Why THEY wantyour digital devicesStephen Cobb, CISSPSecurity Evangelist
To own yournetwork?
36 ways to abuse hacked devices•   Phishing site                                                •   Spam zombie•   Malware...
MONEY    ADVANTAGE    IMPACT        CREDENTIALS
720 breaches by size of organization (employees)    Over 100,00010,001 to 100,000  1,001 to 10,000     101 to 1,000       ...
The SMB sweet spot for the cyber-          criminally inclined                                      Big enterpriseAssets  ...
How do they get to your devices?1. Malware involved in 69% of breaches2. Hacking* used in 81% of breaches    Breaches comb...
Tools of the trade
Thriving markets for credentials
Hot markets for hacked devices
All driven by proven business strategies
So how do you defend your devices? Two main attacks….        …and defenses      Malware                Scanning     Hackin...
Scanning requires proper implementationMeasures in use at a sample of healthcare facilities   Require AV on mobile devices...
Authentication requires more than passwords   Passwords exposed in 2012: 75,000,000   And those are just the ones we know ...
The defenses you need   Malware                     SMART Scanning   Hacking                     STRONG Authentication   P...
Thank you!Stephen Cobb  stephen.cobb@eset.com         WeLiveSecurity.com
Why do THEY want your digital devices?
Upcoming SlideShare
Loading in …5
×

Why do THEY want your digital devices?

257
-1

Published on

Security expert Stephen Cobb looks at the goals and motives of criminal hackers, and how to mitigate the two main avenues of attack using smart scanning and strong authentication.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
257
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Money + Access + Kicks = Credentials
  • Why do THEY want your digital devices?

    1. 1. Why THEY wantyour digital devicesStephen Cobb, CISSPSecurity Evangelist
    2. 2. To own yournetwork?
    3. 3. 36 ways to abuse hacked devices• Phishing site • Spam zombie• Malware download site • DDoS extortion zombie• Warez piracy server Web Botnet • Click fraud zombie• Child porn server server activity • Anonymization proxy• Spam site • CAPTCHA solving zombie• Harvest email contacts • eBay/PayPal fake auctions• Harvest associated accounts • Online gaming credentials• Access to corporate email Email Account • Website FTP credentials• Webmail spam attacks credentials • Skype/VoIP credentials• Stranded abroad scams • Encryption certificates• Online gaming characters • Bank account data• Online gaming goods/$$$ Virtual Financial • Credit card data• PC game license keys goods credentials • Stock and 401K accounts• OS license key • Wire transfer data• Facebook • Fake antivirus• Twitter Reputation Hostage • Ransomware• LinkedIn hijacking attacks • Email account ransom• Google+ • Webcam image extortionBased on original work by Brian Krebs: krebsonsecurity.com
    4. 4. MONEY ADVANTAGE IMPACT CREDENTIALS
    5. 5. 720 breaches by size of organization (employees) Over 100,00010,001 to 100,000 1,001 to 10,000 101 to 1,000 11 to 100 1 to 10 SMBs 0 100 200 300 400 500 600 Verizon 2012 Data Breach Investigations Report
    6. 6. The SMB sweet spot for the cyber- criminally inclined Big enterpriseAssets SMB “sweet spot”worthlooting Consumers Level of protection
    7. 7. How do they get to your devices?1. Malware involved in 69% of breaches2. Hacking* used in 81% of breaches Breaches combining malware and hacking: 61%*80% of hacking is passwords:default, missing, guessed, stolen, cracked Verizon 2012 Data Breach Investigations Report
    8. 8. Tools of the trade
    9. 9. Thriving markets for credentials
    10. 10. Hot markets for hacked devices
    11. 11. All driven by proven business strategies
    12. 12. So how do you defend your devices? Two main attacks…. …and defenses Malware Scanning Hacking Authentication
    13. 13. Scanning requires proper implementationMeasures in use at a sample of healthcare facilities Require AV on mobile devicesScan devices prior to connection Scan devices while connected 0% 10% 20% 30% 40% Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
    14. 14. Authentication requires more than passwords Passwords exposed in 2012: 75,000,000 And those are just the ones we know about Need to add a second factor to authentication
    15. 15. The defenses you need Malware SMART Scanning Hacking STRONG Authentication Plus polices and training to implement effectively
    16. 16. Thank you!Stephen Cobb  stephen.cobb@eset.com WeLiveSecurity.com

    ×