Upload
jie-liau
View
278
Download
4
Embed Size (px)
Citation preview
IBM X-Force Threat Intelligence Index 2017Jie Liau, June 2017
http://w3-01.ibm.com/sales/ssi/cgi-bin/ssialias?htmlfid=WGL03140USEN
Who am I
Defining Year of Security
● More than 4 billion records were leaked in 2016– More than the combined total from the 2 past years
– But...
– 12% decrease in attacks in 2016 compared to 2015
– 48% decrease in security incidents in 2016 compared to 2015
Huge Impact on Real World
● Panama Paper– Prime Minister of Iceland stepped down
● Hillary Clinton email controversy– President Trump
● Ukraine's power outage– Took place during an ongoing Russian-Ukrainian war
– BlackEnergy3 is used by Sandworm team
● First bank ATMs cashed out– Thailand and Europe
● Phishing– First step to attack
● Malware– Ransomware
● SQL Injection (SQLi)– Yahoo / Linkedin / Dropbox leak
● Distributed Denial of Service (DDoS)– Not long ago, 100Gbps attacks were unprecedented
– But...
– DNS provider, Dyn was attacked by Mirai botnet
– France-based hosting provider OVH was hit by 1Tbps DDoS attack, Dec 2016
– 650Gbps DDoS attach from Leet botnet
– China Great Cannon
● Undisclosed– Exploits that do not yet have defined signature or cannot be remediated by a software patch
● Among malicious attachment to spam, ransomware accounted for the vast majority – 85%
● Hollywood hospital pays 40 bitcons to unlock encrypted files
Record Numbers of Vulnerability disclosures
● Web application vulnerability disclosures made up 22% of the total in 2016
Top Attack Types
● Inject unexpected items– SQLi, OS CMDi
● Manipulate data structures– Buffer overflow
● Indicator– Either an attempted or a successful attack
● Employ probabilistic techiques– Brute-force password attack
● Engage in deceptive interaction– Phishing
● Top-Targeted Industries
● Where are the “BAD GUYS” ?
High-Level Trend
● Slow and steady wins the race● Cyber gangs sharpen the focus on business
accounts● Commercial malware making the rounds● Venturing into additional cybercrime realms
Extra Bonus ...
OWASP
● Open Web Application Security Project● Free and open software security community● OWASPBWA
– Broken Web Applications produces a virtual machine running a variety of applications with known vulnerabilities
– https://sourceforge.net/projects/owaspbwa/files/
China Great Cannon
GreatFire: https://github.com/greatfireCN-NY Times: https://github.com/cn-nytimes/
TOR Network● A group of volunteer-operated servers that allows
people to improve their privacy and security on the internet
wannacry
WannaCrypt0r: https://drive.google.com/xxxx/x/xxxxxxxxxxxxxxxxxxxxxxxxxxx/view?usp=sharing
Reverse: https://anhkgg.github.io/wannacry-analyze-report/
https://www.facebook.com/jie.liau
https://www.linkedin.com/in/jieliau/
https://github.com/jieliau
https://twitter.com/JieLiau
https://www.facebook.com/ibmsecurity/
https://www.linkedin.com/showcase/164263/
https://twitter.com/IBMSecurity
https://www.ibm.com/security/