230 likes | 237 Views
Cyber Crime’s New Era: Protecting Your Company from the Criminal Exploitation of the Internet. John Frazzini Secure Systems Integration Corporation. Agenda. Overview of the Cyber Threat Landscape Geopolitical Threats China & Asia Russia/former Eastern Block, Pro Islamic groups
E N D
Cyber Crime’s New Era: Protecting Your Company from the Criminal Exploitation of the Internet John Frazzini Secure Systems Integration Corporation
Agenda • Overview of the Cyber Threat Landscape • Geopolitical Threats China & Asia Russia/former Eastern Block, Pro Islamic groups Cyber-terrorism/Pro-Terrorist Groups • Technical Threats Malicious Code Web Application Security • Future Threat Trends: Convergence of geopolitical activity, technical threats • Industry Trends? • What can you do?
What do you determine to be the most significant cyber threat to your enterprise? • Cyber crime • Malicious code activity • Insiders • Support for security initiatives 0/0
Pro-China Hacking • China Eagle Union: possibly the largest organized hacker group in the world; branches all over China; hundreds of core members; possibly thousands of supporters • Most are highly nationalistic, revel in their support of government policies • Many seeking to do something "great" for China, become part of the elite • View real or perceived "slights" against China very seriously; Japan and US likely primary targets during key dates (i.e anniversaries, national holidays, etc.)
Former Soviet Union and E. European Criminal Elements and Hacking • Hacker culture in former Soviet Union (FSU) very extensive and complex • Reported large-scale bank frauds in FSU using hackers and corrupt insider • Many Russian organized crime groups believed to have "computer departments" with professional hackers • Stolen credit card hacking ("kreditki") huge in FSU - bazaars for hacker-carders • Use of fake Internet shops widespread; also spam and pornography geared to lure victims • Alleged sophisticated hacker attacks against some ATMs in FSU
Russia: “The Stealth Group” • A hacker “sect” - first of its kind in the world • dedicated to authoring destructive viruses; Stealth is a small, tight group; has undergone some internal strife in 2002 • Led by LovinGOD, anarchist, pro-terrorism • LovinGOD shows strong sympathy for terrorism in general; approved of 9-11 • Could make his services available to al Qaeda • Requirements for membership - one must be anti-social (no strong ties to family or an employer) and able to write an undetectable Windows virus
Pro-Terrorist Hackers • Prior to Iraq war, press indicated a “ten-fold increase” in pro-terrorist hacking • Trend is correct, BUT a misinterpretation of some defacement data (see recent report on Pro-terrorist hacking) • Pro-terrorist defacements began to rise sharply in October 2002 • Better trend analysis for pro-terrorist defacement attacks is monitoring .il (primarily anti-Israel defacements)
Hacker Culture: Brazil • Very active hacker population • Hundreds of .br hacker-related websites • Many of the most prolific defacers are Brazilian • Brazil Hackers Sabotage (BHS) has defaced thousands of websites globally. • BHS is top-tier defacement group in the world, according to the defacement-tracking Web site Zone.H.
Emerging Technical Threats Malicious Code • Slammer was only proof of concept; no payload, but spread globally in 10 minutes. • Blended Threats: infects multiple platforms in various ways; Warhol worms will spread very quickly. • Unpatched/unknown Vulnerabilities: usually predates automated attack worm (Code Red, Nimda, etc.) • Highly targeted services: DNS (BIND), HTTP and HTTPS (Apache, IIS, OpenSSL), SSH, SQL (Slammer)
Emerging Technical Threats, II Web Application Security • Generally, Web application is the easiest way to penetrate network and gain access. • Typical point security solutions (firewalls, IDS, etc.) are not effective in detecting/preventing Web application attacks. • IDS is not well developed for latest Web Application attacks • SSL does nothing to protect against these attacks • SQL Injection, Cross-Site Scripting, Poor User Session Management
Emerging Technical Threats, III. • Cross-site Scripting (XSS) • SQL Injection • All relatively easy to exploit. • Can result in an online user’s web application account being hijacked, data being compromised • Fairly High Profile Press Cases: Hotmail.com, Yahoo.com, Verizon, etc. • Prevalent disclosure among security mailing lists
“Warhol Worms” • It is well known that active worms such as Code Red and Nimda have the potential to spread very quickly, on the order of minutes to hours. • Hyper-virulent active worms, capable of infecting all vulnerable hosts in approximately 15 minutes to an hour. • "Warhol Worms“ use optimized scanning routines, hit-list scanning for initial propagation, and permutation scanning for complete, self coordinated coverage, could cause maximum damage before people could respond. • The potential mayhem is staggering.
What priority does your organization give to security? • Very high • High • Somewhat • Not a priority 0/0
How effective is the response? • Past: Technological solutions have been provided to this “technical” problem • Future: People, Process and Technology… • Key: Effective management of cyber threats and risk
Future Trends, Threats • Last year’s Sobig.f represents significant shift • Convergence of malicious code activity in support of mass financial criminal activity – criminal intent • Future: more sophisticated, organized mass victimization • Historical focus of hacking activity now transformed • Sobig.g intent?
Who do you think is responsible for stopping cyber attacks? • The government • Independent organizations (CERT / Mitre CVE) • Security companies • You 0/0
Industry Trends: Two Views • “Self Defending” Networks and Infrastructure • Cisco’s Acquisition of Okena • Juniper’s Acquisition of Netscreen • Microsoft’s Acquisition of anti-virus capability
Industry Trends (continued) • Next Generation Solution Set • Automated Vulnerability Remediation • Security & Risk Management Systems • Event Correlation Capabilities • Intrusion Prevention Systems (?)
What can you do? • Time is not on your side! • 6 months – 100 days, on average (one year ago) • MS RPC Vuln MS 03-039 6 days exploit/highly functional executable by Trojan author • Blaster (RPC Vuln) 2 days probing, 5 days public exploit, 10 days fully functional exploit • Lion Worm 1/29/01 Zero Day - Bind8 Buffer Overflow
What can you do?, II • Proactively prepare for attacks • Identify and understand how future threats will impact your infrastructure and more importantly your type of business. Formulate a plan to mitigate these threats before they attack. • Formulate a proactive remediation strategy based on risk tolerance. • Shift from total reliance on technology-based solutions, Defense-in-Depth.
What can you do?, III • Proactively prepare for attacks • Build security into your automated business processes. Focus on business process solutions. • Participate in law enforcement/government initiatives.
What is the primary business driver for your organization signing off on security solutions? • It’s the “right thing to do” • Regulatory compliance • Bottom line justification • Just takes your word for it 0/0
Thank you.Questions, comments? John Frazzini CEO Secure Systems Integration Corporation jfrazzini@securesystemscorp.com