Check point presentation june 2014

1 ©2014 Check Point Software Technologies Ltd.

Cyber Attacks: Protecting against the

Unknown Unknowns

Keith D. Holtham Check Point Software Technologies Australia


The Internet of everything


The Internet of everything BRINGS WITH IT new challenges


Adobe breach hit more than 150

million usernames and passwords According to foreign media the organization behind the attack is suspected to be

an unnamed government organization...

Target credit card hack reveals

need for updated security The U.S. is the juiciest target for hackers hunting credit card information. And …

4.6 Million Snapchat usernames

and phone numbers leaked A new website called SnapchatDB! Has allegedly leaked 4.6 million Snapchat..


Value of a Hacked PC

http://krebsonsecurity.com


ASD Top 35 – Top 14 Mitigation Strategies

1. Application white listing

2. Application patching

3. OS Patching

4. Restrict Admin privileges

5. User application configuration hardening

6. Automated dynamic analysis of email and web content (Sandboxing)

7. Operating system Generic exploit mitigation

8. Host based Intrusion Detection/Prevention

9. Disable Local Admin accounts

10.Network Segmentation

11.Multi-Factor Authentication

12.Software-Based Application firewall - Incoming

13.Software-Based Application firewall – Outgoing

14.Non-Persistent virtualised sandboxing


Target: 40 million credit & debit cards


TARGET attack


40 000 machines

1 797 stores


TARGET attack


TARGET attack

RAM-scraping kit: BlackPOS (VBScript – 207kB)

Created in March 2013

Kit author: Rinat Shabayev, 23 years old

Cost: 1800-2300$


TARGET attack – who’s next ?


Critical Infrastructure at Risk!

Critical and industrial systems

make our modern world

Like other IT systems, they are

prone to attacks

The consequences of such attacks are much greater:

- Power failures

- Water pollution or floods

- Disruption of transportation systems

- Malfunction of Production Lines


Important Attacks

Stuxnet, Duqu, Flame

Pacific Energy, Saudi Arabia Aramco

German Power Utility, 50Hertz

Queensland, Harrisburg and Willows Water System


3 steps of modern attacks


FIND THE WEAKEST LINK

GET ACCESS

EXTRACT DATA

3 steps of modern attacks



Designing an attack


Top Vulnerable Applications

list of leading vulnerable applications in 2012

Adobe Reader

Adobe Flash Firefox

Java Microsoft Office

Internet Explorer

30 Critical

vulnerabilities

17 Critical

vulnerabilities

16 Critical

vulnerabilities

57 Critical

vulnerabilities

91 Critical

vulnerabilities

14 Critical

vulnerabilities


WOULD YOU OPEN

THIS ATTACHMENT?

“Over 90% of targeted emails use malicious file

attachments as the payload or infection source”

Wall Street Journal Nov, 2012


Gathering Intelligence


Gathering Intelligence

First Name Last Name Likes Gender Email Phone Number Topic of Interest Usernames

Social Profile Technical Profile

IP Address Browser Type Plug-ins deployed OS Type Patch History Anti-Virus Brand Applications User permissions

http://www.shodanhq.com/search?q=default+password

http://www.shodanhq.com/search?q=default+password


Choosing the right weapon Zero-Day Exploits

Patched Vulnerabilities


In reality, it’s impossible to patch everything


WHAT ABOUT

NEW ATTACKS? Block download of

malware infested files

Detect and prevent

bot damage

Stops exploits of

known vulnerabilities

Multi-Layered Threat Prevention

IPS

Anti-Bot

Antivirus


ONLY DEALS

WITH THE

KNOWN


IPS

Anti-Bot

Antivirus


HOW TO DEAL

WITH THE

UNKNOWN ?


IPS

Anti-Bot

Antivirus


Known Unknowns – Top Vulnerable Applications

list of leading vulnerable applications in 2012

Adobe Reader

Adobe Flash Firefox

Java Microsoft Office

Internet Explorer

30 Critical

vulnerabilities

17 Critical

vulnerabilities

16 Critical

vulnerabilities

57 Critical

vulnerabilities

91 Critical

vulnerabilities

14 Critical

vulnerabilities

We know that in the upcoming year

200–300 new currently unknown

vulnerabilities will be discovered in

popular business applications


TARGETED ATTACKS BEGIN

WITH ZERO-DAY EXPLOITS

Duqu Worm Causing Collateral Damage in a

Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document


Threat Emulation

Discover and STOP new threats based-on threat behavior

[Confidential] For designated groups and individuals

INSPECT EMULATE

PREVENT SHARE


That’s why we need to segment networks

Initial infection on

laptop

Only pathway across network controlled

through security gateway

Infection can’t spread if there’s

no open path


Hierarchical Lines of Defense

“Establish hierarchical lines of defense that provide protections for data

and systems hosted within the corresponding segment boundaries”

Site (Host, Network)

Mobile

Cloud


Segment Grouping

Site


ASD Top 35 – Top 14 Mitigation Strategies

1. Application white listing

2. Application patching

3. OS Patching

4. Restrict Admin privileges

5. User application configuration hardening

6. Automated dynamic analysis of email and web content (Sandboxing)

7. Operating system Generic exploit mitigation

8. Host based Intrusion Detection/Prevention

9. Disable Local Admin accounts

10.Network Segmentation

11.Multi-Factor Authentication

12.Software-Based Application firewall - Incoming

13.Software-Based Application firewall – Outgoing

14.Non-Persistent virtualised sandboxing


How do you manage the unknown in 2014?

Use of unknown malware exploded in 2013 Integrated malware sandboxing is a must-have 1

Malware exposure and infections increased

Anti-bot and antivirus must have global intelligence 2

High-risk applications expanded in the enterprise

Policy-driven application control must be integrated 3

Data loss events grew across industries and data types

Data loss prevention must expand across the network 4


Thank You !

Check point presentation june 2014

Technology

Transcript of Check point presentation june 2014