Your SlideShare is downloading. ×
0
×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Website Security Threats - January 2014 Update

3,881

Published on

WEBSITE SECURITY THREATS: JANUARY 2014 UPDATE

WEBSITE SECURITY THREATS: JANUARY 2014 UPDATE

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,881
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WEBSITE SECURITY THREATS: JANUARY 2014 UPDATE Thursday 9th January 2014 Andrew Horbury Andrew Shepherd Product Marketing Manager EMEA Marketing Manager andy_horbury@symantec.com andrew_shepherd@symantec.com
  • 2. Agenda 1 Month in Numbers 2 Creepware 3 Emerging and new types of malware 4 Gartner – why Interest in IT Risk is growing 5 Everyone is a target 6 Stranger than fiction 7 Good news Website Security Threats: January 2014 Update
  • 3. The month in Numbers • US$50,000 – Cybercrime boss Paunch earned US$50,000 a month • 40 million – Target targeted: Cybercriminals may have spent the Christmas shopping season feasting on the proceeds of 40m stolen payment cards • 00000000 – For nearly 20 years, the launch code for US nuclear missiles was 00000000 • 61% – Bots account for 61% of all website traffic up 21% yoy • 93% and 87% – 93 percent of large organisations suffered a security breach last year, while 87 percent of small businesses also experienced Website Security Threats: January 2014 Update
  • 4. The month in Numbers • 18BN GBP – Mobile influenced £18bn of retail sales in 2013 • 54 million – Turkish press reports that records of 54 million Turkish citizens have been stolen by attackers • The 2 million Pony – 1,580,000 website login credentials stolen – 320,000 email account credentials stolen – 41,000 FTP account credentials stolen – 3,000 Remote Desktop credentials stolen – 3,000 Secure Shell account credentials stolen Website Security Threats: January 2014 Update
  • 5. Creepware • Remote Access Trojans (RATs) – Differs from tools due to malicious intent – Allows someone to control a computer from a remote location • How? – – – – Drive-by downloads Malicious links Exploit kits Peer-to-peer file sharing/torrents • Why? – Voyeurism, information/file stealing, blackmail/sextortion, trolling, using computer for DDoS attacks Website Security Threats: January 2014 Update
  • 6. New and emerging types of Malware • Malicious Firefox add in – The ‘Advanced Power’ botnet, active since May 2013 has infected more than 12,500 computers. – The bot uses compromised Windows systems to scan for vulnerable websites to conduct SQL injection attacks • Malware posing as Microsoft IIS to steal user data – New malware found that disguises itself as a module for Microsoft’s IIS Web server in order to evade detection. – The malware has been observed targeting credit card data on ecommerce websites. – While the malware is not widespread yet, it could also be used to steal login details or any other sensitive data that’s sent to a compromised IIS instance. Website Security Threats: January 2014 Update
  • 7. Gartner – why Interest in IT Risk is growing 1. Lack of understanding 2. Increasing pressure to disclose technology risk 3. Lack of visibility into key business relationships with third-parties 4. Growing interconnection between technology and business risks Website Security Threats: January 2014 Update
  • 8. Everyone is a target…… • Snapchat hack impacts 4.6 million users – Hackers have published the usernames and phone numbers of more than 4.6 million Snapchat users in order to “raise public awareness on how reckless many internet companies are with user information”. • 9 out of 10 large firms suffered a breach, says survey – ​Around 93 percent of large companies and 87 percent of small businesses suffered a security breach in 2013 Website Security Threats: January 2014 Update
  • 9. Stranger than fiction Harvard student uses Tor to send bomb threat to skip exam - FBI unamused US agency destroys $170k of equipment to get rid of virus - Only 6 machines infected G20 Leaders are not immune to the charms of Carla Bruni Website Security Threats: January 2014 Update
  • 10. Good News • Global ATM heist – eight arrested (two of the suspects posted this image) • Not so secret launch codes – Guide tours of silos – Soldiers given checklist containing the launch code • Glitter nail varnish could protect your laptop…. • Have you been breached? Theres an app for that! Website Security Threats: January 2014 Update
  • 11. Link Glossary (Press Print screen now) • Paunch – http://www.group-ib.com/index.php/7-novosti/790-group-ib-assists-to-suppressthe-activities-of-a-blackhole-exploit-kit-author-paunch-is-arrestedq%22 • Target – http://www.reuters.com/article/2013/12/19/us-target-breachidUSBRE9BH1GX20131219 • Nuclear Code – http://www.huffingtonpost.com/2013/12/05/nuclear-missile-code-00000000cold-war_n_4386784.html • Bots account for 61% of web traffic – http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 • 9 out of 10 large firms suffered a breach – http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 • Mobile influenced £18bn of retail sales in 2013 – http://econsultancy.com/blog/10717-mobile-will-influence-15bn-of-in-storesales-in-2012 • Turkish Hack • http://www.hurriyetdailynews.com/russian-hackers-stole-54-million-turkishcitizens-id-data-claim.aspx?pageID=238&nID=59644&NewsCatID=338 Website Security Threats: January 2014 Update
  • 12. Link Glossary 2 • Creepware – Symantec Blog – https://www-secure.symantec.com/connect/blogs/creepware-who-swatching-you • Gartner 4 Reasons Behind the Growing Interest in IT Risk – http://blogs.gartner.com/john-wheeler/4-reasons-driving-growing-interestin-it-risks/ • 2013 Information Security Breaches Survey – http://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf • Nail Varnish – http://www.wired.co.uk/news/archive/2014-01/02/data-security-nail-polish • Have I been Pwned – https://haveibeenpwned.com/ Website Security Threats: January 2014 Update
  • 13. Next webinar: Thursday 13th February 2014 9.30am UK / 10.30am CET Thank you! Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Website Security Threats: January 2014 Update

×