Project Cumulus: How Hacks Unfold
-
Upload
bitglass -
Category
Technology
-
view
131 -
download
0
Transcript of Project Cumulus: How Hacks Unfold
webinar
project cumulus:
how hacks unfold
the experiment
■ complete online identity for a fictitious bank employee
■ created seemingly real files for Google Drive
■ convincing retail bank web portal
■ username + password leaked onto the dark web
hackers move fast
■ 8 attempted logins in 24 hours
■ first file downloaded in 48 hours
■ a third of total views and logins in week one
hacked once, hacked everywhere
■ victim used the same password across the web
■ 94% of hackers uncovered other accounts
■ 36% of Drive hackers successfully accessed the victim’s bank account
tor usage on the rise
■ hackers came from over 30 countries
■ logins recorded from the US, Austria, Netherlands, Philippines, and Turkey
■ 68% of hackers logged into Google Drive via Tor
hacker tactics
■ Tor + VPN + cryptocurrency
■ bank trojans■ card writers■ “disposable” computers
a look back at “where’s your data”
preventing similar breaches with a CASB
identity data-centric securitydiscovery
casb identity:avoid reusing passwords, implement better authentication
■ cloud app identity management should maintain the best practices of on-prem identity
■ SSO enables cross-app visibility into suspicious access activity
■ contextual multi-factor authentication mitigates risk
casb discovery:set up alerts for unusual activity
■ analyze outbound data flows to learn what SaaS apps your organization is using
■ understand risk profiles of different apps
■ essential in process of enabling secure cloud app usage
casb security:granular access control and DLP
the new data reality requires a new security architecture
■ cross-device, cross-platform agentless data protection
■ granular DLP for data at rest and in motion
■ contextual access control
■ detailed logging for compliance and audit
about bitglass
total data
protectionoutside the
firewall est. jan 2013
CA, NY, MA,
IL, NC12
resources:
■ project cumulus report
■ project cumulus video overview
■ definitive guide to CASBs
download the full project cumulus report
the bitglass research team leaked a fictitious bank employee’s credentials onto the dark web and tracked the activity that followed
download the report
bitglass.com@bitglass