Understanding and tackling “next-tier” cyber threats Charles Mok Legislative Councillor (Information Technology) @charlesmok www.cloudsec.com |
#CLOUDSEC
What happened in 2017? Ransomware: Top threat
2
Common types of attacks
IoT vulnerabilities
Email phishing
Social engineering
IoT for DDoS attack
More vulnerabilities exposed: and not just on PCs Spyware, malware keeps appearing in app stores Stealing credentials
The New Threat Landscape
Targeted Stealthy Personalized
Zero-day
TARGETED •
Critical infrastructure: electric power systems, transport infrastructure, supply chain
• •
High risk industries: healthcare providers, finance Others: government, higher education, retail, travel/hospitality, technology, entertainment
#CLOUDSEC
Newer attack methods emerging Ransom denial-of-service (RDoS) Destruction of service (DeOS) destroying organisations data and back-up
Automation: reused malware + automation by bots to attack new exploits and flaws Sophisticated phishing
Hackers for hire:
Attacks-as-a-service • DDoS-as-a-service • ransomware-as-aservice • Fraud-as-a-service
#CLOUDSEC
hacker ecosystem: spreading tools in the dark web even paid subscription
How to tackle new cybercrime scenarios?
10
Strengthening defence against newer threats require holistic approach
Proactive prevention and detection
Training of inhouse personnel
cyber resilience plan for recovery
Regularly patch and update systems
Trend: Promote cooperation between public and private sector with legislation to protect digital assets
THANK YOU Charles Mok Legislative Councillor (Information Technology) @charlesmok www.cloudsec.com |
#CLOUDSEC