Embed Size (px)
DESCRIPTION
By nature, humans are inclined to trust. Unfortunately, attackers are often successful in breaching large enterprises by targeting specific individuals and utilizing social engineering to obtain confidential information. Once an adversary is able to gain enough data through social media or other channels, they can pose as an authentic user with valid credentials, bypassing traditional security measures. Join Lancope’s Joey Muniz, aka The Security Blogger, to hear about his successful, real-life experiments in using social engineering to easily compromise high-profile targets. Learn about: · The dangers of insider threats ·How attackers are leveraging social media to compromise targets · Best practices for defending network interiors from attackers with authentic credentials
Citation preview
© Lancope 5/5/2013
This talk focuses on Facebook & LinkedIN HOWEVER
these are not the only Social Engineering attack vectors
• Fake Police Department for DOJ
• Fake Emergency Responder To Gain Access
• Scary Take a job, gather info, leave
Warning!
Who Are Your Cyber Friends?
Or Joseph ???
Josephine ???
People send 64 million tweets per day. Lady Gaga has more followers than the president.
The Facts
1 in 5 Couples meet online. 1 in 5 also blame divorce on Facebook
Facebook passed Google - most visited internet site. • 11% of world’s population has Facebook account.
• More Facebook accounts than automobiles.
• If Facebook were a country, it would be the 3rd largest
in the world
What Is Your Digital Identity?
Robin Sage
Fictional American cyber threat analyst created to abstract sensitive information. She graduated from MIT and had 10 years of experience despite she was 25 years old. Despite the fake profile, she was offered consulting work with notable companies such as Google and Lockheed Marti. She had friends in the FBI, CIA and even offered dinner invitations from male friends.
Emily Olivia Williams
Fictional CSE created to abstract sensitive information from a specific target. She graduated from MIT and had 10 years of experience despite she was 28 years old. Despite the fake profile, she was offered sensitive information from our target’s AM and CSEs. She had friends in large partner vendors and even offered dinner invitations from male friends.
The Impact of Social Media 10 minutes: 20 Facebook connections 6 LinkedIn Connections 15 hours: 60 Facebook connections 55 LinkedIn Connections 24 hours: 3 job offers
Total Connections: 170 Employees 71 Cisco; 22 NetApp; 10 EMC; 35 McAfee 300+ Facebook friends Endorsements: 22 LinkedIn Endorsements For Expertise and Experience From Partners and co-workers Offers: 4 job offers, Laptop and office equipment, network access.
What we Did What?
Created fake FaceBook and LinkedIn profile to gain information using social media.
How?
Social engineering techniques that allowed us to participate as a New Hire
What was captured?
Salesforce Logins, Issued Laptops, Jobs offers, Endorsements, Meet up requests
What was the real threat?
Published a Christmas card on social networks that gave us remote access to anyone that clicked on the link. This gave us significant access to devices and data.
The Social Engineering Kill Chain
Reconnaissance Gain Access through Facebook and learn lifestyles
Privilege escalation Gain C Level friends through other friends
Infiltrate
• Post links to hide attacks, collect information and fingerprint target
• Email rootkit / Trojan horse applications
Establish Foothold
• Build backdoors and map out target’s internal network
• Compromise Authentication – Create Email and Admin account
Own Remove sensitive data
What Does Emily Teach Us? • Identities are a very Valuable commodity
• Humans are naturally trusting
• People use the same passwords for everything!
• Attractive women can bypass procedures in a male dominated
industry (Yes I said it … and its true!)
• Common security products do not protect your employees from Social Engineering
• Social Engineering threats can impact your business.
• There isn’t a silver bullet product that can protect you from a future Emily Williams
Emily Williams Good News
Some people asked “Do I know you”?
Some people on Facebook flagged suspicious activity
Emily Williams Bad News
What do you leave on social networks that could be used against you?
Some people pretended to know her after using data from their facebook page
Social Engineer Countermeasures
• Question suspicious behavior
• Forward any possible threats to HR
• Be aware of what is public
• Never share work intel on social networks
• Protect your data with STRONG passwords.
• Don’t share devices used for work.
Your Infrastructure Provides the Source...
Internet
Atlanta
San Jose
New York
ASR-1000
Cat6k
UCS with Nexus 1000v
ASA Cat6k
3925 ISR
3560-X
3750-X Stack(s)
Cat4k Datacente
r
WAN
DMZ
Access
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow NetFlow
StealthWatch for APTs
StealthWatch delivers visibility and actionable insight throughout the kill chain
19 © Lancope 5/5/2013
Recon
Exploitation (Social Engineering?)
Initial Infection
Command and Control
Internal Pivot
Data Preparation and Exfiltration
Stop Problems Before They Become Crises
Imp
act
to
th
e B
usi
nes
s (
$ )
credit card data compromised
attack identified
vulnerability closed
attack thwarted
early warning
attack identified
vulnerability closed
attack onset
STEALTHWATCH REDUCES MTTK
Company with StealthWatch
Company with Legacy Monitoring
Tools
21 © 2013 Lancope, Inc. All rights reserved.
~70% of Incident Response is spent on MTTK
“Worm outbreaks impact revenue by up to $250k /
hour. StealthWatch pays for itself in 30 minutes.” F500 Media Conglomerate
259% ROI
MTTK
Time
Thank you
www.lancope.com
www.thesecurityblogger.com
Cisco Cyber Threat Defense
BTW Lady Ga Ga’s twitter is @ladygaga
