470 likes | 628 Views
Modern Day Attacks and a Silent Security Audit. Kierk Sanderlin. Monkey See, Monkey Do. Monkey see, Monkey do, Monkey sell. Black hole exploit kit. Exploiting Zero-day vulnerabilities. Countless new variants. New vulnerabilities.
E N D
Modern Day Attacks and a Silent Security Audit Kierk Sanderlin
Monkey see, Monkey do, Monkey sell Black hole exploit kit
Exploiting Zero-day vulnerabilities Countless new variants New vulnerabilities An average of 70,000 to 100,000 new malware samples are created and distributed each day [Protected] Non-confidential content
What does a bot typically do when it is first started? • First Time DNS Query • GEO IP Query • Catalog of Asset • OS • Patch level • Apps
Woopsie “I made it about halfway through the list of companies in the Fortune 100 with names beginning in “C” when I found a hit: A hacked RDP server at Internet address space assigned to networking giant Cisco Systems Inc. The machine was a Windows Server 2003 system in San Jose, Calif., being sold for $4.55 (see screenshot below). You’ll never guess the credentials assigned to this box: Username: “Cisco,”; password: “Cisco”. Small wonder that it was available for sale via this service. A contact at Cisco’s security team confirmed that the hacked RDP server was inside of Cisco’s network; the source said that it was a “bad lab machine,” but declined to offer more details”
Looking back and forward 2012 2013 and beyond Main security threats & risks Security architecture Recommendations
Multiple sources of data • Threat Cloud • Span • Port • SensorNet
A comprehensive survey % of companies By geography By sector APAC Other Industrial EMEA Consulting Telco Government Americas Finance
The Security Report 2013 About the research Key findings Security strategy Summary
We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network
Anything for a Buck HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED
The majority of companies are infected 100% = 888 companies of the organizations in the research were infected with bots 63%
Exploit kits are easy to buy Available online Rental costs • One day – 50$ • Up to 1 month – 500$ • 3 month – 700$
But there is more than Bots, right? How does malware get to my network? MalwareINSIDE
Downloading malware all the time 53%of organizations saw malware downloads
Most attacks originate in the US Top malware locations, % Germany2% UK2% Canada8% France2% Israel3% China3% Slovakia2% Turkey3% US71% Czech Rep2%
We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network
What are risky applications? P2P file sharing Bypassing security or hiding identity Anonymizers File sharing / storage Do harm without the user knowing it Social networks
Anonymizers Risky applications
What is an anonymizer? FirewallOK User Proxy Site
History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring
Anonymizers inside the corporation 100% = 888 companies of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 47%
P2P file sharing Risky applications
The Risk of P2P Applications Downloading the latest“Walking Dead” episoderight now “Back door” network access Pirated content liability Malware downloads
P2P inside the corporation 100% = 888 companies of organizations had a P2P file sharing app in use 61%
We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network
How common is it? of organizations experienced data loss 54%
Many types of data leaked 24% Source Code 14% Password protected file 7% Email marked as confidential 29% Credit card information 21% Other 13% Salary compensation information 7% Bank accounts numbers 6% Business data record
PCI compliance can be improved 36% Of financial organizations sent credit card data outside the organization
We have all had this problem Error 552: sorry, that message exceeds my maximum message size limit Dropbox? YouSendIt? Windows Live?
Storing and Sharing applications 100% = 888 companies of organizations use file storage and sharing applications 80%
Top sharing and storage apps % of organizations But sharing is not always caring…
The Security Report 2013 About the research Key findings Security strategy Summary
We talked about three issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network
Addressing external threats Anti Bot FW IPS AV Anti-Spam Emulation
Enabling secure application use Application Control Antivirus Endpoint URLF
Preventing data loss Data User check Application Control End Point Doc Sec DLP
Remember……. Threatsto the organization Risky enterpriseapplications Data loss incidents in the network 63% 47% 54% used Anonymizers had a data loss event infected with bots