Upload
robert-giannini
View
282
Download
0
Embed Size (px)
Citation preview
Cyber Security
GiaSpace
2
Security is headline news
3
CYBER SECURITYA New Headline
Every Day
4
Changes in technology
SaaSSubscribe to applications
IaaSRent servers and
storage
CaaSCyberCrime made
easier
5
Hacker Organization Centralized Build from scratch Own servers Expensive Large targets
Crime Ecosystem Distributed Buy or hosted Specialize in areas Cheap Smaller targets
OLD NEWEvolution of cyber crime
6
Job postings Payment systems Marketplaces
Cybercrime is easier than everAnd it’s more accessible to everyone
7
SMB in the crosshairs
PROPORTION OF BREACHES BY ORG
SIZE
15x
1x ORGS WITH 11-100 EMPLOYEES
ORGS WITH <11 or >100 EMPLOYEES2011
41%
TARGETED ATTACKS
AGAINST SMBS
41%36
%18%
2012 2013
41%
First stage of attack: InfectFirst stage of Attack:
Infect
9
Emails more finely tuned to SMB TACTICTrick SMB into opening link or attachment
http://thetechguyblog.com/wp-content/uploads/2012/08/Screen-Shot-2012-08-13-at-7.37.58-AM.png
http://www.onlinethreatalerts.com/article/2013/12/20/at-t-you-have-a-new-voice-mail-virus-email-message/5.jpg
10
Malvertising on the Rise
1. Set up a website with exploit kit
2. Run an ad on Yahoo, AOL or other ad network, with legitimate company creative
3. Ad server redirects users to exploit kit site
4. User gets infected
How does malvertising work? Attn: NYTimes.com readers: Do not click pop-up box warning about a virus -- it’s an unauthorized ad we are working to eliminate.The New York Times
Top websites deliver CryptoWall ransomware via malvertising…Adam GreenbergSC Times
11
Malvertising Targeting SMBs
Image: http://news.softpedia.com/news/CryptoWall-2-0-Delivered-Through-Malvertising-On-Yahoo-and-Other-Large-Sites-462970.shtml#sgal_0
12
Explosion in SaaS/CaaS Plug-and-Play MarketplaceKits cost as little as $200
ANGLERRIGASTRUM
FIESTA
BLEEDING LIFE
BLACKHOLE
CRIMEPACK
DOTKACHEF
FLASHPACK
GONGDA
NITERIS
LIGHTSOUTNUCLEAR
ARCHIE
SWEETORANGE
13
Exploit Kits Are Getting Better
http://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
14
Intermediate step: Dropper Malware
15
Increasingly Common Step: DropperIncreasingly Common Option for Ransomware
Bad actor gets a piece of malware on computer
1Malware sits quietly and just phones home; not the flashy/noisy malware
2Bad actor sells or
rents ability to infect computer Malware phones
home Installs main
payload: Ransomware, Keylogger, Spambot
3If contract ends or more capacity, install more malware
4
TACTICMalware that installs other malware
16
ANTIVIRUS
http://malware.dontneedcoffee.com/2014/06/neutrino-bot-aka-kasidet.html
17Source: krebsonsecurity.com
18
Malware payloadMalware payload
19
TACTICFinancial Fraud
http://news.softpedia.com/news/Price-of-Malware-Drops-SpyEye-Botnet-Available-for-150-114-265986.shtml
20
21
Battle Ground Cinema$81,000 stolenSource: Krebs On Security
Delray Beach Public Library$160,000 stolenSource: Krebs On Security
Brookeland Fresh Water Supply District$35,000 stolenSource: Krebs On Security
Spring Hill Independent School District$30,687 stolenSource: News-Journal
Crystal Lake Elementary School District
47$350,000 stolenSource: McHenry County Blog
DKG Enterprises$100,000 stolenSource: Krebs On Security
Downeast Energy & Building Supply$150,000 stolenSource: Bank Info Security
Little & King LLC$164,000 stolenSource: Krebs On Security
SMB bank account breaches
But this is just the beginning…
What about DOWNTIME & DATA THEFT?
22
TACTICRansom encrypted data
Fake Anti-Virus FBI Ransomware Cryptovirus
– CryptoLocker– PrisonLocker– HowDecrypt– CryptorBit– CryptoDefense– CryptoWall
Ransomware
http://blogs-images.forbes.com/parmyolson/files/2014/02/cryptolocker.png
23
CryptoVirus workflowInbound and outbound communication
Infect machine with early stage• Email• Exploit kit• Malvertisin
g• Dropper
1Phone home to Command and Control server to get encryption key
2Encrypt local and network share data• May take hours
to days to fully encrypt
• Makes finding a clean restore difficult
3Ransom user• Establish
deadline and threaten permanent data loss
4
TACTICRansom user for encrypted data
24
Signature-based security evasion
25
“Signature-based tools (antivirus, firewalls, and intrusion prevention) are only effective against 30–50% of current security threats.”IDCNovember 2011
26
Getting Around Signatures: Crypters
27
Getting Around Signatures: Crypters
28
Getting Around Signatures
http://buy.aegiscrypter.com/
29
Test Against Signature Based Tools
http://www.aegiscrypter.com/
New Malware executable is testedagainst AV and UTMs.
If detected, crypter runs againto create zero-day FUD
(Fully UnDetectable)
30
Getting Around Signatures: Crypters
31
DarkHotel Attack
OFF NETWORK AND
SUPPLIERS
BRANCH OFFICE/STORE/CLINIC
HQ
Attackers are targeting the
weakest links in the supply
chain
32
SMBs used as launch pads for attacks
33
“60 percent of small firms go out of business within
six months of a data breach.”
Source: National Cyber Security Alliance “America’s Small Businesses Must Take Online Security More Seriously” 2012
THE IMPACT OF A BREACH IS HIGH
34
Strengthening security beyond signatures
35
PREVENT: Malware Protect users across the full infection chain
‒ NOT JUST AN EXECUTABLE OR SIGNATURE Block sites with exploit kits at the network layer
‒ Whether it’s a whole site or an embedded ad Protect users from phishing attacks
‒ To prevent breaches Block malicious links in emails and applications
‒ Because the browser is not the only path of infection
36
CONTAIN: the new preventionPrevent “Phoning home” Block “droppers” from getting malware
‒ Whether it’s ransomware, keyloggers, spam senders or DDoS bots Stop Spyware/Keyloggers from uploading data Prevent Ransomware from getting an Encryption Key Alert – and have team respond to alert
37
Introducing predictive, cloud-delivered security
38
PREDICTIVE INTELLIGENCE
70+ Billion Daily
Requests
Block Threats
Analytics
Automation
39
Machine Learning
Graph Theory
Anomaly Detection
Temporal Patterns
Contextual Search
Visualization
Scoring
Probable malicious sites
Leveraging the Internet to identify suspected threat origins
Ingesting millions of data
points per second
Our security intelligence
WWWp2p
irc
40
Security & risk mitigation: a layered approach
41
Common security challenges
OFF-NETWORK COVERAGE
Few tools protect mobile workers, most users forget to turn on VPN, most new endpoint tools only detect
malware after the fact
APPLIANCES ARE EXPENSIVE & COMPLEX
Operations and management are
difficult or impractical, and are especially
complex for multiple locations
42
The problems with Shadow ITWhat’s under the surface
1 in 5Employees use cloud apps to
share corporatedata
20%Of employees usethose cloud apps
without IT‘s permission
70%Of employees
use mobile devicesfor work
63%Of employees
access corporatedata outside the
network perimeter
Source: http://www.sailpoint.com/blog/wp-content/uploads/MPS-2014-Infographic-v2.png
43
“More than 30% of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015”Gartner Forecast Overview, WW InfoSec2014
44
Thank you