Hi, everyone. I'm so glad to be here. So my name is Phillip. Today. We are gonna talk about cybersecurity prediction, 2020, right? So who am I?
So, as I mentioned, my name is Phillip. I have been working, has a researcher on cybersecurity, researching a high sector company in a ZUI company in Brazil. So basically during this time, I have spoken some security events in Berlin, Germany in Korea and Brazil and Poland. And I am a founder and technical train ofcourse of more analysis fundamentals, right? The tells who am I? So today we are talking about four pillars of the predictions for this year 2020, right? So the first topic that I would like to talk, it's the, the top of the complex, right?
So today we are listening, we are looking about many different threads, right? So one of these ways that are happened is attackers will be outpaced in completing her patch.
That's a big challenge that many company are suffering, right? Because we have many times a pool quality patch could be lead to functionality, or you don't have a time to apply the, the patch. Right? So many times we have a legacy applications in your environment. So this is a big challenge that we are suffering, right? So because of this, the attacking, I exploited exploited, basically this vulnerabilities, right?
Because you don't have a time to apply it. So because of these attackers exploit, basically. So another point it's cyber criminals will turn to the blockchain platform is right. So the one way you have the new technology, the blockchain, in another way you have the attackers is studying a lot, this kind of topic, right? So today we have the criminal has a subject, very interesting term because you know, you don't need to have a good knowledgement in this kind of subject, but you, you can pay, right?
So the attacker can produce it in the underground.
So the attackers can be by this different kind of attack and you need protect your company with this kind of attack. Another topic is banking system will be in the SIG with open banking, ATM hours, right? So it's very, very common. For example, in Brazil, this kind of attack because the, the, the attackers send the message to the vitamin many different vitamins with the, the mobile Maer to trying to get the credentials, to, to try to get different passwords and other things. So that's a big attack that will be continu in this year, right? So the 18 Maer will continue to for this year.
It's very common. I think it's here in Europe. It's common too. So another topic about complexity, this pillar is deep. Fakes will be the next frontier from enterprise fraud.
Of course, when you looking around you, you can notice, you can look at this information, for example, in the politics in the government, when you have elections, right?
So many times you are looking the fake news, the fake information. So this kind of topics, very interesting, because when you are looking the, the perspective of the attacker, you can, the attacker can use, for example, the back kind of attack the back is the business email compromise. So this is the focus on C level in executive levels, right?
You can send an email so supposed that you are, the attacker are the, the C level or the, the CFO or the president or the director and request some payments, right? So in these cases, it's not a director or president it's attacker, it's send this kind of email.
And you, another point in this kind of attack is this kind, this email don't have any attachment. Don't have a URL to analyze justice, a subject that is a top writing in the bar of the mail.
So because of this, the attacker request, this kind of payment, and many times, for example, the people in the financial part of the company don't understand more about the security, right?
So when imagine if you, your person, you have a person, or you have a lady on, on, on a man working in a financial department and receive an email from supposed from the director, requesting an departments, any payments, you know, so many times the, the, the people from financial will, we will, will be paid. So because of this is suffering, this kind of attack. So you need to prepare your company of this attacker.
You know, another point is about the management service provider will be compromised for our distribution. Yes, it's very common because you know, many times different company don't have a people with different knowledgement, right? So you need to make different employment with, for example, a third parts.
You need to have this, this into your company.
So, but many times they attack a, look it and try to attack the third party. And, you know, you will be have this department inside of your company. It's like a partner.
You, you know, so because of this, the, this is another topic when you think about when you thinking of the predictions, right? So it's a topic important because you need to provide the different layers of the security in your company for you, of course, in your employments and for the third partners or something like that. Right?
So, and another point it's about flows, vulnerability, right? Or bugs. Or as I mentioned here, so many times the attacker uses the, the no protocols, you know, such such as SMB or, or, or DP protocol, because you need to apply many different services in your company. And sometimes we can, you no can, but you need to open different sports or services to the internet, and you don't protect the, the correct Ray correct form.
So because of this, attacker can be dis realizing the bugs to look in the bugs and exploit the bugs, right? So the another pillar is exposed, right?
When you think you need to protect you, because you can expose, for example, 20 information technology, or maybe in operation technology, different process, right? So the cyber criminals will, will home in an IOT devices for and exploitation. So I am talking now within the, during the pandemic about the coronavirus, right? So many people work from home.
So because of this, you have a router at home and you don't have a protection, your route, you are vulnerable in this case, because usually when you install your router in your home, usually the people don't have a concern it's of the configuration of about the router, right? You just apply them.
The, you made the installation, the guy from the service internet service provider, you apply the, the router and that's it.
And just using at home. So you need to look in this because they of, of course, the attackers have many different knowledgement and machine learning and artificial intelligence, so many different things that attacker can be used to exploit different router and something like that. Right. So another point is this 5g technology, right?
I know it's a good topic to talk because when you apply this technology, not just this technology, but you can apply, for example, the OT inside the companies. So this term is E E O T or I, I O T infrastructure, internet of things that, that means you, you put this, this technology, the IOT inside your company, you put the light connected in the internet.
You put, for example, I don't know, but I, I, I read, I read. So for example, the drawings in, in the company to collect information of thes of the, the, the, the, the, the region, for example, it's, it's, you know, it's technology.
So when you apply this kind of technology, you put, usually this product don't have, for example, a big password, just a for kind of letters on numbers, usually just numbers. So it's easy to when you, for the perspective of the attacker, right? So that's the point. So you have many different threads or vulnerability in this kind of product.
Another point is when you talk about the, the public critical infrastructure or government infrastructure, because, you know, sometimes in different countries, the government don't look at of, of the security, it's a big challenge, you know, because in some countries, I, of course, it's maybe don't happen here in Germany, or don't happen in another country. But I know in many different countries, we have a very, very, very challenge to implementing security. When you talk about the infrastructure, right? So another point is the top of the work from home.
It's a big challenge.
As I mentioned before, you need to apply the security protection in your router in, you need to apply the security virus in New York, mobile, or in your laptop, in your devices, that will be connecting your in your network. Right. So that's a good, good, good challenge.
And, and of course, and in the last pillar is the misconfiguration, not the last, the 30, because you need to looking of this, because when you, for example, when you make this upload in, for example, in the container technology, right? So on Docker container, or you have a different orchestrator in your environment, usually the people just make the upload from the same repository in the internet. So if I am, for example, the attacker I can apply, you know, the vulnerability image in this repository and your company, for example, will be the upload. This image is uploads.
It will be compromised for me. It's supposed that.
I, I am the attacker, right? So that's a big point to looking. You need to look in this different container image, right? The adaptation or the adopted, or the receiving the serverless platforms, because, you know, you have the, basically the run code, right? So basically when you talk about the serverless, basically it's run of the code. So we need to, to look in, we need to have the many different guys from different advertising in this kind of knowledge, because, you know, if you run the code, it's, if this code is mal issue, you can in fact that your environment, right?
So another point when you explain, when you talk about the misconfiguration, so many times the security team don't apply the security settings in your environment, don't put in the don't, don't use the best configuration of the security recommendations players, for example, that's another top key.
And you using the third part that's wow. It's a really, really big challenge when you explained it's another point for this year and when many time, many peoples or many countries, many platforms, different meaning companies are adopt on this technology, the cloud platforms.
So many times they attacker look know of this and inject the information, because when you talk about the cloud, when you talk about the share responsibility, right? So if you are looking for example, thess the Azure or Google platforms, the, this kind of players, the service provider, the cloud service provider talking, they talk about the sharing responsibility because you have the infrastructure provided for this service provided.
But the, the application that run inside this platform, you need to apply the security. And that's a big point, right? So this is a simple example of the exploitation in a router. So I will show for you, basically, I will apply here, the settings.
I will show what this possibility one, this vulnerability here, for example, when you putting the password, it's show the password. It's not hiding password, right? So this a simple looking, since you put in a difficult password, it's clear in clear test, that's a very, very vulnerability in this environment.
If you look here in, for example, in a water shark platform, it a platform to needer the, the, the network, you can look here, for example, the password in clear test, right? It's a big, big, big vulnerability, right? So another in the last point is we need to be a defensible, right? So we need to, in your team, you need to have the predictive and the behavior detection, you know, to create this proactive action against persistent threads, right? Another point is to use the, has a good framing work to apply, to help you to define different security configuration and sets your environment.
And of course, in work, you need to work with the threat intelligence to build, to create, to consolidate with, with a, so with a different security Analyst, basically to, to building this threat intelligence, to create the proactive defenses. Right? And so I have a, a question for you. So threat intelligence, is it possible to create it? It's so simple. You have a, for example, an architect and artifact, you need to identify this. And the second part is to choose what the analysis you can is execute in your environment. So after that, you can create the report.
And after that, this usually is this reported to presenting in a manager, in a coordinator or another people responsible for it. And you can, of course improve your defenses mechanism. You are like a, a proxy like firewall, like to, or another different tools that you have in your environment.
Because, you know, when you executed this statistic Analyst and the name canals, you can look the threats yet, right? You can understand the behavior, you, and you can prepare the report. And of course you can improve in the defense. And after that, you can create, you can build the cyber security threat, and the last you can strangling the cyber resilience because you know, the threats are changing, right? So this is a good picture to start this threat intelligence.
Of course, when you talk about threat intelligence to have a big, big, another picture, you need to create a different person to execute the thread, hunting the, you know, the support guide, the Analyst guide. So, but to suggest a one guidance to looking, right? So to finally, if you have any question I am available for you, this is my contact don't contact in the linking. And I would like to thanks to this opportunity to talk with you. So it's a pleasure to me to be here and to talk with you. And if you have any question, you can send me message in the linking, right?
So thank you so much and have a wonderful day.
