Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Cibernéticas Online y Offline

Latest challenges in the field of cybersecurity.
Analyzing online and offline cyber threats.
Assoc. Prof. Dr. Ioan-Cosmin MIHAI
“Al. I. Cuza” Police Academy, ROMANIA
Cyber Security Protection Summit
June 11, 2019, Lima, Peru
#ProtectionPeru2019

THE SPEAKER
The University Politehnica of Bucharest
Associate Professor
The Romanian Centre of Excellence for
Cybercrime (CYBEREX)
Trainer
The Romanian Association for Information
Security Assurance (RAISA)
Vice President
The Quality, Reliability and Information
Technology Laboratory (EUROQUAL)
Researcher
“Carol I” National Defence University
Associate Professor
“Alexandru Ioan Cuza” Police Academy
Associate Professor
The CT University of India
Honorary Professor
The Romanian National Institute of
Magistracy (NIM)
Trainer
The Romanian Superior Council of
Magistracy (SCM)
Trainer
The European Union Agency for Law
Enforcement Training (CEPOL)
Trainer
The Romanian National Computer Security
Incident Response Team (CERT-RO)
Trainer
The General Inspectorate of Romanian Police
The Cybercrime Unit (GIRP)
Trainer

AGENDA
• The technical challenges in cybersecurity:
• Software challenges;
• Hardware challenges;
• Cyber agents and their motivation;
• Solutions for fighting the cyber threats.
#ProtectionPeru2019

SOFTWARE CHALLENGES
Source: ENISA Threat
Landscape Report 2018

MALWARE STATISTICS
Source: AV-TEST Institute
Total malware Android malware
MacOS malware

MOST AFFECTED OPERATING SYSTEMS
Source: CERT-RO
0.44%
7.76%
20.65%
30.13%
41.02%
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% 45.00%
Windows
UPnP OS
Network Devices Firmware/OS
Unix
Linux
#ProtectionPeru2019

GEOGRAPHY OF LOCAL MALWARE ATTACKS
Source: Kaspersky
Chile – 19,0%
Colombia – 23,3%
Brazil – 29.8%
Ecuador – 32,2%
Peru – 36,6%
Venezuela – 40,0%
Bolivia – 40,6%

FINANCIAL TROJANS
The most important financial trojans:
• Zeus (2006)
• Ramnit (2011)
• Citadel (2012)
• Dridex (2014)
• Dorkbot (2015)
• BackSwap (2018)
• Cobalt (2016)
#ProtectionPeru2019

CARBANAK / COBALT
Source: EUROPOL
#ProtectionPeru2019

RANSOMWARE
The most important ransomware:
• CryptoLocker (2013)
• CTB-Locker (2014)
• Locky (2016)
• WannaCry (2017)
• Petya (2017)
• Bad Rabbit (2017)
• PUBG (2018)
#ProtectionPeru2019

NO MORE RANSOM PROJECT
Source: https://www.nomoreransom.org

CRYPTOJACKING
The most important cryptojacking threats:
• Coinhive (2017)
• Cryptoloot (2017)
• JSEcoin (2017)
• XMRig (2017)
• Cgminer (2017)
• Authedmine (2017)
• RubyMiner (2017)

CRYPTOJACKING
Source: https://hackernoon.com

BOTNETS
The most important botnets malware:
• Conficker (2008)
• Mariposa (2008)
• Kraken (2008)
• ZeroAccess (2011)
• Necurs (2012)
• Windigo (2013)
• Mirai (2016)

BOTNETS
Source: www.emsisoft.com

TECHNICAL CHALLENGES
• Glitch (CVE-2018-10229)  GPU
• Spectre (CVE-2017-5753)  CPU
• Meltdown (CVE-2017-5754)  CPU
• Rowhammer (CVE-2015-3693)  RAM
• BadUSB (CVE-2014-4115)  USB ports
16

Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Cibernéticas Online y Offline

EMAIL BASED ATTACKS
Spear-phishing campaigns
Source: Symantec
• Spamming;
• Spoofing;
• Phishing;
• Spear-phishing;
• Clone phishing;
• Whaling;
• Bombing;
• Chain-letters.

COMPOSITION OF EMAILS
Emails consist of:
• Envelope Headers – automated generated during the
transport of the message;
• Message Headers – contain information required to
deliver the message (information provided by sender);
• Body – the message itself;
• Attachments – attachments to the e-mail (part of the
body).
#ProtectionPeru2019

STANDARD HEADERS
Return-path: <user@domain.com>
Envelope-to: user@domain.com
Delivery-date: Tue, 10 Jan 2017 17:53:10 +0200
Received: from …
Message-ID: <54B53F63.5090302@domain.com>
Date: Tue, 13 Jan 2017 17:53:07 +0200
From: User <user@domain.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: user@domain.com
Subject: Plain message
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

ENVELOPE HEADERS
Received: from gts4.roserve.net ([128.abc.def.216]:57164)
by gts5.roserve.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-
SHA384:256)
(envelope-from <user1@domain1.com>)
id 1YB4bd-0001zn-Fb
for user2@domain2.com; Tue, 10 Jan 2017 18:46:13 +0200
Received: from [77.ab.cd.134] (port=51414 helo=[192.168.0.100])
by gts4.roserve.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
(envelope-from <user1@domain1.com>)
id 1YB4ba-0001xz-Ps
for user2@domain2.com; Tue, 10 Jan 2017 18:46:13 +0200
Message-ID: <54B54BD1.9060905@domain1.com>

[77.ab.cd.134]
port=51407
helo=[192.168.0.100]
gts4.roserve.net
[128.abc.def.216]:57164
gts5.roserve.net
user2@domain2.com user1@domain1.com

EMAIL HEADER ANALYZER
URL: https://toolbox.googleapps.com/apps/messageheader/

HOW TO DETECT A PHISHING EMAIL
Don’t trust the display name
of the sender
Be careful with the files
attached to email
Check the salutation Check the links before click
Check for spelling errors
Is the email asking for
personal information?
Check the email signature Beware of urgency

GEOGRAPHY OF MALICIOUS WEB ATTACKS
Source: Kaspersky
Colombia – 16,4%
Peru – 16,6%
Bolivia – 16,8%
Ecuador – 16,8%
Chile – 19,2%
Brazil – 21,5%
Venezuela – 35,9%

SOCIAL MEDIA BASED ATTACKS
Source: Symantec

INTELTECHNIQUES SEARCH TOOLS
https://inteltechniques.com/menu.html

CREATING THE FACEBOOK USER PROFILE
Places visited Places liked
Photos liked Photo comments
Photos by user Photos of-tagged
Posts liked Posts comments
Posts by year Posts tagged
Videos liked Videos comments
Events invited Events attended
Groups Pages liked
Friends Followers
#ProtectionPeru2019

USB MEMORY STICKS
USB Microcontroller
BadUSB
#ProtectionPeru2019

ELECTROMAGNETIC EMANATIONS
Source: UC3M

THREATS AGENTS AND THEIR MOTIVATION

THREAT AGENTS
Cyber-criminals Hacktivists
Insiders Cyber-fighters
Nation States Cyber-terrorists
Corporations Script Kiddies

DISTRIBUTION OF TARGETS
Source: www.hackmageddon.com

MOTIVATION BEHIND ATTACKS
Source: www.hackmageddon.com

FIGHTING CYBER-THREATS
#ProtectionPeru2019

LAW ENFORCEMENT vs CYBER CRIMINALS
LAW ENFORCEMENT CYBER CRIMINALS
Laws No rules
Procedures No borders
Bureaucracy Resources
Cooperation Tools & documentation in Darknet

DARKNET
Source: Dream Market (2019)

DATA BREACHES
Source: CB Insights
COMPANY COMPROMISED ACCOUNTS DATE
Yahoo 3 billions Aug. 2013
Marriott 500 millions Nov. 2018
Yahoo 500 millions Sep. 2016
Friend Finder Network 412 millions Nov. 2016
MySpace 360 millions May 2016
Equifax 143 millions Jul. 2017
EBay 145 millions May 2014
LinkedIn 117 millions May 2016
MyHeritage 92 millions Jun. 2018
JP Morgan Chase 76 millions Oct. 2014
Sony PlayStation 77 millions Apr. 2011
Tumblr 65 millions Feb. 2013
Uber 57 millions Nov. 2017
Facebook 50 millions Mar. 2018

WHAT DO WE NEED
 Comprehensive and up-to-date legislation;
 Cooperation mechanisms:
• Sharing information and incidents;
• Public-private-academia partnerships;
 Cyber capabilities:
• Projects research and development;
• Modern trainings and investigation tools;
 Education, prevention, and awareness programs;
 Cybersecurity exercises at national and international level.
43

BASIC CYBER HYGIENE
• Minimizing administrative privileges;
• Application directory white listing;
• Application patching;
• System patching;
• Network segmentation and segregation.

BEST PRACTICES FOR USERS
• Use security policies;
• Use proactive security solutions;
• Update the operating system;
• Update the applications;
• Backup the important files.
#ProtectionPeru2019

CONTACT DETAILS
linkedin.com/in/ICMihai
facebook.com/ICMihai
Assoc. Prof. Dr. Ioan-Cosmin Mihai
cosmin.mihai@raisa.org
0040.729.99.77.23
www.cosmin-mihai.com

Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Cibernéticas Online y Offline

More Related Content

Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Cibernéticas Online y Offline

Editor's Notes