1 / 27

Security in a changing threat landscape

Security in a changing threat landscape. Graeme Pinkney Symantec EMEA Gpinkney@symantec.com. The threat key messages. The development, distribution, and use of malicious activities and services by attackers are becoming increasingly professional and even commercial.

oliverdean
Download Presentation

Security in a changing threat landscape

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in a changing threat landscape Graeme Pinkney Symantec EMEA Gpinkney@symantec.com

  2. The threat key messages • The development, distribution, and use of malicious activities and services by attackers are becoming increasingly professional and even commercial. • Attackers are indirectly targeting victims by first exploiting trusted environments to use as sources for the distribution of malicious programs. • Increasingly, attackers are using multi-staged attacks in which an initial compromise is used to establish a “beachhead” from which subsequent attacks are launched. Graeme Pinkney Symantec EMEA

  3. Sla.ckers.org, lists of vulnerable trusted web sites Graeme Pinkney Symantec EMEA

  4. Government Sites in Australia Graeme Pinkney Symantec EMEA

  5. The Cybercrime Business Model It Just Works…..

  6. Online Fraud: Legitimate Business Model R & D Manufacturing Business Development Central Management & Marketing Logistics Investment Sales Graeme Pinkney Symantec EMEA

  7. Vulnerability Discovery & Exploitation Botnet Deployment Money Laundering Criminal Actions Online Fraud: Cybercrime Business Model Criminal Mobility using Internet Malware Production R & D Manufacturing Business Development The Internet Central Management & Marketing Logistics Investment Sales Graeme Pinkney Symantec EMEA

  8. A win for the good guys! Christopher William Smith (26) • He made $20 million in sales Xpress Pharmacy Direct (spam) • He paid Dr Philip Mach $7 a time, who issued 72,000 prescriptions • He was arrested for: • Conspiracy to distribute controlled substances • Wire fraud • Selling misbranded drugs • Money laundering • He vomited ½ way through the reading • 9 guilty verdicts, faces a 20-year mandatory minimum prison sentence Graeme Pinkney Symantec EMEA

  9. Ransoware affects Enterprise too…! Taken from a drop site of compromised IP addresses. 152.120.156.x, US, Maryland, Bladensburg, U.S. Dept. of Transportation 151.193.252.x, US, Texas, Fort Worth, American Airlines 156.80.63.x, US, District of Columbia, Washington, Booz, Allen, and Hamilton 156.80.68.x, US, Virginia, Alexandria, Booz, Allen, and Hamilton 156.80.63.x, US, District of Columbia, Washington, Booz, Allen, and Hamilton 156.152.33.x, US, California, Palo Alto, Hewlett Packard 196.3.51.x, US, New Jersey, Livingston, Hoffmann LaRoche 209.233.153.x, US, California, Los Angeles, LA County Bar Association 47.230.0.x, US, Texas, Plano, Nortel Networks 204.99.250.x, US, Illinois, Wheaton, OfficeMax 170.223.143.x, US, Massachusetts, Attleboro, Partners HealthCare System 144.160.130.x, US, Texas, Plano, Ameritech Electronic Commerce 161.242.10.x, US, New York, Rochester, BAUSCH & LOMB 75.17.55.x, US, California, Fremont, HISPANIC CHAMBER OF COMMERCE Graeme Pinkney Symantec EMEA

  10. Shift Happens! • During this presentation (Approximate figures) • 400 children will be born in North America - 1625 in China - 2378 in India • There are more than 106 million registered users of MySpace (Sept 2006) • If MySpace were a country it would be the 11th largest in the world … somewhere between Japan and Mexico • There are over 2.7 billion Google searches performed every month • To whom did we refer these searches B.G. (Before Google)? • The number of text messages sent daily exceeds the population of the planet • The amount of new technical information is doubling every 2 years - If all things remain equal by 2010 it will be doubling every 72 hours • Were do we keep it all?? • We’ve cumulatively waited 6 Billion hrs for internet pages to load (so far this year as of mid March 2007) Graeme Pinkney Symantec EMEA

  11. All that shift creates an opportunity

  12. MySpace Account Details Graeme Pinkney Symantec EMEA

  13. What are the risks • 93% of all attacks target the end user… • From A Recent Survey (193.000 endpoints) • 13% had unauthorised USB devices attached to PC’s/Laptops • 4% of Corporate PC’s had P2P software installed • 1% had remote control software installed such as “GotoMyPC” • That means nearly 8000 corporate PC’s had access to P2P networks, and nearly 2000 could remotely access their corporate PC..!! • In another survey, 20% say that nearly 50% of their data sits on the endpoints.!! Graeme Pinkney Symantec EMEA

  14. Attack TrendsBot Networks • During the current reporting period Symantec observed an average of 52,771 active bot network computers per day, a 17% decrease from the last half of 2006. The worldwide total of distinct bot-infected computers that Symantec identified dropped to 5,029,309 - a 17% decrease. • Command and control servers decreased during this period to 4,622 - a 3% decrease. The United States continues to have the highest number of command and control servers worldwide with 43% - a 3% increase from its previous total. • China has increased its global proportion of bot-infected computers to 29% while the United States continues to decline somewhat. China’s bot growth has slowed since last year when it increased by 15%. Graeme Pinkney Symantec EMEA

  15. Attack TrendsUnderground Economy Servers • Trading in credit cards, identities, online payment services, bank accounts, bots, fraud tools, etc. are ranked according to goods most frequently offered for sale on underground economy servers. • Credit cards were the most frequently advertised item (22%) followed by bank accounts (21%). • Email passwords sell for almost as much as a bank account. Graeme Pinkney Symantec EMEA

  16. Attack TrendsData Breaches • Information on data breaches that could lead to identity theft. Data collected is notSymantec data. • The Education sector accounted for the majority of data breaches with 30%, followed by Government (26%) and Healthcare (15%) - almost half of breaches (46%) were due to theft or loss with hacking only accounting for 16%. • Hacking resulted in 73% of identities being exposed Graeme Pinkney Symantec EMEA

  17. Attack TrendsMalicious Activity • Between January 1st and June 30th the United States was the top country for malicious activity (raw numbers) with 30% of the overall proportion. China was ranked second with 10%. • When accounting for Internet populations, Israel was the top country with 11% followed by Canada with 6%. Seven of the top ten countries in this metric were located in EMEA. Graeme Pinkney Symantec EMEA

  18. Malicious Code TrendPropagation Vectors • Email attachment propagation is the number one propagation mechanism at 46%. • High percentages of various file-sharing mechanisms like CIFS and P2P show diversification to counter increasing email attachment blocking. Graeme Pinkney Symantec EMEA

  19. Have you got all angles covered? Graeme Pinkney Symantec EMEA

  20. Tactics have to change

  21. The threat is complex Creates new challenges for IT: • Complete understanding of security risk requires correlation of: • What is happening inside the network • With global threat activity outside the network • Prioritization • How do threats impact my environment? • What requires immediate attention? • What needs to be addressed over time? • Shift from incident response to proactive security protection Graeme Pinkney Symantec EMEA

  22. The threat landscape has changed dramatically constantly changing Stealth techniques are increasingly being used Hackers and criminals are planning the next steps external agenda You need to have the ability to focus attention on the area’s that will likely be a new attack vector If the attackers are planning the next steps, “What are you doing”? Forecasting the threat to business Graeme Pinkney Symantec EMEA

  23. New technologies are increasingly being adopted without the focus on what attack vectors will be available in 12 – 24 months. We are constantly in a reactive state We need to get smarter and proactive Focus attentions on intelligence and include this with your response efforts. Strategic Intelligence helps you make smarter decisions What are the benefits? Graeme Pinkney Symantec EMEA

  24. Threat Forecasting Service(s) Taking Advantage of the Global Intelligence Network

  25. Focusing your attentions Graeme Pinkney Symantec EMEA

  26. Threat significance Graeme Pinkney Symantec EMEA

  27. Thank You gpinkney@symantec.com

More Related