Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities

on

  • 664 views

Today’s hackers ruthlessly target Common Vulnerabilities and Exposures (CVEs) to launch multi-site attacks that take control of Web servers and allow their perpetrators to flee with valuable data ...

Today’s hackers ruthlessly target Common Vulnerabilities and Exposures (CVEs) to launch multi-site attacks that take control of Web servers and allow their perpetrators to flee with valuable data assets. HeartBleed stands as the most notorious example of a known vulnerability attack, but with a CVE database running in the thousands, attackers have ample opportunity to profit from unsecure Web applications. This presentation will:

- Discuss the latest data breach stats to identify where the most dangerous attacks are coming from
- Explore the attack perpetrators and reveal how they’re being successful
- Present the anatomy of a HeartBleed attack
- Provide mitigation techniques to protect against known vulnerabilities

Statistics

Views

Total Views
664
Views on SlideShare
651
Embed Views
13

Actions

Likes
1
Downloads
178
Comments
0

3 Embeds 13

http://mangastorytelling.tistory.com 11
http://www.slideee.com 1
http://www.hanrss.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities Presentation Transcript

  • © 2014 Imperva, Inc. All rights reserved. Bleeding Servers – How Hackers Are Exploiting Known Vulnerabilities Confidential1 Terry Ray, VP of Global Security Engineering, Imperva
  • © 2014 Imperva, Inc. All rights reserved. Agenda Confidential2 §  Latest Verizon Data Breach Investigation Report (DBIR) Stats §  Examining Vulnerabilities and Exploits §  HeartBleed Deep-Dive §  Understanding Data Theft §  Mitigating HeartBleed and CVEs
  • © 2014 Imperva, Inc. All rights reserved. Terry Ray, VP of Global Security Engineering Confidential3 §  Speaker at Industry Events •  ISSA, IANS, ISACA, Gartner, RSA §  Designed and deployed data security solutions for hundreds of customers in various verticals including: •  Healthcare •  Oil and gas •  Financial services •  Government •  eCommerce §  Lectured on various network and data security topics and taught numerous security courses in over 35 countries globally
  • © 2014 Imperva, Inc. All rights reserved. Latest Breach Statistics Confidential4 Yay! A New Verizon DBIR to Talk About
  • © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential5
  • © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential6
  • © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential7
  • © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential8
  • © 2014 Imperva, Inc. All rights reserved. Actual Data Loss – Breach vs Incident Confidential9
  • © 2014 Imperva, Inc. All rights reserved. Who’s Attacking – Hactivists vs Criminals Confidential10 §  “Greed takes a back seat to ideology when it comes to web app attacks in the 2013 dataset” §  “74% [of ideology motivated attacks] focus on tried and true exploits” •  Adobe PDF with embedded exe – 4 years old •  Microsoft server stack corruption – 6 years old •  Microsoft RPC DCOM bug—or MS03-026 – a staggering 10 years old—you might remember it as Blaster •  All still in the wild
  • © 2014 Imperva, Inc. All rights reserved. How You Find Out That You’ve Been Hacked Confidential11 §  Financially motivated – discovered by customers §  Hactivists – discovered by external sources •  “uhh, hey guys, did you know that your webserver is attacking us” §  But we’re getting better at detecting breaches ourselves •  9%
  • © 2014 Imperva, Inc. All rights reserved. CVEs Explored Confidential12
  • © 2014 Imperva, Inc. All rights reserved. Stay On Top of Vulnerabilities Confidential13 §  The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. §  http://cve.mitre.org/cve/
  • © 2014 Imperva, Inc. All rights reserved. Classic Web Site Hacking Confidential14 Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Single Site Attack
  • © 2014 Imperva, Inc. All rights reserved. Classic Web Site Hacking Confidential15 Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Multiple Site Attacks
  • © 2014 Imperva, Inc. All rights reserved. Exploit Hacking Confidential16 Hacking 1.  Identify CVE 2.  Weaponize Vulnerability 3.  Exploit Vulnerability Targeting Attack
  • © 2014 Imperva, Inc. All rights reserved.17 The Attacker’s Focus Server Takeover Direct Data Theft Confidential Source: http://www.mediabistro.com/fishbowldc/suspended-politico-scribe-hacked_b76882 Source: http://www.connectmidmissouri.com/news/story.aspx?id=600968
  • © 2014 Imperva, Inc. All rights reserved. HeartBleed Confidential18 Source: http://thequestionconcerningtechnology.blogspot.com/
  • © 2014 Imperva, Inc. All rights reserved. What Is It and Why Do We Care? Confidential19 §  The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. §  When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. §  According to Netcraft's April 2014 Web Server Survey of 958,919,789 websites, the combined market share of Apache and nginx products on the Internet was over 66%.
  • © 2014 Imperva, Inc. All rights reserved. But There’s a Patch, Right? Confidential20 §  This vulnerability was first included in OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the issue §  Affected Systems: OpenSSL versions 1.0.1 to 1.0.1f
  • © 2014 Imperva, Inc. All rights reserved. Isn’t It Hard to Exploit? Confidential21 Metasploit: Easy as pulling a trigger. Source: http://www.smosh.com/smosh-pit/lists/12-monkeys-guns
  • © 2014 Imperva, Inc. All rights reserved. Here, We Have a Secure Website Confidential22
  • © 2014 Imperva, Inc. All rights reserved. Fire Up a VM of Kali Linux and Try It Out Confidential23
  • © 2014 Imperva, Inc. All rights reserved. And We Have Leaked Data Confidential24
  • © 2014 Imperva, Inc. All rights reserved. So How Bad Is It? Confidential25
  • © 2014 Imperva, Inc. All rights reserved. How Bad Can It Really Get? Confidential26
  • © 2014 Imperva, Inc. All rights reserved. Retrieved Private Key Confidential27
  • © 2014 Imperva, Inc. All rights reserved. What Can We Do With This? Confidential28 §  Steal session details and spoof users §  Steal username and passwords §  Steal cryptographic keys •  Man-in-the-middle attacks •  Spoofed website with valid SSL keys •  Spear Phishing Attack
  • © 2014 Imperva, Inc. All rights reserved. Data Theft Confidential29
  • © 2014 Imperva, Inc. All rights reserved. An Overlooked Data Security Risk Confidential30 Databases and file servers, both repositories of so much valuable information, are targeted regularly… Admins unknowingly make unsupported database changes. Malware-compromised insiders access the database. Unpatched vulnerabilities allow exploit vectors. 2014 Verizon Data Breach Investigations Report
  • © 2014 Imperva, Inc. All rights reserved. Protecting Your Data Confidential31 §  “the high number of incidents still offers some insight … where the victim’s anti-virus (AV) and intrusion prevention system (IPS) shields could not repel firepower of that magnitude”
  • © 2014 Imperva, Inc. All rights reserved. Enterprise Security Is Evolving Confidential32 1st pillar: Endpoint Security Blocks threats targeting devices 2nd pillar: Network Security Blocks threats trying to access the network 3rd pillar: Data Center Security Protects high-value targets, keeping them both secure and accessible Imperva provides the third pillar of enterprise security
  • © 2014 Imperva, Inc. All rights reserved. Mitigation Confidential33 Protecting Your Data From Known Vulnerabilities
  • © 2014 Imperva, Inc. All rights reserved. Heartbleed Specific Confidential34 §  Test all servers for vulnerability §  Patch all affected servers §  Reissue new certificates §  Revoke all old certificates Source: http://www.secnews.gr/archives/78340
  • © 2014 Imperva, Inc. All rights reserved. Locate and Assess Servers and Apps 3535 §  Scan your network to identify all assets (cloud and local) •  Classify assets by information and brand sensitivity to identify high risk landscapes •  Prioritize efforts based on risk levels §  Secure Database Access •  Scan DBs for vulnerabilities or configuration flaws •  Remove any default or unnecessary user accounts •  Disable unneeded services
  • © 2014 Imperva, Inc. All rights reserved. Perform Vulnerability Assessments 3636 §  Perform Vulnerability Assessments •  Scan both Network and Application Layers •  Scan all known Web Assets •  Scan Concurrently and Continuously •  Analyze application functionality for DDoS attack potential and Business Logic based exploits •  Implement assessment practice across the entire SDLC Design" Development" QA" Production"
  • © 2014 Imperva, Inc. All rights reserved. Block Web Attacks and Attack Sources Web attacks like SQL injection, cross-site scripting, directory traversal, and CSRF HTTP protocol violations like extremely long URLs and malformed Apache URI messages Malicious sources that have attacked other sites Known desktop scanners and hacker tools like Nikto and Paros based on user agent or the frequency of security violations 37
  • © 2014 Imperva, Inc. All rights reserved. Webinar Materials 38 Post-Webinar Discussions Answers to Attendee Questions Webinar Recording Link Join Group Join Imperva LinkedIn Group, Imperva Data Security Direct, for…
  • © 2014 Imperva, Inc. All rights reserved. Learn more www.imperva.com 39