it cannot be easily detected…(Mandiant 2010) • 56% of breaches require months to years to contain. (Verizon 2010 Data Breach Report) “Unlike most firms, we’re configured so we can see where traffic is coming from and we’re seeing a lot more attacks in the last six months that look like they’re coming from state-sponsors.” “We watch these attackers and we know them. Some are very fast moving…If you lose track of them in your system you can lose them for months, if not forever.” Current solutions are not adequate “There are plenty of security solutions available. The problem is that they all focus on one thing. To deal with today’s attackers, It’s imperative to look across the stack & connect the dots…This is hard. We need to figure out how to do it.“ • 16% of breaches are discovered via active, deliberate detection. (Verizon) • Only 24% of APT malware is detected by an anti-virus solution. (Mandiant 2010) “We are not keeping pace with attacker innovations.” Organizations want to increase the sophistication of their employees & solutions “We contract out & have a pretty rich array of security services. What we need is to cultivate the investigative mindsetof our staff. That will be key to improving our ability to detect and block.” • …the value of monitoring (perhaps we should say “mining”) logs cannot be overstated. The signs are there; we just need to get better at recognizing them. (Verizon 2010 Data Breach Report) “We are in reactive mode. We need to think much more creatively and develop proactive approaches…Breaches are not acceptable. We need to anticipate the attacker and there’s no reason why we can’t.”
Threat Evaluation/Information Sharing Work Group:ACSC Threat Sharing Model • Participation Agreement Negotiated • Signed by all 27 members covering non-disclosure of sensitive information. • ACSC Cyber Tuesdays: Bi-weekly engagement for front-line staff • convene 25+ front-line staff from member organizations to share leading threat indicators and exchange insights on emerging APT activityand develop best practices. • ACSC Technical Exchange Meetings: Bi-monthly forum for senior & front-line staff • Venue for members to review threat updates, analysis and tools that help in combating advanced cyber security threats. • CRITs (Collaborative Research into Threats) • Threat artifact repository which enables cyber threat information to be exchanged in an easy-to-understand format that builds on existing cybersecuritystandards. • ACSC Cyber Portal • The ACSC Cyber Sharing Portal provides a secure online platform for sharing threat information, functioning as a virtual extension of the face-to-face collaborations among ACSC member staff.
ACSC Charter Members(as of February 26, 2013) Financial Services Fidelity Investments John Hancock Financial Services Liberty Mutual Group State Street Corporation Federal Reserve Bank of Boston Eastern Bank Health Care Blue Cross Blue Shield of Massachusetts Harvard Pilgrim Health Care Partners HealthCare System Inc. University Consortium Boston University Harvard University MIT Northeastern University University of Massachusetts Worcester Polytechnic Institute Biotech/Pharmaceuticals Boston Scientific Corporation Pfizer, Inc. Biogen Idec Defense Draper Laboratory MIT Lincoln Laboratory The MITRE Corporation Government Commonwealth of Massachusetts Legal Foley Hoag Technology Akamai Bit9 RSA/EMC Corporation Veracode Courion
Launched and supported by For questions or additional information please view our website http://www.acscenter.org/