IT Security landscape and the latest threats and trends
-
Upload
sophos-benelux -
Category
Education
-
view
85 -
download
0
Transcript of IT Security landscape and the latest threats and trends
![Page 1: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/1.jpg)
Threat Landscape
John Shier Sr. Security Advisor @john_shier
November 2016
![Page 2: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/2.jpg)
Phishing
![Page 3: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/3.jpg)
How not to phish
3
![Page 4: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/4.jpg)
How not to phish
4
http://[IP ADDRESS]/fcid/6a6f686e2e736869657240736f70686f732e636f6d/
![Page 5: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/5.jpg)
Modern phishing
5
![Page 6: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/6.jpg)
Modern phishing
6
![Page 7: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/7.jpg)
HD phishing
7
![Page 8: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/8.jpg)
Locally targeted
8
![Page 9: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/9.jpg)
Malvertising
![Page 10: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/10.jpg)
10
![Page 11: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/11.jpg)
RTB Ad network Third party
Malvertising threat chain
![Page 12: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/12.jpg)
No site is immune
12
![Page 13: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/13.jpg)
Exploit kits
13
![Page 14: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/14.jpg)
A decade of misery
14
2006 2013 2016
![Page 15: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/15.jpg)
Exploits as a Service
15
Initial Request
Victims
Exploit Kit Customers Redirection
Malicious Payloads
Stats
Landing Page
Exploits
Payloads
Get Current Domain
Get Stats
Update payloads
Management Panel Malware Distribution Servers
Gateway Servers
VPN
Exploit Kit Admin Spammer/Malvertiser Exploit merchant
Ransomware author
![Page 16: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/16.jpg)
EK prominence – October 2016
16
RIG
Nuclear
Chinese EK
Da Gong/Gondad
Angler
Fiesta
Neutrino v2
Other
![Page 17: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/17.jpg)
Document malware
17
![Page 18: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/18.jpg)
Why does document malware work?
18
•Out of the spotlight
•Familiarity and trust
•Email as file transfer protocol
•Patching failure
•Call to action
![Page 19: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/19.jpg)
Curiosity infected the cat
19
![Page 20: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/20.jpg)
Build Your Own
20
![Page 21: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/21.jpg)
How to protect against document malware?
21
•Email filtering
•Sandbox
•Cloud services
•Document viewers
•Share files differently
![Page 22: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/22.jpg)
Data stealing malware
22
![Page 23: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/23.jpg)
Why does data stealing malware work?
23
•Multiple security failures
•Needs a human actor
•Poor network segregation
•Over privileged users
•Poor outbound filtering
•Unknown baseline
![Page 24: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/24.jpg)
How does data stealing malware work?
24
![Page 25: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/25.jpg)
Target(ed) exfiltration
25
![Page 26: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/26.jpg)
How to protect against data stealing malware?
26
•Multiple security failures
•Needs a human actor
•Poor network segregation
•Over privileged users
•Poor outbound filtering
•Unknown baseline
![Page 27: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/27.jpg)
Ransomware
27
![Page 28: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/28.jpg)
Why does ransomware work?
28
•Complex threat chain
•Social Engineering
•No need for persistence
•Uses existing tools
•Geographically targeted, locally customized
•It ’s your data
![Page 29: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/29.jpg)
Locky/Zepto/Odin
29
![Page 30: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/30.jpg)
CryptoWall 4.0
30
![Page 31: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/31.jpg)
Zcrypt
31
![Page 32: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/32.jpg)
Stampado/Philadelphia
32
![Page 33: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/33.jpg)
6 tips for preventing ransomware
33
1. Back up your files regularly and keep them offline
2. Don’t enable m acros in em ailed docs
3. Tell Windows to show file extensions
4. Don’t open script or shortcut files sent by em ail
5. Don’t give yourself m ore login power than necessary
6. Patch early, patch often
![Page 34: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/34.jpg)
34
![Page 35: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/35.jpg)
Users
35
![Page 36: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/36.jpg)
It ’s n o t a ll b a d n e w s
36
•Social engineering works •People like to help •Stop worrying about the
Nigerians •OSINT •Training isn’t alw ays the
answer •Create a security culture •Use your remote sensors
![Page 37: IT Security landscape and the latest threats and trends](https://reader031.fdocuments.in/reader031/viewer/2022030304/5877432c1a28ab342e8b749f/html5/thumbnails/37.jpg)