Beruflich Dokumente
Kultur Dokumente
Social Networking
+ social engineering = compromise
Attack Kits
get a caffeine boost
Mobile Threats
increase
Infection Vectors:
Email Phishing Targeted attack
These usually consist of an PDF or Office document with a built-in vulnerability, that drops a back door attack. Targeted Email attacks are much more publicized these days
APT: Targeted Attacks Continue To Evolve High profile attacks in 2010 raised awareness of impact of APTs
Stuxnet was incredibly sophisticated Four zero-day vulnerabilities Stolen digital signatures Ability to leap the air gap with USB key Potential damage to infrastructure
Sophistication
Degree Of Damage
Average cost of U.S. data breach in 2010: $7.2 million Average cost of CAN data breach in 2010: $1.9 million
Because of the large number of attempts they are bound to find unpatched systems, exploit those systems and extract data from those exploited systems.
The large scale of these types of attacks also means that it is easy to spot them and prevent them from infecting your network.
An APT Attack
An APT attack takes a different approach because it is starting from a different perspective: with a target already in place. In the case of an APT, the attacker starts by finding out as much information as possible about the target and storyboarding that information. Information can come from the organizations website, Google searches, social media sites and various business research tools. In this case, the attacker is looking for weaknesses in the organization itself, as opposed to typical software vulnerabilities.
APT attacks work because they are customized and focused on the biggest weakness in any organization
The People.
Mobility Challenges
Mobile Consumerization
Corporate data on personal devices raises security, liability and manageability issues How to allow these large number of devices to securely connect to the enterprise?
Endpoint Heterogeneity
Multiple mobile platforms with widely varying and ever changing capabilities and form factors; IT cannot have in-depth details about all platforms Point solutions make it difficult to enforce an overall corporate policy
2008 Ponemon/Dell Study: 12,000 laptops lost in airports each week 2011: ?
Mobile Threats
Most malware for mobiles are Trojans posing as legitimate apps 2011: already > 150
vulnerabilities targeting mobile platforms!
163
115
vulnerabilities
vulnerabilities
2009
2010
Open Source means its easy for cyber criminals to get a quick financial hit $1500 - $4500 for tools required to make much much more
schemes that involve premium billing rates, spyware, search engine poisoning, adware, and pay-per installs.
Thirty Trojanized Apps removed from the Android store Pre-packaged crypters can create fully undectable trojanized apps
Platform
Entrepreneurs and developers from more than 190 countries build with the Facebook Platform People on Facebook install 20 million applications every day Every month, more than 250 million people engage with Facebook on external websites Since social plugins launched in April 2010, an average of 10,000 new websites integrate with Facebook every day More than 2.5 million websites have integrated with Facebook, including over 80 of comScore's U.S. Top 100 websites and over half of comScore's Global Top 100 websites
People on Facebook
More than 600 million active users 50% of our active users log on to Facebook in any given day Average user has 130 friends People spend over 700 billion minutes per month on Facebook
Social Networking creates instant access to millions of consumers or constituents Bring your device to work can:
Reduce Training Costs and subsequent Support Increase Employee Productivity in and outside of an organization Used as a strategy to attract Top Talent in the marketplace Accelerate the process of IT transforming itself from a cost center that says no to the business partner that helps drive new revenue
Enterprises must develop an appropriate strategy and controls to manage their use of social media and new smart devices
Stages Of A Breach
The #1 vector is email, a trend that has accelerated The web is becoming an increasing vector for malware coming into companies. 90% of breaches due to un-patched vulnerabilities Advanced Persistent Threats Phishing/Spear Phishing Compromise of endpoints Data Theft Bundling of information for egress Survey for egress points ( mail, ftp, dns, web ) 400,000 military documents posted by Wikileaks
Oct. 2010
> Exfiltration
Poorly Protected Infrastructure Lack of IT Policies Poorly Protected Information Poorly Managed Systems
SQL Injection Siloed, Inconsistent Protection, Physical Security Proactive Threat Information
81% Of Targeted Companies Were Not PCI Compliant 67% Of Breaches Are Due To Insider Negligence Or Lack Of Knowledge Encryption, Particularly On Mobile Devices And Detachable Storage Data Loss Prevention Application And Device Control Reporting And Enterprise Wide Visibility Timely Patching Or Mitigating Measures Policy And Procedure
Monitoring
No Log Aggregation, & Log Collection From All Systems Correlation for Reporting No Operational Visibility Reporting L O G S L O G S No Ability to Mitigate Proactive Measures Impact of New Threats
W O R K F L O W
Management ( TCO )
Server Management Unplanned outages, data loss, operational costs Excessive SW/HWCosts, No Service & Asset Mgmt. Asset Mgmt., support costs TCO, LOE, & Management Workstation support cost. levels of control and security
W O R K F L O W
The Consequences
Monitoring
No Log Aggregation, & Log Collection From All Systems Correlation for Reporting L O G S No Operational Visibility Reporting L O G S No Ability to Mitigate Proactive Measures Impact of New Threats
Management ( TCO )
Server Management Unplanned outages, data loss, operational costs Excessive SW/HWCosts, No Service & Asset Mgmt. Asset Mgmt., support costs TCO, LOE, & Management Workstation support cost. levels of control and security
Can You Respond To Threats Proactively ? Do You Know Where Your Sensitive Information Resides? Can You Enforce IT Policies And Remediate Deficiencies ? Is Your Infrastructure Management As Cost Effective As Possible ?
Are Your Policies Current And Relevant ? Do You Know Who Is Using Your Information
Can You Easily Manage The Lifecycle Of Your IT Assets? Do You Have Visibility Across The Enterprise ?
Thank You
Larry Chin Larry_Chin@symantec.com