1 / 62

Modern Day Attacks and a Silent Security Audit

Modern Day Attacks and a Silent Security Audit. Kierk Sanderlin. Monkey See, Monkey Do. Monkey see, Monkey do, Monkey sell. Black hole exploit kit. Case Study – the EuroGrabber. EuroGrabber. Mission Objectives:. Infect PC with Zeus Trojan. Infect Mobile with Zeus Trojan.

makara
Download Presentation

Modern Day Attacks and a Silent Security Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modern Day Attacks and a Silent Security Audit Kierk Sanderlin

  2. Monkey See, Monkey Do

  3. Monkey see, Monkey do, Monkey sell Black hole exploit kit

  4. Case Study – the EuroGrabber EuroGrabber

  5. Mission Objectives: Infect PC with Zeus Trojan Infect Mobile with Zeus Trojan Bypass two-factor authentication Goal: Steal money from banks

  6. Infect PC with Zeus Trojan User Visit an infected website Infected with a Zeus variant

  7. Zeus in action

  8. Zeus in action cont. C&C sends the victim an SMSwith a link to the mobile Zeus C&C Trojan sends Phone Number to C&C

  9. Mission Objectives: Infect PC with Zeus Trojan Infect Mobile with Zeus Trojan Bypass two-factor authentication Goal: Steal money from banks

  10. Bypassing Two-Factor Authentication Send TAN to C&C C&C sendsTAN back to the PC Trojan Mobile Trojan intercept the TAN Bank sends a TAN to the mobile C&C Trojan complete the transaction using the TAN Trojan initiate a transaction behind the scene

  11. Mission Objectives: Infect PC with Zeus Trojan Infect Mobile with Zeus Trojan Bypass two-factor authentication Goal: Steal money from banks

  12. Constantly changing environment “ Just as water retainsno constant shape, so in warfare there areno constant conditions ” - Sun Tzu, The Art of War

  13. There is a lot going on in 2012

  14. Looking back and forward 2012 2013 and beyond Main security threats & risks Security architecture Recommendations

  15. Multiple sources of data • Threat Cloud • 3D Reports • SensorNet

  16. A comprehensive survey

  17. A comprehensive survey % of companies By geography By sector APAC Other Industrial EMEA Consulting Telco Government Americas Finance

  18. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

  19. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  20. Another day, another major hack HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED

  21. 2012: the year of hacktivism Arab SpringPolitical freedom FoxconWorking conditions Justice DepartmentAnti-corruption VaticanUnhealthy transmitters UN ITU Internet deep packet inspection

  22. This does not affect me, right?

  23. The majority of companies are infected 100% = 888 companies of the organizations in the research were infected with bots 63%

  24. Once in … always on Communicating with command & control every21minutes

  25. Top 2012 Bots

  26. Exploit kits are easy to buy Available online Rental costs • One day – 50$ • Up to 1 month – 500$ • 3 month – 700$

  27. But there is more than Bots, right? How does malware get to my network? MalwareINSIDE

  28. Going to the wrong places… Every 23 minutes,a hostaccessesamalicious site

  29. Downloading malware all the time 53%of organizations saw malware downloads

  30. Most attacks originate in the US Top malware locations, % Germany2% UK2% Canada8% France2% Israel3% China3% Slovakia2% Turkey3% US71% Czech Rep2%

  31. Anatomy of an attack Recon 1 Exploit 2 Backdoor 3 Damage 4 BOT Toolkit RAT Virus

  32. Two major trends Profit driven A BOT Damage 4 RAT Virus B Ideological driven

  33. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  34. No longer a game

  35. What are risky applications? P2P file sharing Bypassing security or hiding identity Anonymizers File sharing / storage Do harm without the user knowing it Social networks

  36. Anonymizers Risky applications

  37. What is an anonymizer? FirewallOK User Proxy Site

  38. History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring

  39. The risk of anonymizers Bypasses security infrastructure Used by botnets to communicate Hide criminal, illegal activity

  40. Anonymizers inside the corporation 100% = 888 companies of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 47%

  41. P2P file sharing Risky applications

  42. The Risk of P2P Applications Downloading the latest“Walking Dead” episoderight now  “Back door” network access Pirated content liability Malware downloads

  43. P2P inside the corporation 100% = 888 companies of organizations had a P2P file sharing app in use 61%

  44. Case example: P2P Fines for information disclosers 3,800personal details shared on P2P 95,000personal details shared on P2P

  45. Main takeaways… 61% of organizations had a P2P file sharing app in use 47% of organizations had users of anonymizers

  46. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  47. How common is it? of organizations experienced data loss 54%

  48. Many types of data leaked 24% Source Code 14% Password protected file 7% Email marked as confidential 29% Credit card information 21% Other 13% Salary compensation information 7% Bank accounts numbers 6% Business data record

  49. PCI compliance can be improved 36% Of financial organizations sent credit card data outside the organization

  50. Case examples: oops, wrong address 11 emails for a lawyer to the wrong address Oct 2012 Worker fired for sending sensitive information to the wrong people Oct 2012 GPAs of all students leaked to hundreds of unintended recipients Apr 2012 Accidentally leaked 4,000 student social security numbers Apr 2012

More Related