Cyber Attack, Data Breach, & The Mitigation

Quarterly Business Review

Indonesia

Issued date :
By Indra Lenny – Head of Bitdefender Business Unit
Bitdefender Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
Kebocoran Data dari Rumah

Issued date :
By Indra

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
2
Here's how the FBI says
they did it:
The hack began with a
spear-phishing email sent
in early 2014 to a Yahoo
company employee. It's
unclear how many
employees were targeted
and how many emails were
sent, but it only takes one
person to click on a link,
and it happened.

Copyright © 2018 Sysware Indonesia

All rights reserved.
3
Copyright © 2018 Sysware Indonesia
All rights reserved.
4
 Serangan Firmware dan
Software

Copyright © 2018 Sysware Indonesia

All rights reserved.
5
You likely protect your computers, network, software, and other
obvious assets with the necessary security defenses. But there's one
element in many devices that isn't as apparent or as visible:
firmware. Depending on the device, firmware may be stored in a
circuit or flash memory, or it may be supplied by the operating
system when you boot up.
Issued date :
By Indra
Unlike operating system and application updates, which are
Quarterly sines Review
automated
Indonesia
and pushed out, firmware update processes can require
more downtime, which can result in organizations deprioritizing
them.

Software in coding itself and patching vulnerable/exploit.

Copyright © 2018 Sysware Indonesia

All rights reserved.
6
 Issued date :
By Indra

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
7
Ransomware

Issued date :
By Indra

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
8
CryptoLocker was one of the most profitable ransomware strains of its time. Between September and
December 2013, CryptoLocker infected more than 250,000 systems. It earned more than $3 million
for its creators taken offline in 2014 in an international operation.

One of the first ransomware variants to target Apple OS X also emerged in 2016. KeRanger mostly
impacted users utilizing the Transmission application but affected about 6,500 computers within a day
and a half. KeRanger was swiftly removed from Transmission the day after it was discovered.

Repeat ransomware attacks have become a common occurrence in recent years. According to a 2017
report from data protection vendor Druva, 50% of the 832 IT professionals surveyed said their
Issued date :
organization had been
By hit with ransomware multiple times.
Indra

Quarterly
Toll Group, sines
for example, was hitReview
by ransomware twice in three months. The two incidents were not
Indonesia
connected, a spokesperson for Toll Group told SearchSecurity, and were "based on different forms of
ransomware." The latter attack, which happened in May, involved Nefilim, a relatively new variant of
ransomware.

A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by
2021. (Source: Cyber Security Ventures)

Copyright © 2018 Sysware Indonesia

All rights reserved.
9
 Issued date :
By Indra

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
10
Supply Chain

Issued date :
By Indra

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
11
1.3rd party GDPR
2.Penetration testing

Solar Winds, Fire Eye, Microsoft, Issued date :

Malwarebytes, Crowdstrike, US govt.

Quarterly sines Review
By Indra

Indonesia

The number of victims was not

disclosed.

Copyright © 2018 Sysware Indonesia

All rights reserved.
12
Industrial Espionage

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
13
Bitdefender researchers found that threat actors had an entire toolset featuring
powerful spying capabilities and made use of a previously unknown vulnerability
in a popular software widely used in 3D computer graphics (Autodesk 3ds Max)
to compromise the target. 20 Aug 2020

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
14
APT

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
15
Advanced Persistent Threat (APT) groups are widely classified
as organizations that lead, “attacks on a country’s information assets
of national security or strategic economic importance through either
cyberespionage or cybersabotage.” They are elusive, eminent and
effective at what they do: wreaking havoc on their targets.

MITRE ATT&CK has 94 different groups logged as APT operations.

These groups span across the world and include largely-funded
Quarterly sinesgroups
government-backed Reviewas well as rag-tag teams of rogues who
makeIndonesia
a huge dent in the cybersecurity world.

The term “Advanced Persistent Threat” was coined by the US Air

Force in the early 2000s, but these groups have likely been operating
since governments have been using digital operations.

Many of the groups are government-sanctioned or funded.

Copyright © 2018 Sysware Indonesia
All rights reserved.
16
Phishing

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
17
Facebook and Google each lost $100 million to sophisticated
phishing and wire fraud schemes that were allegedly perpetrated by
a Lithuanian hacker named Evaldas Rimasauskas. He is accused of
posing as Quanta Computer, an electronics manufacturer and
vendor for major companies that include Facebook and Google,
reportedly sent phishing emails in the form of fraudulent invoices to
con the companies out of the money.

Quarterly
Eventually, sineswas
the scam Review
discovered, and Facebook and Google took
actionIndonesia
through the US legal system. The attacker was arrested and
extradited from Lithuania, and, as a result of the legal proceedings,
Facebook and Google were able to recover $49.7 million of the $100
million stolen from them.

Copyright © 2018 Sysware Indonesia

All rights reserved.
18
 Quarterly sines Review
Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
19
Cloud Container

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
20
Apple suffered what may be the largest high-profile cloud security breach due to the
victims involved. Jennifer Lawrence and other celebrities had their private photos
leaked online. Many of the victims initially thought that someone had hacked their
individual phones. Instead, the iCloud service they used for personal storage had
been compromised. In response, Apple urged users to employ stronger passwords
and introduced a notification system that sends alerts when suspicious account
activity is detected.

Some guys have all the luck – or not. Business-focused social networking
site LinkedIn felt the sting of cyber criminals when some 6 million user passwords
were stolen then published on a Russian forum in 2012. Unfortunately its streak of
bad luckQuarterly sinesstarted.
was just getting Review In May 2016, hackers stole and posted for sale on
the darkIndonesia
web an estimated 167 million LinkedIn email addresses and passwords. In
addition to changing their passwords, LinkedIn implemented two-way
authentication, an optional feature that makes you enter a pin code on your mobile
device prior to logging in to the network.

Copyright © 2018 Sysware Indonesia

All rights reserved.
21
Crypto Jacking

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
22
Sentra tambang masih didominasi Tiongkok, lebih dari 50
persen.

Satu perusahaan tambang Bitcoin di Kutub Utara, wilayah

Rusia. Suhu minus 40 derajat Celcius adalah faktor tepat.
Norilsk nama kota di Kutub Utara itu. Jaraknya sekitar 4 jam
penerbangan dari ibukota Rusia, Moskow. Norilsk
Quarterly sines Review
merupakan
Indonesia
kota terbesar kedua di Rusia bagian dari
Lingkaran Arktik setelah Murmansk.

Ransomware generates over $25 million in revenue for

hackers each year. (Source: Business Insider). More than
half of ransoms were paid bitcoin.
Copyright © 2018 Sysware Indonesia
All rights reserved.
23
Smominru is probably most notorious cryptojacking botnet, consisting of over
520,000 machines that by January 2018 had earned its owners over $3 million in
Monero, abetted by a smart perpetually self-regenerating botnet
design. Smominru was powered by EternalBlue, the stolen NSA exploit that was
also used in the WannaCry global ransomware epidemic of 2017.

Quarterly sines Review

Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
24
 Quarterly sines Review
Indonesia

Copyright © 2018 Sysware Indonesia

All rights reserved.
25
Mac & Android

Copyright © 2018 Sysware Indonesia

All rights reserved.
26
Copyright © 2018 Sysware Indonesia
All rights reserved.

27