Hello World 2018 - Understanding attacker behaviors, motivations and common ways of operation

Transcript

1. Engineering for digital security Understanding attacker behaviors, motivations and common

   ways of operation Hello World 2018 15/02/2018 Pedro Queirós, Cybersecurity Engineer

2. 1. Who am I? 2. What is cyberspace? 3. What

   is cybercrime? 4. Who does it? 5. Why? 6. Hacker profiling 7. What about Portugal? 8. Social Engineering Summary 2 Hello World 2018 – MULTICERT – February 15th, 2018

3. Who am I? 3 • CyberSecurity Engineer at Multicert, S.A.

   • CyberSecurity Intelligence Center manager • mSecurity project manager PREVIOUS EXPERIENCE: • System Administrator at Multicert, S.A. • System Administrator at Noesis • System Administrator at Sobatlantic, LDA. PROJECTS: • Involved in several international projects, as the Electronic Vote for the International Red Cross and the implementation of the PKI system supporting the Electronic Prescription Platform at Greece. • Design and implementation of the Cybersecurity Intelligence Center at Multicert. • Responsible for several pentest and security projects. PEDRO QUEIRÓS CYBERSECURITY ENGINEER PROFESSIONAL EXPERIENCE ACADEMIC EXPERIENCE AND OTHERS • Post-graduate in Cibersecurity and Ciberdefense • Universidade do Minho and Academia Militar • Master’s in Network Communications Engineering • Universidade do Minho • Author of several articles and presentations about Cybersecurity. • Author of the scientific article "Solução Aberta para uma Rede de Sondas de QoS na RCTS", presented at CRC 2013. • Author of the scientific article "Open Architecture for Quality of Service Monitoring at a National Research and Education Network", published at Information Sciences and Systems 2014 / Springer. Hello World 2018 – MULTICERT – February 15th, 2018

4. What is cyberspace? 4 “The notional environment in which communication

   over computer networks occurs.” Source: https://en.oxforddictionaries.com/definition/us/cyberspace Hello World 2018 – MULTICERT – February 15th, 2018

5. What is cyberspace? 5 “A consensual hallucination experienced daily by

   billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphical representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity.” Source: William Gibson, Neuromancer (1984) Hello World 2018 – MULTICERT – February 15th, 2018

6. What is cyberspace? 6 Hello World 2018 – MULTICERT –

   February 15th, 2018

7. What is cybercrime? 7 Hello World 2018 – MULTICERT –

   February 15th, 2018

8. What is cybercrime? 8 “Criminal activities carried out by means

   of computers or the Internet.” Source: https://en.oxforddictionaries.com/definition/cybercrime Hello World 2018 – MULTICERT – February 15th, 2018

9. What is cybercrime? 9 Traditional Crimes Content-related crimes Network-related crimes

   Fraud Child pornography Cracking Invasion of privacy Piracy Illegitimate access Stalking Copyright infringment Illegitimate interception Extorsion Bullying Sexual harrassment Identity theft Hello World 2018 – MULTICERT – February 15th, 2018

10. What is cybercrime? 10 • No boundaries • Practiced in

    a dynamic, high speed changing environment • Easy and cheap • Global reach • Highly disproportional – one attacker can cause considerable damage in several people / organizations • The strand of economic crime that has grown most in Portugal and internationally (http://apav.pt/cibercrime/) Hello World 2018 – MULTICERT – February 15th, 2018

11. Who does it? 11 Hello World 2018 – MULTICERT –

    February 15th, 2018

12. Who does it? 12 • Script kiddies • Malicious insiders

    • Organized crime • Activists • Terrorists • Nations Hello World 2018 – MULTICERT – February 15th, 2018

13. Why? 13 Hello World 2018 – MULTICERT – February 15th,

    2018

14. Why? 14 Political motivations Source: http://osnetdaily.com/2016/10/october-surprise-dyn-cyber-attack-rehearsal-us-election/ Hello World 2018 –

    MULTICERT – February 15th, 2018

15. Why? 15 Economical motivations Source: https://securelist.com/the-great-bank-robbery-the-carbanak-apt/68732/ Hello World 2018 –

    MULTICERT – February 15th, 2018

16. Why? 16 Socio-cultural motivations Hello World 2018 – MULTICERT –

    February 15th, 2018

17. How does it start? 17 Source: Why Computer Talents Become

    Computer Hackers By Zhengchuan Xu, Qing Hu, Chenghong Zhang Communications of the ACM, Vol. 56 No. 4, Pages 64-74 RAT: Routine Activity Theory SAT: Situational Activity Theory SLT: Social Learning Theory Hello World 2018 – MULTICERT – February 15th, 2018

18. Hacker profiling 18 Hello World 2018 – MULTICERT – February

    15th, 2018

19. What about Portugal? 19 Source: RASI 2016 - http://www.portugal.gov.pt/media/26816790/20170331-pm-rasi.pdf Acesso

    indevido ou ilegítimo/interceção ilegítima, falsidade informática, outros crimes informáticos, reprodução ilegítima de programa protegido, sabotagem informática, viciação ou destruição de dados/dano relativo a dados/programas. Hello World 2018 – MULTICERT – February 15th, 2018

20. What about Portugal? 20 In 2016, we’ve seen a rise

    in all crime tipifications: • Sabotagem informática - 140% • Dano relativo a dados ou programas informáticos - 121% • Falsidade informática - 58% • Pornografia de menores - 36% • Burla informática e nas comunicações - 19% • Aumento generalizado de ataques de ransomware Hello World 2018 – MULTICERT – February 15th, 2018

21. Social Engineering 21 Hello World 2018 – MULTICERT – February

    15th, 2018

22. “Getting people to do things they wouldn't ordinarily do for

    a stranger” – Kevin Mitnick Social Engineering 22 Hello World 2018 – MULTICERT – February 15th, 2018

23. Social Engineering 23 • The oldest type of attack known

    • Explores human vulnerabilities • It might or might not use technology • Most of the times, the victim doesn’t know it’s being manipulated • It’s rarely detected, stopped or penalized • Persuasion or manipulation? Hello World 2018 – MULTICERT – February 15th, 2018

24. The 6 Principles of Persuasion: 1. Reciprocity 2. Scarcity 3.

    Authority 4. Consistency 5. Liking 6. Consensus Source: https://www.influenceatwork.com/principles-of-persuasion/ Social Engineering 24 Hello World 2018 – MULTICERT – February 15th, 2018

25. Reciprocity “(…) Social rule that says people ought to repay,

    in kind, what another person has provided for them.” Social Engineering 25 Hello World 2018 – MULTICERT – February 15th, 2018

26. Reciprocity “(…) Social rule that says people ought to repay,

    in kind, what another person has provided for them.” It also works with concessions: Social Engineering 26 Source: http://www.thecomicstrips.com/store/add.php?iid=100004 Hello World 2018 – MULTICERT – February 15th, 2018

27. Scarcity “People want more of the things there are less

    of.” Social Engineering 27 Hello World 2018 – MULTICERT – February 15th, 2018

28. Scarcity “People want more of the things there are less

    of.” Social Engineering 28 Source: https://nakedsecurity.sophos.com/2011/02/01/facebook-will-close-all-accounts-today-rogue-app-spreads-virally/ Hello World 2018 – MULTICERT – February 15th, 2018

29. Authority “People follow the lead of credible, knowledgeable experts.” 29

    Social Engineering Hello World 2018 – MULTICERT – February 15th, 2018

30. Authority “People follow the lead of credible, knowledgeable experts.” Social

    Engineering 30 Source: http://www.smbc-comics.com/?id=2526 Hello World 2018 – MULTICERT – February 15th, 2018

31. Consistency “People like to be consistent with the things they

    have previously said or done.” Social Engineering 31 Hello World 2018 – MULTICERT – February 15th, 2018

32. Liking “People prefer to say yes to those that they

    like.” Social Engineering 32 Hello World 2018 – MULTICERT – February 15th, 2018

33. Consensus “People will look to the actions and behaviors of

    others to determine their own.” Social Engineering 33 Source: https://www.youtube.com/watch?v=BgRoiTWkBHU Hello World 2018 – MULTICERT – February 15th, 2018

34. Where this is applied: • Tailgating • Impersonation • Shoulder

    surfing • Dumpster diving • Phishing • Vishing Social Engineering 34 Hello World 2018 – MULTICERT – February 15th, 2018

35. Social Engineering 35 Adam and Eve case study Company policies

    well defined: “You can eat from all the trees in the Garden of Eden, except that one.” Top management sponsorship: GOD! User awareness in place: Adam and Eve knew the policies. Hacker: Serpent Source: Carlos Alexandre, Pós Graduação em Cibersegurança e Ciberdefesa - Engenharia Social Hello World 2018 – MULTICERT – February 15th, 2018

36. Social Engineering 36 Adam and Eve case study Hacker uses

    social engineering on Eve: “If you eat the fruit from that tree, you will be like God.” Eve accesses confidentional information: eating the fruit makes her know Good and Evil. Eve shares confidentional information with Adam. Internal auditing detects breach of policy. Users are punished. Source: Carlos Alexandre, Pós Graduação em Cibersegurança e Ciberdefesa - Engenharia Social Hello World 2018 – MULTICERT – February 15th, 2018

37. Real life example 37 Source: https://www.howtogeek.com/185354/security-questions-are-insecure-how-to-protect-your-accounts/ Hello World 2018 –

    MULTICERT – February 15th, 2018

38. Real life example 38 Hello World 2018 – MULTICERT –

    February 15th, 2018

39. Engineering for digital security Avenida Sidónio Pais, 379 Edifício Hoechst

    A, Piso 3, Direito 4100-468 Porto – Portugal Tel.: +351 223 391 810 Fax: +351 223 391 811 Lagoas Park, Edifício 3, Piso 3 2740-266 Porto Salvo Oeiras – Portugal Tel.: +351 217 123 010 Fax: +351 217 123 011 www.multicert.com Pedro Queirós [email protected] Thank you! Questions?