Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The Latest Cyber Security Threats in Healthcare Threat Actors See Growing Value in PHI and an Industry that is Highly Valued yet Under Protected
July 28, 2015
Download the Replay on YouTube
David Merkel
Senior VP & CTO FireEye, Inc.
Today’s Speakers
Brian Stone
Manager, Customer Success
FairWarning, Inc.
Kurt Long
Founder & CEO
FairWarning, Inc.
Agenda
• Today’s emerging threat landscape
• Implications and action steps for the healthcare industry
• Outside threats vs inside threats
• How to create a coordinated world-class threat prevention and response framework
4 Copyright © 2015, FireEye, Inc. All rights reserved.
Cyber Attacks and Effective Defense in the Modern Era
The New Normal
Dave Merkel
Chief Technology Officer, FireEye
5 Copyright © 2015, FireEye, Inc. All rights reserved.
Introductions …and some definitions
6 Copyright © 2015, FireEye, Inc. All rights reserved.
Breaking Down the Threat
Nuisance Data Theft Cyber Crime Hacktivism Network Attack
Objective
Access &
Propagation
Economic, Political
Advantage
Financial
Gain
Defamation, Press
& Policy
Escalation, Destruction
Example Botnets & Spam Advanced Persistent
Threat Credit Card Theft
Website
Defacements
Destroy Critical
Infrastructure
Targeted
Character Automated Persistent Opportunistic Conspicuous Conflict Driven
7 Copyright © 2015, FireEye, Inc. All rights reserved.
What’s a Maginot?
French Minister of War
Awarded the Medaille
Militaire for valor
Fencer
Died of typhoid in 1932
Father of the Maginot Line
8 Copyright © 2015, FireEye, Inc. All rights reserved.
The Maginot Line
Constructed 1930-
1939
Designed to counter
WWI trench warfare
Cover mobilization of
French Army
9 Copyright © 2015, FireEye, Inc. All rights reserved.
The Maginot Line
Constructed 1930-
1939
Designed to counter
WWI trench warfare
Cover mobilization of
French Army
Flanking
10 Copyright © 2015, FireEye, Inc. All rights reserved.
“Generals are always preparing for the last war rather than
the next one.”
Credited to Georges Clemenceau
Prime Minister of France
11 Copyright © 2015, FireEye, Inc. All rights reserved.
“Generals are always preparing for the last war rather than
the next one.”
Credited to Georges Clemenceau
Prime Minister of France
[INSERT IRONY JOKE HERE]
12 Copyright © 2015, FireEye, Inc. All rights reserved.
The line’s “most dangerous aspect is the psychological
one, a false sense of security is engendered, a feeling of
sitting behind an impregnable iron fence…”
General Sir Alan Brooke
War Diaries, 1939-1945
13 Copyright © 2015, FireEye, Inc. All rights reserved.
Cybersecurity’s Maginot Line – May 2014
14 Copyright © 2015, FireEye, Inc. All rights reserved.
Cybersecurity’s Maginot Line – May 2014
15 Copyright © 2015, FireEye, Inc. All rights reserved.
1189 POV Customers
Maginot Revisited – January 2015
67 Countries
20+ Industries
96% Customers
Compromised
27% Had APT
16 Copyright © 2015, FireEye, Inc. All rights reserved.
Maginot Revisited – January 2015
17 Copyright © 2015, FireEye, Inc. All rights reserved.
40%
31%
21%
N. America EMEA APAC
JAPAN LATAM Rest of World
Data by Region
Number of PoV
Customers
% PoV
N. AMERICA 477 40%
EMEA 369 31%
APAC 252 21%
JAPAN 53 4.5%
LATAM 36 3%
ROW 2 <1%
18 Copyright © 2015, FireEye, Inc. All rights reserved.
Average Attack Seen Per Week
Exploit Malware
Download
Command
and Control
Per Week Per Week Per Week
Impacted Hosts Per Week
377
19 Copyright © 2015, FireEye, Inc. All rights reserved.
How Do We Know This Is Happening?
Source: Mandiant M-Trends 2015
24 days less than 2013
Longest Presence: 2,982 days
20 Copyright © 2015, FireEye, Inc. All rights reserved.
The Malware Lifespan: Two Hours
0
50000
100000
150000
200000
250000
300000
350000
0 1 2 3 4 5 6 7
2012 2013
Source: FireEye Labs
MA
LWA
RE
S
AM
PLE
S
HOURS
21 Copyright © 2015, FireEye, Inc. All rights reserved.
OF MALWARE ONLY EXISTS ONCE
OF MALWARE DISAPPEARS AFTER
ONE HOUR
22 Copyright © 2015, FireEye, Inc. All rights reserved.
Shark Slide
23 Copyright © 2015, FireEye, Inc. All rights reserved.
Case Study Cyber Attacks for Market Manipulation – FIN4
24 Copyright © 2015, FireEye, Inc. All rights reserved.
Overview
Financially-motivated threat group
Active since at least mid-2013
Targets confidential business information in emails - likely
for use in gaining insider trading advantage
Members appear to include native English speakers and
Wall Street insiders
Demonstrates familiarity with investment terminology,
inner workings of public companies
25 Copyright © 2015, FireEye, Inc. All rights reserved.
Intelligence Sources
Mandiant Incident Response Investigations
FireEye device detections
FireEye as a Service (FaaS) detections
Other research
26 Copyright © 2015, FireEye, Inc. All rights reserved.
Targets
27 Copyright © 2015, FireEye, Inc. All rights reserved.
Operations
Would you fall for it?
Spear phishing emails sent from
other victims’ email accounts, and
through hijacked email threads
Uses weaponized documents to
capture credentials via malicious
VBA macros; malicious URLs to
fake OWA sites
Difficult to detect because of its
simplicity. The actors real skill is
social engineering.
28 Copyright © 2015, FireEye, Inc. All rights reserved.
For every good guy, there
is a bad guy
Cyber, it’s not just for the
big players
All new technologies (e.g.
mobile) become targets
Espionage and Healthcare
This is the new normal
So What?
29 Copyright © 2015, FireEye, Inc. All rights reserved.
Addressing the Problem What Successful Organizations Are Doing
30 Copyright © 2015, FireEye, Inc. All rights reserved.
Defense in Depth – What Is It?
A military strategy; it seeks to delay rather than prevent
the advance of an attacker…
Rather than defeating an attacker with a single, strong
defensive line, [it] relies on the tendency of an attack to
lose momentum over a period of time…Once an attacker
has lost momentum …defensive counter-attacks can be
mounted on the attacker's weak points [to] drive the
attacker back to its original starting position.
Source: Wikipedia, “Defense in Depth”
31 Copyright © 2015, FireEye, Inc. All rights reserved.
Defense in Depth – What Is It?
An information assurance (IA) concept in which multiple
layers of security controls (defense) are placed throughout
an information technology (IT) system. Its intent is to
provide redundancy in the event a security control fails
or a vulnerability is exploited that can cover aspects of
personnel, procedural, technical and physical for the
duration of the system's life cycle.
Source: Wikipedia, “Defense in Depth (computing)”
32 Copyright © 2015, FireEye, Inc. All rights reserved.
Defense in Depth
AV FW IDS SIEM
33 Copyright © 2015, FireEye, Inc. All rights reserved.
Defense in Depth
AV FW IDS SIEM
Same Model, No Momentum Reduction
34 Copyright © 2015, FireEye, Inc. All rights reserved.
Defense in Shallow
AV
FW
IDS
SIEM
35 Copyright © 2015, FireEye, Inc. All rights reserved.
Defense in depth
AV
FW
IDS
SIEM
EXPERTISE AND
FORENSICS? ANALYTICS? BEHAVIOR?
36 Copyright © 2015, FireEye, Inc. All rights reserved.
So what’s working?
• War-time mindset:
acceptance of the new
normal
• Beyond compliance: look at
efficacy vs. real threats and
budget alignment
• Resilience: ability to
operate through the breach
37 Copyright © 2015, FireEye, Inc. All rights reserved.
Detect to Respond in Minutes…
38 Copyright © 2015, FireEye, Inc. All rights reserved.
Detect to Respond in Minutes…
39 Copyright © 2015, FireEye, Inc. All rights reserved.
2014
© F
airW
arn
ing,
In
c. –
Pri
vate
an
d C
on
fid
enti
al
Patient Privacy Monitoring and Data Visualization
Kurt J. Long FairWarning, Inc.
Escalating Advanced Threats
´1
Lost laptops, media, paper
records
Patient Complaints
Snooping
Medical & Financial ID Theft
2015 2013 2011
IRS Tax Fraud
2012 2014 Pre-2010
Sale of Patient Data
to Crime Rings
Sale of Physician
Data
to Crime Rings
Sale of Employee
Data
to Crime Rings
Rise of Cyber Threats
to Healthcare Industry
Foreign National
Espionage
Visual Analytics for Advanced Threats
• Access patient demographics after hours
• Benchmark users’
activity by self / peers
• Recognize specific
events / actions
Expertise Gap
Pre-2009 vs. 2015 Escalating Advanced Threats
Global Investigations
Partial FTE Advanced Analytics, Filtering, Proactive
Alerts
Investigations & Security Skills
Security Incident Management
Clinical Data & Workflow Expertise
OCR Audit Experience
Security, Forensics & Compliance Expertise
Coordinated Threat Protection & Response
Increase Emphasis on Rapid Response
with FairWarning Ready®
• Faster more coordinated response
• Improve patient privacy
• Efficient and cost effective
• Integrates with All major EHR and over
300+ Enterprise applications and security
vendors
Questions
• Please submit via the WebEx Q&A or Chat windows to the right side of your screen.
For more information, please visit:
www.FairWarning.com
www.fireeye.com
David Merkel
Senior VP & CTO FireEye, Inc.
Thank you for attending
Brian Stone
Manager, Customer Success
FairWarning, Inc.
Kurt Long
Founder & CEO
FairWarning, Inc. Blog: fairwarning.com/kurt-long-blog