Transcription
MagentaSecurityPRESENT AND UPCOMINGcyber SECURITY THREATSThomas TschersichThomas TSCHERSICH@TTSCHERSICHTHOMAS TSCHERSICH TELEKOMSECURITY
Security is the Foundation of DigitazationIPALL IS SECURETHOMAS TSCHERSICH TELEKOM SECURITY
BUT HOW DOESREALITYLOOK LIKE?THOMAS TSCHERSICH TELEKOM SECURITY
GERMANY:CYBERATTACKSARE REAL ANDINCREASINGEvery 3minutes60%ALMOST55 BN. A company is attackedOf all cyber attacks aredirected against mid-sizebusinessDamage of the Germaneconomy PER YEARBased on im-fadenkreuz-von-cyberkriminellen-31276.THOMAS TSCHERSICH TELEKOM SECURITY
LET’S HAVE A CLOSERLOOK THOMAS TSCHERSICH TELEKOM SECURITY
Attacks on critical infrastructure are real!SEP 2010MAy 2015DEc 2015NOV 2016MAY 2017Destruction ofindustrial plantsCompleteexchange of IT80.000 peoplewithout power900.000 peoplewithout internetLong-lastingIT outtagesATTACK ONIRANIANNUCLEARPROGRAMAttack ongermanPARLIAMENTattack onUKRAINIANpower gridBotnetAttack onHOME RouterSRansomwareattack onDESKTOP PCsTHOMAS TSCHERSICH TELEKOM SECURITY
common attacks on critical infrastructureAMOUNT OF ATTACKS WITHIN 5 MONTHSINCREASE BY APPROX. 40%RANSOMWAREPHISHING01020OCTOBER 2017304050607080FEBRUARY 2018** PERIOD OF COLLECTION; AMOUNT OF ATTACKS COMPARED TO EACH OTHERTHOMAS TSCHERSICH TELEKOM SECURITYSource: Monitor IT-Sicherheit Kritischer Infrastrukturen 2.0
LET’S TALK ABOUTATTACK(ER)S THOMAS TSCHERSICH TELEKOM SECURITY
Attacks are EVOlVING OVER TIMECryptotrojanS?RANSOMWAREVIRUSES edHANDHELDSDenial ofService20132020THOMAS TSCHERSICH TELEKOM SECURITY
various attackers BUT same telligenceservicesMotivationFAME AND HONOR,FUN AND GAMESFRAUD, BLACKMAIL,MONEY LAUNDERINGEXPRESSING Y INDIVIDUALSWELL-ORGANIZEDGROUPS, WORLDWIDEDISTRIBUTION, VASTFUNDING AVAILABLEWELL-ORGANIZEDGROUPS, ”FUNDINGExamplesDEFACING WEBSITES,REPORTINGVULNERABILITIES TOTHE PUBLIC, PHISHING, DDOS,SPAM, DDOS, INFORMATIONLEAKAGE, TARGETED ATTACKS,DDOS, THOMAS TSCHERSICH TELEKOM SECURITY
HOW DO THEY WORK?THOMAS TSCHERSICH TELEKOM SECURITY
attackers are faster than defendersTIME SPENT FORPRE-ATTACK60 % OF ALL CASESRESEARCHTIME TOCOMPROMISE DATA56 % OF ALL CASESAFTER BREAK-INTIME TO DISCOVER79 % OF ALL CASESBREAK-INTIME FORCONTAINMENT AND64% OF ALL CASESCLEAN UPMINUTESHOURSDAYSTHOMAS TSCHERSICH TELEKOM SECURITYWEEKSMONTHSSource: Verizon Breach Report.
ATTACKERS ARE INNOVATIVE AND CONTINUE TO EVOLVEZERO DAY EXPLOITSATTACKS ONAUTONOMOUSVEHICLESRANSOMWAREATTACKS ONFIRMWARE90% of corporate networks are protectedBut only 10% of industrial networksATTACKS ON POWER/HEATING SYSTEMSATTACKS ONCLOUD SERVICESSPEAR PHISHING &FAKED IDENTITIESTHOMAS TSCHERSICH TELEKOM SECURITYATTACKS ONPRODUCTION PLANTS(SCADA SYSTEMS)
ARE DEFENDERSPREPARED?THOMAS TSCHERSICH TELEKOM SECURITY
HAVE YOU EVER SEEN THAT?THOMAS TSCHERSICH TELEKOM SECURITY
WANNACRY: ANATOMY OF A ZERO-DAY VULNERABILITYsince 2012 March 12thAPRILMay 12thJune 27th2017CIA/NSA usevulnerabilityMicrosoftMicrosoft WikiLeaksPatch for went public Patch forsupported & EXPLOIT outdated OSAVAILABLEOSZero Day PhaseKnown problem PhaseNoPetyaAVOIDABLETROUGHPATCHIgnorance PhaseTHOMAS TSCHERSICH TELEKOM SECURITY
THE ONLY ANSWER IS TO PATCH!THOMAS TSCHERSICH TELEKOM SECURITY
SO WHAT ARETHE CHALLANGES?THOMAS TSCHERSICH TELEKOM SECURITY
TODAY’S BIggEST CHALLENgES fOR SECURITYCost pressureIncreasing attacksurfaceMissing Securityby designLack of expertiseComplex ProductsTHOMAS TSCHERSICH TELEKOM SECURITY
AND WHAT ISTHE WAY OUT?THOMAS TSCHERSICH TELEKOM SECURITY
Future Trends in Cyber SecurityCooperation between industry, research and politicsResponsibility during the whole digital supply chainExchange regarding vulnerabilitiesCertification & update requirementsPRODUCER’S LIABILITYTHOMAS TSCHERSICH TELEKOM SECURITY
MAGENTASECURITYTHANK YOU!T-SYSTEMS INTERNATIONAL GMBHTELEKOM SECURITYTHOMAS TSCHERSICH TELEKOM SECURITY
MAy 2015 attack on UKRAINIAN power grid 80.000 people without power DEc 2015 Ransomware attack on DESKTOP PC s Long-lasting IT outtages MAY 2017 Botnet-Attack on . Future Trends in Cyber Security. THOMAS TSCHERSICH TELEKOM SECURITY MAGENTA SECURITY THANK YOU! T-SYSTEMS INTERNATIONAL GMBH TELEKOM SECURITY. Title:
