Cybersecurity | Sharad Ahlawat

Cybersecurity

Cybersecurity Threat Landscape

Layered Security

  • Physical
  • Identity & Access
  • Perimeter - Network Edge
  • Network - Network Segmentation, ZTN
  • Compute
  • Application - secure coding
  • Data - encrypted

Risk Management Analysis

- Impacts
- Vulnerabilities
- Threats

Phishing

  • Types:
    • Untargeted
    • Spear phishing
    • Whaling
  • Mitigation steps:
    • block spam - user and server
    • block bad websites - browser and firewalls
    • password manager - strong and unique passwords
    • multi-factor authentication
    • security training and drills

Malware and Ransomware

  • Types:
    • Viruses
    • Worms
    • Adware
    • Spyware
    • Trojan
    • Rootkits
    • Phishing
  • Attack vectors:
    • System Vulnerabilites - software and hardware
    • Social Engineering
  • Mitigations:
    • frequent backups
    • updates and patches
    • upgrade to latest OS versions
    • firewalls
    • antivirus and antimalware updates

Cryptojacking malware

  • Attack vectors:
    • Malware
    • Drive-by cryptomining
  • Mitigation:
    • monitor CPU utilization
    • monitor process activity
    • script and ad blockers
    • antimalware updates

Botnet malware

  • Botnet actions:
    • DDoS attacks
    • Spam/phishing
    • Malware propogation
    • Network breaches
    • Cryptomining
  • Attack vectors:
    • System Vulnerabilites - software and hardware
    • Infected IoT firmware
  • Infra Mitigation
    • distribute servers across geographically separate data centers
    • use multiple ISPs
    • use ISPs with DDoS mitigation response plans
    • conduct DDoS drills
  • System Mitigation:
    • monitor process activity
    • monitor network activity
    • script and ad blockers
    • antimalware updates

IoT vulnerabilities

  • Growth
    • Rise of cloud computing
    • Low Cost
    • Easy access to Wi-Fi
    • Growth of 5G
    • Personal IT devices
    • Home appliances
    • Transportation
  • Vulnerable
    • no antimalware protection
    • default passwords
    • simple and less secure protocol stacks
    • large exploitable device base
  • Mitigation
    • Network device invetory and monitoring
    • Network segmentation and isolation
    • Firewall
    • change default passwords
    • configure strong security
    • updates and patches

Cloud computing

  • Growth
    • easier to manage
    • quickly scalable
    • more convenient
    • less expensive
  • Vulnerable
    • data breaches - attacks or errors
    • weak access management - lack of role-based access
    • weak APIs and interfaces
    • system vulnerabilities
    • account hijacking
    • malacious insider abuse and attacks
    • Advanced Peristent Threats - APTs
    • data loss - attacks, errors, disasters
    • poor due dilignece - incorrect deployments
    • abused cloud services - DDoS, spam and phishing, cryptojacking
    • Denial of Service - revenue impacting
    • Shared technology and resources
  • Mitigation
    • consensus assessments initiative questionnaire (CAIQ)
    • cloud control matrix (CCM)
    • Breaches - permiter and internal firewalls, data-at-rest encryption, multi-factor authentication
    • Access and Hijacking - strong rotating password, multifactor authentication, role based access
    • API and Interfaces - security code reviews, application penetration tests, threat modeling application data flows
    • System - vulnerability scan, penetration test, system update
    • Malacious insiders and APTs - termination process, role-based access, network segmentation, network monitoring and reponse
    • Data loss - disaster recovery plan, effective backups, geographically separate data centers
    • use ISPs with DDoS mitigation response plans
    • per tenant firewalls and encryption at rest

Shadow IT

  • Growth
    • understaffed IT departments
    • restrictive IT solutions
    • easy SaaS solutions
  • Vulnerable
    • data loss
    • data breach
    • insecure and unpatched systems
    • non security compliant system - regulatory issues
  • Mitigation
    • centralized technology acquisition
    • IT assest inventory - SIEM
    • define IT policy
    • configuration to allow only authorised systems - NAC and ZTN
    • cloud access security broker (CASB) - ????

References:

  • Comodo Cybersecurity 2018 global Threat Report phishing as the most common method of attack average 16-20 malicious emails per month
  • Proofpoint 2019 State of the Phish Report compromise in 2018 rose 70% over 2017 and 280% over 2016
  • IHS Market Research IoT devices will rise from 27 billion in 2017 to 125 bbillion in 2030
  • Symantec Internet Security Threat Report (ISTR) Routers and cameras are the most malware affected IoT devices accounting for 90% of malacious activity
  • OWASP top10 IoT project recommendations
  • Cloud Security Alliance: Trecherous 12 top threats
  • CSA security guidance for critical areas of focus in cloud computing 4.0
  • Gartner estimates shadow IT expenses at 30-40% of company IT spending
  • Subscriptions - SANS, Bruce's crpytogram
  • Security podcasts - Hack n News, Defense in Depth
  • Security publications - CISO Mag and Cyber defense magazine

© 2021 Sharad Ahlawat