Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Symantec: The rise of hacktivism and insider threats

722
views

Published on

The rise of hacktivism and insiders: new tactics, new motives …

The rise of hacktivism and insiders: new tactics, new motives

Insiders Outsiders, Hactivists, Cybercriminals – the lines have blurred but the game remains the same – how you can protect your infrastructure and organization from web based and cyber threats.

With incidences of malware and vulnerabilities on the rise – how does your organisation measure up and how are you prepared for the future? Is your web infrastructure robust enough to cope? Join Symantec to understand the threat landscape and motivations that drive them.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
722
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The rise of hacktivism and insiders: new tactics, new motives Andrew Horbury Senior Product Marketing Manager
  • 2. Data sources: ISTR, WSTR, Symantec Security Response hacktivism and insiders: new tactics, new motives 2
  • 3. Agenda 1 Why we are here today 2 Hacktivism 101 3 How do they do it? 4 Web based attacks 5 Insiders 101 6 Mediation 7 Information sources hacktivism and insiders: new tactics, new motives 3
  • 4. What is a Hacktivist ? • Def. haktɪvɪst/ (noun) - a person who gains unauthorised access to computer files or networks in order to further social or political ends. • The term was coined in 1996 by Omega, a member of the popular group of hackers known as Cult of the Dead Cow • Hacktivism includes cyber attacks performed to promote (or motivated by) political or social scopes Source: http://hackmageddon.com/2013-cyber-attacks-timeline-master-index/ hacktivism and insiders: new tactics, new motives 4
  • 5. From activist to Hacktivist hacktivism and insiders: new tactics, new motives 5
  • 6. Anonymous hacks Vatican website http://www.zdnet.com/blog/security/anonymous-hacks-abortion-clinic-steals-10000-records/10675 hacktivism and insiders: new tactics, new motives 6
  • 7. So what happens? • Criminals buy ready-made malware, such as the Sakura toolkit, which is then installed on someone else’s website. It scans visitors’ computers for known vulnerabilities and picks the most effective exploit to infect them. hacktivism and insiders: new tactics, new motives 7
  • 8. Our Websites are Being Used Against Us Vulnerabilities and malware on the rise….. 53% 61% of web sites serving malware are legitimate sites of legitimate websites have unpatched vulnerabilities 25% have critical vulnerabilities unpatched hacktivism and insiders: new tactics, new motives 8
  • 9. Our Websites are Being Used Against Us 53% 61% of web sites serving malware are legitimate sites of legitimate websites have unpatched vulnerabilities 25% vulnerabilities reported in 2012 have critical vulnerabilities unpatched hacktivism and insiders: new tactics, new motives 9
  • 10. Web based attacks on the rise The number of Web-based attacks increased by almost a third in 2012. These attacks silently infect enterprise and consumer users when they visit a compromised website. In other words, you can be infected simply by visiting a legitimate website. Typically, attackers infiltrate the website to install their attack toolkits and malware payloads, unbeknown to the site owner or the potential victims. hacktivism and insiders: new tactics, new motives 10
  • 11. Why are you telling me this? My company is not important – why would anyone attack me? “C’mon no one will attack my company… will they?” hacktivism and insiders: new tactics, new motives 11
  • 12. Targeted Attacks by Company Size: 2012
  • 13. Small businesses say…… • 41% have been a victim of cybercrime in past 12 months. • 20% have had a virus infection in their business • 8% have suffered from a hacking incident • 20% have not taken any steps to protect themselves at all! In a pool of 2000+ that’s at least 400 businesses that are probably at high risk • Only 36% say they regularly apply security patches • 60% kept their antivirus software up to date hacktivism and insiders: new tactics, new motives 13
  • 14. hacktivism and insiders: new tactics, new motives 14
  • 15. Targeted Attacks by Industry: 2012 24% Manufacturing Manufacturing 19% Finance, Insurance & Real Estate Finance, Insurance & Real Estate 17% Services – Non-Traditional Services – Non-Traditional 12% Government Government 10% Energy/Utilities Energy/Utilities 8% Services – Professional Services – Professional Wholesale Wholesale 2% Retail Retail 2% Aerospace Aerospace 2% Transportation, Communications, tion, Communications, Electric, Gas Electric, Gas 1% 0% 5% 10% 15% 20% 25% 30% 15
  • 16. Targeted Attacks by Job Function: 2012 30% R&D 27% Sales 24% 25% C-Level 17% 20% 15% Senior 12% Shared Mailbox 13% 10% 5% Recruitment Media 4% 3% PA 1% 0% • Attacks may start with the ultimate target but often look opportunistically for any entry into a company hacktivism and insiders: new tactics, new motives 16
  • 17. Are your employees putting your company’s data at risk? • Insider theft makes up between 8-14% of confirmed data breaches, compared to the 88 or 92 percent attributed to external actors • Insider account for 69 percent of all corporate security issues • UK Information Commissioner’s Office fined & prosecuted more businesses because of insider incidents than they did outsider attacks in 2012 hacktivism and insiders: new tactics, new motives 17
  • 18. Are your employees putting your company’s data at risk? • More than 30 percent of insiders engaging in IT sabotage have a prior arrest history • They may brag about the damage they could do to the organisation if they so desired. • Bitterness about being passed over for promotion • Considering starting up a competing business and using the organisation’s resources and IP for a new/side business • The pattern or quantity of the information they retrieve might change drastically, potentially indicating data theft. hacktivism and insiders: new tactics, new motives 18
  • 19. Malicious Insiders could pose the greatest risk Areas of Focus….. • Know your people • Focus on deterrence, not detection • Identify information that is most likely to be valuable • Monitor ingress and egress • Baseline normal activity hacktivism and insiders: new tactics, new motives 19
  • 20. What do they do and what are the threats? Everyone is a target. hacktivism and insiders: new tactics, new motives 20
  • 21. Anonymous has claimed responsibility for a broad range of actions: publication of bank managers’ details, DDoS attacks on government websites, taking child pornography websites offline, hacking of two MIT websites, publication of the VMware source code and attacks on Israeli websites hacktivism and insiders: new tactics, new motives 21
  • 22. Cutting Sword of Justice hacktivism and insiders: new tactics, new motives 22
  • 23. Profile of Hacktivist threats • Hacktivists mainly target the information, public and service sectors. • They primarily operate in Western Europe and North America. • Their most common attack methods are SQL injection, using stolen credentials, brute force and DoS attacks, remote file inclusion and backdoors • The main assets they target are web applications, databases and mail servers • Their desired data is personal information, credentials and internal corporate data hacktivism and insiders: new tactics, new motives 23
  • 24. Insider threats • Unauthorised access to or use of corporate information. • Viruses, worms or other malicious code. • Theft of intellectual property (IP). The same research found that: • Insiders often attempt to gain colleagues passwords or gain access through trickery or exploit a relationship • >70 percent of intellectual property theft cases, insiders steal the information within 30 days of announcing their resignation • More than half of insiders committing IT sabotage were former employees who regained access via backdoors or corporate accounts that were never properly disabled hacktivism and insiders: new tactics, new motives 24
  • 25. Policies Procedures and employee access • Temporary consultant at the Korea Credit Bureau stole the customer details of up to 20 million South Koreans • Can be accidental as well as deliberate hacktivism and insiders: new tactics, new motives 25
  • 26. What can you do about it? •Security - assume that you are a target •Culture - majority of insider attacks are instigated by disgruntled employees •Education - Educate staff about data protection and the threats posed by hacktivists, cybercriminals and insiders is essential. hacktivism and insiders: new tactics, new motives 26
  • 27. Stay informed • Follow us on twitter @nortonsecured @threatintel @andyhorbury • www.symantec.com/threatreport • go.symantec.com/ssl • Blogs www.symantec.com/connect/blogs/websitesecurity-solutions hacktivism and insiders: new tactics, new motives 27
  • 28. Thank you! Andrew Horbury andy_horbury@symantec.coml @andyhorbury Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. hacktivism and insiders: new tactics, new motives 28

×