Detecting and Defending against Cyber Threats

Attention Attendees:
Remember to type your messages to all panellists and attendees
Welcome!
• Module 1 – Introduction
• Module 2 – Strategies for Defending against attacks
• Module 3 – Detecting Threats
• Module 4 – The Future of Cyber, Demo, & Course Summary
• Assessment
Current Cyber Threat Landscape
Overview
• Estimated 4.1 billion Internet users at
the end of 2019 (ITU, 2020)
• Data breaches rising year by year
• Increase in legislation and regulations
around the globe related to
information/cyber security and
privacy
University of Chicago, 2018
Threat Actors
• Organised crime
• State sponsored
• Hacktivists
• Terrorists
• Individual hackers
• Malicious insiders
• Accidental insiders
Threat Actors
Organised crime
• Evolution of the smash and grab
• Borderless
• Can be less risky than traditional methods of funding
• Common attacks:
• Wire fraud
• Ransomware
• Theft of information such as PII
State sponsored
• Originating from State/Government threat actors
• Often associated with Advanced Persistent Threats (APTs)
• Common attacks
• Denial of service
• Data exfiltration
• Spying
Hacktivists
• Hacking for a social or political cause
• Often associated with groups such as:
• Anonymous
• Chaos Computer Club
• Legion of Doom
• Lizard Squad
• Common attacks:
• Defacement
• Denial of service
• Information leakage
Terrorists
• Commit cyber terrorism
• Fund terrorism
• Recruit terrorists
Individual hackers
• Script kiddies
• Lone wolf hackers
• The petty thieves of the cyber world
Malicious insiders
• Disgruntled personnel
• Threat actor infiltration
Accidental insiders
• Not malicious
• Responsible for 34% of breaches reported to the OAIC (Jan-Jun 20)
Attribution
• Can be difficult to attribute
the source of an attack
• One of the arguments against
‘hacking back’
Common Threats
Today’s common threats
• Business E-mail Compromise (BEC)
• Wire fraud
• Ransomware attacks
Business E-mail Compromise
• Usually starts with a phishing e-mail
• Threat actor gains access to a users mailbox
• Intercepts communications
• Uses the mailbox to conduct another attack
• Conduct wire fraud
Wire Fraud
• Most often associated with BEC
• Threat actor intercepts an e-mail chain
• Sends fake invoices
• Requests bank account details change
• Can also be conducted through the mail
Ransomware
• Historically came from e-mail malware
• More recently, installed by threat actors on breached systems
• Ransoms have increased
• Data exfiltration now common
Readings
• Verizon DBIR
https://enterprise.verizon.com/en-au/resources/reports/dbir/
• ATP Groups – Fireeye
https://www.fireeye.com/current-threats/apt-groups.html

Attention Attendees:
Remember to type your messages to all panellists and attendees
About Me
• 20+ years industry experience
• DIT (Graduand), MMgmt(InfoTech), BIT(SysAdmin)
• CCISO, CDPSE, CISM, CISSP, ISO27001 Lead Implementer,
MACS Snr. CP (Cyber Security)
• ACS Profession Advisory Board Member

• linkedin.com/in/georgthomas
@georgathomas
scholar.google.com/citations?user=z72s_9MAAAAJ
Questions?
References
• International Telecommunications Union (2020). Statistics. Retrieved
from https://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx
• University of Chicago (2018). Data Breach Statistics. Retrieved from
https://voices.uchicago.edu/ehr2040/data-breach-statistics/