1 / 47

Modern Day Attacks and a Silent Security Audit

Modern Day Attacks and a Silent Security Audit. Kierk Sanderlin. Monkey See, Monkey Do. Monkey see, Monkey do, Monkey sell. Black hole exploit kit. Exploiting Zero-day vulnerabilities. Countless new variants. New vulnerabilities.

lada
Download Presentation

Modern Day Attacks and a Silent Security Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modern Day Attacks and a Silent Security Audit Kierk Sanderlin

  2. Monkey See, Monkey Do

  3. Monkey see, Monkey do, Monkey sell Black hole exploit kit

  4. Exploiting Zero-day vulnerabilities Countless new variants New vulnerabilities An average of 70,000 to 100,000 new malware samples are created and distributed each day [Protected] Non-confidential content

  5. Real World Data

  6. Threat Emulation Statistics

  7. What does a bot typically do when it is first started? • First Time DNS Query • GEO IP Query • Catalog of Asset • OS • Patch level • Apps

  8. A PC for hire on most any fortune 500 network?

  9. Woopsie “I made it about halfway through the list of companies in the Fortune 100 with names beginning in “C” when I found a hit: A hacked RDP server at Internet address space assigned to networking giant Cisco Systems Inc. The machine was a Windows Server 2003 system in San Jose, Calif., being sold for $4.55 (see screenshot below). You’ll never guess the credentials assigned to this box: Username: “Cisco,”; password: “Cisco”. Small wonder that it was available for sale via this service. A contact at Cisco’s security team confirmed that the hacked RDP server was inside of Cisco’s network; the source said that it was a “bad lab machine,” but declined to offer more details”

  10. DDOS the Picket Line of the Future?

  11. Looking back and forward 2012 2013 and beyond Main security threats & risks Security architecture Recommendations

  12. Multiple sources of data • Threat Cloud • Span • Port • SensorNet

  13. A comprehensive survey

  14. A comprehensive survey % of companies By geography By sector APAC Other Industrial EMEA Consulting Telco Government Americas Finance

  15. The Security Report 2013 About the research Key findings Security strategy Summary

  16. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  17. Anything for a Buck HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED

  18. This does not affect me, right?

  19. The majority of companies are infected 100% = 888 companies of the organizations in the research were infected with bots 63%

  20. Exploit kits are easy to buy Available online Rental costs • One day – 50$ • Up to 1 month – 500$ • 3 month – 700$

  21. But there is more than Bots, right? How does malware get to my network? MalwareINSIDE

  22. Downloading malware all the time 53%of organizations saw malware downloads

  23. Most attacks originate in the US Top malware locations, % Germany2% UK2% Canada8% France2% Israel3% China3% Slovakia2% Turkey3% US71% Czech Rep2%

  24. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  25. No longer a game

  26. What are risky applications? P2P file sharing Bypassing security or hiding identity Anonymizers File sharing / storage Do harm without the user knowing it Social networks

  27. Anonymizers Risky applications

  28. What is an anonymizer? FirewallOK User Proxy Site

  29. History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring

  30. Anonymizers inside the corporation 100% = 888 companies of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 47%

  31. P2P file sharing Risky applications

  32. The Risk of P2P Applications Downloading the latest“Walking Dead” episoderight now  “Back door” network access Pirated content liability Malware downloads

  33. P2P inside the corporation 100% = 888 companies of organizations had a P2P file sharing app in use 61%

  34. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  35. How common is it? of organizations experienced data loss 54%

  36. Many types of data leaked 24% Source Code 14% Password protected file 7% Email marked as confidential 29% Credit card information 21% Other 13% Salary compensation information 7% Bank accounts numbers 6% Business data record

  37. PCI compliance can be improved 36% Of financial organizations sent credit card data outside the organization

  38. We have all had this problem Error 552: sorry, that message exceeds my maximum message size limit Dropbox? YouSendIt? Windows Live?

  39. Storing and Sharing applications 100% = 888 companies of organizations use file storage and sharing applications 80%

  40. Top sharing and storage apps % of organizations But sharing is not always caring…

  41. The Security Report 2013 About the research Key findings Security strategy Summary

  42. We talked about three issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  43. Addressing external threats Anti Bot FW IPS AV Anti-Spam Emulation

  44. Enabling secure application use Application Control Antivirus Endpoint URLF

  45. Preventing data loss Data User check Application Control End Point Doc Sec DLP

  46. Remember……. Threatsto the organization Risky enterpriseapplications Data loss incidents in the network 63% 47% 54% used Anonymizers had a data loss event infected with bots

  47. Thank You!

More Related