APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a...
Transcript of APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a...
![Page 1: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/1.jpg)
APT Protect ion for
Cri t ical Information
Infrast ructure
M i n i s t r y o f I n f o r m a t i o n & C o m m u n i c a t i o n s o f V N
A U T H O R I T Y O F I N F O R M A T I O N S E C U R I T Y
N A T I O N A L C Y B E R S E C U R I T Y C E N T E R
![Page 2: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/2.jpg)
2AGENDA
• Overview of Cyber Security & CIIP in Viet Nam
• APT Protection for CII:
• Technology
• Information
• Human
![Page 3: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/3.jpg)
3
Organizational Structure (1)
Government
Ministry of Public Security
In charge of cyber crime
Ministry of Information and Communications
In charge of cyber security
(civil affairs)
Ministry of Defense
In charge of cyber war
![Page 4: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/4.jpg)
4
Organizational Structure (2)
Ministry of Information and Communications
Viet Nam Computer Emergency Response
Team (VNCERT)
Mainly focus onincidents coordination
Authority of Information Security
(AIS)
Oversee the state administration in
cyber security
National Electronic Authentication Center
(NEAC)
Mainly focus on electronic
authentication
![Page 5: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/5.jpg)
5
Organizational Structure (3)Ministry of
Information and Communications
In charge of cyber security
(civil affairs)
Authority of Information Security
(AIS)Oversee the state
administration in cyber security
National Cyber Security Center
(NCSC)National SOC
Viet Nam Computer Emergency Response
Team (VNCERT)Mainly focus on incidents
coordination
National Electronic Authentication Center
(NEAC)Mainly focus on electronic
authentication
![Page 6: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/6.jpg)
6
Master Plan 2016 - 2020
Cyber resilience:
- National Level
- Organizational Level
CII
Protection
Awareness
Raising
CooperationMarket Development
Capacity Building
Cyber Security Master Plan 2016 –2020approved by Prime Minister on 27 May 2016
CII ProtectionGovernment Decision No. 623 dated on 10/5/2017 on priority of CII list. Lead by MIC
CII Protection PlanMIC Decision No. 2022 dated on 15/11/2017
![Page 7: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/7.jpg)
7
Critical areas of CII
Information infrastructure in energy areaLeaded by Ministry of Industry and Trade
Information infrastructure in municipal areaLeaded by People’s Committee of Ha Noi,Ho Chi Minh City
Information infrastructure in security areaLeaded by Ministry of Public Security
Information infrastructure in environmental areaLeaded by Ministry of Nature resources and environment
Information infrastructure in defensive areaLeaded by Ministry of National Defense
Information infrastructure in banking areaLeaded by State bank
Information infrastructure in financial areaLeaded by Ministry of Finance
Information infrastructure in medical areaLeaded by Ministry of Health
Information infrastructure in information & communication areaLeaded by Ministry of Information and Communications
Information Infrastructure for guiding, operating of Government
Leaded by Office of the Government
Information infrastructure in transportation areaLeaded by Ministry of Transport
![Page 8: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/8.jpg)
8
Legal FrameworkCritical Information Infrastructure Protection
Level 5
Level 4
Level 3
Level 2
Level 1
Information System Classifications
The higher, the more important
Critical Information Infrastructure
![Page 9: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/9.jpg)
9
Classification information system based on
security level
The level of consequence
Normal
harm
Serious
harm
Extremely serious
harm
Impact on
Lawful rights and interests
of organizations or
individuals
--- Level 1 Level 2
Public interests and social
order, safetyLevel 2 Level 3 Level 4
National defense and
securityLevel 3 Level 4 Level 5
Five level of security requirementThe decree on Protecting system based on level of security
![Page 10: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/10.jpg)
10
NIST Framework for Improving Critical Infrastructure Cybersecurity
IDENTIFY PROTECT DETECT RESPOND RECOVER
IT EnvironmentICS Environment
![Page 11: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/11.jpg)
11
136 Organizations in Vietnam are
attacked by APT
Quarter I - 2019
![Page 12: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/12.jpg)
12
HOW LONG DOES IT TAKE TO DETECT AN APTATTACK?
78 DAYS
204 DAYS
GLOBAL
APAC
Source: Fire Eye’s report
![Page 13: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/13.jpg)
13
N C S C
BUSINESS PRESENTATION2017
W E L C O M E
“If you know the enemy
and know yourself, you
need not fear the result of
a hundred battles.”
![Page 14: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/14.jpg)
14
There IS a GAPbetween Attack & Defense
![Page 15: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/15.jpg)
15ATTACK – DEFENSE GAP
APT’SCHARACTERISTICS
• Tailored malware & tools
• TTPs changing continuously
• Low & Slow
• Advanced Team Behind
![Page 16: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/16.jpg)
16ATTACK – DEFENSE GAP
DEFENSE TEAM
• Effective tools to detect & respond?
• Update new TTPs?
• Continuously monitoring?
• Advanced Team?
![Page 17: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/17.jpg)
17ATTACK – DEFENSE GAP
How to remove the
GAPS ?
TECHNOLOGY
INFORMATION
TEAM
![Page 18: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/18.jpg)
181.TECHNOLOGY GAP
IDENTIFY PROTECT DETECT RESPOND RECOVER
NIST Framework for Improving Critical Infrastructure Cybersecurity
![Page 19: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/19.jpg)
19
MONITOR ANALYZE
INVESTIGATERESPOND
ENDPOINT DETECTION & RESONSE
EDR
1.TECHNOLOGY GAP
![Page 20: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/20.jpg)
20
ATTACK-CHAINIOA
IOC
Initial Access
Execution
Persistence
Privilege Escalation
Defensive Evasion
Credential Access
Discovery
Lateral Movement
Data Collection
Exfiltration
Command & Control
Windowsevents
Network events
WMI events
Process events File
events
Registryevents
EDR - DETECTION
![Page 21: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/21.jpg)
21
Alert Contain Investigate Respond
CLOSED WORKFLOW & UNIQUE WORKSPACE
EDR - IR Workflow
![Page 22: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/22.jpg)
22EDR – INVESTIGATION & RESPONSE
Example of a Vietnamese’s EDR solution
![Page 23: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/23.jpg)
23
Example of a Vietnamese’s EDR solution
EDR – INVESTIGATION & RESPONSE
![Page 24: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/24.jpg)
24
ACTION
NEW CVE
CRITICAL
NEW APT OPERATIONS
NEW THREATACTORS
DATA LEAK
NEW MALWARE
NEW ATTACKING TECHNIQUES
2. INFORMATION GAP
![Page 25: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/25.jpg)
25
ORGANIZATIONS NEED
ACTIONABLE INTELLIGENCE
![Page 26: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/26.jpg)
26
Threat intelligence is evidence-basedknowledge, including context, mechanisms,indicators, implications and actionable advice,about an existing or emerging menace orhazard to assets that can be used to informdecisions regarding the subject's response tothat menace or hazard.
Gartner
Threat Intelligence
![Page 27: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/27.jpg)
27
N C S C
Threat Intelligence Sharing
Internal – SIEM, NOCs, Sysadmins, CIRTs…
External – Trusted partners, Law Enforcements, Vendors
Standards – IODEF, YARA, OpenIOC, IF-MAP, STIX, TAXII, VERIS,
CyBOX, TLP, OTX, CIF etc.
![Page 28: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/28.jpg)
28THREAT INTELLIGENCE – ACTIONABLEINTELLIGENCE
Example of a Vietnamese’s Threat Intelligence platform
![Page 29: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/29.jpg)
29THREAT INTELLIGENCE – ACTIONABLEINTELLIGENCE
Example of a Vietnamese’s Threat Intelligence platform
![Page 30: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/30.jpg)
30THREAT INTELLIGENCE –APT TRACKING
Example of a Vietnamese’s Threat Intelligence platform
![Page 31: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/31.jpg)
31
Job ApplicationLetters
Business Contracts
[email protected] Application Letters
Other public emails
THREAT INTELLIGENCE –TACTICS & PROCEDURES
![Page 32: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/32.jpg)
32
Example of an APT attack in Vietnam
![Page 33: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/33.jpg)
33
THREAT HUNTING
Image Source: sqrrl.com
![Page 34: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/34.jpg)
34
24/7 Monitoring Detect, Investigate & Respond
3.HUMAN GAP
![Page 35: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/35.jpg)
35
MANAGED DETECTION & RESPONSE SERVICE
*SOURCE: Gartner’s report
MDR
![Page 36: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/36.jpg)
36
MDR SERVICE
• Focus on threats
• High skilled Team
• Quick deployment
• Flexible Model
• Lower Cost
MANAGED DETECTION & RESPONSE
![Page 37: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/37.jpg)
37
*SOURCE: Gartner’s report
Initiative: Malware & Cyber Attack Prevention
Alliance
![Page 38: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/38.jpg)
38
N C S C
TECHNOLOGYQUICKLY REMOVE THE
GAPS INFORMATION
HUMAN
EDR
TI
MDR
SUMMARY
![Page 39: APT Protection for CI - nowis.kr · APT Protection for Critical Information ... Example of a Vietnamese’s Threat Intelligence platform. ... Example of an APT attack in Vietnam.](https://reader036.fdocuments.in/reader036/viewer/2022070710/5ec5f5e990ca1d693c706253/html5/thumbnails/39.jpg)
THANK YOU!Q&A