• Share
  • Email
  • Embed
  • Like
  • Private Content
Is your website the soft underbelly of your organisation?
 

Is your website the soft underbelly of your organisation?

on

  • 406 views

Whilst not every organisation may be a target of an APT or targeted attack, it’s important that all companies large or small understand these attacks as a way to help build stronger defences against ...

Whilst not every organisation may be a target of an APT or targeted attack, it’s important that all companies large or small understand these attacks as a way to help build stronger defences against the constantly changing threat landscape.
· Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010.
· In 2012 the number of Web based attacks increased by 1/3 with approximately 247,350 Web-based attacks were blocked each day.
· 5291 New Vulnerabilities were discovered in 2012
· Spam accounts for 69% of all email and one in 414 emails are from phishers

All security and IT professional need to understand the new reality classic textbook protections may well not be enough.

Statistics

Views

Total Views
406
Views on SlideShare
406
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • This is a sample Agenda/Preview slide. This slide is ideal for setting the scene at the beginning of your presentation by providing a big picture overview of what you plan to cover. To Change Titles in Shapes (i.e.: “Text here”):Select text. (Optional:Press Delete.) Begin typing desired text.To Change Font Color/Size: Select text,right-click and adjust the font setting on the Mini toolbar. Select desired attributes to change: font, size, boldness, color, etc. Note: many of the same commands can also be accessed from the Font group of the Home tab.To Change a Shape’s Fill Color:Select the desired object by clicking once on its edge. On the Home tab, click the Shape Fill button within the Drawing group to select a theme color from the Symantec color palette. To Delete a Shape:Select the desired object by clicking once on its edge. Press the Delete key on your keyboard.To Copy a Text Box or Shape:Select the text box or shape.Note: Make sure to select the entire object, not just the text, by clicking the edge of the text box or shape.Type Ctrl C (copy), click outside object, then type Ctrl V (paste) to place the object. Click and drag the pasted object to desired location.
  • Attacks have increased against manufacturing.  We believe this is because of an increase in attacks along the supply chain, with attacks seeking intellectual property from contracts and sub-contractors of big projects.  This is most pronounced in defense.   This is not surprises and aligns with the increase in attacks on small businesses.  Attackers find contractors and sub-contractos easier to break into and in possession of the IP they seek.
  • Attacks have increased against manufacturing.  We believe this is because of an increase in attacks along the supply chain, with attacks seeking intellectual property from contracts and sub-contractors of big projects.  This is most pronounced in defense.   This is not surprises and aligns with the increase in attacks on small businesses.  Attackers find contractors and sub-contractos easier to break into and in possession of the IP they seek.
  • The biggest innovation in targeted attacks was the emergence of watering hole attacks. This involves compromising a legitimate website that a targeted victim might visit and using it to install malware on their computer.
  • For example, this year we saw a line of code in a tracking script on a human rights organisation’s website with the potential to compromise a computer. It exploited a new, zero-day vulnerability in Internet Explorer to infect visitors. Our data showed that within 24 hours, people in 500 different large companies and government organizations visited the site and ran the risk of infection. The attackers in this case, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well- resourced team backed by a large criminal organization or a nation state.
  • I want to give a quick example of a watering hole attack…This example is of an attack on a legitimate site visited by iOS developers. The Elderwood gang managed to exploit a vulnerability in this website and inject malware into it. This site is by no means a mainstream site but the visitors tend to be the type of mobile developers targeted. There were about 40+ developers infected in this attack. But these victims worked for companies such as Twitter and Facebook but also smaller app developers…. By planting malware on this site the attackers were able to infect any visitor. It is unclear if the attackers were looking for one specific company to attack, or any vendor of iOS applications who visited the site. It’s important to remember that the web site used in a waterhole attack is also a victim. As a company Symantec has solutions we have solutions that can help protect your site from attacks like this – we have Website security solutions that can encrypt the traffic to your site and also scan your site for any possible vulnerabilities and malware. I know if I were running a similar site to this one right now I’d be exploring how I could demonstrate to my visitors that they can be assured that what happened here could not happen to them

Is your website the soft underbelly of your organisation? Is your website the soft underbelly of your organisation? Presentation Transcript

  • Is your website the soft underbelly of your organisation? 1 Is your website the soft underbelly of your organisation? Andrew Horbury Senior Product Marketing Manager - Symantec
  • Today’s Agenda Is your website the soft underbelly of your organisation? 2 What is an APT and targeted attacks1 Spear Phishing Targeted attacks by co. size and vertical Cybercrime and targeted attacks Watering hole attacks Vulnerabilities Next steps 2 3 4 5 6 7
  • What is an APT? • A type of targeted attack – Using a variety of techniques • Drive by downloads • SQL Injection • Phishing • Spam • Spyware • And more….. • An APT is always a targeted attack but a targeted attack is not necessarily an APT. • APTs differ for targeted attacks: – Customized – Low and Slow – Higher Aspirations – Specific Attacks Is your website the soft underbelly of your organisation? 3
  • GhostNet • GhostNet is perhaps a stand out classic example of a long-term, persistent, targeted attack • Starting in May 2007 it continued for nearly two years, infecting some computers for as long as 660 days Is your website the soft underbelly of your organisation? 4
  • What is a targeted attack • Targeted attacks – Aimed at one person or a specific group – Driven by financial motives cybercriminals targeted attacks are replacing global widespread virus outbreaks. Is your website the soft underbelly of your organisation? 5
  • 6
  • 7
  • Spear Phishing Is your website the soft underbelly of your organisation? 8 • Research shows that calling ahead adds credibility to a targeted attack
  • Using the Phone to back up a Phishing Attack • What can attackers do to improve success rate of phishing email? • On 11 April 2013, an employee in an “Organisation A” in France received a phone call • French speaking caller, urges her to download an invoice from a link she will receive through email • Link doesn’t go to an invoice but instead installs a version of W32.Shadesrat, a well-known Remote Access Trojan. 9Is your website the soft underbelly of your organisation?
  • 10 Targeted Attacks by Company Size Greatest growth in 2012 is at companies with <250 employees Small business often not well protected, but connected to others Employees 2,501+ 50% 2,501+ 50% 1 to 2,500 50% 1,501 to 2,500 1,001 to 1,500 501 to 1,000 251 to 500 1 to 250 18% in 2011 9% 2% 3% 5% 31% Is your website the soft underbelly of your organisation?
  • 11 Targeted Attacks by Company Size Greatest growth in 2012 is at companies with <250 employees Small business often not well protected, but connected to others Employees 2,501+ 50% 2,501+ 50% 1 to 2,500 50% 1,501 to 2,500 1,001 to 1,500 501 to 1,000 251 to 500 1 to 250 18% in 2011 9% 2% 3% 5% 31% 87% of SMBs suffered a cyberattack last year, only 44% see security as a priority Is your website the soft underbelly of your organisation?
  • 12 1% 2% 2% 2% 8% 10% 12% 17% 19% 24% 0% 5% 10% 15% 20% 25% 30% tion, Communications, Electric, Gas Aerospace Retail Wholesale Services – Professional Energy/Utilities Government Services – Non-Traditional Finance, Insurance & Real Estate ManufacturingManufacturing Finance, Insurance & Real Estate Services – Non-Traditional Government Energy/Utilities Services – Professional Wholesale Retail Aerospace Transportation, Communications, Electric, Gas Targeted Attacks by Industry: 2012 Is your website the soft underbelly of your organisation?
  • 13 1% 2% 2% 2% 8% 10% 12% 17% 19% 24% 0% 5% 10% 15% 20% 25% 30% tion, Communications, Electric, Gas Aerospace Retail Wholesale Services – Professional Energy/Utilities Government Services – Non-Traditional Finance, Insurance & Real Estate ManufacturingManufacturing Finance, Insurance & Real Estate Services – Non-Traditional Government Energy/Utilities Services – Professional Wholesale Retail Aerospace Transportation, Communications, Electric, Gas Targeted Attacks by Industry: 2012 Is your website the soft underbelly of your organisation?
  • R&D 27% Senior 12% C-Level 17% Sales 24% Shared Mailbox 13% Recruitment 4% Media 3% PA 1% 0% 5% 10% 15% 20% 25% 30% • Attacks may start with the ultimate target but often look opportunistically for any entry into a company 14 Targeted Attacks by Job Function: 2012 Is your website the soft underbelly of your organisation?
  • Why is a targeted attack different from ‘vanilla’ cyber crime? 15Is your website the soft underbelly of your organisation?
  • cyber crime Targeted attack “Advanced Persistent Threats (APT)” Aurora, Nitro, NightDragon, ShadyRAT, Taidoor, LuckyCAT 16Is your website the soft underbelly of your organisation?
  • What does CyberCrime mean? 17 Online banking credentials P.I.I / Credit Card numbers Fake AV Purchasing scams / Fraud Botnet & Pay Per Install Is your website the soft underbelly of your organisation?
  • Cyber crime Targeted attack “Advanced Persistent Threats (APT)” Aurora, Nitro, NightDragon, ShadyRAT, Taidoor, LuckyCAT 18Is your website the soft underbelly of your organisation?
  • Cost of a data breach • In 2012, the average per capita cost of a UK data breach caused by a malicious or criminal attack was $157.* • The most and least expensive breaches. – German and US co’s had the most costly data breaches ($199 and $188 per record – These countries also experienced the highest total cost (US at $5.4 million and Germany at $4.8 million). The least costly breaches occurred in Brazil and India ($58 and $42, respectively). In Brazil total cost was $1.3 million and in India it was $1.1 million. *Source: http://www.symantec.com/content/en/us/about/media/pdfs/b- cost-of-a-data-breach-global-report-2013.en- us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_li nkedin_2013Jun_worldwide_CostofaDataBreach Is your website the soft underbelly of your organisation? 19
  • It’s not just about direct attacks or e-mail 20Is your website the soft underbelly of your organisation?
  • 21 Targeted Attacks predominantly start as spear phishing attacks In 2012, Watering Hole Attacks emerged Send an email to a person of interest Spear Phishing Infect a website and lie in wait for them Watering Hole Attack Is your website the soft underbelly of your organisation?
  • 22 Effectiveness of Watering Hole Attacks Watering Hole attacks are targeted at specific groups Can capture a large number of victims in a very short time http://bit.ly/Elderwood Infected 500 Companies Watering Hole Attack in 2012 All Within 24 Hours Is your website the soft underbelly of your organisation?
  • Watering Hole Targeted iOS Developers 23 In 2013 this type of attack will become widely used Several high profile companies fell victim to just such an attack Is your website the soft underbelly of your organisation?
  • Recent Examples of Water Hole Attack • In 2013 we predict this type of attack will become more widely used • In February this year several high profile companies fell victim to this type of attack 24Is your website the soft underbelly of your organisation?
  • Zero-Day Vulnerabilities 13 15 9 12 14 8 14 2006 2007 2008 2009 2010 2011 2012 Total Volume Total Volume 25Is your website the soft underbelly of your organisation?
  • Zero-Day Vulnerabilities 4 2 3 4 13 15 9 12 14 8 14 0 5 10 15 20 25 2006 2007 2008 2009 2010 2011 2012 Total Volume Elderwood Stuxnet One group can significantly affect yearly numbers The Elderwood gang drove the rise in zero day vulnerabilities 26Is your website the soft underbelly of your organisation?
  • All vulnerabilities All vulnerabilities 5291 0 1000 2000 3000 4000 5000 6000 7000 2006 2007 2008 2009 2010 2011 2012 All vulnerabilities • No significant rise or fall in discovery of new vulnerabilities in last six years 27Is your website the soft underbelly of your organisation?
  • 74,000 55,000 43,000 0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 2010 2011 2012 New unique malicious web domains Decrease In new malicious domains 28Is your website the soft underbelly of your organisation?
  • 29 30% increase in web attacks blocked… 190,370 2011 2012 247,350 Is your website the soft underbelly of your organisation?
  • 30 Our Websites are Being Used Against Us 61% of web sites serving malware are legitimate sites 25% have critical vulnerabilities unpatched 53% of legitimate websites have unpatched vulnerabilities Is your website the soft underbelly of your organisation?
  • Warning…..your site is infected and you might never recover Is your website the soft underbelly of your organisation? 31
  • What do I need to do now? • Employees: your first line of defence – 38 percent of employees say their manager views data protection as a business priority • Security awareness and the respecting the value of company data needs to be ingrained throughout the company culture Is your website the soft underbelly of your organisation? 32
  • What happens when the first line fails • Use spyware to log keystrokes, switch on microphones and cameras and record with them, and listen in on VOIP calls and IM • Use your servers and websites to launch additional malware attacks • Infiltrate your email system to distribute spam or, more, likely further targeted attacks • Look for further vulnerabilities in your network to exploit • Monitor your network and website traffic • Infect your websites to target visitors with malicious code • Search for encryption keys in your servers • Export customer data, intellectual property and financial information • Take control over automated systems • Send messages from and display messages on individual devices. Is your website the soft underbelly of your organisation? 33
  • Knowledge and technology: your second line of defence Is your website the soft underbelly of your organisation? 34 Assessment type What we look for Malicious Activity Uncover and analyse malicious activities in your environment, such as suspicious network activity Targeted Attacks Look for evidence of infection specific to your organisation Data Loss Find data spills that could be targets for hackers Vulnerability Analyse web applications, databases, servers, and network devices for vulnerabilities.
  • Protection through policy: your final line of defence Ponemon 2013 Cost of Data Breach Study* found: • A strong security posture, reduced the per capita cost by $20 • An incident response plan, reduced the per capita cost by $20 • The appointment of a Chief Information Security Officer (CISO) who has centralised responsibility for data protection, which reduced the per capita cost by $14 * Pomenon 2013 Cost of Data Breach Study http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon- 2013 Is your website the soft underbelly of your organisation? 35
  • How Symantec can help (Print Screen) Symantec technology What it does How it can help Symantec Extended Validation SSL Certificates Encrypts confidential information, such as credit card data, between the browser and your servers. Also confirms the identity of the website in the browser address bar. • Powerful encryption • Visible security • Authenticates the website • Greater customer trust • Increased conversions. Web Site Malware Scanning Scans websites for malware infections. Reduces the risk of warnings and blocking by search engines and the risk of reputation damage when a site infects its visitors. Symantec Managed PKI for SSL Lets website managers keep track of all their SSL certificates from a web-hosted management console. Reduce the risk of accidental certificate expiry and credibility-damaging certificate warnings. Always-on SSL with Symantec Secure Site Pro SSL Certificates Always-on SSL is used by sites such as Google, Facebook and LinkedIn to protect all the user’s interactions with the site. Build trust and encourage user interaction by making sure that it is all encrypted and secure. The Norton™ Secured Seal Shows customers that you value their trust and that your site is secure because it has been scanned weekly for malware and vulnerabilities. The Norton™ Secured Seal is the most recognised trust mark on the Internet Symantec Seal-in-Search™ Displays the widely-recognised Norton Secured Seal trust mark in web search results. Increase search traffic Increase customer trust and confidence. 36Is your website the soft underbelly of your organisation?
  • Stay informed • Follow us on twitter @nortonsecured @threatintel • www.symantec.com/threatreport • go.symantec.com/ssl • Blogs www.symantec.com/connect/blogs/website- security-solutions 37Is your website the soft underbelly of your organisation?
  • Thank you! Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Is your website the soft underbelly of your organisation? 38 Andrew Horbury andy_horbury@symantec.com +44 207 4485 623