Security Threat Presentation
-
Upload
robert-giannini -
Category
Technology
-
view
282 -
download
0
Transcript of Security Threat Presentation
![Page 1: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/1.jpg)
Cyber Security
GiaSpace
![Page 2: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/2.jpg)
2
Security is headline news
![Page 3: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/3.jpg)
3
CYBER SECURITYA New Headline
Every Day
![Page 4: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/4.jpg)
4
Changes in technology
SaaSSubscribe to applications
IaaSRent servers and
storage
CaaSCyberCrime made
easier
![Page 5: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/5.jpg)
5
Hacker Organization Centralized Build from scratch Own servers Expensive Large targets
Crime Ecosystem Distributed Buy or hosted Specialize in areas Cheap Smaller targets
OLD NEWEvolution of cyber crime
![Page 6: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/6.jpg)
6
Job postings Payment systems Marketplaces
Cybercrime is easier than everAnd it’s more accessible to everyone
![Page 7: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/7.jpg)
7
SMB in the crosshairs
PROPORTION OF BREACHES BY ORG
SIZE
15x
1x ORGS WITH 11-100 EMPLOYEES
ORGS WITH <11 or >100 EMPLOYEES2011
41%
TARGETED ATTACKS
AGAINST SMBS
41%36
%18%
2012 2013
41%
![Page 8: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/8.jpg)
First stage of attack: InfectFirst stage of Attack:
Infect
![Page 9: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/9.jpg)
9
Emails more finely tuned to SMB TACTICTrick SMB into opening link or attachment
http://thetechguyblog.com/wp-content/uploads/2012/08/Screen-Shot-2012-08-13-at-7.37.58-AM.png
http://www.onlinethreatalerts.com/article/2013/12/20/at-t-you-have-a-new-voice-mail-virus-email-message/5.jpg
![Page 10: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/10.jpg)
10
Malvertising on the Rise
1. Set up a website with exploit kit
2. Run an ad on Yahoo, AOL or other ad network, with legitimate company creative
3. Ad server redirects users to exploit kit site
4. User gets infected
How does malvertising work? Attn: NYTimes.com readers: Do not click pop-up box warning about a virus -- it’s an unauthorized ad we are working to eliminate.The New York Times
Top websites deliver CryptoWall ransomware via malvertising…Adam GreenbergSC Times
![Page 11: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/11.jpg)
11
Malvertising Targeting SMBs
Image: http://news.softpedia.com/news/CryptoWall-2-0-Delivered-Through-Malvertising-On-Yahoo-and-Other-Large-Sites-462970.shtml#sgal_0
![Page 12: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/12.jpg)
12
Explosion in SaaS/CaaS Plug-and-Play MarketplaceKits cost as little as $200
ANGLERRIGASTRUM
FIESTA
BLEEDING LIFE
BLACKHOLE
CRIMEPACK
DOTKACHEF
FLASHPACK
GONGDA
NITERIS
LIGHTSOUTNUCLEAR
ARCHIE
SWEETORANGE
![Page 13: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/13.jpg)
13
Exploit Kits Are Getting Better
http://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
![Page 14: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/14.jpg)
14
Intermediate step: Dropper Malware
![Page 15: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/15.jpg)
15
Increasingly Common Step: DropperIncreasingly Common Option for Ransomware
Bad actor gets a piece of malware on computer
1Malware sits quietly and just phones home; not the flashy/noisy malware
2Bad actor sells or
rents ability to infect computer Malware phones
home Installs main
payload: Ransomware, Keylogger, Spambot
3If contract ends or more capacity, install more malware
4
TACTICMalware that installs other malware
![Page 16: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/16.jpg)
16
ANTIVIRUS
http://malware.dontneedcoffee.com/2014/06/neutrino-bot-aka-kasidet.html
![Page 17: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/17.jpg)
17Source: krebsonsecurity.com
![Page 18: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/18.jpg)
18
Malware payloadMalware payload
![Page 19: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/19.jpg)
19
TACTICFinancial Fraud
http://news.softpedia.com/news/Price-of-Malware-Drops-SpyEye-Botnet-Available-for-150-114-265986.shtml
![Page 20: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/20.jpg)
20
![Page 21: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/21.jpg)
21
Battle Ground Cinema$81,000 stolenSource: Krebs On Security
Delray Beach Public Library$160,000 stolenSource: Krebs On Security
Brookeland Fresh Water Supply District$35,000 stolenSource: Krebs On Security
Spring Hill Independent School District$30,687 stolenSource: News-Journal
Crystal Lake Elementary School District
47$350,000 stolenSource: McHenry County Blog
DKG Enterprises$100,000 stolenSource: Krebs On Security
Downeast Energy & Building Supply$150,000 stolenSource: Bank Info Security
Little & King LLC$164,000 stolenSource: Krebs On Security
SMB bank account breaches
But this is just the beginning…
What about DOWNTIME & DATA THEFT?
![Page 22: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/22.jpg)
22
TACTICRansom encrypted data
Fake Anti-Virus FBI Ransomware Cryptovirus
– CryptoLocker– PrisonLocker– HowDecrypt– CryptorBit– CryptoDefense– CryptoWall
Ransomware
http://blogs-images.forbes.com/parmyolson/files/2014/02/cryptolocker.png
![Page 23: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/23.jpg)
23
CryptoVirus workflowInbound and outbound communication
Infect machine with early stage• Email• Exploit kit• Malvertisin
g• Dropper
1Phone home to Command and Control server to get encryption key
2Encrypt local and network share data• May take hours
to days to fully encrypt
• Makes finding a clean restore difficult
3Ransom user• Establish
deadline and threaten permanent data loss
4
TACTICRansom user for encrypted data
![Page 24: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/24.jpg)
24
Signature-based security evasion
![Page 25: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/25.jpg)
25
“Signature-based tools (antivirus, firewalls, and intrusion prevention) are only effective against 30–50% of current security threats.”IDCNovember 2011
![Page 26: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/26.jpg)
26
Getting Around Signatures: Crypters
![Page 27: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/27.jpg)
27
Getting Around Signatures: Crypters
![Page 28: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/28.jpg)
28
Getting Around Signatures
http://buy.aegiscrypter.com/
![Page 29: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/29.jpg)
29
Test Against Signature Based Tools
http://www.aegiscrypter.com/
New Malware executable is testedagainst AV and UTMs.
If detected, crypter runs againto create zero-day FUD
(Fully UnDetectable)
![Page 30: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/30.jpg)
30
Getting Around Signatures: Crypters
![Page 31: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/31.jpg)
31
DarkHotel Attack
OFF NETWORK AND
SUPPLIERS
BRANCH OFFICE/STORE/CLINIC
HQ
Attackers are targeting the
weakest links in the supply
chain
![Page 32: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/32.jpg)
32
SMBs used as launch pads for attacks
![Page 33: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/33.jpg)
33
“60 percent of small firms go out of business within
six months of a data breach.”
Source: National Cyber Security Alliance “America’s Small Businesses Must Take Online Security More Seriously” 2012
THE IMPACT OF A BREACH IS HIGH
![Page 34: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/34.jpg)
34
Strengthening security beyond signatures
![Page 35: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/35.jpg)
35
PREVENT: Malware Protect users across the full infection chain
‒ NOT JUST AN EXECUTABLE OR SIGNATURE Block sites with exploit kits at the network layer
‒ Whether it’s a whole site or an embedded ad Protect users from phishing attacks
‒ To prevent breaches Block malicious links in emails and applications
‒ Because the browser is not the only path of infection
![Page 36: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/36.jpg)
36
CONTAIN: the new preventionPrevent “Phoning home” Block “droppers” from getting malware
‒ Whether it’s ransomware, keyloggers, spam senders or DDoS bots Stop Spyware/Keyloggers from uploading data Prevent Ransomware from getting an Encryption Key Alert – and have team respond to alert
![Page 37: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/37.jpg)
37
Introducing predictive, cloud-delivered security
![Page 38: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/38.jpg)
38
PREDICTIVE INTELLIGENCE
70+ Billion Daily
Requests
Block Threats
Analytics
Automation
![Page 39: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/39.jpg)
39
Machine Learning
Graph Theory
Anomaly Detection
Temporal Patterns
Contextual Search
Visualization
Scoring
Probable malicious sites
Leveraging the Internet to identify suspected threat origins
Ingesting millions of data
points per second
Our security intelligence
WWWp2p
irc
![Page 40: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/40.jpg)
40
Security & risk mitigation: a layered approach
![Page 41: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/41.jpg)
41
Common security challenges
OFF-NETWORK COVERAGE
Few tools protect mobile workers, most users forget to turn on VPN, most new endpoint tools only detect
malware after the fact
APPLIANCES ARE EXPENSIVE & COMPLEX
Operations and management are
difficult or impractical, and are especially
complex for multiple locations
![Page 42: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/42.jpg)
42
The problems with Shadow ITWhat’s under the surface
1 in 5Employees use cloud apps to
share corporatedata
20%Of employees usethose cloud apps
without IT‘s permission
70%Of employees
use mobile devicesfor work
63%Of employees
access corporatedata outside the
network perimeter
Source: http://www.sailpoint.com/blog/wp-content/uploads/MPS-2014-Infographic-v2.png
![Page 43: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/43.jpg)
43
“More than 30% of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015”Gartner Forecast Overview, WW InfoSec2014
![Page 44: Security Threat Presentation](https://reader031.fdocuments.in/reader031/viewer/2022011722/58ecd44a1a28abc22a8b4651/html5/thumbnails/44.jpg)
44
Thank you