0
Top Security Trends for 2013Rob Rachwald, Director of Security Strategy, Imperva
Agenda Trends 2012: A look back Trends 2013: High-level overview Trends 2013: Details on the big 5   © 2012 Imperva, In...
Today’s PresenterRob Rachwald, Dir. of Security Strategy, Imperva Research     + Directs security strategy     + Works wi...
How Did We Do?              SSL gets caught in the crossfire              HTML5 goes live              DDoS moves up th...
Trends 2013: Summary      Good News Security will improve  for larger, well-  funded organizations. Community policing  ...
Trends 2013: Summary            Bad News As bigger firms get smarter and  more effective, hackers will  choose the path o...
#5: Hacktivism Gets Process Driven                                     CONFIDENTIAL
Hacktivism in the Past                                             Key Problem                             Past performanc...
Example  © 2012 Imperva, Inc. All rights reserved.
Process Driven: What is it? In 2012, Hacktivists moved towards awareness  campaigns rather than targeted attacks Hacktiv...
Example: Team GhostShell In order to maximize results, Hacktivists now:     1. Target CMS systems with known vulnerabilit...
Supporting Evidence From TeamGhostShell December hack letter :    ProjectWhiteFox will conclude this years series of atta...
#4: Government Malware Goes Commercial                                   CONFIDENTIAL
Military Influence on the Private Sector  © 2012 Imperva, Inc. All rights reserved.
The Same Will Hold True in the Cyber World With Flame and Stuxnet, modern malware has evolved  dramatically, which will: ...
Malware is Popular in Hacking Communities                                       2012 Verizon Data Breach Report           ...
Differences: Commercial vs APT Malware             Commercial                                   APT Broader target       ...
Similarities: Commercial vs APT Malware Similarity #1: Bypass antivirus. Similarity #2: More sophisticated malware.   + ...
The Objective: Compromised Insider       Compromised InsiderA person with no maliciousmotivation who becomes anunknowing a...
Few Users are Malicious, All Can be Compromised                  “Less than 1% of your employees may be                   ...
#3: Black Clouds on the Horizon                                  CONFIDENTIAL
“Just in Time” Hacking  © 2012 Imperva, Inc. All rights reserved.
Some Problems with Hacking Today Problem #1: Blacklisting by enterprises limits attack  duration. Problem #2: Hackers ne...
What is it? We expect to see a growing use of IAAS by attackers for  different activities due to:     + Elasticity: the a...
How Does it Work?                                  1. Steal a credit card                                  2. Leverage clo...
ExamplesOver the past year we have seen a number of attackcampaigns in which attackers were deploying attack serversin Ama...
#2: Strength in Numbers                          CONFIDENTIAL
A Short History in Community Policing  © 2012 Imperva, Inc. All rights reserved.
Strength in Numbers: What is it? Business and government parties will create  collaborative defenses by sharing individua...
The Concept Use the fact that hackers rely on reusing infrastructure  to launch attacks.   © 2012 Imperva, Inc. All right...
A Precedent  © 2012 Imperva, Inc. All rights reserved.
#1: APT Targets the Little Guy                                 CONFIDENTIAL
A Rare Interview  © 2012 Imperva, Inc. All rights reserved.
The Details Highlights the partnership between government,  hacking, and industry in China. Evidence that China is winni...
What is it? We expect that in 2013 attackers will also extend the  practice commonly dubbed as APT to smaller businesses....
Industrialization of Hacking and Automation             Roles                             Optimization                    ...
Quantifying Automation  © 2012 Imperva, Inc. All rights reserved.
Conclusion             CONFIDENTIAL
Rebalance the Portfolio  © 2012 Imperva, Inc. All rights reserved.
Webinar Materials40                         CONFIDENTIAL
Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for…                                         ...
www.imperva.com
Upcoming SlideShare
Loading in...5
×

Top Security Trends for 2013

2,256

Published on

Looking at the security landscape for 2013, we predict that previous security investments made by larger, well-funded organizations will serve as a partial deterrent to hackers. However, those same hackers, armed with sophisticated malware and cloaked in a dangerous anonymity provided by the Cloud, will turn their collective eyes to a new, more vulnerable target: small companies. This presentation reveals the four super-sized security trends that will impact business security practices across the globe in 2013.

Published in: Technology

Transcript of "Top Security Trends for 2013"

  1. 1. Top Security Trends for 2013Rob Rachwald, Director of Security Strategy, Imperva
  2. 2. Agenda Trends 2012: A look back Trends 2013: High-level overview Trends 2013: Details on the big 5 © 2012 Imperva, Inc. All rights reserved.
  3. 3. Today’s PresenterRob Rachwald, Dir. of Security Strategy, Imperva Research + Directs security strategy + Works with the Imperva Application Defense Center Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today Graduated from University of California, Berkeley © 2012 Imperva, Inc. All rights reserved.
  4. 4. How Did We Do?  SSL gets caught in the crossfire  HTML5 goes live  DDoS moves up the stack  Internal collaboration meets its evil twin  NoSQL = NoSecurity?  The kimono comes off of consumerized IT  Anti-social media  The rise of the middle man  Security (finally) trumps compliance © 2012 Imperva, Inc. All rights reserved.
  5. 5. Trends 2013: Summary Good News Security will improve for larger, well- funded organizations. Community policing comes to cyber security. © 2012 Imperva, Inc. All rights reserved.
  6. 6. Trends 2013: Summary Bad News As bigger firms get smarter and more effective, hackers will choose the path of least resistance —small companies. Not surprisingly, hackers will continue to get more sophisticated. © 2012 Imperva, Inc. All rights reserved.
  7. 7. #5: Hacktivism Gets Process Driven CONFIDENTIAL
  8. 8. Hacktivism in the Past Key Problem Past performance no guarantee of future returns. © 2012 Imperva, Inc. All rights reserved.
  9. 9. Example © 2012 Imperva, Inc. All rights reserved.
  10. 10. Process Driven: What is it? In 2012, Hacktivists moved towards awareness campaigns rather than targeted attacks Hacktivism awareness means more for less + Arbitrary targets in order to get easy results + Automation in all stages of the process + More aggressive marketing of Hacktivism campaigns © 2012 Imperva, Inc. All rights reserved.
  11. 11. Example: Team GhostShell In order to maximize results, Hacktivists now: 1. Target CMS systems with known vulnerabilities and harvest vulnerability databases to collect potential attack vectors 2. For other targets, Hacktivists simply run vulnerability scanners 3. Use Google Dork and error message hunting to allocate potential targets within a domain list 4. Use automated injection tools (SQLmap or Havij) to automate the final process of dumping the data 5. Publish the campaign open letters on pastebin.com on Facebook and Twitter to distribute their message © 2012 Imperva, Inc. All rights reserved.
  12. 12. Supporting Evidence From TeamGhostShell December hack letter : ProjectWhiteFox will conclude this years series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net. It was clear through this group and others that the targets were chosen not by sector or interest, but by the fact that they were vulnerable. © 2012 Imperva, Inc. All rights reserved.
  13. 13. #4: Government Malware Goes Commercial CONFIDENTIAL
  14. 14. Military Influence on the Private Sector © 2012 Imperva, Inc. All rights reserved.
  15. 15. The Same Will Hold True in the Cyber World With Flame and Stuxnet, modern malware has evolved dramatically, which will: + Inspire private hackers to follow—Technologies previously attributed to “state sponsored” attacks are going to become commercialized (or commoditized), blurring the difference between Cyber Crime and Cyber War. + Increase in compromised insiders—Devices affected by modern malware (APT), representing a “compromised insider” threat, are going to become a more prominent risk factor than malicious insiders. © 2012 Imperva, Inc. All rights reserved.
  16. 16. Malware is Popular in Hacking Communities 2012 Verizon Data Breach Report • Malware is on the rise: “69% of all data breaches incorporated malware” - a 20% increase over 2011 • Malicious insider incidents declining: “4% of data breaches were conducted by implicated internal employees” - a 13% decrease compared to 2011 Director of National Intelligence • “Almost half of all computers in the United States have been compromised in some manner and ~60,000 new pieces of malware are identified per day”. © 2012 Imperva, Inc. All rights reserved.
  17. 17. Differences: Commercial vs APT Malware Commercial APT Broader target  Focused Relies on broader  Heavily relies on 0-Day vulnerabilities  Purpose can be theft, Purpose is theft espionage or sabotage © 2012 Imperva, Inc. All rights reserved.
  18. 18. Similarities: Commercial vs APT Malware Similarity #1: Bypass antivirus. Similarity #2: More sophisticated malware. + Some of the modules are larger than 1MB and in some of the instances we tracked the total code size amounted to almost 10MB. + We saw version numbers grow substantially over time. Similarity #3: The command and control structure needs to get bigger and more robust. + Managing more, better methods to control the redirection of user traffic to the attacker controlled server provide improved efficacy and redundancy. + Individual operation able to last a few weeks before being shut down. © 2012 Imperva, Inc. All rights reserved.
  19. 19. The Objective: Compromised Insider Compromised InsiderA person with no maliciousmotivation who becomes anunknowing accomplice of thirdparties who gain access to theirdevice and/or user credentials. © 2012 Imperva, Inc. All rights reserved.
  20. 20. Few Users are Malicious, All Can be Compromised “Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.”Source: http://edocumentsciences.com/defend-against-compromised-insiders © 2012 Imperva, Inc. All rights reserved.
  21. 21. #3: Black Clouds on the Horizon CONFIDENTIAL
  22. 22. “Just in Time” Hacking © 2012 Imperva, Inc. All rights reserved.
  23. 23. Some Problems with Hacking Today Problem #1: Blacklisting by enterprises limits attack duration. Problem #2: Hackers needed to acquire infrastructure—often illegally—made matters a bit more complex. © 2012 Imperva, Inc. All rights reserved.
  24. 24. What is it? We expect to see a growing use of IAAS by attackers for different activities due to: + Elasticity: the ability to quickly get hold of a lot of computing resources without too many prerequisites. + Cost: the ability to closely tie up spending with specific attack campaign and the potential gain. + Resilience: the use of commercial cloud computing platforms reduces the ability of defenders to black list attackers and adds much valued latency to the process of server takedown. Amazon’s EC2 is a good example © 2012 Imperva, Inc. All rights reserved.
  25. 25. How Does it Work? 1. Steal a credit card 2. Leverage cloud infrastructure for attacks • More power • Better anonymization 3. Use cloud infrastructure to process bounty • Unstructured data or files • Data © 2012 Imperva, Inc. All rights reserved.
  26. 26. ExamplesOver the past year we have seen a number of attackcampaigns in which attackers were deploying attack serversin Amazon EC2 cloud. Fraud and business logic attacks DDoS © 2012 Imperva, Inc. All rights reserved.
  27. 27. #2: Strength in Numbers CONFIDENTIAL
  28. 28. A Short History in Community Policing © 2012 Imperva, Inc. All rights reserved.
  29. 29. Strength in Numbers: What is it? Business and government parties will create collaborative defenses by sharing individual protection data. + In order to get the most out of their initial investment in hacking infrastructure, attackers strive to reuse their attack infrastructure against as many targets as possible. + When there’s no collaboration between defending parties, then each new target has to react to the attack as if it’s new, while most chances other targets had already experienced the same attack in the past. © 2012 Imperva, Inc. All rights reserved.
  30. 30. The Concept Use the fact that hackers rely on reusing infrastructure to launch attacks. © 2012 Imperva, Inc. All rights reserved.
  31. 31. A Precedent © 2012 Imperva, Inc. All rights reserved.
  32. 32. #1: APT Targets the Little Guy CONFIDENTIAL
  33. 33. A Rare Interview © 2012 Imperva, Inc. All rights reserved.
  34. 34. The Details Highlights the partnership between government, hacking, and industry in China. Evidence that China is winning their intention to be “the leader in information warfare.” © 2012 Imperva, Inc. All rights reserved.
  35. 35. What is it? We expect that in 2013 attackers will also extend the practice commonly dubbed as APT to smaller businesses. + The industrialization of hacking that successfully automated Web application attacks. + Attackers have learned to exploit and profit from compromised Web applications—especially since automation can help uncover poorly protected, smaller companies. + Automation and poor protection will assist APT hackers target smaller organizations containing valuable information. © 2012 Imperva, Inc. All rights reserved.
  36. 36. Industrialization of Hacking and Automation Roles Optimization AutomationResearching Vulnerabilities Direct Value – i.e. IP, PII, Growing Botnets and Developing Exploits CCN Exploiting Vulnerabilities Growing Botnets Command & Control Selecting Targets via Search Malware Distribution Engines Exploiting Targets Phishing & Spam Templates & Kits Consuming DDoS Centralized Management Service Model © 2012 Imperva, Inc. All rights reserved.
  37. 37. Quantifying Automation © 2012 Imperva, Inc. All rights reserved.
  38. 38. Conclusion CONFIDENTIAL
  39. 39. Rebalance the Portfolio © 2012 Imperva, Inc. All rights reserved.
  40. 40. Webinar Materials40 CONFIDENTIAL
  41. 41. Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Answers to Post-Webinar Attendee Discussions Questions Webinar Join Group Recording Link © 2012 Imperva, Inc. All rights reserved.
  42. 42. www.imperva.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×