1 / 27

ISON

ISON. February 1, 2011 Presenter Phil Marasco. Hacking Today: Current Trends and Techniques . Agenda. What are a criminal's goals Where is your data/device vulnerable How do they exploit your data/devices How we work for customers How do you protect yourself Stuxnet SCADA

dyani
Download Presentation

ISON

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISON February 1, 2011 Presenter Phil Marasco Hacking Today: Current Trends and Techniques

  2. Agenda • What are a criminal's goals • Where is your data/device vulnerable • How do they exploit your data/devices • How we work for customers • How do you protect yourself • Stuxnet SCADA • Who is ISON?

  3. What is the goal? • Compromise your data • It is all about the money • It is all about your friends money • Your identity (it’s still about the money) • Compromise your device • Zombies aren’t just in the movies anymore

  4. Vulnerable points • Your computer • Your applications (email, PDF, WWW) • Your operating system • Your connection paths • What you are connecting to • Web pages • Social Media

  5. Email • SPAM • Malicious links • 419 • Phishing • Paypal has suspended your account • You account at BankNameHere has been compromised…. • Virus Propagation

  6. OS • Patch • UNINSTALL anything you don’t need. • PATCH • Antivirus – plenty of free ones out there • Did I mention Patching?

  7. Connection Path • Wireless is Public • Side jacking/Firesheep • Manipulation in the Middle • SSL is not always what you think it is • SSL Strip • “Eyes” can be anywhere

  8. Serv(ic)er Side • Compromised Servers • Drive By Banners • Compromised Services • Twitter hacking • Tiny URL • Facebook Malware

  9. Once they are in: • They steal your money

  10. Once they are in: • They steal your friends’ money

  11. Once they are in: • They steal your identity

  12. Once they are in: • They use your device

  13. It is not just you • It is anyone that has your data

  14. Your bank? • Source: http://www.bankinfosecurity.com/articles.php?art_id=2378

  15. ATM Skimmers • 2008 • Redbox Skimmer

  16. ATM Skimmers • Early 2009 • ATM Skimmer

  17. ATM Skimmers • Late 2009 • ATM Skimmer

  18. ATM Skimmers • 2010 • ATM skimmer full skin

  19. What can you do? • Technical • Patch • Antivirus • Personal Firewalls • Behaviors • Be observant • Don’t engage in risky behavior • Be careful with your data

  20. What can you do? • A good list of privacy and safety tools can be found at http://epic.org/privacy/tools.html

  21. Control Systems • Process Control systems deliver almost everything • Power • Water • Petroleum • Sewage • Manufacturing

  22. Stuxnet • Targets Siemens process control systems in a specific configuration • Encrypted • Virtual Environment Aware • Written in 4 languages • Asserted as a non-military solution • Probably too successful

  23. Stuxnet • Additional Stuxnet resources • http://www.symantec.com/connect/blogs/stuxnet-breakthrough • http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html • http://www.schneier.com/blog/archives/2010/10/stuxnet.html • http://www.us-cert.gov/control_systems/icsjwg/presentations/Walter%20Sikora%20icsjwg-fall-2010.pdf

  24. What we do • Penetration testing • Network • Application • Physical • Security Awareness • Compliance

  25. Who is ISON? • Managed IT Services Firm • Focus on small to medium business • Extension of an organization • With IT personnel • Without IT personnel • 30+ years industry experience

  26. Questions?

  27. Thank You! www.ISONgroup.com

More Related