1 / 57

What’s Hiding on Your Network?

What’s Hiding on Your Network?. Kevin Jones. Monkey See, Monkey Do. Monkey see, Monkey do, Monkey sell. Black hole exploit kit. A PC for hire on most any fortune 500 network?. Woopsie.

luka
Download Presentation

What’s Hiding on Your Network?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s Hiding on Your Network? Kevin Jones

  2. Monkey See, Monkey Do

  3. Monkey see, Monkey do, Monkey sell Black hole exploit kit

  4. A PC for hire on most any fortune 500 network?

  5. Woopsie “I made it about halfway through the list of companies in the Fortune 100 with names beginning in “C” when I found a hit: A hacked RDP server at Internet address space assigned to networking giant Cisco Systems Inc. The machine was a Windows Server 2003 system in San Jose, Calif., being sold for $4.55 (see screenshot below). You’ll never guess the credentials assigned to this box: Username: “Cisco,”; password: “Cisco”. Small wonder that it was available for sale via this service. A contact at Cisco’s security team confirmed that the hacked RDP server was inside of Cisco’s network; the source said that it was a “bad lab machine,” but declined to offer more details”

  6. 2012: the year of hacktivism Arab SpringPolitical freedom FoxconWorking conditions Justice DepartmentAnti-corruption VaticanUnhealthy transmitters UN ITU Internet deep packet inspection

  7. DDOS the Picket Line of the Future?

  8. Looking back and forward 2012 2013 and beyond Main security threats & risks Security architecture Recommendations

  9. Constantly changing environment “ Just as water retainsno constant shape, so in warfare there areno constant conditions ” - Sun Tzu, The Art of War

  10. Exploiting Zero-day vulnerabilities Countless new variants New vulnerabilities An average of 70,000 to 100,000 new malware samples are created and distributed each day [Protected] Non-confidential content

  11. Real World Data

  12. Threat Emulation Statistics

  13. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

  14. Multiple sources of data • Threat Cloud • 3D Reports • SensorNet

  15. A comprehensive survey

  16. A comprehensive survey % of companies By geography By sector APAC Other Industrial EMEA Consulting Telco Government Americas Finance

  17. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

  18. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  19. Anything for a Buck HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED

  20. This does not affect me, right?

  21. The majority of companies are infected 100% = 888 companies of the organizations in the research were infected with bots 63%

  22. Once in … always on Communicating with command & control every21minutes

  23. Exploit kits are easy to buy Available online Rental costs • One day – 50$ • Up to 1 month – 500$ • 3 month – 700$

  24. But there is more than Bots, right? How does malware get to my network? MalwareINSIDE

  25. Going to the wrong places… Every 23 minutes,a hostaccessesamalicious site

  26. Downloading malware all the time 53%of organizations saw malware downloads

  27. Most attacks originate in the US Top malware locations, % Germany2% UK2% Canada8% France2% Israel3% China3% Slovakia2% Turkey3% US71% Czech Rep2%

  28. Anatomy of an attack Recon 1 Exploit 2 Backdoor 3 Damage 4 BOT Toolkit RAT Virus

  29. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  30. No longer a game

  31. What are risky applications? P2P file sharing Bypassing security or hiding identity Anonymizers File sharing / storage Do harm without the user knowing it Social networks

  32. Anonymizers Risky applications

  33. What is an anonymizer? FirewallOK User Proxy Site

  34. History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring

  35. Anonymizers inside the corporation 100% = 888 companies of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 47%

  36. P2P file sharing Risky applications

  37. The Risk of P2P Applications Downloading the latest“Walking Dead” episoderight now  “Back door” network access Pirated content liability Malware downloads

  38. P2P inside the corporation 100% = 888 companies of organizations had a P2P file sharing app in use 61%

  39. Case example: P2P Fines for information disclosers 3,800personal details shared on P2P 95,000personal details shared on P2P

  40. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  41. How common is it? of organizations experienced data loss 54%

  42. Many types of data leaked 24% Source Code 14% Password protected file 7% Email marked as confidential 29% Credit card information 21% Other 13% Salary compensation information 7% Bank accounts numbers 6% Business data record

  43. PCI compliance can be improved 36% Of financial organizations sent credit card data outside the organization

  44. Case examples: oops, wrong address 11 emails for a lawyer to the wrong address Oct 2012 Worker fired for sending sensitive information to the wrong people Oct 2012 GPAs of all students leaked to hundreds of unintended recipients Apr 2012 Accidentally leaked 4,000 student social security numbers Apr 2012

  45. We have all had this problem Error 552: sorry, that message exceeds my maximum message size limit Dropbox? YouSendIt? Windows Live?

  46. Storing and Sharing applications 100% = 888 companies of organizations use file storage and sharing applications 80%

  47. Top sharing and storage apps % of organizations But sharing is not always caring…

  48. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

More Related