Post on 03-Aug-2020
Copyright 2016, Symantec Corporation
Robert PotterVice President AmericasSymantec
1
Copyright 2016, Symantec Corporation
CYBER CRIME
CYBER ESPIONAGE
HACKING
CYBER WARFARE
TODAY’S ADVANCED ADVERSARY
Copyright 2016, Symantec Corporation
Notable Targeted Attack Groups Active in 2015
Black VineCN based attacks on primarily aerospace and healthcare, including Anthem and OPM in search of intellectual property and identities
Rocket KittenIran based state-sponsored espionage attacks on journalists, human rights activists, and scientists
DukeState-sponsored attacks against Western state organizations
Emissary PandaAttacks against aerospace, intelligence, telecommunications, energy, and nuclear engineering industries in search of intellectual property
TurlaRU-based espionage attacks against government institutions and embassies
ButterflyAttacks against multi-billion dollar corporations in IT, pharmaceuticals, commodities and includes Facebook and Apple for insider trading
2016 Internet Security Threat Report Volume 21 3
Copyright 2016, Symantec Corporation
In 2009 there were
2,361,414new piece of malware created.
That’s
1 Million 179 ThousandA DAY!
In 2015 that number was
430,555,582
4
Copyright 2016, Symantec Corporation
AN ESCALATING THREAT LANDSCAPE
RECORD HIGH NUMBERS
429M total identities exposed
9 mega breaches, up
125%
191M identifies exposed in one
breach
431M new malware created
all-time high
Top 5 unpatched for
295 days
54Healthcare
120 security incidents
Government17 security incidents
Financial30 security incidents
Education 20 security
incidents
Retail33 security incidents
35% increase in crypto-
ransom ware
992 devices held hostage
each day
DIGITAL EXTORTION ON THE RISE
76% of websites had
vulnerabilities
WEBSITES
ZERO-DAY THREATS
MANY SECTORSUNDER ATTACK
Copyright 2016, Symantec Corporation 6
SectorNumber
of Incidents
% of
Incidents
1 Services 200 65.6%
2 Finance, Insurance, & Real Estate 33 10.8%
3 Retail Trade 30 9.8%
4 Public Administration 17 5.6%
5 Wholesale Trade 11 3.6%
6 Manufacturing 7 2.3%
7 Transportation & Public Utilities 6 2.0%
8 Construction 1 0.3%
Top 10 Sectors Breached by Number of Incidents
Top 10 Expanded Sectors Breached by Number of Incidents
SectorNumber
of Incidents
% of
Incidents
1 Health Services 120 39.3%
2 Business Services 20 6.6%
3 Educational Services 20 6.6%
4 Insurance Carriers 17 5.6%
5 Hotels & Other Lodging Places 14 4.6%
6 Wholesale Trade - Durable Goods 10 3.3%
7 Eating & Drinking Places 9 3.0%
8 Executive, Legislative, & General 9 3.0%
9 Depository Institutions 8 2.6%
10 Social Services 6 2.0%
Copyright 2016, Symantec Corporation
Endpoint Devices
Content &Collaboration
Applications
Data
Network
Identity
Compute & StorageInfrastructure
Symantec Endpoint Protection
Symantec Endpoint Encryption
Symantec Data Loss Prevention
Asset Mgmt/ServiceNow
License Mgmt.
Mobile Device Mgmt.
Symantec Access Manager
Symantec VIP 2-Factor
Provision & De-provisioning
Symantec MPKI
On Guard (Lenel)
Picture Perfect (GE)
SymPass SAFE
Identity and Access Mgmt.
Encryption in Transport
Assurance CM (SERT)
Assurance NM (SIREN)
Openfire Incident Response Chat
Symantec Endpoint Encryption
Secure Data Collaboration
Instant Messaging Protection
Symantec Products Third Party Products Policy RequiredCapability Gap
Cenzic Application Scan
Symantec Endpoint Encryption
Web Application Firewall
HP Fortify
Symantec Data Loss Prevention
Symantec Endpoint Encryption
Symantec EV. Cloud & Enterprise Vault
Secure / Sharing Un-structured Data Data Enrichment File Analysis
Symantec Data Loss Prevention
Symantec Email Gateway
Firewalls – Cisco, Juniper
Red Seal
SecureW2 – WifiSecurity
SourceFire IDS
QualysGuard
Airmagnet– WifiSecurity
SafeNet
Layer 7 Filtering
Symantec Certificates
Symantec DLP
QualysGuard
Control Compliance Suite
Critical Systems Security
Clearwell Manager
eDiscovery
Enterprise Vault
Data Retention
Encase Product Suite
Monitoring & Analysis
Syslog
Splunk
Symantec MSS
Arcsight
GSO Security Ops Center
Co3 Systems
OTRS SOC Ticketing
User Behavior Analysis
CHALLENGE IN BUILDING A SECURITY ARCHITECTURE…
GSO Tool \ Service
Services
Symantec Incident Response
DeepSight
Managed Security Services
Akami
Symantec Device Mgmt. (ITMS)
Email – MS Exchange Protection
Web Gateway
7
Copyright 2016, Symantec Corporation
The Boundaries Continue to Expand…Creating Moving Targets
8
Cloud
Hackers
Authentication & Encryption
Virtualization
Cyber Threats
Compliance
Remote Offices/Workers
Mobile Devices
Malicious & Well-meaning Users
Social Media
Advanced Persistent Attacks
Copyright 2016, Symantec Corporation
CRITICAL CRITERIA TO BUILDING YOUR SECURITY POSTURE…
9
INTELLIGENCE OF TELEMETRY & TECHNIQUE
ABILITY TO ENGAGE,
RESPOND, AND REMEDIATE,
TRUST
CAPABILITIES & INNOVATION
FRAMEWORK & ARCHITECTURE
Copyright 2016, Symantec Corporation 10
Organizations Defining/Following Frameworks…
Copyright 2016, Symantec Corporation
Organizations now reling on Defining Risk and Trust Models…
RISK
THREATS & INTELLIGENCE
VULNERABILIITES
CONSEQUENCES
11
Copyright 2016, Symantec Corporation
Leveraging and Building Intelligence and KnowledgeDangerous Threats – Actors – Telemetry - Techniques
12
UNIQUE VISIBILITY
• Hundreds of millions of URLs, domains and IP addresses monitored
• 10 trillion logs/year collected
ANALYST CONTEXT
Analysts leverage Symantec’s Managed Adversary Threat
Intelligence about threat actors to provide tailored insights on what’s happening in your environment.
THREAT INTELLIGENCE TEAMS
500+ Threat Researchers Across
6 Global SOCs
BIG DATA
Massive Security Data Archive
GLOBAL INTELLIGENCE
NETWORK
Copyright 2016, Symantec Corporation
57M attack sensors in 156 countries
175Mendpoints
182M web attacks
blocked last year
7.6T rows of telemetry200K rows added/second
8 threat response centers, with 500+ security analysts
30% of world’s email traffic scanned/day
Scale is critical in offering UNIQUE THREAT VISIBILITY…
Copyright 2016, Symantec Corporation
Why do you still need to worry about Threats & Vulnerabilities?
14
You Leverage A Framework, Invested in Intelligence, Invested in Innovative
Capabilities…
Copyright 2016, Symantec Corporation
Criminals Have Become Increasingly Active!
15
There are those who have been caught…and those who have not…
Copyright 2016, Symantec Corporation
Zero-Days
16
Copyright 2016, Symantec Corporation
2006
14
2007 2008 2009 2010 2011 20120
2
4
6
8
10
12
14
16
13
15
9
12
14
8
Zero-Day Vulnerabilities
2013 2014
2423
2015
54
17
Copyright 2016, Symantec Corporation
Targeted Phishing Attacks
18
Copyright 2016, Symantec Corporation 19
OrgSize
2015 Risk Ratio
2015 Risk Ratio as Percentage
Attacksper Org
Large Enterprises
2,500+ Employees
1 in 2.7 38% 3.6
Medium Business
251–2,500Employees
1 in 6.8 15% 2.2
Small Business
(SMB) 1–250
Employees
1 in 40.5 3% 2.1
Spear-Phishing Attacks by Size of Targeted Organization
Copyright 2016, Symantec Corporation
Ransomware
20
Copyright 2016, Symantec Corporation 21
Growing Dominance of Crypto-Ransomware
MISLEADING APP FAKE AV LOCKER RANSOMWARE CRYPTO RANSOMWARE
Copyright 2016, Symantec Corporation
35% Increase in Crypto-Ransomware Attacks
22
35%
Copyright 2016, Symantec Corporation
Consequences
23
Copyright 2016, Symantec Corporation 24
Total Identities Exposed Through Breaches
+23%
500
+30%
ESTIMATED
Copyright 2016, Symantec Corporation
Professionalization of Cyber Crime&
Consumer Scams
25
Copyright 2016, Symantec Corporation
TeslaCrypt Ransomware – Technical Support Available
26
Copyright 2016, Symantec Corporation
Why Retr3at and the Educational Concepts of Montreat College’s Cyber Ethics is critical?
Thank you!
Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Robert PotterVice President AmericasSymantecrob_potter@symantec.com
www.Symantec.com/ThreatReport