Embed Size (px)
Citation preview
MT 41 Key Security Insights: Examining the past to predict future threats
Dell Security threat intelligence
Global Response Intelligent Defense (GRID) Network
• Threat research team
• Active participant in leading research organizations
• World-wide monitoring
• Advanced tracking and detection (i.e. Honeypots and Sandboxing)
• Continuous real-time counter-threat intelligence
• Industry leading responsiveness
4.7 billion | intrusions blocked daily by Dell firewalls
58% | Increase in intrusion attempts in 2014
4.2 billion | Malware attacks blocked by Dell firewalls in 2014
2X | Growth in unique malware attacks in 2014
Top Malware
Spin-offs of Cryptolocker for both Windows and Android platforms1
Wirelurker malware targeting iOS2
Point-of-sale malware used for targeted attacks against big retail chains3
Global Marketing
The top malware delivery methods are not surprising
Website download
Text message (SMS)
Phishing
Portable device (USB)
14% | increase in web applications used in 2014
What did we find last year?
Q1 2014 Q2 2014 Q3 2014 Q4 2014 Q1 2015 Q2 2015 Q3 2015
TARGET
MICHAELS
NEIMANMARCUS
AARON BROTHERS
SALLY BEAUTY
PF CHANGS
ALBERTSONS
UPS
STAPLES
HOME DEPOT
GOODWILL
KMART
DAIRY QUEEN
SONY
ANTHEM
OFFICE OF PERSONNEL
MANAGEMENT
ASHLEY MADISON
BLUE CROSS
HARVARD UNIVERSITY
3X more POS malware
countermeasures deployed
in 2014
Punkey(April 2015)
NewPosThings.C(April 2015)
PoSeidon(March 2015)
POS.UCC: a new multi-component POS malware
(February 2015)
What does this new POS malware do?
•Searches system registry for VNC passwords
•Scraping the memory of current processes for credit card information periodically
•Transfer credit card data in Base64 format to the command and control (C&C) server
2015 has been busy
Are you inspecting HTTPS traffic today?
Yes
No
Not sure
1
Many of your users’ web sessions are encrypted with HTTPS
Encrypted web traffic growth
315%
66%
470%
Source: http://bit.ly/1MHk70k
SSL comprises 1/3 of typical enterprise traffic
SSL traffic is growing 20% per year
50% of all attacks are predicted to use SSL by 2017
Google represents over half of all encrypted web traffic
December 2014
SSL web connections increased 109% in 2014
60%
40%
2
By Jeremy Kirk, IDG News Service, Jul 27, 2015
You can’t protect what you can’t see — attacks unseen by most firewalls
“…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”
Global Marketing
Supervisory Control and Data Acquisition (SCADA) Systems
Global Marketing
SCADA presents some significant security challenges
Large-scale
Easy to use
Open design
Insecure
Attacks doubled on SCADA systems
SCADA Hits Monthly
3
Top SCADA attack methods
Source: ICS-CERT and National Vulnerability Database
More highly targeted smartphone malware emerges
ATTACKS
OF 2014
AndroidLockerSimpleLocker
AndroRATDendroid
WindseekerWirelurker
4
0
Android Titanium malware hides all its malicious code in a library file
(April 2015)
http://bit.ly/1Phq4lg
What the background services do?
Captures sensitive user information such as Phone number, OS and MAC address
Collects SMS related data on the device and sends it to the server
Collects call related information on the device and sends it to the server
Monitors and sends status of the device screen while its active or in standby
Two Bitcoin exchanges forced to close due to losses from 2014 attacks:
1. Mt. Gox 2. Flexcoin
Poloniex was hacked
for 12.3% of its
reserve
Digital currencies including Bitcoin will continue to be targets of mining attacks
By the end of 2015:
• Bitcoin wallets estimated to reach 12 million
• Number of vendors accepting Bitcoin is expected to be more than 140,000
5
Source: State of Bitcoin 2015: Ecosystem Grows Despite Price Decline,”
CoinDesk, January 7, 2015,
Key Takeaways
• Choose a security framework to establish security baselines
• Conduct annual security training for everyone
• Establish multiple layers of network security including wireless
• Keep security services active and up-to-date
• Make your endpoints secured as they can be
Protect Comply Enable
Better security for better business.
User – Identity and Access Management
Endpoint
(Datacenter – Edge)
Network
(Perimeter and beyond)
Data and Application
(On-premises – Cloud)
Managed Security Services Security Intelligence and Response
Strategically connect solutions to enable better outcomes
Download the2015 Dell Security
Annual Threat Report
https://marketing.sonicwall.com/whitepaper/dell-network-security-threat-report-2014874708/
Thank You!
