Professional Documents
Culture Documents
attacker
JUNE 25, 2019
Abhijeet Karle
Sr. Information Security Officer
Information Technology Department
International Monetary Fund
May 2018: Banco de Chile, all out crash in a heist attempt (9000 computers and
500 servers crashed)
April 2018: ex employee SunTrust bank US sells info about 1.5M customers to
criminal 3rd party
July 2018: PIR bank Russia, $1M lost through compromised outdated router
August 2018: Cosmos Bank India, $13.5M lost through compromise of its ATMs
(running on windows XP)
Source - Varonis
Source - Varonis
Source - Varonis
Source - Varonis
“If you know the enemy and know yourself, you need not fear the result of a
hundred battles. If you know yourself but not the enemy, for every victory
gained you will also suffer a defeat. If you know neither the enemy nor yourself,
you will succumb in every battle.”
― Sun Tzu, The Art of War
Attacker Mindset
Advance Steal information for espionage; possibly Loss of trust once breach is Making Money - common
conduct destructive attacks. discovered; disruption to Espionage – common
Persistent the financial sector. Destruction – very rare
Threats
(APT)
Cyber Crime Steal money from financial sector entities; Affects organizations’ Making money – common
at times stealing large sums. profits; loss of trust if Theft – very common
breach is publicized but org
was silent
Hacktivist Disrupt financial sector operations; attack Damaged reputation; loss Disclosure
the brand of individual institutions; data of trust
release individuals/institutions.
Insider Steal money; get revenge through Affects organization’s Revenge
destruction or data release. profits; damaged reputation
Persist Persist
The Cyber Kill-Chain framework, was originally published by Lockheed Martin as part
of the Intelligence Driven Defense model for the identification and prevention of cyber
intrusions activity.
The model identifies what the adversaries must complete in order to achieve their
objective, by targeting the network, exfiltration data and maintaining persistence in the
organization.
• Ransomware
• Spyware
• Adware
• Malicious websites
• Internal reconnaissance
Curiosity
Stealth
Persistence
Installing Backdoors
Anonymity
False Flags
Source – Risk Factory
Is our cybersecurity program appropriate for the size and complexity of the
organization?
Does the cybersecurity program align with the overall business strategy?
What is our overall cybersecurity risk policy, including risk appetite and tolerance?
Information Security is not an problem that can “be fixed”, but rather a persistent
issue requiring a series of dynamic trade-off decisions
From … To…
Source: NIST