Targeted attacks
-
Upload
barry-shteiman -
Category
Technology
-
view
197 -
download
0
description
Transcript of Targeted attacks
![Page 1: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/1.jpg)
Confidential1 © 2013 Imperva, Inc. All rights reserved.
Targeted Attacks
Barry ShteimanDirector of Security Strategy
![Page 2: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/2.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Agenda
2
Compromised Insider Incident Analysis Anatomy of an Attack Current Controls Reclaiming Security
![Page 3: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/3.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Today’s Speaker - Barry Shteiman
3
Director of Security Strategy Security Researcher working
with the CTO office Author of several application
security tools, including HULK Open source security projects
code contributor CISSP Twitter @bshteiman
![Page 4: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/4.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Compromised Insider
4
Defining the Threat Landscape
![Page 5: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/5.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential5
“There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached.”
Shawn Henry, Former FBI Executive Assistant Director NY Times, April 2012
![Page 6: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/6.jpg)
Confidential6 © 2013 Imperva, Inc. All rights reserved.
Insider Threat Defined
Risk that the access rights of a trusted person will be used to view, take or modify data or intellectual property.
Possible causes: Accident
Malicious intent
Compromised device
![Page 7: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/7.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials.
7
Compromised Insider Defined
![Page 8: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/8.jpg)
Confidential8 © 2013 Imperva, Inc. All rights reserved.
Malicious vs Compromised Potential
1% < 100%
Source: http://edocumentsciences.com/defend-against-compromised-insiders
![Page 9: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/9.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential9
Look who made the headlines
Hackers steal sensitive data related to a planned 2.4B acquisition.
Hacker stole 4-million Social Security numbers and bank account information from state tax payers and businesses
![Page 10: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/10.jpg)
Confidential© 2013 Imperva, Inc. All rights reserved.
Evaluating Magnitude
10
Source: Verizon Data Breach Report, 2013
California 2012 Data Breach Report:
• More than half of the breaches were the result of intentional intrusions by outsiders or by unauthorized insiders.
Source: State of California Department of Justice, July 2013
![Page 11: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/11.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential11
Know your Attacker
Governments• Stealing Intellectual Property (IP) and raw data, Espionage• Motivated by: Policy, Politics and Nationalism
Industrialized hackers• Stealing IP and data• Motivated by: Profit
Hacktivists• Exposing IP and data, and compromising the infrastructure• Motivated by: Political causes, ideology, personal agendas
![Page 12: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/12.jpg)
Confidential© 2013 Imperva, Inc. All rights reserved.
What Attackers Are After
12
Source: Verizon Data Breach Report, 2013
![Page 13: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/13.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Data & IP
13
Two Paths, One Goal
User with access rights (or his/her
device)
Hacking (various) used in 52% of breaches
Online Application
Malware (40%)Social Engineering
(29%)
Source: Verizon Data Breach Report, 2013
Servers 54%Users (devices) 71%
People 29%
![Page 14: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/14.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Incident Analysis
14
The South Carolina Data Breach
![Page 15: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/15.jpg)
Confidential15 © 2013 Imperva, Inc. All rights reserved.
What Happened?
4M Individual Records Stolen in a Population of 5M
80%.
![Page 16: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/16.jpg)
Confidential16 © 2013 Imperva, Inc. All rights reserved.
A Targeted Database Attack
12-Sept-12 -14-Sept-12
Attacker steals the entire database
27-Aug-12
Attacker logs in remotely and accesses the
database
13-Aug-12
Attacker steals login credentials
via phishing email & malware
29-Aug-12 -11-Sept-12
Additional reconnaissance, more credentials
stolen
![Page 17: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/17.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
The Anatomy of an Attack
How does it work
17
![Page 18: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/18.jpg)
Confidential18 © 2013 Imperva, Inc. All rights reserved.
Anatomy of an Attack
Spear Phishing
![Page 19: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/19.jpg)
Confidential19 © 2013 Imperva, Inc. All rights reserved.
Anatomy of an Attack
Spear Phishing
C&C Comm
![Page 20: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/20.jpg)
Confidential20 © 2013 Imperva, Inc. All rights reserved.
Anatomy of an Attack
Spear Phishing
C&C Comm
Data Dump & Analysis
![Page 21: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/21.jpg)
Confidential21 © 2013 Imperva, Inc. All rights reserved.
Anatomy of an Attack
Spear Phishing
C&C Comm
Data Dump & Analysis
Broaden Infection
![Page 22: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/22.jpg)
Confidential22 © 2013 Imperva, Inc. All rights reserved.
Anatomy of an Attack
Spear Phishing
C&C Comm
Data Dump & Analysis
Broaden Infection
Main Data Dump
![Page 23: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/23.jpg)
Confidential23 © 2013 Imperva, Inc. All rights reserved.
Wipe Evidence
Anatomy of an Attack
Spear Phishing
C&C Comm
Data Dump & Analysis
Broaden Infection
Main Data Dump
![Page 24: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/24.jpg)
Confidential24 © 2013 Imperva, Inc. All rights reserved.
Searching on Social Networks…
![Page 25: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/25.jpg)
Confidential25 © 2013 Imperva, Inc. All rights reserved.
…The Results
![Page 26: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/26.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential26
Next: Phishing and Malware
How easy is it? A three-month BlackHole license,
with Support included, is US$700
Specialized Frameworks and Hacking tools, such as BlackHole 2.0, allow easy setup for Host Hijacking and Phishing.
![Page 27: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/27.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential27
Drive-by Downloads Are Another Route
September 2012 “iPhone 5 Images Leak” was caused by a Trojan Download Drive-By
![Page 28: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/28.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential28
Cross Site Scripting Is Yet Another Path
Persistent XSS Vulnerable Sites provide the Infection Platform
GMAIL, June 2012
TUMBLR, July 2012
![Page 29: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/29.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
The Human Behavior Factor
29
Source: Google Research Paper “Alice in Warningland”, July 2013
![Page 30: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/30.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential30
Current Controls
Wont the NGFW/IPS/AV Stop It?
![Page 31: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/31.jpg)
Confidential31 © 2013 Imperva, Inc. All rights reserved.
What Are the Experts Saying?
“Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.”
Mikko Hypponen, F-Secure, Chief Research Officer
Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/
![Page 32: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/32.jpg)
Confidential© 2013 Imperva, Inc. All rights reserved.
Security Threats Have Evolved…
Sources: Gartner, Imperva analysis
32
20132001
AntiVirusFirewallIPS
AntiVirusFirewallIPS
![Page 33: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/33.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Security Redefined
33
Forward Thinking
![Page 34: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/34.jpg)
Confidential© 2013 Imperva, Inc. All rights reserved.
The DISA Angle
34
“In the past, we’ve all been about protecting our networks—firewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. We’ve got to remove those and go to protecting the data”
Lt. Gen. Ronnie Hawkins JR – DISA.AFCEA, July 2012
![Page 35: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/35.jpg)
Confidential35 © 2013 Imperva, Inc. All rights reserved.
Rebalance Your Security Portfolio
![Page 36: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/36.jpg)
Confidential© 2013 Imperva, Inc. All rights reserved.
Assume You Can Be Breached
36
![Page 37: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/37.jpg)
Confidential© 2013 Imperva, Inc. All rights reserved.
Incident Response Phases for Targeted Attacks
37
Reduce Risk
Prevent Compromise
Detection
Containment
Insulate sensitive data
Password Remediation
Device Remediation
Post-incident Analysis
Size Up the Target
Compromise A User
Initial Exploration
Solidify Presence
Impersonate Privileged User
Steal Confidential Data
Cover Tracks
![Page 38: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/38.jpg)
Confidential38 © 2013 Imperva, Inc. All rights reserved.
Post-Webinar Discussions
Answers to Attendee
Questions
Webinar Recording Link Join Group
Join Imperva LinkedIn Group,Imperva Data Security Direct, for…
Webinar Materials
38
![Page 39: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/39.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Questions?
39
www.imperva.com
![Page 40: Targeted attacks](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b7d5e14a7959543e8b45af/html5/thumbnails/40.jpg)
© 2013 Imperva, Inc. All rights reserved. Confidential
Thank You!
40