SlideShare a Scribd company logo

Sammanfattning av 2014 Trustwave Global Security Report

Inuit AB
Inuit AB

2014 Trustwave Global Security Report avslöjar vilka cyberkriminella attackerar, vilken information de vill ha och hur de får tillgång till den. Detta är en sammanfattning som hölls på SpiderLabs day i Stockholm hösten 2014.För hela rapporten besök: http://go.inuit.se/2014-trustwave-global-security-report

Technology
1 of 46
Download to read offline
2014 TRUSTWAVE GLOBAL SECURITY REPORT John Yeo VP at Trustwave Stockholm - November 2014
1Victim Demographics 2Data and Systems Targeted 3Intrusion Methods 4Indicators of Compromise 5Detection Statistics 6Understanding Widespread Malware 7Actions and Recommendations 2014 GSR: AGENDA Welcome…
1Victim Demographics 2Data and Systems Targeted 3Intrusion Methods 4Indicators of Compromise 5Detection Statistics 6Understanding Widespread Malware 7Actions and Recommendations 2014 GSR: AGENDA
2014 GSR: SUMMARY OF FINDINGS 1.More victims, more breaches 2.Shift in data types 3.Similar targets and methods as past years 4.Self detection = early detection 5.Response is key
2014 TRUSTWAVE GLOBAL SECURITY REPORT WHO WERE THE VICTIMS?
THE VOLUME OF DATA BREACH INVESTIGATIONS INCREASED 54% OVER 2012
ATTACK SOURCE IP ADDRESSES LOCATION OF VICTIMS 19% United States 4% Germany 18% China 4% United Kingdom 16% Nigeria 4% Japan 5% Russia 3% France 5% Korea 3% Taiwan 19% Other Countries 19% United States 1% Mauritus 14% United Kingdom 1% New Zealand 11% Australia 1% Ireland 2% Hong Kong 1% Belgium 2% India 1% Canada 7% Other Countries
35% 18% 11% RETAIL FOOD & BEVERAGE HOSPITALITY 35% RETAIL 18% FOOD & BEVERAGE 11% HOSPITALITY 9% FINANCE 8% PROFESSIONAL SERVICES 6% TECHNOLOGY 4% ENTERTAINMENT 3% TRANSPORTATION 2% HEALTH CARE 4% OTHER
2014 TRUSTWAVE GLOBAL SECURITY REPORT WHAT WAS TARGETED?
33% INCREASE IN NON-CARD DATA TARGETED POS payment card data (track data) 45% 36% 19% Non-payment card data E-commerce payment card data
E-COMMERCE MADE UP 54% OF ASSETS TARGETED
POINT-OF-SALE (POS) BREACHES ACCOUNTED FOR ONE THIRD OF OUR INVESTIGATIONS
2014 TRUSTWAVE GLOBAL SECURITY REPORT HOW DID ATTACKERS GET ACCESS?
WEAK PASSWORDS OPENED THE DOOR FOR THE INITIAL INTRUSION IN 31% OF COMPROMISES
MOST COMMON PASSWORD FOUND WITHIN CORPORATE ENVIRONMENTS?
TOP 25 PASSWORDS 16 BY PERCENT
PASSWORD LENGTH 17
ALMOST ALL APPLICATIONS SCANNED HARBORED ONE OR MORE SERIOUS SECURITY VULNERABILITIES
TOP 10 APPLICATION VULNERABILITIES
2014 TRUSTWAVE GLOBAL SECURITY REPORT INDICATORS OF COMPROMISE
Businesses often… 1.Don’t centralize logging 2.Log but don’t monitor 3.Log the wrong things important because…
ANOMALOUS ACCOUNT ACTIVITY UNEXPLAINED OR SUSPICIOUS OUTBOUND DATA NEW AND/OR SUSPICIOUS FILES DROPPED GEOGRAPHIC ANOMALIES IN LOGINS UNEXPLAINED OR SUSPICIOUS CHANGES TO THE WINDOWS REGISTRY EVIDENCE OF LOG TAMPERING EVIDENCE OF TAMPERING WITH ANTI-VIRUS SERVICES ANOMALOUS SERVICE ACTIVITY (SERVICES ADDED, STOPPED OR PAUSED) INTERRUPTION IN THE PAYMENT PROCESS FLOW (E-COMMERCE) UNEXPLAINED ACCESS TO ADMINSTRATION CONSOLES OR WEB ADMIN (E-COMMERCE)
2014 TRUSTWAVE GLOBAL SECURITY REPORT DETECTION STATISTICS
71% OF COMPROMISE VICTIMS DID NOT DETECT BREACHES THEMSELVES
2014 TRUSTWAVE GLOBAL SECURITY REPORT UNDERSTANDING WIDESPREAD MALWARE
NARRATIVE OF A MALICIOUS CAMPAIGN
THE TOP THREE MALWARE HOSTING COUNTRIES WERE: 42% UNITED STATES 13% RUSSIA 9% GERMANY
MALWARE STRAINS: PASSWORD STEALERS BANKING TROJANS DDOS BOTS RANSOMWARE FAKE UPDATES OR ANTI-VIRUS CRYPTO-CURRENCY MINER POINT-OF-SALE MALWARE SPAMBOTS
BLACKHOLE TOPPED THE LIST OF MOST PREVALENT EXPLOIT KITS AT 49%
85% OF EXPLOITS DETECTED WERE OF THIRD-PARTY PLUG-INS INCLUDING JAVA AND ADOBE FLASH, ACROBAT AND READER
78% OF EXPLOITS DETECTED WERE OF JAVA VULNERABILITIES
SPAM MADE UP 70 PERCENT OF INBOUND MAIL
IN TERMS OF MALICIOUS SPAM, 59% INCLUDED ATTACHMENTS & 41% INCLUDED LINKS
2014 TRUSTWAVE GLOBAL SECURITY REPORT ACTION PLAN/ RECOMMENDATIONS
TO DO LIST: 1.Educate employees on best security practices through security awareness training. 2.Invest in gateway security technologies to protect networks and users against zero-day exploits, targeted malware and blended threats.
TO DO LIST: 1.Implement and enforce strong password policies for employees. 2.Change default and “admin” passwords immediately. 3.Consider two-factor authentication solutions.
TO DO LIST: 1.Know your data - discover all types of sensitive data across your environment. 2.Combine ongoing scanning and testing across all assets - endpoint, network, application and database - so you can identify and fix flaws before an attacker finds them.
TO DO LIST: 1.Pit a security expert against your network hosts, applications and databases for a real-world threat perspective. 2.Test resilience of your systems with regular penetration testing.
TO DO LIST: 1.Develop, institute, and rehearse an incident response plan. 2.Ensure ongoing security training and education of your IT staff. 3.Consider a MSSP for expert help, including ongoing tuning of your technologies and continuous threat monitoring.
IN CLOSING, SECURITY IS: 1.A continuous process 2.Compliance != Security 3.Is bigger than the IT dept 4.Is an effective combination: •of People •pf Process •of Technology; AND •of expert partners
2014 TRUSTWAVE GLOBAL SECURITY REPORT Further Resources
www.trustwave.com/GSR blog.spiderlabs.com
ANY QUESTIONS?

Recommended

Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
Force 3
 
Balance Risk With Better Threat Detection
Balance Risk With Better Threat DetectionBalance Risk With Better Threat Detection
Balance Risk With Better Threat Detection
SecureData Europe
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and Prediction
Jonathan Cran
 
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Force 3
 
Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...) Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...)
Jonathan Cran
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013
- Mark - Fullbright
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
Jonathan Cran
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
Jonathan Cran
 

Recommended

Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
Force 3
 
Balance Risk With Better Threat Detection
Balance Risk With Better Threat DetectionBalance Risk With Better Threat Detection
Balance Risk With Better Threat Detection
SecureData Europe
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and Prediction
Jonathan Cran
 
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Force 3
 
Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...) Top 10 exploited vulnerabilities 2019 (thus far...)
Top 10 exploited vulnerabilities 2019 (thus far...)
Jonathan Cran
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013
- Mark - Fullbright
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
Jonathan Cran
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
Jonathan Cran
 
(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain
Priyanka Aash
 
(SACON) Wayne Tufek - chapter six - dwell time
(SACON) Wayne Tufek - chapter six - dwell time(SACON) Wayne Tufek - chapter six - dwell time
(SACON) Wayne Tufek - chapter six - dwell time
Priyanka Aash
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Jacob Tranter
 
The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar
Kaspersky
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?
F-Secure Corporation
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!
F-Secure Corporation
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Priyanka Aash
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
Splunk
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
Sylvain Martinez
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Splunk
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Napier University
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Ingram Micro Cloud
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
Netpluz Asia Pte Ltd
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
Cisco Canada
 
Antispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníAntispam aneb plnoleté řešení
Antispam aneb plnoleté řešení
MarketingArrowECS_CZ
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
Imperva
 
Analyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingAnalyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testing
Engr Md Yusuf Miah
 
Inuit forum 1-2014 - Reportage från ManageEngine användarkonferens
Inuit forum 1-2014 - Reportage från ManageEngine användarkonferensInuit forum 1-2014 - Reportage från ManageEngine användarkonferens
Inuit forum 1-2014 - Reportage från ManageEngine användarkonferens
Inuit AB
 
Laporan aplikasi probis
Laporan aplikasi probisLaporan aplikasi probis
Laporan aplikasi probis
Franky Kurniawan
 

More Related Content

What's hot

Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Ingram Micro Cloud
 

What's hot (20)

(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain
 
(SACON) Wayne Tufek - chapter six - dwell time
(SACON) Wayne Tufek - chapter six - dwell time(SACON) Wayne Tufek - chapter six - dwell time
(SACON) Wayne Tufek - chapter six - dwell time
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
 
The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar The Threat Landscape in the Era of Directed Attacks - Webinar
The Threat Landscape in the Era of Directed Attacks - Webinar
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
 
How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Antispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníAntispam aneb plnoleté řešení
Antispam aneb plnoleté řešení
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Analyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingAnalyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testing
 

Viewers also liked

Anth 410 child mortality
Anth 410 child mortalityAnth 410 child mortality
Anth 410 child mortality
Cynthia Lewis
 
Anth 410 annotated biblio cjl77
Anth 410 annotated biblio cjl77Anth 410 annotated biblio cjl77
Anth 410 annotated biblio cjl77
Cynthia Lewis
 
Anth 410 fantasy proposal
Anth 410 fantasy proposalAnth 410 fantasy proposal
Anth 410 fantasy proposal
Cynthia Lewis
 
Foods ii _4_e1_power_point_salads
Foods ii _4_e1_power_point_saladsFoods ii _4_e1_power_point_salads
Foods ii _4_e1_power_point_salads
Katelyn Goodfellow
 
Power Point slides on Percentage for year 8s
Power Point slides on Percentage for year 8sPower Point slides on Percentage for year 8s
Power Point slides on Percentage for year 8s
amirishabnam1
 

Viewers also liked (11)

Inuit forum 1-2014 - Reportage från ManageEngine användarkonferens
Inuit forum 1-2014 - Reportage från ManageEngine användarkonferensInuit forum 1-2014 - Reportage från ManageEngine användarkonferens
Inuit forum 1-2014 - Reportage från ManageEngine användarkonferens
 
Laporan aplikasi probis
Laporan aplikasi probisLaporan aplikasi probis
Laporan aplikasi probis
 
Varför älskar kunderna ServiceDesk Plus?
Varför älskar kunderna ServiceDesk Plus?Varför älskar kunderna ServiceDesk Plus?
Varför älskar kunderna ServiceDesk Plus?
 
Developing a 360° view of risk and compliance
Developing a 360° view of risk and complianceDeveloping a 360° view of risk and compliance
Developing a 360° view of risk and compliance
 
Anth 410 child mortality
Anth 410 child mortalityAnth 410 child mortality
Anth 410 child mortality
 
Anth 410 annotated biblio cjl77
Anth 410 annotated biblio cjl77Anth 410 annotated biblio cjl77
Anth 410 annotated biblio cjl77
 
Anth 410 fantasy proposal
Anth 410 fantasy proposalAnth 410 fantasy proposal
Anth 410 fantasy proposal
 
Bread recipes
Bread recipesBread recipes
Bread recipes
 
Foods ii _4_e1_power_point_salads
Foods ii _4_e1_power_point_saladsFoods ii _4_e1_power_point_salads
Foods ii _4_e1_power_point_salads
 
Optics
OpticsOptics
Optics
 
Power Point slides on Percentage for year 8s
Power Point slides on Percentage for year 8sPower Point slides on Percentage for year 8s
Power Point slides on Percentage for year 8s
 

Similar to Sammanfattning av 2014 Trustwave Global Security Report

Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Report
worldwidebranding
 
Web applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk AssessmentWeb applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk Assessment
PECB
 
2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report
Angela Gunn
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
Peggy Lawless
 

Similar to Sammanfattning av 2014 Trustwave Global Security Report (20)

The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
Check point 2015-securityreport
Check point 2015-securityreportCheck point 2015-securityreport
Check point 2015-securityreport
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Report
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Web applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk AssessmentWeb applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk Assessment
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
 
2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report2015 HPSR Cyber Risk Report
2015 HPSR Cyber Risk Report
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches
 
HP cyber risk report 2015
HP cyber risk report 2015HP cyber risk report 2015
HP cyber risk report 2015
 
4 Ways to Respond to Today's Advanced Threats
4 Ways to Respond to Today's Advanced Threats4 Ways to Respond to Today's Advanced Threats
4 Ways to Respond to Today's Advanced Threats
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 

More from Inuit AB

More from Inuit AB (8)

PowerShell som ett verktyg för cyberattacker
PowerShell som ett verktyg för cyberattackerPowerShell som ett verktyg för cyberattacker
PowerShell som ett verktyg för cyberattacker
 
5 reasons to use OpManager Plus
5 reasons to use OpManager Plus5 reasons to use OpManager Plus
5 reasons to use OpManager Plus
 
IT asset management in ServiceDesk Plus
IT asset management in ServiceDesk PlusIT asset management in ServiceDesk Plus
IT asset management in ServiceDesk Plus
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12
 
Overcoming Cyber Attacks
Overcoming Cyber AttacksOvercoming Cyber Attacks
Overcoming Cyber Attacks
 
Applikationssäkerhet - Infographic
Applikationssäkerhet - Infographic Applikationssäkerhet - Infographic
Applikationssäkerhet - Infographic
 
Viktigt med processer för Luleå Tekniska Universitet
Viktigt med processer för Luleå Tekniska UniversitetViktigt med processer för Luleå Tekniska Universitet
Viktigt med processer för Luleå Tekniska Universitet
 
Få kontroll över ärenden, resurser och processer med ServiceDesk Plus
Få kontroll över ärenden, resurser och processer med ServiceDesk PlusFå kontroll över ärenden, resurser och processer med ServiceDesk Plus
Få kontroll över ärenden, resurser och processer med ServiceDesk Plus
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Sammanfattning av 2014 Trustwave Global Security Report

  • 1. 2014 TRUSTWAVE GLOBAL SECURITY REPORT John Yeo VP at Trustwave Stockholm - November 2014
  • 2. 1Victim Demographics 2Data and Systems Targeted 3Intrusion Methods 4Indicators of Compromise 5Detection Statistics 6Understanding Widespread Malware 7Actions and Recommendations 2014 GSR: AGENDA Welcome…
  • 3. 1Victim Demographics 2Data and Systems Targeted 3Intrusion Methods 4Indicators of Compromise 5Detection Statistics 6Understanding Widespread Malware 7Actions and Recommendations 2014 GSR: AGENDA
  • 4. 2014 GSR: SUMMARY OF FINDINGS 1.More victims, more breaches 2.Shift in data types 3.Similar targets and methods as past years 4.Self detection = early detection 5.Response is key
  • 5. 2014 TRUSTWAVE GLOBAL SECURITY REPORT WHO WERE THE VICTIMS?
  • 6. THE VOLUME OF DATA BREACH INVESTIGATIONS INCREASED 54% OVER 2012
  • 7. ATTACK SOURCE IP ADDRESSES LOCATION OF VICTIMS 19% United States 4% Germany 18% China 4% United Kingdom 16% Nigeria 4% Japan 5% Russia 3% France 5% Korea 3% Taiwan 19% Other Countries 19% United States 1% Mauritus 14% United Kingdom 1% New Zealand 11% Australia 1% Ireland 2% Hong Kong 1% Belgium 2% India 1% Canada 7% Other Countries
  • 8. 35% 18% 11% RETAIL FOOD & BEVERAGE HOSPITALITY 35% RETAIL 18% FOOD & BEVERAGE 11% HOSPITALITY 9% FINANCE 8% PROFESSIONAL SERVICES 6% TECHNOLOGY 4% ENTERTAINMENT 3% TRANSPORTATION 2% HEALTH CARE 4% OTHER
  • 9. 2014 TRUSTWAVE GLOBAL SECURITY REPORT WHAT WAS TARGETED?
  • 10. 33% INCREASE IN NON-CARD DATA TARGETED POS payment card data (track data) 45% 36% 19% Non-payment card data E-commerce payment card data
  • 11. E-COMMERCE MADE UP 54% OF ASSETS TARGETED
  • 12. POINT-OF-SALE (POS) BREACHES ACCOUNTED FOR ONE THIRD OF OUR INVESTIGATIONS
  • 13. 2014 TRUSTWAVE GLOBAL SECURITY REPORT HOW DID ATTACKERS GET ACCESS?
  • 14. WEAK PASSWORDS OPENED THE DOOR FOR THE INITIAL INTRUSION IN 31% OF COMPROMISES
  • 15. MOST COMMON PASSWORD FOUND WITHIN CORPORATE ENVIRONMENTS?
  • 16. TOP 25 PASSWORDS 16 BY PERCENT
  • 18. ALMOST ALL APPLICATIONS SCANNED HARBORED ONE OR MORE SERIOUS SECURITY VULNERABILITIES
  • 19. TOP 10 APPLICATION VULNERABILITIES
  • 20. 2014 TRUSTWAVE GLOBAL SECURITY REPORT INDICATORS OF COMPROMISE
  • 21. Businesses often… 1.Don’t centralize logging 2.Log but don’t monitor 3.Log the wrong things important because…
  • 22. ANOMALOUS ACCOUNT ACTIVITY UNEXPLAINED OR SUSPICIOUS OUTBOUND DATA NEW AND/OR SUSPICIOUS FILES DROPPED GEOGRAPHIC ANOMALIES IN LOGINS UNEXPLAINED OR SUSPICIOUS CHANGES TO THE WINDOWS REGISTRY EVIDENCE OF LOG TAMPERING EVIDENCE OF TAMPERING WITH ANTI-VIRUS SERVICES ANOMALOUS SERVICE ACTIVITY (SERVICES ADDED, STOPPED OR PAUSED) INTERRUPTION IN THE PAYMENT PROCESS FLOW (E-COMMERCE) UNEXPLAINED ACCESS TO ADMINSTRATION CONSOLES OR WEB ADMIN (E-COMMERCE)
  • 23. 2014 TRUSTWAVE GLOBAL SECURITY REPORT DETECTION STATISTICS
  • 24. 71% OF COMPROMISE VICTIMS DID NOT DETECT BREACHES THEMSELVES
  • 25.
  • 26.
  • 27.
  • 28. 2014 TRUSTWAVE GLOBAL SECURITY REPORT UNDERSTANDING WIDESPREAD MALWARE
  • 29. NARRATIVE OF A MALICIOUS CAMPAIGN
  • 30. THE TOP THREE MALWARE HOSTING COUNTRIES WERE: 42% UNITED STATES 13% RUSSIA 9% GERMANY
  • 31. MALWARE STRAINS: PASSWORD STEALERS BANKING TROJANS DDOS BOTS RANSOMWARE FAKE UPDATES OR ANTI-VIRUS CRYPTO-CURRENCY MINER POINT-OF-SALE MALWARE SPAMBOTS
  • 32. BLACKHOLE TOPPED THE LIST OF MOST PREVALENT EXPLOIT KITS AT 49%
  • 33. 85% OF EXPLOITS DETECTED WERE OF THIRD-PARTY PLUG-INS INCLUDING JAVA AND ADOBE FLASH, ACROBAT AND READER
  • 34. 78% OF EXPLOITS DETECTED WERE OF JAVA VULNERABILITIES
  • 35. SPAM MADE UP 70 PERCENT OF INBOUND MAIL
  • 36. IN TERMS OF MALICIOUS SPAM, 59% INCLUDED ATTACHMENTS & 41% INCLUDED LINKS
  • 37. 2014 TRUSTWAVE GLOBAL SECURITY REPORT ACTION PLAN/ RECOMMENDATIONS
  • 38. TO DO LIST: 1.Educate employees on best security practices through security awareness training. 2.Invest in gateway security technologies to protect networks and users against zero-day exploits, targeted malware and blended threats.
  • 39. TO DO LIST: 1.Implement and enforce strong password policies for employees. 2.Change default and “admin” passwords immediately. 3.Consider two-factor authentication solutions.
  • 40. TO DO LIST: 1.Know your data - discover all types of sensitive data across your environment. 2.Combine ongoing scanning and testing across all assets - endpoint, network, application and database - so you can identify and fix flaws before an attacker finds them.
  • 41. TO DO LIST: 1.Pit a security expert against your network hosts, applications and databases for a real-world threat perspective. 2.Test resilience of your systems with regular penetration testing.
  • 42. TO DO LIST: 1.Develop, institute, and rehearse an incident response plan. 2.Ensure ongoing security training and education of your IT staff. 3.Consider a MSSP for expert help, including ongoing tuning of your technologies and continuous threat monitoring.
  • 43. IN CLOSING, SECURITY IS: 1.A continuous process 2.Compliance != Security 3.Is bigger than the IT dept 4.Is an effective combination: •of People •pf Process •of Technology; AND •of expert partners
  • 44. 2014 TRUSTWAVE GLOBAL SECURITY REPORT Further Resources