The 2019 Threat Landscape - Amazon Web Services€¦ · AntiVirus Application Control DLP...
Transcript of The 2019 Threat Landscape - Amazon Web Services€¦ · AntiVirus Application Control DLP...
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
The 2019 Threat Landscape
Marc Laliberte, Sr. Security Analyst
WatchGuard Technologies, Inc.
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
6 Years at WatchGuard Technologies
WatchGuard Threat Lab Manager
A lifetime of traditional ”hacking”
Specialist in network security and IoT
Marc Laliberte
Sr. Security Analyst
WatchGuard
Technologies
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Agenda & Take-aways
1. Threat Landscape Statistics
– General attack statistics
2. 2019 Top Cyber Threats
– Five cyber threats to watch out for
3. Defending Against Evolving Threats
3
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Threat Landscape by the Numbers
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
5
Endless Data Breaches
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
5
Endless Data Breaches
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
6
2018 Cost of Data Breach Study
Avg. cost per breach
Avg. cost per record
Cost increase
Record cost
increase
$3.86M
$148
6.2%
4.7%
Breach Costs Rise Slightly
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
7
* Ponemon’s 2018 Cost of a Data Breach Report
Companies Slow to Detect and Contain
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Top Cyber Threats
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
9
5 Threats to Beware of in 2019
Spear Phishing
Ransomworms
Fileless Malware
Crypto Hacking
Password Leaks
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
10
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Phishing – luring a victim into giving up credentials
or doing something via a legitimate seeming email
Spear-phishing – A more customized phishing
email that targets a specific individual or group
Whaling – spear-phishing that targets C-levels
Flavors of Phishing
Old phishing example:
• Not individualized
• Bulk recipients
• Uses real assets
• Malicious document
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Phishing – luring a victim into giving up credentials
or doing something via a legitimate seeming email
Spear-phishing – A more customized phishing
email that targets a specific individual or group
Whaling – spear-phishing that targets C-levels
Flavors of Phishing
Spear-phishing example:
• Personalized to me
• Fits my job role
• Understands business
relationships
• Sender makes sense in context
• Malicious attachment fits context
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Users Still Click Phishing Emails
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Users Still Click Phishing Emails
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Users Still Click Phishing Emails
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
13
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Ransomware is a form of
malware that encrypts your files
and demands you pay a
ransom.
A Worm is a type malware
that spreads automatically
over your network.
A Ransomworm is extremely
nasty ransomware that spreads to
many computers in your network
What is a RansomWORM?
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
15
Emerged Friday, May 12th , 2017
Started in Europe
– NHS, UK (40+ locations)
– Telefonica, Spain
– Deutsche Bahn
– Fedex, US
Strong 2048-bit encryption
Leaked NSA exploit (MS17-010)
~400,000 global victims
~$300-600 ransom (bitcoin)
Mostly Windows 7
Estimated $4 billion in loses
Many copycat variants have emerged
WannaCry: Ransomworm Spreads Globally
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
16
WannaCry Still Spreading as of Mar. 2018
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
17
New Ransomware Hobbles City
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
18
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
19
What is Fileless Malware?
A fileless infection or fileless
malware is a threat that
ONLY loads malicious code in
memory, rather than installing
it on the victim’s hard drive.
Fileless Malware:
Is harder for traditional AV to catch
Tends to inject normal processes on your computer
Often leverages Powershell and scripts
Typically arrives in two ways:
1. Exploits a software vulnerability on your computer
2. Can arrive as a document (a file), that runs a script
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
20
Fileless Malware Growing
* Ponemon Institute’s “The 2017 State of Endpoint Security Risk Report”
77% of attacks that successfully compromised
organizations in 2017 utilized fileless techniques -
Ponemon Institute
Fileless malware attacks accounted for 52% of all attacks
in 2017 - Carbon Black
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
21
Word DDE Attacks
Macro-less Word malware abuses
Microsoft’s Dynamic Data Execution
(DDE) features to executed code on a
victim computer.
Example:
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
22
Word DDE Attacks
Example of code in one Word doc:
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
22
Word DDE Attacks
Example of code in one Word doc:
Downloads obfuscated code
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
22
Word DDE Attacks
Example of code in one Word doc:
Downloads obfuscated code DECODED
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
23
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Cryptocurrencies Rocket in Value
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Cyber Criminals Target Anything With Value
How cyber criminals user cryptocurrency1. Used for ”anonymous” ransom currency
2. Target online cryptocurrency wallets
3. Find and steal cryptocurrency directly from victim
computers
4. CryptoJacking
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Cyber Criminals Target Anything With Value
How cyber criminals user cryptocurrency1. Used for ”anonymous” ransom currency
2. Target online cryptocurrency wallets
3. Find and steal cryptocurrency directly from victim
computers
4. CryptoJacking
Cryptojacking is hijacking a
victim’s compute resource to mine
cryptocurrency without the victim’s
knowledge.
Hidden script on web sites
Malware payloads
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Cyber Criminals Target Anything With Value
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
27
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Identities Are on the Loose…
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard ISR: .GOV & .MIL Analysis
• Leaked .gov passwords = 380077
• Leaked .mil passwords = 503878
Do government and military organizations use
password security best practices?
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard ISR: .GOV & .MIL Analysis
• Leaked .gov passwords = 380077
• Leaked .mil passwords = 503878
Do government and military organizations use
password security best practices?
Combined, only .07% of these addresses used one of
the 50 most common passwords.
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard ISR: .GOV & .MIL Analysis
• Leaked .gov passwords = 380077
• Leaked .mil passwords = 503878
Do government and military organizations use
password security best practices?
Combined, only .07% of these addresses used one of
the 50 most common passwords.
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
30
Breaches Are Leveraging Stolen Credentials
61%
39%
81%
19%2015 2016
Breaches that Leveraged Either Stolen and/or Weak Passwords
Source: Verizon Data Breach Investigations Report
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Too scary! Kitten break….
31
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
32
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Prevention: Defense in Depth
33
Advanced threats, by definition, leverage
multiple vectors of attack.
No single defense will protect you
completely from computer attacks…
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
Prevention: Defense in Depth
33
Advanced threats, by definition, leverage
multiple vectors of attack.
No single defense will protect you
completely from computer attacks…
Firewall
Intrusion Prevention System
AntiVirus
AntiSpam
Reputation Services
APT Protection
The more layers of security you
have, the higher chance an
additional layer catches an
advanced threat other layers miss.
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
DELIVERYThe attack payload is delivered
through the network perimeter
RECONNAISSANCEThe attacker gathers information on the victim
Cyber Kill
Chain 3.0
COMPROMISE/ EXPLOITVulnerabilities from reconnaissance stage
are exploited to launch an attack
OBJECTIVES/ EXFILTRATIONThe goal of the attack is accomplished
INFECTION/ INSTALLATIONThe attack payload is installed on the
system and persistence is obtained
LATERAL MOVEMENT/
PIVOTINGThe attacker moves behind the network
perimeter to their final target
COMMAND AND CONTROLThe attack payload calls home for instructions
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard Breaks the KillChainRECONNAISSANCE
COMPROMISE/ EXPLOIT
COMMAND AND CONTROL
OBJECTIVES/ EXFILTRATION
DELIVERY
INFECTION/ INSTALLATION
LATERAL MOVEMENT/
PIVOTING
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
WatchGuard Breaks the KillChain
Packet
FilteringProxies
IPS APT Blocker Gateway
AntiVirus
Packet
Filtering
IPS APT Blocker Gateway
AntiVirusDLPApplication Control Reputation
Enabled Defense
Application ControlPacket
FilteringWeb
Blocker
IPS APT Blocker Gateway
AntiVirus
Reputation Enabled
Defense
RECONNAISSANCE
COMPROMISE/ EXPLOIT
COMMAND AND CONTROL
OBJECTIVES/ EXFILTRATION
DELIVERY
INFECTION/ INSTALLATION
LATERAL MOVEMENT/
PIVOTING
APT Blocker Gateway
AntiVirusTDR
IPSWeb
Blocker
TDR Botnet
Protection
Packet
FilteringDLP Botnet
Protection
Copyright ©2018 WatchGuard Technologies, Inc. All Rights Reserved
36
Contact Me
Email: [email protected]
Twitter: @XORRO_
LinkedIn: /in/marc-laliberte/
Secplicity.org/The443