KPMG: cyber security
- Post-GDPR era & e-privacy
- Ransomware
If you get this on your computer, your computer is encrypted and have to pay to get
your files back
→ it has been around for a while
Ex: geranger (apple)
- Focus on mobile devices
→ USB die lijkt op een USB, maar geen USB is → hackt via het zoeken naar
wachtwoorden (probeert er heel heel heel veel)
→ wordt niet tegengehouden
- Crypto-exchanges & crypto-jackers: blockchain
There is a lot of money in this sector: these sites get hacked often
- Internet of (Insecure) Things (IoT)
Everything that you put in a powersocket will go online these days
→ why? Benefit of the vendor
→ attack vector: a watter kettle that you can turn on with your smartphone:
The waterkettle is an attack vector, if someone is outside your house he can hack you,
because the waterkettle is leaking your wifi password
→ unable to turn off my #IoT oven ever since the network went down (tweet)
→ MIRAI: biggest attack ever; gigantic amount of devices (no computers: but ovens,
tv’s, kettles,…)
- Better central regulations from supervisory authorities
- So will it happen to you?
Databases get leaked: everyone can find your password
Have I been compromised?
→ haveibeenpwned.com → is my password known?
- The threat actors
» Hacktivism: inspired by ideology
» Organised crime:
» The insider: intentional or unintentional
» The state sponsored: espionage and sabotage
, 2 ways to hack:
1. Classical hacking:
» Demo: Wifi Hack: if you want to connect my wifi you need a password
→ example: hot spot on iPhone:
Intercept: computer that says hey I want to connect → intercept it when it
gives the password
- You have to look for wifinetworks
- I want to concentrate on one specific wifi: monitoring traffic on that
network: we need a specific part of the conversation: when the
computer wants to connect → wait until someone new comes or
when someone wants to reconnect
- YOU DON’T NEED TO BE CLOSE → you can do it from anywhere
2. Hacking anno 2018:
- Humanfactor: they try to convince the user to do something stupid
- How?
Red Teaming:
Macro’s: ‘enable content’ → in macro’s you can find
interesting stuff, but also malware
USB keys: print logo on usb-stick, if you want to hide
macro’s: end op doc or m → if you don’t trost them
DON’T ENABLE CONTENT
The documents on this USB are infected.
Demo Rubber Ducky: usb plaatsen in een computer in
bedrijf
Fake wifi’s: login,ww,… sometimes with facebook
→ everything gets registered
→ page looks authentic
→ if there’s a lock: it’s secured
Cyber threat study in Belgium
80% of the companies were infected.
Why can’t we fix this?
Software is always made by humans.
, AISEC
Present in different countries and work with 9000+ partners
→ create cross-cultural understanding:
How AIESEC used to work in its early days
There was every six months a fair: trying to match (hey I have a job: do you have an
exchange?)
→ you could only be accepted twice a year
Match things could be matched throughout the whole year: but it was not efficient:
- Post-GDPR era & e-privacy
- Ransomware
If you get this on your computer, your computer is encrypted and have to pay to get
your files back
→ it has been around for a while
Ex: geranger (apple)
- Focus on mobile devices
→ USB die lijkt op een USB, maar geen USB is → hackt via het zoeken naar
wachtwoorden (probeert er heel heel heel veel)
→ wordt niet tegengehouden
- Crypto-exchanges & crypto-jackers: blockchain
There is a lot of money in this sector: these sites get hacked often
- Internet of (Insecure) Things (IoT)
Everything that you put in a powersocket will go online these days
→ why? Benefit of the vendor
→ attack vector: a watter kettle that you can turn on with your smartphone:
The waterkettle is an attack vector, if someone is outside your house he can hack you,
because the waterkettle is leaking your wifi password
→ unable to turn off my #IoT oven ever since the network went down (tweet)
→ MIRAI: biggest attack ever; gigantic amount of devices (no computers: but ovens,
tv’s, kettles,…)
- Better central regulations from supervisory authorities
- So will it happen to you?
Databases get leaked: everyone can find your password
Have I been compromised?
→ haveibeenpwned.com → is my password known?
- The threat actors
» Hacktivism: inspired by ideology
» Organised crime:
» The insider: intentional or unintentional
» The state sponsored: espionage and sabotage
, 2 ways to hack:
1. Classical hacking:
» Demo: Wifi Hack: if you want to connect my wifi you need a password
→ example: hot spot on iPhone:
Intercept: computer that says hey I want to connect → intercept it when it
gives the password
- You have to look for wifinetworks
- I want to concentrate on one specific wifi: monitoring traffic on that
network: we need a specific part of the conversation: when the
computer wants to connect → wait until someone new comes or
when someone wants to reconnect
- YOU DON’T NEED TO BE CLOSE → you can do it from anywhere
2. Hacking anno 2018:
- Humanfactor: they try to convince the user to do something stupid
- How?
Red Teaming:
Macro’s: ‘enable content’ → in macro’s you can find
interesting stuff, but also malware
USB keys: print logo on usb-stick, if you want to hide
macro’s: end op doc or m → if you don’t trost them
DON’T ENABLE CONTENT
The documents on this USB are infected.
Demo Rubber Ducky: usb plaatsen in een computer in
bedrijf
Fake wifi’s: login,ww,… sometimes with facebook
→ everything gets registered
→ page looks authentic
→ if there’s a lock: it’s secured
Cyber threat study in Belgium
80% of the companies were infected.
Why can’t we fix this?
Software is always made by humans.
, AISEC
Present in different countries and work with 9000+ partners
→ create cross-cultural understanding:
How AIESEC used to work in its early days
There was every six months a fair: trying to match (hey I have a job: do you have an
exchange?)
→ you could only be accepted twice a year
Match things could be matched throughout the whole year: but it was not efficient:
