All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
Threat landscape 4.0
1. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
ThreatThreat landscape
for Desktops Dr. C.V. Suresh BabuDr. C.V. Suresh Babu
Professor, Dept. of Information Technology,
VTMT
National Cyber safety and security standardNational Cyber safety and security standard
summit-2013summit-2013
2. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
“We are seeing attacks
shifting into a
variety of new areas,
from factories, to
corporations, to
government
agencies, to the
infrastructure that
connects them
together”
Vincent Weafer
Senior vice-president
3. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
What kind of threats are there?
External threats
4. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Internal threats
5. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
The threat landscape over the
last 5years has changed
and the way Institutions
and individuals think about
security has changed
dramatically.
The shift of threat type has
moved from targeting
individuals to much more
organised attacks on large
Institutions
6. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Changes in the Landscape
• Modern threat has moved
beyond pure technical
wisdom of launching
attacks to include the
exploitation of human
behavior.
• Attackers’ erase their
footprint from Intrusion
Detection and Prevention
System (IDPS) inside the
network.
7. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
• Don’t want to draw
attention
• Strong evidence that they
‘test’ first.
• Easier to steal from 200,
than 200,000
• Specific targeted attacks
– Easily deployed through spam.
– Drop malware either directly or from website
8. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
9. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
• Mobile Security (BYOD)
• Cloud-Based Services
10. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Countering The Emerging Threat
• Engage With Peers
– Note- In our institution we have a policy
of information sharing among our group
and other institutions
• Industry – institution Sharing
• Industry – Government Sharing
• Global Communication
• Prioritizing Data
– Note- In our institution we have a in place
a data-centric protection strategy
11. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Our practices
• We Prepare Students to Fight Cyber Threats
• We have been implementing new
technologies, new procedures and sharing
hacking and malware indicators that help
identify and remediate malicious attacks
12. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Cyber threats are growing,
So are your career opportunitiescareer opportunities
13. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
It has been calculated that the worldwide
market for protection against cyber
attacks will have reached
80 billion $80 billion $
by
2017
14. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Turning threat Into Opportunities
Innovation
is the ability to see change
as an opportunity
not a threat
15. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
• it has become increasingly necessary to
remain educated about exposure to potential
threats, as well as safeguards against them.
• The more we get attacked, the more we are
able to collect data points turning them into
intelligence that can be used to counter the
threats
16. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
SuggestionsSuggestions
• We have the potential to do well in
cyber security,
• Need for cyber security in our
curriculum
• Research based education in
information security should be
increased
17. Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College
Conclusions & recommendations
“If you think technology can solve your security problems, then
you don’t understand the PROBLEMS
&
you don’t understand the TECHNOLOGY
– Bruce Schneier
• The field of IT security threats—and mitigating them—is a
constantly changing landscape—meaning it is important
to patch, remediate and review your existing devices, as
well as applying the same processes to your ongoing
defenses and defense strategies.
Editor's Notes
Malware (meaning viruses, worms and Trojans) are the most obvious and potentially damaging threats. Keylogging Trojans can steal confidential information, such as school records, or student information. Proxy Trojans can route email through your servers, wasting bandwidth. Network bots are particularly damaging, not only for the administrators to clean but the potential harm they can do to your network. Rootkits are particularly insidious. (get into later) “ Ransomware” is a recent form of malware. The way it works - the program compresses and hides users’ documents. Then an email is sent that states that the docs will be deleted unless the user either a) send a money order of x dollars or b) purchase something from an online pharmacy. The email will state they will send you the encryption code once the money has cleared. Malware used to be a nuisance (displaying stupid messages or deleting data) Obvious payloads meant the victim was made aware of the problem early in the cycle. Now cybercriminals are using less obvious, more stealthy methods Examples - stealing information, turning off a computer’s anti-virus software, and dropping malicious code which can then be used for a variety of tasks. Virtually impossible to know that you are infected unless you run security software
We have seen examples of this several times. A school network administrator sends in sample after sample of specific malware variants that are never seen by any other customer. The malware is being launched again and again by someone within the school - a user or a student.
So to summarize, The vast majority of malware that SophosLabs process is this type of simple trojan. They are sent out in small targetted attacks. It’s a lot easier to steal from 200 people, you can process the data easily, and no one notices. We also see them testing first to make sure av vendors can’t detect. They can either purchase a copy of av products, or send them to websites that will run 25 av scanners over them and report back who detects what. They use a variety of techniques to hide themselves, mostly using packing techniques and a variety of updating techniques. We saw an example of this late last year, where we watched as an attacker spammed out his malware, changed the packing, spammed it again, changed the packing, and so on. It started at 2pm UK time and continued on till 10pm, then the next day it started again, he was obviously working US east coast time. We’ve also seen examples of malware toolkits for sale, allowing authors to easily develop and deploy new malware. One particular site, where these can be bought even has a technical support telephone number to call. And describe themselves as ‘Independent Spyware and Adware developers’.