Our Videos

Audio Transcript similarly segmentation the entry path to ot or iot uh attacks are usually id and how do we segregate the it network from the ot or the IoT network that is also an important piece and we’ll have to establish uh an authenticated network path and there has to be a machine which monitors and this machine should be owned by the security organization in managing the connectivity between ide and the ot or the IoT environment this is where webring in our network segmentation solution which and which can also bring in micro-segmentation and allow uh building secure uh zones and conduits between those zones to make sure that there is no lateral movement of the attack and also this uh solutions can help in building baselines to smart spot any anomalies or configuration changes or tag changes within the network environment itself

we’ve done that uh our way is asking do compliance regulations actually help if yes how can we get started very good question there okay uh i couldn’t again emphasize on this enough in fact we’ve got a entire section on our website where we are we are giving away free compliance kits which you can download and use instantly it contains um you know all the regulations that you need to know about we’ve got a handbook that we prepared and given that you can use okay now that that’s out of the way answering your question very specifically yes regulations do help because um you know we have seen in various sectors healthcare and otherwise where regulations actually brought in plenty of change so how do they uh help because they again when it becomes a compliance mandate there are other drivers it’s very easy to move budgets for instance you know it’s very easy to get a buy-in from the senior management and the board for some of the initiatives that you might be doing and it’s very easy to get things done uh you know once you have a mandate sort of lurking in the in the background how can you get started awareness again very important because that’s the point from where it all starts because at secret we are tracking over you know i think roughly 200 to 250 pieces of mandates at various levels uh connected not just with mandates but with frameworks such as iec 62443 and various nist uh sort of you know recommendations and standard prescriptions from uh inisa and other uh entities in singapore india other places are actually so the the best thing to do is uh look at the facility look at the geography where the facilities if you are a multi-country sort of entity look at you know a facility that’s in a specific country and see what kind of regulations are there in that particular country that you can start off with and then gradually work your way up and you know align yourself with other regulators that are out there you can voluntarily adapt a lot of these standards so to say again compliance mandates you have to comply you there is no two ways about it unless you know you’ve got some time or they’ve given some sort of a leeway for you to adjust or something but otherwise what we say is on one track initiate the compliance related uh sort of adherence measures and at the other in parallel running the standards of you know compliance as well so that you have both these tracks running in parallel and what it will result in is that it’s super sensitive hypersensitive uh cyber security uh uh you know hypersensitive organization when it comes to cyber security so you are able to adapt quickly even if there’s a new mandate that comes in from any government for that matter from any regulator for that matter you are still ready for it right so it’s it’s a journey i must say uh and but then again you have to get started somewhere awareness uh compliance with local geographical uh you know country level mandates or your regional level mandates whatever they may be and then work your way up you don’t have to be ever restricted by a geography when it comes to a mandate and if you want to really you know scale up things you can definitely look at multiple entry points for a compliance exercise but the very fact that you are having discussions in your organization that itself is a big one that’s a big thing

so what are the key takeaways from the 2022 edition of the threat landscape report right again cyber security needs to be taken more seriously no prices for guessing that one i think this is something we have been everyone has been speaking about it’s a lot of this um you’ve seen how innovative hackers have become in the last one year alone so imagine what’s going to happen in 2022 when those two sectors that i mentioned uh uh start getting targeted what kind of techno methods or your tactics or strategies would uh these hackers deploy to actually target those two sectors that need to be seen and the aviation being source of a critical uh a a you know vertical you know this is something we are watching up close to see that you know nothing happens there again mining there could be a lot of ecological impacts that could be triggered due to a cyber attack not to mention loss of lives that could happen if you know things go wrong ransom payouts could lead to job losses tall growth and muted investor enthusiasm no prices for guessing that one as well because at the end of the day this money that’s been paid as ransom is not coming out from uh you know outside the company or somebody else is not paying for it it’s coming from the company’s own coffers so you know it becomes very difficult uh it has to be taken from some other activity uh and you know put into this particular uh sort of use apds are only one half of the problem inside the threats are going dead drops as i just mentioned you must have seen what’s going wrong there uh as well uh and if you don’t know what’s going on in your infrastructure somebody else will right so we need to see what exactly is happening uh where exactly are the vulnerabilities what’s the patch status which devices are connected whether any rogue devices are there basic hygiene right this itself will prevent a lot of these cyber attacks again um sorry tools and thread intelligence are available but what is lacking is bill again or in certain instances time or you know other priorities that might come into the picture or you have a fatigued soft team that’s not able to absorb these best practices and uh you know amp up the game so the same cyber diligence and discipline are as important as having a skilled workforce again we all understand how tough it is to uh really get skilled uh you know workforce in the cyber security sort of domain but then again discipline and diligence are important let’s not lose focus on that as well because discipline is what will really ensure uh that you know these attacks are not just prevented but they’re deterred as well uh bad actors are evolving cyber defense strategies are not yes that is something we again keep on saying all the time a lot of these takeaways would seem like you’ve heard them before or you know you have sort of you know or you might be implementing some of these as well but i wanted to bring a con sort of a context for these takeaways today so that you understand that you know how the threat environment around you is evolving way faster than any one of us can adapt right uh 18 million attacks that’s what we monitor 18 to 25 million in on some days but each one of these attacks right brings the hackers closer to the next level of evolution that’s something we need to uh really understand and we need to ask ourselves are our strategies are our tactics are our attempts to sort of you know you know control these cyber attacks and get back at these hackers are they are we taking similar steps or are we at least trying to take those kind of steps the answer in many instances maybe no again because of lot of other priorities but then again knowing what you’re seeing today in this presentation and if you read the report you’d see much more data there in terms of what really is going on be it reply phishing be dead drops or be the kind of you know effort they’re putting into monetizing these cyber attacks quickly and moving on like you know hackers have got everything figured out but unfortunately we are still uh stuck at the detection phase or still trying to figure out whether it’s a compliance related issue or something else and all that lucky a lot of us are definitely trying our best to move up and do a lot more uh but then again a lot more needs to be done and to ensure that the diligence and discipline is brought in and you know we take this up as a challenge that the hackers have thrown at us that you know we will be evolving much faster than they are

so how is ukraine uh and russia the conflict sort of how is it changing cyberspace i think that’s what they are asking so see there are multiple dimensions to this you must have heard a lot of advisories coming out uh asking you know uh governments asking you to prepare for this flurry of cyber attacks that are going to come our way now usually what happens is if the hackers are not really living up to a certain advisory that is coming out that is something of concern because it means that they are waiting for certain triggers now it could be the trigger could be you know a a decision made by their higher ups or the forces that are controlling them or it could be a certain geopolitical event or a subgeopolitical event or something that they’re waiting for to launch these attacks at scales that were never seen so we would still advise all of you to stick to those advisories i just wanted to emphasize that again so how is it changing cyberspace again we have not seen anything incredibly new now at least at least as of now as things stand but then again things could change very suddenly because the full force of these attacks these cyber attacks has not been unleashed yet and that is what these cyber advisories keep reminding us of that you know we need to be prepared and uh and the intelligence that we are seeing those advisories are spot on it’s just a matter of timing as i said uh it could be any time i mean the trigger could begin you know as as early as today or today evening or tonight for that matter so we need to be absolutely sure uh that you know we are tracking these advisories and following them and you know ensuring that we are staying diligent and you know overall what has happened is cyberspace has been triggered already i can tell you that from what we’re seeing the attacks have certainly gone up but they’re not really gone up to the levels that we’ve seen or we had anticipated so as i said that is that’s not good news it’s good news for now but in the long run it’s not good news because these guys these folks are really waiting for uh you know these triggers to um really happen and then sort of uh things to change so you ukraine crisis definitely have a very significant it will be a defining event for this year i can tell you that or at least the first quarter of this year and probably the second quarter also of this calendar year um but again there will be other events which will take over as we mentioned in in the threat report we’ve identified some of those events i think for europe actually specifically

so again you would be asking me what exactly is a dead drop so i don’t know how many of you folks must have heard about this term it’s a cold war era terminology that we have used actually so in dead drops what used to happen was uh a person who would be you know conducting espionage in a certain country acting on behalf of a spy agency belonging to another country like for instance cia and kgb and you know they the spies used to come and drop a valuable materials and it used to be picked up by uh you know a team from another agency but essentially the espionage spy would be transferring data through these dead drops so like for instance uh you must have heard of by alder james in the us so they used to come and he used to drop these packets i believe in parks and places and then the kg person would come and pick up that particular dump and sort of move on and it would be you know moved out as diplomatic uh sort of uh luggage and it wouldn’t be subject to any scrutiny etc etc but essentially the dead drop is where the spy would actually dump this particular you know a lot of information and somebody will pick it up so what is dead drop in today’s day and age or rather how did we come up with this terminology so what essentially dead drop in cyberspace is that it refers to when an incident or a situation where an employee of an organization actually dumps certain valuable data on places like dartmouth and other forums uh essentially inviting hackers to attack their organization right it’s a disgruntled employees or vendors or somebody who has access to a certain privileged information which they share in a illegal way in a way in an unauthorized manner and you know the idea is to get these hackers to sort of use that information to target this particular uh company or you know entity it could be so it again is a different form of insider threat but it is evolving at such rates that you know it has become a category by its own that is why we want to or rather we are tracking it in as a separate sort of a tactic uh from the hackers and so you can see what kind of data is it that we commonly encounter in in these dead drops right so there are fake files uh there are genuine stolen files uh without embedded malware sometimes you know hackers would take this data they would embed some malware and then they’ll dab it back there so that you know somebody would pick it up and uh you know they will pass on the infection they will be infecting their own machines or the mechanism to launch or this particular malware dated files very old information again it gets transferred you know once it’s dumped on these forums it keeps moving uh at various phases file information these are data provided for an offer of sale later yeah this is another thing we have seen where you know about roughly one to five percent of the data is actually shared as a sample and they say that hey come back to us for more uh you know this is for you to send your bitcoins to if you uh want to get your hands on or more of this particular information that is not the others in unclassified forms and the big chunk so again this as as you’ve noticed that no we discussed so many points to today primarily we have also looked at how the innovation is happening at the hackers end but unfortunately we are not really gearing up and sort of you know innovating at the level that hackers are so that’s putting an evolutionary pressure so to say on us to also start uh sort of matching steps with these hackers and sort of walk at least match space to some extent with these hackers so that you know we can prevent these cyber attacks

now coming back to the colonial pipeline i’m sure most of you would have heard about what lessons we as cyber defenders and enterprises should draw from this particular exercise but what about the hackers right what did they learn from this particular uh episode right that’s it that was a fascinating insight that we uh gathered again through our limited interactions with uh some of these hacker groups and you know the the chatter that we intercepted in in dart web and other forums that we are monitoring at this point so again critical infrastructure operators they have very limited visibility into their ops like when this episode happened they had to shut down their entire infrastructure because they were not able to really zero in on which part of their uh you know operations was affected by this particular cyber attack so this is something that the hackers have taken note of large scale disruptions could cause unintended consequences plus massive you know publicity uh this is something that they are always targeting they want to be in the news no hacker would want uh you know their activities to be limited uh or rather you know to be limited in coverage as far as the media is concerned because that is the that is one of the ultimate goals for these hackers to actually see their work appearing in public domain being covered by publications and a lot of media houses are giving them that sort of freedom and space to do that which is again dangerous we wouldn’t encourage that but then again the stories have to come out in one way or other but it’s better that the company or the entity that has been attacked comes out and tells their story rather than you know go through the media or other routes for that matter uh media outlets are you sorry uh by these companies by these hackers again to put companies under pressure as i said that’s a tactic we’ve seen so many times in the last couple of years incident response and reporting are fragmented and uninvolved people are just trying to see how we can get operations going that becomes a priority for all the teams that are involved once a cyber attack actually happens and then you try to figure out what went wrong or what kind of data did we lose and things like that so that this again is something the hackers are sort of you know going after because they know very well if the incident response is fragmented then it becomes much more easier for them uh to actually latch on to latch onto these this event and sort of you know build on top of it so ransom should be moved around early again that’s a very tactical lesson for them so that you know they are not intercepted by agencies uh and you know others who are involved from the law enforcement side so again we are targeting uh you know critical infrastructure agencies and firms or operating with a mix of aging and new infrastructure um we’ve seen in some instances that you know there are entities who are running ot systems which were uh you know where devices were manufactured as late as the 90s or as early as sorry in the 90s and they’ve not been patched the vendor has actually shut down no operations they don’t even know whether the vendor is still around they’ve been acquired and then they don’t no longer manufacture that particular line of products actually so again uh hackers are not doing anything at random they’re monitoring all these things and they’re doing very specific targeting based on what’s going on there decommissioning and shutting down access points is not a standard practice what we saw in colonial pipeline where you know somebody was able to continue or rather maintain a particular profile which was accessed and which had a similar password which was breached in another episode and they used this password to actually log in and target a colonial pipeline but to their credit colony pipeline has actually addressed this problem in a very big way they’ve added multiple layers of security now to ensure that this doesn’t happen and companies are willing to pay ransom because there’s billions at stake every day that the operation that you’re not able to operate it’s always a challenge uh in in terms of keeping the revenues at float and answering your board of directors or uh you know your investors for that matter so you know you want to move ahead very fast put this behind you get your data back data systems back that that’s the priority we understand that but then again um you know there’s a lot more that needs to be done so that to ensure that we don’t land up in a situation like that

So this is a background in terms of the infrastructure that we have established globally in terms of you know where we get our threat intelligence from so these are all the published locations that you’re seeing currently we also have unpublished locations which are primarily those places which we don’t want to expose for because we don’t want uh you know these adversarial entities to know from where we are monitoring them essentially but otherwise these are the locations where from where we have our threat intel virtual unreal which are established which are monitoring the threat environment as they evolve so just give you a background further we get attacked about 18 million times every single day on a good day we get as many as 20 25 mil attacks every single uh or 24 hours so to say or every single day first night so to say so across these facilities we have about 75 honey pots that are live at this point in time as we speak we turn on certain honey pots in case uh you know in addition to these in case we witness some extraordinary even that’s going on like for instance what’s happening in eastern europe at this point in time otherwise we stick to about 75 to 76 odd honey pots that are active at any point and they are the ones they prime that primarily provide us this data that we analyze for purpose of this particular report

so this is something that we have heard time and again that everyone tells you yes cyber attacks are rising they’ve gone up by x percentage we say that as well but then very few companies are actually able to tell you why exactly are these cyber attacks really going up right these are these are points that are never exactly evaluated some vendors might tell you oh yes it’s because the number of vulnerabilities have gone up or you know people are really worrying about people are you know not secure enough or the infrastructure is not secure enough that is why this particular you know cyber attacks are going up but that’s not the reason here the actual reason is something there are five reasons to summarize everything rather in five points so there’s something to do with democratization of cyber attacks what do we mean by that right so democratization means now the tools that are uh you know that used to be earlier available only to a few sophisticated evolved actors is now available for literally everyone and you can actually uh you know target an entity with a cyber attack for as low as seven to ten dollars so you can imagine right cyber attacks have essentially become more affordable and more players are getting involved for various reasons as well rise of apt-trained hackers who have become independent right so some groups which we’ve seen in parts of eastern europe some parts of southeast asia where they were trained by these state-sponsored hackers have gone on their own now and they are either offering their services to these very apt groups or they are sort of you know operating on their own and they are figuring out cyber attacks on their own or they are really going after certain targets on their own so this has added a huge volume of cyber attacks again to uh the overall rise that we’ve seen uh in the last year then apt groups are monitoring monetizing cyber attacks again because the budgets were cut during the pandemic like everything else the funding sources kind of dried up at that point because you know other things became priority for these very governments which were involved in these cyber attacks or you know permeating the cyber attacks through these very apt groups so they were left to actually monetize it on their own so they started targeting uh sort of you know non-state entities and other actors or rather other entities just to get ransom to keep their operations going which is also the reason why you saw a lot of these hackers going independent because they were not getting funded anymore so they didn’t find it very sustainable to stay along or rather hold on to the apt group while they were not getting paid for that matter so it’s a very organized operation that’s the point i want to make out there leakage of malware from different sources again the scene leakage is happening from academic institutions or defense labs and where have you because when we do a code level analysis we see some genetic footprints of certain facilities which you would not like to name here but then again at some point in time in the evolution or during the genesis this malware actually passed through these particular laboratories that were out there or they were modified in certain form of manner by certain uh you know laboratories or facilities which are connected either with academic research or they’re connected with governments so you know again we are not speculating here in terms of why this has happened but this has happened that’s a fact again that like that we would like to uh place on record so with large number of malware available again democratization that’s another point and then a lot of actors coming in that added to the whole problem um rapid expansion of unprotected thread surfaces again now we are almost at the end of the pandemic but during the pandemic we did see a lot of people working from all kinds of locations unmonitored environments and suddenly these digital transmission sort of you know projects which essentially involved these you know remote monitoring of infrastructure and the likes took off in a certain way a lot of devices iot devices were added without adequate testing and all that and all that added out added to this huge chunk of you know digital sort of uh real estate that was available to these hackers to really leverage and do something with and they didn’t wait for it

some of the sample cyberattacks that we intercepted uh last year there’s a meeting on afghanistan crisis which targeted a government agency in apac region uh there was one incident of a sub geopolitical attack which basically is this again happened in southeast asia south asia sorry we had two countries which had some geopolitical tensions going on and they were playing a sporting event at that time and hackers actually used this particular sporting event to carry out a uh you know a sudden spike in uh sort of cyberattacks which is what you’re seeing up there uh for 90 900 uh is the number that you’re seeing over there which which is associated with this particular attack again what is the uh import here which which is that you they are no longer waiting for like actual conflict to happen they’re no longer even waiting for some you know geopolitical tensions to happen they’re taking sporting events they’re taking some festivals they’re taking vacations uh you know times when people are away usually during a vacation or like you know a thanksgiving thanksgiving weekend kind of a situation and sort of you know creating problems from there so it’s no longer about this big ticket sort of geopolitical stresses and tensions that are driving or motivating hackers no they’re even ready to attack when you know people are just lowering their guard or a weekend or during a sporting game for that matter again the reply phishing a bit that i spoke about earlier on uh the evaluation schedule thing that you see a screenshot that you see actually is as an example of a reply chain attack that we detected where a hacker tried to get in and sort of you know um send an out of office reply if i remember right and they wanted the person receiving it to actually click on that reach me if you need something urgent but actually so this is again something we’re seeing as a very common uh sort of a uh you know tactic that hackers are using uh trying to not do a very random exercise but do a very targeted sort of a uh you know exercise to get into our enterprise networks actually

so some of the other things i wanted to highlight uh since i got attention from all of you wonderful people uh today there is other things that are happening in the background which will become big news in towards the end of 2022 uh like for instance crowdsourcing a cyberattack now there were several new tactics that the hackers tried reply fishing was one of them there’s another one where you know they got a group of their you know friends or fellow hackers so to say uh to actually sit and start scanning run these dummy scans on certain networks to generate a lot of false positives and sort of you know load the soft teams and to ensure that you know they are kept tied down or bogged down while they carry out other you know ads from from a distance or target other parts of the infrastructure this is again becoming a strategy and a tactic uh by these hackers uh the intention being very clear which is to essentially keep the soft teams tied down to ensure that you know they don’t really they’re not able to function at uh at their right efficiencies again we have done some research around this in terms of this whole soft fatigue thing that comes in and you know we were told that you know there’s it’s been tough for the last couple of years but the kind of work environment changes that have happened it has been very tough on the soft teams a lot of them have been really fatigued in more ways than we can imagine there were skill shortages again to the various people leaving their organizations and things like that so everything happened in a very short period of time but fortunately it didn’t translate it into anything big anything significant we we’re very lucky at that but then again our systems are coming back uh to normal the hackers are still keeping their attentions focused and we don’t know what really happened in this period from a reconnaissance perspective how many reconciles attacks have been carried out how much data has been collected by hackers because we’re seeing a lot of these dead dumps and you know data are being exchanged on on the dark web in terms of you know targeting certain organizations with certain specific data points that they’re discussing out there again we are not sure whether these are legitimate or otherwise but then again this targeting is not going to come down anytime soon critical infrastructure manufacturing aviation mining aviation and mining are two industries which need to really watch out this year mining especially especially in north america will be targeted very significantly this year that’s our prediction you can hold it against us towards the end of the year uh so we would be urging mining and aviation companies to really up their guard in the next coming months because there’s a lot of chatter that’s happening on various forums about targeting uh or you know firms in in these two verticals so to say again so we need to address our fatigue that’s a separate discussion altogether but at the end of the day that it’s the tactic that i want to draw your attention to primarily in terms of how they are you know keeping the soft teams tied down so you can see the level of innovation that’s going on from the hacker side they’re doing a lot of things that you know that is really tying our hands down and not really uh you know giving us adequate time to or time or in a bandwidth to give a quality response uh to them