Post on 21-Jun-2015
All rights reserved to Security Art Ltd. 2002 - 2010 www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Industrial Cyber Warfare Already Here
I t z ik Kot le r
CTO, Secur i t y Ar t
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Cyber Warfare
• C y b e r W a r f a r e i s t h e u s e o f e l e c t r o n i c c o m m u n i c a ti o n s a n d t h e I n t e r n e t t o d i s r u p t a c o u n t r y ' s t e l e c o m m u n i c a ti o n s , p o w e r s u p p l y, t r a n s p o r t s y s t e m , e t c .
• C y b e r W a r f a r e a r s e n a l i n c l u d e s : L o g i c B o m b s , P e r m a n e n t D e n i a l - o f - S e r v i c e , A d v a n c e d P e r s i s t e n t T h r e a t s a n d m o r e .
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Let Me Stuxnet You!
• To d a y i t ’s a c o u n t r y t h a t s e e k s t o d e s t r o y a n o t h e r n a ti o n a n d t o m o r r o w i t ’s a c o m m e r c i a l c o m p a n y t h a t s e e k s t o m a k e a r i v a l c o m p a n y g o o u t o f b u s i n e s s . A n a c t o f I n d u s t r i a l C y b e r W a r f a r e .
• A s u c c e s s f u l l y d e l i v e r e d I n d u s t r i a l C y b e r Wa r f a r e a tt a c k c a u s e s fi n a n c i a l l o s s , o p e r a ti o n l o s s , o r b o t h t o t h e a tt a c k e d c o m p a n y !
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Industrial Cyber Warfare: Why & Who?
• I n d u s t r i a l E s p i o n a g e
– R i v a l C o m p a n i e s
– F o r e i g n C o u n t r i e s
• Te r r o r i s m
– P o l i ti c a l / S o c i a l A g e n d a
– R e v e n g e
• B l a c k m a i l i n g
– G r e e d , P o w e r a n d e t c .
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
1st Step: Getting In
• G e tti n g i n f e c t e d w i t h m a l w a r e i s u s u a l l y m u c h e a s i e r t h a n d e t e c ti n g i t , o r g e tti n g r i d o f i t .
• D e l i v e r y v e c t o r s :
– C l i e n t - s i d e V u l n e r a b i l i ti e s
– S o c i a l N e t w o r k s
– S o c i a l E n g i n e e r i n g
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Permanent Denial-of-Service
• P e r m a n e n t D e n i a l - o f - S e r v i c e i s a n a tt a c k t h a t d a m a g e s h a r d w a r e s o b a d l y t h a t i t r e q u i r e s r e p l a c e m e n t o r r e i n s t a l l a ti o n o f h a r d w a r e .
• T h e d a m a g e p o t e n ti a l i s o n a g r a n d s c a l e , a l m o s t a n y t h i n g a n d e v e r y t h i n g i s c o n t r o l l e d b y s o ft w a r e t h a t c a n b e m o d i fi e d o r a tt a c k e d
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
How Permanent Denial-of-Service Works?
• P u s h i n g h a r d w a r e t o i t s e x t r e m e , o r c o r r u p t i t s i n t e r n a l p r o g r a m / d a t a s t r u c t u r e s
• P e r m a n e n t D e n i a l - o f - S e r v i c e A tt a c k s :
– O v e r v o l ti n g
– O v e r c l o c k i n g
– O v e r u s i n g
– P o w e r C y c l i n g
– P h l a s h i n g
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
2nd Step: Attacking Hardware
• P e r m a n e n t D e n i a l - o f - S e r v i c e a tt a c k s a r e r a n g i n g f r o m r e n d e r i n g d e v i c e s s u c h a s i P h o n e s , i P o d a n d i P a d s u s e l e s s t o c r a s h i n g h a r d d r i v e s , a n d t o i n c r e a s i n g t h e v o l t a g e w i t h i n C P U ’s .
• P e r m a n e n t D e n i a l - o f - S e r v i c e a tt a c k s c a n b e i n d e p e n d e n t , o r c h e s t r a t e d , r e m o t e l y t r i g g e r e d a n d e t c .
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Scenario #1: Attacking the CEO’s iPad
Attacker is using Spear Phishing/Whaling to
infected the CEO with a Malware
The Malware contains a Permanent Denial-of-Service payload that renders iPad useless
The CEO connects his iPad to his laptop for
syncing purposes
The Malware overwrites the iPad
Firmware with a corrupted one and renders it useless
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Scenario #2: Attacking the CRM/ERP
Attacker is using Social Network to get to an employee and infect him with a Malware
The Malware contains a Permanent Denial-of-Service payload that
overvolts the CRM/ERP servers CPU
The Malware s exploits remote vulnerabilities
to gain access to CRM/ERP servers
Malware copies itself to CRM/ERP servers and
Overvolts the CPU beyond it’s limits
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Scenario #3: Taking down the Company
Attacker is using a Client-side Vulnerability to infect an Employee
with a Worm
Employee connects his infected Laptop to
Cooperate Network and the Worm spreads
The Worm contains a Permanent Denial-of-Service payload that
crashes the hard drive
Two weeks later, all the hard drives in the
company’s computers and laptops crashed on
the same day
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Industrial Cyber Warfare Already Here
• C y b e r W a r f a r e i s e x p e c t e d t o h i t t h e c o m m e r c i a l m a r k e t i n t h e n e x t f e w y e a r s a n d w e w i l l s e e m o r e a n d m o r e c o m p a n i e s b e e n a tt a c k e d b y A P T t h a t w i l l “ b l o w u p ” i n t h e i r f a c e .
• T h e r e i s n o s i l v e r b u l l e t f o r i t , t h i s t h r e a t r e q u i r e s a t h r e a t m o d e l i n g t h a t r e fl e c t s n o t o n l y t e c h n o l o g i c a l u n d e r s t a n d i n g b u t a l s o b u s i n e s s u n d e r s t a n d i n g o f t h e c o m p a n y a n d i t ’s a s s e t s .
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Thanks!
Questions are guaranteed in life; Answers aren't.
mai l to : i t z i k . ko t le r@secur i t y -a r t . com