Enhancing security by setting up Sector Based CSIRTs
Today, institutions are becoming increasingly dependent on information systems to support their core businesses and payment systems. The increasingly changing customer needs demand universal electronic convergence to support interaction and co-operation between multiple organizations. This makes enterprise security; data Integrity, confidentiality, availability, trust and privacy more important but at the same time more difficult to achieve.
If we take a particular sector such as finance, telecommunication, education, defence etc., most of the time the threats are common. The members of such sector can take the advantage of that by cooperating and sharing information among them. Each sector may have their own issues when reporting cyber security incidents. There may be confidentiality issues, reputational issues etc. However, if we could build a platform for them to share information and discuss their issues in a confidential manner each member of that sector will be able to get the benefit. The concept of setting up sector based CSIRTs will address most of the current issues in each sector. This presentation will give an insight to what kind of role a CSIRT can play to enhance the cyber security posture of the sector and beyond that. Mature CSIRTs can do many things to achieve this including providing training, organizing cyber drills, sharing information etc.
In addition,CSIRTs can introduce new services which may help their constituency. What kind of services can be introduced to become an untraditional CSIRT?You will not be able to achieve cyber security without working together. This presentation will talk on current issues of collaboration as well.
Dropped en Masse – Nation State Exploits Impact Defenders
Recent changes in the unauthorized disclosure of nation state exploits by hacker groups have raised important questions about how to best protect and defends our constiuents. Nation states purchase and create exploits for reconnaissance and offensive interests. The quality of these exploits is high and well documented with “how to exploit instructions.” Consider cyberspace as the new war front and exploits are the weapons.
For defenders, the uncontrolled disclosure of these weapons has created a new set of challenges. The sheer size of the data dumps makes it very difficult, if not impossible, to parse and understand the potential risk to the ecosystem. Based on local laws, defenders may be faced with the legality of analyzing published exploits. Hacktivist groups, like Wiki Leaks, pride themselves on transparency. A consequence of this form of transparency is it makes the exploit immediately available to both defenders and attackers. These disclosures put the public at risk and leave defenders scrambling to provide guidance and defenses.
For national Computer Emergency Response Teams (CERT) these mega-drops, including a number of weaponized exploits, exposes the economies under their jurisdiction to potential large scale cyber-attacks. Effectively responding to this new threat requires a different mindset, skill set, and tools.
In response to this threat, Microsoft continues to focus efforts on building partnerships with industry partners and governments to better protect and defend customers. Collaboration and coordination will be pivotal in dealing with the new threat of weaponized exploits. Our presentation shares the lessons learned and suggest a collaborative path forward to protect and defend customers across the globe.
Understanding vulnerabilities of BlockchainTechnology to build Best Practices for Cyber Security for tomorrow
The Blockchain Technology with its public blockchains (bitcoin, ethereum, etc.), privately deployed (permissioned), distributed ledgers (non-blockchain based) and shared ledgers is institutionalizing Decentralized Autonomous Organizations. Adotionof this technology by FinTech would help India and other Asia Pacific economies with a large section of its citizen yet unbanked to benefit from this technology. However, Robert Sams, founder and chief executive of London-based Clearmatics has cautioned that - “In financial markets there’s always a mechanism to correct an attack. In a blockchain there is no mechanism to correct it — people have to accept it.”
Current financial markets enjoy some of the most complex and scalable, operational, technology in the transactions space - the VISA network averages 2,000 transactions per second (tps) and at peak times approximately 50,000 tps. By contrast, the largest public blockchain - bitcoin, averages 7 tps. In addition, block size limits creates challenges to squeeze data in such blocks and time taken for processing and validating transactions (mining) affects the throughput rate and the ordering of transactions leading to double spending effects, Sybil attacks, etc. Artificial Intelligence with autonomous multi-agent systems would help build agents as in smart contracts on blockchains, especially in automated coalition formations and mechanized trust protocols.
Similarly, Buyers and Sellers in capital markets donot have to reveal themselves to each other or make their commercial intentions known prior to a trade as per the prevalent trading strategies and dynamics. However, this is not easy to achievewith the self-regulated, open network with the underlying immutability property for transactions in blockchain(s). The anonymity of blockchain(s), mostly public ones with proof-of-work consensus mechanism, could be handled by adopting private, permissioned blockchain(s) or even a different consensus mechanism. This paper examines a few vulnerabilities in blockchain and intends to help CERTs build an understanding to handle cyber attacks.
Technology and Instruments for Building Trust in the digitally evolving economies (ICS, IIoT, Financial)
The next industrial revolution is foreseen to happen with upcoming Industrial Internet that combines massive data collected by industrial sensors with data analysis for improving the efficiency of operations. Collecting, pre-processing, storing and analyzing such real-time data is a complex task with stringent demands on communication intelligence, QoS and security. This talk highlight some of the networking and security challenges facing the Industrial Internet, namely integration with 5G wireless networks, Software Defined Machines, ownership and smart processing of digital sensor data. Two enabling technologies for IIoT: i.e. Smart Spaces for intelligent data processing and Virtual Private LAN Services (VPLS) for transparent secure interconnection of industrial networks are explained in details to solve these challenges.
Preventing Cybercrime in Fintech Ecosystem
A successful financial cybercrime has three distinct crimes. One, against the user whose identity is stolen. Two, against the business whose goods or services are compromised and the government whose laws may be broken by leveraging the stolen money and misuse of the financial application. In this session hear about how to leverage, data, compute, ML and automation to establish trust in the systems, especially in mobile based eco system and prevent misuse and malware attacks.
Building ‘Sharing Economy’ of Indicators of Compromise (IOCs) in the new STIX / TAXII Era
The past few years brought several new aspects of how we use technology – higher network speeds, changes in network protocols, more data, cloud connectivity, and more mobile devices. As business integrations move online, cyber threats are becoming more sophisticated and dangerous. Essential public services like air traffic control systems, bank ATMs, mobile phone towers, electric power stations, and traffic lights have been targeted by the same hacker groups, who continue to change their techniques, tactics, and procedures to evade and defeat industry prevention and response measures. One of the way, all of us can stay ahead of the threat,is by reaping benefits of Sharing Economy of IOCs leveraging STIX and TAXII concept.
Practical Machine Learning for Malware Clustering and Automated Detections
In this presentation, the author will give an overview of how machine learning is used for clustering for samples received at Quick Heal Security Labs. Also discuss the practical challenges for implementing automated incremental clustering system as scale. Findings on machine learning approaches, how to measure and improve efficacy of machine learning model used for malware detections will also be shared.
Encrypted Traffic Analytics to Detect Malicious Behaviour
The rapid rise in encrypted traffic is changing the threat landscape. As more businesses become digital, a significant number of services and applications are using encryption as the primary method of securing information. More specifically, encrypted traffic has increased by more than 90 percent year over year, with more than 40 percent of websites encrypting traffic in 2016 versus 21 percent in 2015. Gartner predicts that by 2019, 80 percent of web-traffic will be encrypted. Encryption technology has enabled much greater privacy and security for enterprises that use the Internet to communicate and transact business online. Mobile, cloud and web applications rely on well-implemented encryption mechanisms, using keys and certificates to ensure security and trust. However, businesses are not the only ones to benefit from encryption.
Threat actors have leveraged these same benefits to evade detection and to secure their malicious activities. Traditional threat inspection with bulk decryption,analysis and re-encryption is not always practical or feasible, for performance and resource reasons. In many cases, however, advanced analytic techniques can be used to identify malicious flows for further inspection using decryption techniques. Traditional flow monitoring provides a high-level view of network communications by reporting the addresses, ports and byte and packet counts of a flow. In addition, intra-flow metadata, or information about events that occur inside of a flow, can be collected, stored and analyzed within a flow monitoring framework. This data is especially valuable when traffic is encrypted, because deep-packet inspection is no longer viable. This intra-flow metadata, called Encrypted Traffic Analytics, is derived by using new types of data elements or telemetry that are independent of protocol details, such as the lengths and arrival times of messages within a flow. These data elements have the attractive property of applying equally well to both encrypted and unencrypted flows. Using these data elements or intra-flow telemetry to identify malware communication in encrypted traffic means Encrypted Traffic Analytics can maintain the integrity of the encrypted flow without the need for bulk decryption.
Mobile (in) security for future technology
Internet of things is set to change the dynamics of cyber security dramatically. The increasing number of IoT attacks, not to forget malware like Mirai etc. that shut down a large part of the internet are just tip of the iceberg. It is a tough problem to solve because of the large attack surface. In this session, we will specifically discuss the mobile component within the IoT ecosystem and try to define a security strategy to mitigate risks that may arise due to mobile security issues. The role of mobile has become critical for Internet Of Things as it is the controlling interface for the smart devices, cloud/data store. Securing the mobile component is paramount for an effective IoT strategy. Also, the integration of Social media via the mobile for IoT is a user data privacy risk. The side effect of innovation in healthcare, industrial and transportation IoT/mobile technology will be new attacks targeting the IoT ecosystem. It won't be an overstatement to say we are heading towards chaos if we do not take steps to ensure the security of the mobile component.
The session discuss:
- Understanding the Mobile attack surface
- How is mobile adding to the IoT problem
- Case studies of real mobile vulnerabilities on IoT
- Defining a strategy for mobile security
- Best Practices a.k.a What we can do as a community to reduce the risk
Dealing With the KRACK on WPA2
The recently announced set of KRACK vulnerabilities have shattered the decades long trust in the WPA2 standard for wi-fi encryption. Though the vulnerabilities are simple to fix in principle, the proliferance of wi-fi client types in use makes this a difficult problem to deal with in practice and administrators may struggle for years before they are able to patch all such devices.
This talk explains the anatomy of the KRACK attack, its possible fixes and mitigations. Specifically, we show that it is possible to mitigate the client side vulnerabilities using AP side fixes alone.
Attacking Automation, AI and the Human Perspective
Every day, we hear about Artificial Intelligence (AI) invading more and more of everything around us. Within Information Security, we cannot avoid new algorithms, new machine learning techniques and a rush to automate everything. Have these new technologies paradoxically ushered in a completely new world of vulnerabilities?
Radware explores the fascinating topic of how everything from APIs to social media and even people are being attacked in a new hidden attack surface. In this session, you will take away the notion of how everything from humans to bots have weak undersides to automation and even AI interfaces can be duped into attacks. We’ll also explore how these vulnerabilities are being used to purposefully influence and manipulate geopolitical perspectives.