This presentation is on the article "Business Under Cyberassault" By JEFF JOHN ROBERTS and ADAM LASHINSKY which is published on Fortune at July 2017.

1. Business Under Cyber Assault

2. Mohammad HUSAIN
+8801688086897
© facebook.com/husain821 ©linkedin.com/in/husain821 ©husain821@gmail.com

3. 3
Do you know about Bangladesh Bank robbery?

4. Hackers have stolen $81 million from Bangladesh bank account.

5. Cybercrime

6. Interfering on Precedential
Election 2016
A group of Hackers have exposed Countless private e-
mails from the Democratic National Committee at the
time of precedential election 2016.
6

7. Interfering on personnel documents
Stealing money

8. Under Cyber attack

10. “As the number of cybercrime is
increasing, the business cost is
increasing”

11. 5.85 million
7.35 million
0
1
2
3
4
5
6
7
8
2014 2017

12. Cybercrime cost the global economy
more than $450 billon

13. No corporate
Network
is Safe

14. 75% don’t have cyber security
response plan
66% are not confident in their
organization’s ability to recover
from an attack

16. 16
Hacker Groups of the World
Fancy Bear
• Rival Agency
of Russian Spy
service
• Exposed
private emails
of Democratic
National
Committee.
Lazarus Group
• Associated with
North Korea.
• Stolen money
from Bangladesh
Bank account
• Hacked Sony
picture
Entertainment.
Equation Group
• Associated with
National Security
Agency
• The name was
given by kaspersky
antivirus firm.
Comment Crew
• A part of People’s
liberation army.
• Habit of hide in
comment.
Sandworm
• Believed to
associated with
Russians.
• Shut down a
power Ukraine last
year.

17. In 2014, Uber was breached and
the information of 1,00,00 drivers
was leaked

18. Playing
Defense In 2017, an Uber employee reported
suspicious E-mail
Similar type of information was
flooding into the company

19. Establishment of “Incident
commander”
Investigation
Keep the company inform about
potential attack

20. Targeting Gmail users, not Uber
20
Later the same day Google
fixed the vulnerability

21. 2012
21
▪ 6.5 million accounts were hacked
▪ Later the company realized the damage was massive.

22. 2013
22
▪ 110 million customers information exposed
▪ Later CEO resigned

23. 2014
23
▪ Stole data about millions of bank accounts
▪ Used in fraud activities over $100 million

24. 2014
24
▪ Stole email & credit card data from 50 million customer
▪ The breach cost retail chain $179 million for recovery

25. 2015
25
▪ Accessed into chain’s payment system
▪ Stole credit card information

26. 2015
26
▪ Accessed emails of USA’s renowned law firms
▪ Made $4 million trading on information

27. 2016
27
▪ Due to weakness in SWIFT payment system North Korean
hackers stole $81 million from Bangladesh Central bank

28. 2017
28
▪ Eastern European gang used phishing to steal credit card
information of it’s customer

29. An Industry is Born
29
❑Darktrace uses artificial intelligence to detect aberrant activity on
clients network
❑Hackers captured the microphone remotely and were using it to
spy on every board meeting

30. An Industry is Born
30
• Tanium let the company know who is on their network
• Palo Alto Networks makes a kind intelligent firewall
Newcomers

31. 31
With all of firepower arrayed against it, how
can cybercrime continue to grow so fast?

32. 32
Breaking the defense
• One answer is that glitzy defense systems don’t work as
advertised
• Poor process of implementation

33. There will always be someone who clicks
on a message like, “Uh-oh. Did you see
these pictures from office party?”
33
Breaking the defense

34. 34

35. The fight against hacking is a never
ending battle
35

36. 36
- Cyber security experts.
- Established in 2009 but officially announced in 2014.

37. “Project Zero”
- “Zero day”.
- Companies and peoples have had no time
- Fixing immediately
37

38. Reporting bugs
Activity of ”Project Zero”
38
Testing & Bug finding
Online Advertising “Protecting internet users from
threats means protecting the
ability of company to serve
those users”
Report without any public
announcement
Software code testing

39. 39
- Error, failure, faults.
- “Vulnerabilities”
- Giving access.
- By using bugs, hacker may hack.
Bug !

40. Former Head of Google Chrome Security: Chris Evans
“The foundations for Project Zero were laid across years of thoughtful lunchtime
conversations and years of observing the evolution of attacks”
40
Origin of
Project Zero

41. Operation Aurora
Simple timeline
Chinese Government Fault in Microsoft Patching fault
Targeted tech titans Reported to Microsoft
41
Sponsored hackers
Attacked, breached,
steal and attempted to
spy
In order to fix
Internet Explorer 6 After waiting seven
months

42. Bug in Oracle
In 2010, Ormandy find bugs in Oracle’s Java software
42

43. 43
Another Windows
bug!
In 2013, Ormandy choose to make
another Window’s bug public
before Microsoft develop it.

44. Google vs Microsoft

45. Recruiting:
1. Chris Helms took the helm
2. Ian Beer
3. Ben Hawkes
4. George Hotz
45

46. Apple’s bug
46
Bugs in Safari
Bugs in OS X

48. 48
- A U.S. company provide content delivery network, internet security service, domain name server.
- Founded by Matthew Prince.

49. Cloudbleed
Normal code testing
Weird !
Data leak
Tweeted
49

51. 1
2
3
4
5
6
Cloudbleed
Informing CTO of Cloudflare
Negotiation
Joined a Google Hangout
Damaged data
Removing bugs
Project zero team was impressed
51