Scribd Logo
Hochladen

Willkommen bei Scribd!

  • GTCW13 Winning The Cyber Security Battles - Tom Osborne

    Hochgeladen von

    e.Republic
    20 Ansichten25 Seiten
    GTC West 2013 presentation Winning the Cyber Security Battles by Tom Osborne

    Originaltitel

    GTCW13 Winning the Cyber Security Battles - Tom Osborne

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    GTC West 2013 presentation Winning the Cyber Security Battles by Tom Osborne

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    20 Ansichten25 Seiten

    GTCW13 Winning The Cyber Security Battles - Tom Osborne

    Hochgeladen von

    e.Republic
    GTC West 2013 presentation Winning the Cyber Security Battles by Tom Osborne

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 25

    UNCLASSIFIED//FOUO

    Federal Bureau of Investigation


    Cyber Program

    The Cyber Threat


    Sacramento Division Assistant Special Agent in Charge Tom Osborne
    UNCLASSIFIED//FOUO

    UNCLASSIFIED//FOUO

    Cyber as an FBI Priority


    Down the road, the cyber threat, which cuts across all FBI programs, will be the number one threat to the country, surpassing terrorism. FBI Director Mueller

    UNCLASSIFIED//FOUO

    UNCLASSIFIED//FOUO

    Who are the Adversaries?


    Sophistication
    Threat Level 1 Inexperienced Limited funding Opportunistic behavior Target known vulnerabilities Use viruses, worms, rudimentary trojans, bots In it for thrills, bragging rights Easily detected

    Expertise Funding Patience Target Value


    Threat Level 2 Higher order skills Well-financed Target known vulnerabilities Use viruses, worms, trojans, bots to introduce more sophisticated tools Target and exploit valuable data Detectable, but hard to attribute Threat Level 3 Very sophisticated tradecraft Foreign Intel Agencies Very well financed Target technology as well as info Use wide range of tradecraft Establish covert presence on sensitive networks Undetectable?

    UNCLASSIFIED//FOUO

    SECRET//NOFORN

    UNCLASSIFIED

    UNCLASSIFIED

    HACTIVISTS
    Although the term hactivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from individual hackers seeking thrills and bragging rights to hacker groups conducting distributed denial of service (DDoS) attacks and website defacements against government and

    UNCLASSIFIED

    Hawthorne PD

    UNCLASSIFIED

    CRIMINAL
    Organized criminal groups have easily adapted to todays technology in exploiting the cyber arena. These groups continually attack systems for monetary gain through identify theft, online fraud, computer extortion, phishing, and spyware/malware.

    UNCLASSIFIED

    UNCLASSIFIED//LAW ENFORCEMENT SENSITIVE

    Botnet Threat to Financial Sector

    A credential stealing malware created by Eastern European cyber actors Use Malware to carry out online bank account takeovers and steal information Multiple versions available on the cyber underground making it easy to obtain Evolving variants make it hard for anti-virus to detect

    UNCLASSIFIED//LAW ENFORCEMENT SENSITIVE

    UNCLASSIFIED

    Botnet Case Highlight: Operation Ghost Click

    UNCLASSIFIED

    UNCLASSIFIED

    Botnet Initiative: Operation Clean Slate

    Coder Herder Users Botnet/Malware

    Hill/W.H. Notification

    Draft JIB

    State/Local and Trusted Partners (Website, IC3, InfraGard)

    Public Awareness (PSA, Newspapers, Advertisement)

    UNCLASSIFIED

    UNCLASSIFIED

    INDUSTRIAL ESPIONAGE
    Every year, billions of dollars are lost to foreign and domestic competitors who deliberately target economic intelligence in U.S. industries and technologies. Through cyber intrusions, these intruders search for intellectual property, prototypes, and company trade secrets to gain an illegitimate advantage

    UNCLASSIFIED

    UNCLASSIFIED

    STATE ESPIONAGE
    Foreign adversaries use cyber tools as part of traditional intelligence-gathering and espionage activities. These adversaries conduct computer network operations that target military and governmental organizations intellectual property and insider information.

    UNCLASSIFIED

    UNCLASSIFIED//FOR OFFICIAL USE ONLY

    Advanced Persistent Threat

    Intrusion Phases

    Exfiltration
    Harvest data

    Persistence
    Escalate Privileges Install Utilities

    Exfiltration Conceal activity

    Infiltration
    Reconnaissance Infection

    Enumerate the Network Establish backdoors

    UNCLASSIFIED//FOR OFFICIAL USE ONLY

    UNCLASSIFIED

    Recent Financial Sector Cyber Events

    Gbps per Attack


    140 120 100 Peak Gbps 80 60 40 20 0 January February March

    UNCLASSIFIED

    UNCLASSIFIED

    Recent Energy Sector Cyber Events

    UNCLASSIFIED

    UNCLASSIFIED

    CYBERTERRORISM
    Cyberterrorism is disruptive or destructive acts perpetrated against noncombatant targets at the direction, on behalf, or in support of a terrorist group or their ideology, through the use of computer network attack or exploitation. Such intrusions/attacks are intended to intimidate or coerce a government or population in furtherance of a social, political, ideological, or religious agenda by causing

    UNCLASSIFIED

    UNCLASSIFIED//FOUO

    Priority Cyber Threat Target Critical Infrastructure


    Industrial Control Systems (ICS) / Supervisory

    Control and Data Acquisition Systems (SCADA): Controlling the nations critical infrastructure.

    UNCLASSIFIED//FOUO

    UNCLASSIFIED

    STATE-SPONSORED DISRUPTIONS/WAR
    Several nations are aggressively working to develop cyber warfare doctrine, programs, and capabilities. Cyber warfare enables a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power impacts that could affect the lives of citizens across the country.

    UNCLASSIFIED

    UNCLASSIFIED

    Individuals

    Organized Crime Syndicates

    Hacktivist Groups

    Nation States Nation-States

    Individuals

    Industry

    Law Enforcement & Government

    Infrastructure

    UNCLASSIFIED

    UNCLASSIFIED//FOUO

    FBI Investigative and Operational Capabilities


    Investigative Interviews Evidence Collection Electronic Surveillance Network Traffic Analysis Digital Forensics through Computer Analysis Response Team (CART) Malware analysis through the Binary Analysis, Characterization, and Storage System (BACSS) Cyber Action Team (CAT) Deployment Legal Attach Support Indict/Arrest Authority
    UNCLASSIFIED//FOUO

    UNCLASSIFIED

    Partnerships

    No one country, company, or agency can stop cyber crime We must start at the source; we must find those responsible. And the only way to do that is by standing together.

    Robert Mueller III, FBI Director


    UNCLASSIFIED

    UNCLASSIFIED//FOUO

    NCIJTF Members

    22

    UNCLASSIFIED//FOUO

    Cyber Task Forces (CTF)

    Each CTF synchronizes domestic cyber threat investigations in the local community through information sharing, incident response, and joint enforcement and intelligence actions.
    UNCLASSIFIED//FOUO

    Private Sector Partnerships

    InfraGard National Cyber-Forensics Training Alliance and Cyber Initiative and Resource Fusion Unit Information Sharing Analysis Centers Internet Crime Complaint Center

    UNCLASSIFIED//FOUO

    Conclusion Questions?

    UNCLASSIFIED//FOUO

    Das könnte Ihnen auch gefallen