Top Security Trends for 2013

Rob Rachwald, Director of Security Strategy, Imperva

Agenda

Trends 2012: A look back Trends 2013: High-level overview Trends 2013: Details on the big 5

Today’s Presenter Rob Rachwald, Dir. of Security Strategy, Imperva

Research + Directs security strategy + Works with the Imperva Application Defense Center

Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and

Australia

Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today

Graduated from University of California, Berkeley

How Did We Do?

SSL gets caught in the crossfire HTML5 goes live DDoS moves up the stack Internal collaboration meets its evil twin NoSQL = NoSecurity? The kimono comes off of consumerized IT Anti-social media The rise of the middle man Security (finally) trumps compliance

Trends 2013: Summary

Good News Security will improve

for larger, well-funded organizations.

Community policing comes to cyber security.

Trends 2013: Summary

Bad News As bigger firms get smarter and

more effective, hackers will choose the path of least resistance

—small companies. Not surprisingly, hackers will

continue to get more sophisticated.

CONFIDENTIAL

#5: Hacktivism Gets Process Driven

Hacktivism in the Past

Key Problem Past performance no guarantee of future returns.

Example

Process Driven: What is it?

In 2012, Hacktivists moved towards awareness campaigns rather than targeted attacks

Hacktivism awareness means more for less + Arbitrary targets in order to get easy results + Automation in all stages of the process + More aggressive marketing of Hacktivism campaigns

Example: Team GhostShell

In order to maximize results, Hacktivists now: 1. Target CMS systems with known vulnerabilities and harvest

vulnerability databases to collect potential attack vectors 2. For other targets, Hacktivists simply run vulnerability scanners 3. Use Google Dork and error message hunting to allocate

potential targets within a domain list 4. Use automated injection tools (SQLmap or Havij) to automate

the final process of dumping the data 5. Publish the campaign open letters on pastebin.com on

Facebook and Twitter to distribute their message

Supporting Evidence

From TeamGhostShell December hack letter : ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net.

It was clear through this group and others that the targets were chosen not by sector or interest, but by the fact that they were vulnerable.

CONFIDENTIAL

#4: Government Malware Goes Commercial

Military Influence on the Private Sector

The Same Will Hold True in the Cyber World

With Flame and Stuxnet, modern malware has evolved dramatically, which will:

+ Inspire private hackers to follow—Technologies previously attributed to “state sponsored” attacks are going to become commercialized (or commoditized), blurring the difference between Cyber Crime and Cyber War.

+ Increase in compromised insiders—Devices affected by modern malware (APT), representing a “compromised insider” threat, are going to become a more prominent risk factor than malicious insiders.

Malware is Popular in Hacking Communities

2012 Verizon Data Breach Report • Malware is on the rise: “69% of all data breaches

incorporated malware” - a 20% increase over 2011 • Malicious insider incidents declining: “4% of data

breaches were conducted by implicated internal employees” - a 13% decrease compared to 2011

Director of National Intelligence • “Almost half of all computers in the United States

have been compromised in some manner and ~60,000 new pieces of malware are identified per day”.

Differences: Commercial vs APT Malware

Commercial Broader target Relies on broader

vulnerabilities Purpose is theft

APT Focused Heavily relies on 0-Day Purpose can be theft,

espionage or sabotage

Similarities: Commercial vs APT Malware

Similarity #1: Bypass antivirus. Similarity #2: More sophisticated malware.

+ Some of the modules are larger than 1MB and in some of the instances we tracked the total code size amounted to almost 10MB.

+ We saw version numbers grow substantially over time.

Similarity #3: The command and control structure needs to get bigger and more robust.

+ Managing more, better methods to control the redirection of user traffic to the attacker controlled server provide improved efficacy and redundancy.

+ Individual operation able to last a few weeks before being shut down.

A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials.

The Objective: Compromised Insider

Compromised Insider

Few Users are Malicious, All Can be Compromised

“Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be

compromised insiders.”

Source: http://edocumentsciences.com/defend-against-compromised-insiders

CONFIDENTIAL

#3: Black Clouds on the Horizon

“Just in Time” Hacking

Some Problems with Hacking Today

Problem #1: Blacklisting by enterprises limits attack duration.

Problem #2: Hackers needed to acquire infrastructure—often illegally—made matters a bit more complex.

What is it?

We expect to see a growing use of IAAS by attackers for different activities due to:

+ Elasticity: the ability to quickly get hold of a lot of computing resources without too many prerequisites.

+ Cost: the ability to closely tie up spending with specific attack campaign and the potential gain.

+ Resilience: the use of commercial cloud computing platforms reduces the ability of defenders to black list attackers and adds much valued latency to the process of server takedown.

Amazon’s EC2 is a good example

How Does it Work?

1. Steal a credit card

2. Leverage cloud infrastructure for attacks • More power • Better anonymization

3. Use cloud infrastructure to process bounty

• Unstructured data or files • Data

Examples

Fraud and business logic attacks DDoS

Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon EC2 cloud.

CONFIDENTIAL

#2: Strength in Numbers

A Short History in Community Policing

Strength in Numbers: What is it?

Business and government parties will create collaborative defenses by sharing individual protection data.

+ In order to get the most out of their initial investment in hacking infrastructure, attackers strive to reuse their attack infrastructure against as many targets as possible.

+ When there’s no collaboration between defending parties, then each new target has to react to the attack as if it’s new, while most chances other targets had already experienced the same attack in the past.

The Concept

Use the fact that hackers rely on reusing infrastructure to launch attacks.

A Precedent

CONFIDENTIAL

#1: APT Targets the Little Guy

A Rare Interview

The Details

Highlights the partnership between government, hacking, and industry in China.

Evidence that China is winning their intention to be “the leader in information warfare.”

What is it?

We expect that in 2013 attackers will also extend the practice commonly dubbed as APT to smaller businesses.

+ The industrialization of hacking that successfully automated Web application attacks.

+ Attackers have learned to exploit and profit from compromised Web applications—especially since automation can help uncover poorly protected, smaller companies.

+ Automation and poor protection will assist APT hackers target smaller organizations containing valuable information.

Industrialization of Hacking and Automation

Researching Vulnerabilities Developing Exploits

Growing Botnets Exploiting Targets

Consuming

Direct Value – i.e. IP, PII, CCN

Command & Control Malware Distribution

Phishing & Spam DDoS

Growing Botnets and Exploiting Vulnerabilities

Selecting Targets via Search Engines

Templates & Kits Centralized Management

Service Model

Roles Optimization Automation

Quantifying Automation

CONFIDENTIAL

Conclusion

Rebalance the Portfolio

CONFIDENTIAL

Webinar Materials

Post-Webinar Discussions

Answers to Attendee Questions

Webinar Recording Link Join Group

Join Imperva LinkedIn Group, Imperva Data Security Direct, for…

Webinar Materials

www.imperva.com

Top Security Trends for 2013

Technology

Transcript of Top Security Trends for 2013

Top Analytic Trends

Top 5 BYOD & Mobile Security Trends of 2016

Top Enterprise Security Trends of 2017

100 Top Trends

Security Technologies Top Trends For 2019 - cdn.ihs.com · IHS Markit’s Security Technologies Top Trends For 2019 page 3 Supply base changes in 2019 By Jon Cropley Supply to the

G05.2013 gartner top security trends

Top trends-2012

TOP TRENDS

Top 10 trends 2014 8 Top 10 trends 2014 - World Economic Forum

Top Trends - Hospital

Top Travel Trends for Southeast Asia - storage.googleapis.comstorage.googleapis.com/201509/top-travel-trends-for-southeast-asia/... · Top Travel Trends for Southeast Asia The travel

Top trends driving IT security in 2014

THE 2017 CYBER SECURITY REALITY - VMware€¦ · Top Security Market Trends Pose Challenges increasingly sophisticated malware and targeted ... Security professionals also grapple

Security Trends

Information Security Trends

Top 9 Data Security Trends for 2012

The Top Password Security Trends

Top trends driving IT security in 2014 Daniel Ayoub, CISSP, CISM, CISA Product Manager, IPS Dell | Network Security 2014.

How Fortinet Security Fabric Addresses Enterprise … FORTINET SECURITY FABRIC ADDRESSES TODAY’S TOP SECURITY CONCERNS INTRODUCTION 1 SECTION 1: UNDERSTANDING THREAT TRENDS FOR ENTERPRISE

Mkb TOP Trends