Title: Alok Vijayant
1THREAT LANDSCAPE
CYBER
Alok Vijayant CAIIB, MBA(FMS), CEH, H3X PGDCS,
COP(MANDARIN), ADOP(MANDARIN) Director Cyber
Security Operations National Technical Research
Organization
2(No Transcript)
3ALOK VIJAYANT MBA(FMS),CEH, H3X, PGDCS, COP
(CHINESE),ADOP DIRECTOR (IDG) OFFICE OF NSA
(PMO) GOVT OF INDIA
EDUCATIONAL BRIEF Schooling at RIMC, Dehradun,
B.Sc(Hons) Physics, DU, MBA(Finance IT) from
FMS, Delhi University, CEH (Certified Ethical
Hacking) from EC Council, New York, H3X (Ethical
Hacking Expert) from Orchid Seven, PGDCS from
IMT, Ghaziabad
EXPERIENCE Served RBI for 14 years in various
capacities Fake Currencies, Bank Frauds,
Payment Systems, Dealing Rooms Operations Joined
NTRO, Countrys premier Technical Intelligence
Agency (2005) as Head of IDG (Information
Dominance Group) and TFIU (Tech Financial
Intelligence Unit)
SPEAKER AT INTERNATIONAL CONF OWASP
International Conference 2009,2010,2011,2012 ClubH
ack 2008, 2009, 2010,2011,2012 NullCon 2008,
2009, 2010,2011,2012 C0CoN 2009,
2010,2011,2012 MalCoN 2010, 2011,2012 UN Conf on
Terrorist Monitoring, Seattle 2009 SecurityByte
Int Conf, 2011 BlackHat 2011 DefCon 2011 India
Top 100 CISO Award Ceremony, Panelist Governance
Now Mobility Reliability Panelist National
CISO Conference 2012 Speaker (2012) DIA
Conference 2012, 2013
SPEAKER AT RAW Training Institute BPRD SSB
Academy CBI Academy ARTRAC, Defence NICFS IIMC NCR
B NDC, Min of Defence MCTE, Mhow
4RESOURCES
5HUMAN RESOURCE AS A TARGET
6TECHNICAL RESOURCE AS A TARGET
7COST OF ATTACK
8ATTACK INVESTIGATION IN AN ENTERPRISE ..
FIREWALL adequately configured to disallow
EXECUTABLES
9Noisy
ESPIONAGE TARGET
DESTRUCTION TARGET
SLEEPER CELL
Boom
BOTNETS
Selection of Payload with varying Characteristics
DDoS
Silent
Active
10DETECTION THE DIRTY METHOD
Running a Sensor
11HOW WE DO IT .
ATTACK DETECTION
NON-OPTIMIZED
STATISTICAL PREDICTION MODEL
DIRECT THREAD DETECTION
12HOW WE DO IT .
ATTACK MITIGATION
NON-OPTIMIZED
SANDBOXING
MALWARE ANALYSIS
OBTAINING BINARIES
REVERSING
THREAT IDENTIFICATION STATE NCII ACTIVITIES
SINKHOLING DNS
IDENTIFICATION OF INFECTION
ADVISORIES
13(No Transcript)
14Malware Detector
15Identification of CC
16Attack on vital Ministries/Organizations 15TH
Dec 2009
Systematic Investigation Unique mix of
offensive, investigative and recovery mechanism
Investigative Posture
Other Methods
RD Posture
Simulated
NIC asked to place CC as filter
Obtained Details
CC Identified
NIC asked to find recipients of the mail
Recipients informed and measures suggested
Payload identified and reversed
Vaccine Developed
NIC Given fresh sets of targets to place it on
filters
NIC 450 Mail Ids found compromised
Users informed by NIC
IB DIARA Informed and given the list
Users Sanitized
17NATIONAL SECURITY ADVISORY BOARD ATTACK JAN 2010
18SHADOW IN THE CLOUD
19GHOSTNET II WHAT WAS THE TRIGGER
NTRO Team has been investigating and reversing
various Malwares received on information systems
and studying the signatures over a period of
time Cyber Sensor DRISHTI has been observing
the trends in the cyber space by monitoring
incidences of attack on Indian Systems (Database
Size is Approximately 32000 unique
identities) Receipt of distinct signatures of
Chinese Information Systems during earlier
investigations and analysis by NTRO
Team Pilferrage of Data from US/Canadian
Investigators pertaining to Indian Logs relating
to the GHOST NET II being investigated covertly
in US/Canada Matching Data and signature
Analysis revealing the existence of same network
associated with US/Canada as well as India (Could
be leveraged Diplomatically)
20Some Comparisons .
Analysis Performed by NTRO
Logs obtained from US
21Additional Investigation from NTRO on the
subject ..
Analysis Performed by NTRO
NSAB (National Security Advisory Board) Analysis
..
Logs obtained from US
22GHOST NET II (Shadow in the Cloud)
Cyber Operations
Selectors
Cyber Investigations
Results
Agencies
Cabinet Secretary Permission
23STUXNET INVESTIGATIONS
24LATEST ATTACK ON MEA, MHA, MOD, NSCS NOV 1, 2010
25TARGET OF ATTACK MHA, MOD, NSCS, MEA
26(No Transcript)
27DNS SNIFFER
28INFECTIONS DETECTED
NAGPUR
MUMBAI
DELHI
BENGALURU
29More Dreaded Challenges
REGIONAL BOTS ETHNIC/RELIGION BOTS TIME-ZONE
BOTS POLITICAL BOTS
30DETECTION FOR THE NATIONAL ENTERPRISE
The Great Indian Ring of Fire
31Suggested Course of Action
CIO Forum for CIOs Indian Infosec Consortium
for Indian Infosec Professionals CIO for Head
Hunting IIC for Profile Building for Infosec
Professionals IIC To promote Indigenous
Business at the Global Platform GroundZero
Summit To be the International Platform for
Showcasing Clean Exit from Corporates Methods
of IT Security Rating Standard based on
renumeration model Creation of Indian Ring of
Fire to protect Businesses in India Creation of
System Incubation Facilities for Crowd Sourced
Researches. National Cyber Security Academy
First Course due to be launched at OP JINDAL
UNIVERSITY
32The Hackers Conference