© 2014 Imperva, Inc. All rights reserved.
Bleeding Servers – How Hackers
Are Exploiting Known Vulnerabilities
Confidential...
© 2014 Imperva, Inc. All rights reserved.
Agenda
Confidential2
§  Latest Verizon Data Breach Investigation
Report (DBIR) ...
© 2014 Imperva, Inc. All rights reserved.
Terry Ray, VP of Global Security Engineering
Confidential3
§  Speaker at Indust...
© 2014 Imperva, Inc. All rights reserved.
Latest Breach Statistics
Confidential4
Yay! A New Verizon DBIR to Talk About
© 2014 Imperva, Inc. All rights reserved.
The Big Winners
Confidential5
© 2014 Imperva, Inc. All rights reserved.
The Big Winners
Confidential6
© 2014 Imperva, Inc. All rights reserved.
The Big Winners
Confidential7
© 2014 Imperva, Inc. All rights reserved.
The Big Winners
Confidential8
© 2014 Imperva, Inc. All rights reserved.
Actual Data Loss – Breach vs Incident
Confidential9
© 2014 Imperva, Inc. All rights reserved.
Who’s Attacking – Hactivists vs Criminals
Confidential10
§  “Greed takes a back...
© 2014 Imperva, Inc. All rights reserved.
How You Find Out That You’ve Been Hacked
Confidential11
§  Financially motivate...
© 2014 Imperva, Inc. All rights reserved.
CVEs Explored
Confidential12
© 2014 Imperva, Inc. All rights reserved.
Stay On Top of Vulnerabilities
Confidential13
§  The Common Vulnerabilities and...
© 2014 Imperva, Inc. All rights reserved.
Classic Web Site Hacking
Confidential14
Hacking
1.  Identify Target
2.  Find Vul...
© 2014 Imperva, Inc. All rights reserved.
Classic Web Site Hacking
Confidential15
Hacking
1.  Identify Target
2.  Find Vul...
© 2014 Imperva, Inc. All rights reserved.
Exploit Hacking
Confidential16
Hacking
1.  Identify CVE
2.  Weaponize Vulnerabil...
© 2014 Imperva, Inc. All rights reserved.17
The Attacker’s Focus
Server Takeover
Direct Data Theft
Confidential
Source: ht...
© 2014 Imperva, Inc. All rights reserved.
HeartBleed
Confidential18
Source: http://thequestionconcerningtechnology.blogspo...
© 2014 Imperva, Inc. All rights reserved.
What Is It and Why Do We Care?
Confidential19
§  The Heartbleed Bug is a seriou...
© 2014 Imperva, Inc. All rights reserved.
But There’s a Patch, Right?
Confidential20
§  This vulnerability was first incl...
© 2014 Imperva, Inc. All rights reserved.
Isn’t It Hard to Exploit?
Confidential21
Metasploit: Easy as pulling a trigger.
...
© 2014 Imperva, Inc. All rights reserved.
Here, We Have a Secure Website
Confidential22
© 2014 Imperva, Inc. All rights reserved.
Fire Up a VM of Kali Linux and Try It Out
Confidential23
© 2014 Imperva, Inc. All rights reserved.
And We Have Leaked Data
Confidential24
© 2014 Imperva, Inc. All rights reserved.
So How Bad Is It?
Confidential25
© 2014 Imperva, Inc. All rights reserved.
How Bad Can It Really Get?
Confidential26
© 2014 Imperva, Inc. All rights reserved.
Retrieved Private Key
Confidential27
© 2014 Imperva, Inc. All rights reserved.
What Can We Do With This?
Confidential28
§  Steal session details and spoof use...
© 2014 Imperva, Inc. All rights reserved.
Data Theft
Confidential29
© 2014 Imperva, Inc. All rights reserved.
An Overlooked Data Security Risk
Confidential30
Databases and file servers, both...
© 2014 Imperva, Inc. All rights reserved.
Protecting Your Data
Confidential31
§  “the high number of incidents still offe...
© 2014 Imperva, Inc. All rights reserved.
Enterprise Security Is Evolving
Confidential32
1st pillar:
Endpoint Security
Blo...
© 2014 Imperva, Inc. All rights reserved.
Mitigation
Confidential33
Protecting Your Data From Known Vulnerabilities
© 2014 Imperva, Inc. All rights reserved.
Heartbleed Specific
Confidential34
§  Test all servers for vulnerability
§  Pa...
© 2014 Imperva, Inc. All rights reserved.
Locate and Assess Servers and Apps
3535
§  Scan your network to identify all as...
© 2014 Imperva, Inc. All rights reserved.
Perform Vulnerability Assessments
3636
§  Perform Vulnerability Assessments
•  ...
© 2014 Imperva, Inc. All rights reserved.
Block Web Attacks and Attack Sources
Web attacks like SQL injection, cross-site
...
© 2014 Imperva, Inc. All rights reserved.
Webinar Materials
38
Post-Webinar
Discussions
Answers to
Attendee
Questions
Webi...
© 2014 Imperva, Inc. All rights reserved.
Learn more
www.imperva.com
39
Upcoming SlideShare
Loading in...5
×

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities

1,036

Published on

Today’s hackers ruthlessly target Common Vulnerabilities and Exposures (CVEs) to launch multi-site attacks that take control of Web servers and allow their perpetrators to flee with valuable data assets. HeartBleed stands as the most notorious example of a known vulnerability attack, but with a CVE database running in the thousands, attackers have ample opportunity to profit from unsecure Web applications. This presentation will:

- Discuss the latest data breach stats to identify where the most dangerous attacks are coming from
- Explore the attack perpetrators and reveal how they’re being successful
- Present the anatomy of a HeartBleed attack
- Provide mitigation techniques to protect against known vulnerabilities

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,036
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
194
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities

  1. 1. © 2014 Imperva, Inc. All rights reserved. Bleeding Servers – How Hackers Are Exploiting Known Vulnerabilities Confidential1 Terry Ray, VP of Global Security Engineering, Imperva
  2. 2. © 2014 Imperva, Inc. All rights reserved. Agenda Confidential2 §  Latest Verizon Data Breach Investigation Report (DBIR) Stats §  Examining Vulnerabilities and Exploits §  HeartBleed Deep-Dive §  Understanding Data Theft §  Mitigating HeartBleed and CVEs
  3. 3. © 2014 Imperva, Inc. All rights reserved. Terry Ray, VP of Global Security Engineering Confidential3 §  Speaker at Industry Events •  ISSA, IANS, ISACA, Gartner, RSA §  Designed and deployed data security solutions for hundreds of customers in various verticals including: •  Healthcare •  Oil and gas •  Financial services •  Government •  eCommerce §  Lectured on various network and data security topics and taught numerous security courses in over 35 countries globally
  4. 4. © 2014 Imperva, Inc. All rights reserved. Latest Breach Statistics Confidential4 Yay! A New Verizon DBIR to Talk About
  5. 5. © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential5
  6. 6. © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential6
  7. 7. © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential7
  8. 8. © 2014 Imperva, Inc. All rights reserved. The Big Winners Confidential8
  9. 9. © 2014 Imperva, Inc. All rights reserved. Actual Data Loss – Breach vs Incident Confidential9
  10. 10. © 2014 Imperva, Inc. All rights reserved. Who’s Attacking – Hactivists vs Criminals Confidential10 §  “Greed takes a back seat to ideology when it comes to web app attacks in the 2013 dataset” §  “74% [of ideology motivated attacks] focus on tried and true exploits” •  Adobe PDF with embedded exe – 4 years old •  Microsoft server stack corruption – 6 years old •  Microsoft RPC DCOM bug—or MS03-026 – a staggering 10 years old—you might remember it as Blaster •  All still in the wild
  11. 11. © 2014 Imperva, Inc. All rights reserved. How You Find Out That You’ve Been Hacked Confidential11 §  Financially motivated – discovered by customers §  Hactivists – discovered by external sources •  “uhh, hey guys, did you know that your webserver is attacking us” §  But we’re getting better at detecting breaches ourselves •  9%
  12. 12. © 2014 Imperva, Inc. All rights reserved. CVEs Explored Confidential12
  13. 13. © 2014 Imperva, Inc. All rights reserved. Stay On Top of Vulnerabilities Confidential13 §  The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. §  http://cve.mitre.org/cve/
  14. 14. © 2014 Imperva, Inc. All rights reserved. Classic Web Site Hacking Confidential14 Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Single Site Attack
  15. 15. © 2014 Imperva, Inc. All rights reserved. Classic Web Site Hacking Confidential15 Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Hacking 1.  Identify Target 2.  Find Vulnerability 3.  Exploit Multiple Site Attacks
  16. 16. © 2014 Imperva, Inc. All rights reserved. Exploit Hacking Confidential16 Hacking 1.  Identify CVE 2.  Weaponize Vulnerability 3.  Exploit Vulnerability Targeting Attack
  17. 17. © 2014 Imperva, Inc. All rights reserved.17 The Attacker’s Focus Server Takeover Direct Data Theft Confidential Source: http://www.mediabistro.com/fishbowldc/suspended-politico-scribe-hacked_b76882 Source: http://www.connectmidmissouri.com/news/story.aspx?id=600968
  18. 18. © 2014 Imperva, Inc. All rights reserved. HeartBleed Confidential18 Source: http://thequestionconcerningtechnology.blogspot.com/
  19. 19. © 2014 Imperva, Inc. All rights reserved. What Is It and Why Do We Care? Confidential19 §  The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. §  When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. §  According to Netcraft's April 2014 Web Server Survey of 958,919,789 websites, the combined market share of Apache and nginx products on the Internet was over 66%.
  20. 20. © 2014 Imperva, Inc. All rights reserved. But There’s a Patch, Right? Confidential20 §  This vulnerability was first included in OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the issue §  Affected Systems: OpenSSL versions 1.0.1 to 1.0.1f
  21. 21. © 2014 Imperva, Inc. All rights reserved. Isn’t It Hard to Exploit? Confidential21 Metasploit: Easy as pulling a trigger. Source: http://www.smosh.com/smosh-pit/lists/12-monkeys-guns
  22. 22. © 2014 Imperva, Inc. All rights reserved. Here, We Have a Secure Website Confidential22
  23. 23. © 2014 Imperva, Inc. All rights reserved. Fire Up a VM of Kali Linux and Try It Out Confidential23
  24. 24. © 2014 Imperva, Inc. All rights reserved. And We Have Leaked Data Confidential24
  25. 25. © 2014 Imperva, Inc. All rights reserved. So How Bad Is It? Confidential25
  26. 26. © 2014 Imperva, Inc. All rights reserved. How Bad Can It Really Get? Confidential26
  27. 27. © 2014 Imperva, Inc. All rights reserved. Retrieved Private Key Confidential27
  28. 28. © 2014 Imperva, Inc. All rights reserved. What Can We Do With This? Confidential28 §  Steal session details and spoof users §  Steal username and passwords §  Steal cryptographic keys •  Man-in-the-middle attacks •  Spoofed website with valid SSL keys •  Spear Phishing Attack
  29. 29. © 2014 Imperva, Inc. All rights reserved. Data Theft Confidential29
  30. 30. © 2014 Imperva, Inc. All rights reserved. An Overlooked Data Security Risk Confidential30 Databases and file servers, both repositories of so much valuable information, are targeted regularly… Admins unknowingly make unsupported database changes. Malware-compromised insiders access the database. Unpatched vulnerabilities allow exploit vectors. 2014 Verizon Data Breach Investigations Report
  31. 31. © 2014 Imperva, Inc. All rights reserved. Protecting Your Data Confidential31 §  “the high number of incidents still offers some insight … where the victim’s anti-virus (AV) and intrusion prevention system (IPS) shields could not repel firepower of that magnitude”
  32. 32. © 2014 Imperva, Inc. All rights reserved. Enterprise Security Is Evolving Confidential32 1st pillar: Endpoint Security Blocks threats targeting devices 2nd pillar: Network Security Blocks threats trying to access the network 3rd pillar: Data Center Security Protects high-value targets, keeping them both secure and accessible Imperva provides the third pillar of enterprise security
  33. 33. © 2014 Imperva, Inc. All rights reserved. Mitigation Confidential33 Protecting Your Data From Known Vulnerabilities
  34. 34. © 2014 Imperva, Inc. All rights reserved. Heartbleed Specific Confidential34 §  Test all servers for vulnerability §  Patch all affected servers §  Reissue new certificates §  Revoke all old certificates Source: http://www.secnews.gr/archives/78340
  35. 35. © 2014 Imperva, Inc. All rights reserved. Locate and Assess Servers and Apps 3535 §  Scan your network to identify all assets (cloud and local) •  Classify assets by information and brand sensitivity to identify high risk landscapes •  Prioritize efforts based on risk levels §  Secure Database Access •  Scan DBs for vulnerabilities or configuration flaws •  Remove any default or unnecessary user accounts •  Disable unneeded services
  36. 36. © 2014 Imperva, Inc. All rights reserved. Perform Vulnerability Assessments 3636 §  Perform Vulnerability Assessments •  Scan both Network and Application Layers •  Scan all known Web Assets •  Scan Concurrently and Continuously •  Analyze application functionality for DDoS attack potential and Business Logic based exploits •  Implement assessment practice across the entire SDLC Design" Development" QA" Production"
  37. 37. © 2014 Imperva, Inc. All rights reserved. Block Web Attacks and Attack Sources Web attacks like SQL injection, cross-site scripting, directory traversal, and CSRF HTTP protocol violations like extremely long URLs and malformed Apache URI messages Malicious sources that have attacked other sites Known desktop scanners and hacker tools like Nikto and Paros based on user agent or the frequency of security violations 37
  38. 38. © 2014 Imperva, Inc. All rights reserved. Webinar Materials 38 Post-Webinar Discussions Answers to Attendee Questions Webinar Recording Link Join Group Join Imperva LinkedIn Group, Imperva Data Security Direct, for…
  39. 39. © 2014 Imperva, Inc. All rights reserved. Learn more www.imperva.com 39
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×