Website Security Threats - November 2013 Update
 

Like this? Share it with your network

Share

Website Security Threats - November 2013 Update

on

  • 2,383 views

November 2013 Website security solutions monthly threat update website join us each month at https://www.brighttalk.com/channel/6331/

November 2013 Website security solutions monthly threat update website join us each month at https://www.brighttalk.com/channel/6331/

Statistics

Views

Total Views
2,383
Views on SlideShare
2,383
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • 8 out of 10 malware infections involve Trojans, says PandaLabs

Website Security Threats - November 2013 Update Presentation Transcript

  • 1. WEBSITE SECURITY THREATS: NOVEMBER UPDATE Thursday 7th November 2013 Andrew Horbury Andrew Shepherd Product Marketing Manager EMEA Marketing Manager andrew_horbury@symantec.com andrew_shepherd@symantec.com
  • 2. Agenda 1 Month in Numbers 2 Ransomware 3 Phishing 4 Attack toolkits and the Internet of Things 5 Stranger than Fiction 6 Follow-up on previous stories 7 Good news Website Security Threats: November 2013 Update
  • 3. The Month in Numbers The global price tag of consumer cybercrime • $113BN enough to host the 2012 London Olympics nearly 10 times over • 212 million (11,000 malicious network requests a second) cyber attacks on the official website during 2012 Olympic and Para-Olympic Games • $298 - average cost per victim (represents a 50 percent increase over 2012) The scale of consumer cybercrime • 378 million victims per year - nearly 2.8 times as many babies born each year • 1 million+ victims per day - enough to fill Wembley football stadium (London, England) more than 10 times over Website Security Threats: November 2013 Update
  • 4. The month in numbers continued….. 22 hours Average time for malware distributors to exploit news events 8 out of 10 malware infections involve Trojans 46% of firms believe they are “very vulnerable” or “vulnerable” to an insider attack. Website Security Threats: November 2013 Update
  • 5. Ransomware • New variant encrypts data files • Uses strong encryption algorithms • Demands payment in Bitcoins/MoneyPak • Pay €300 or keys destroyed • No guarantee – so don’t pay! Website Security Threats: November 2013 Update
  • 6. Phishing • Campaign to harvest Apple IDs – “Your Apple ID has been frozen temporarily” – Links to a website where accounts can be ‘re-accessed’ – Email sent just after latest OS download • “Ghost Brokers” – Taking advantage of high insurance prices for young drivers – Advertised online and offline – Victims often don’t realise Website Security Threats: November 2013 Update
  • 7. Hacking the internet of things • Electricity substations – targeted • Lack physical and infrastructure hardening makes for a soft target • Carmel Tunnel toll road targeted in Israel • Road closed for 20 mins one day, 8 hours the next Website Security Threats: November 2013 Update
  • 8. Stranger than Fiction • Could Dick Cheney have been hacked? – Feared terrorists might hack his implanted medical device – Dr turned off wireless capabilities – Hard-coded password flaw in 300 medical devices from 40 vendors • Beware of your Kettle! – Kettles and irons found in customs with spyware chips – Can exploit Wi-Fi without passwords – Sends data to foreign servers Website Security Threats: November 2013 Update
  • 9. Toolkits: Try before you buy… • • • • Trial software for free Basic license costs $500 Full license costs $950. Discounts are offered to owners of other DDoS toolkits such as Dirt Jumper Website Security Threats: November 2013 Update
  • 10. Updates from previous webinars • WordPress 3.7 (aka Basie) – Attempts to improve security – “Updates while you sleep” – Remains to be seen if this helps with plugin issues • Criminals Hit the ATM Jackpot – Technical characteristics of Backdoor.Ploutus – Actions performed – Interactions through keypad and GUI Website Security Threats: November 2013 Update
  • 11. Good News • Silk Road “Mastermind” not so Smart – Five stupid things Dread Pirate Roberts did to get arrested • TorRAT – Dutch police arrest four men involved in largescale digital fraud and money laundering – 150 fraudulent transactions worth €1 million – Spear phishing was used to install malicious TorRAT malware onto victims' computers • Blackhole and Cool malware exploit kit suspect arrested – Alias Paunch – “If it’s true…it’s a very big deal” Website Security Threats: November 2013 Update
  • 12. Link Glossary (Press Print screen now) • BT Cyber Attacks: – http://www.computerweekly.com/news/2240208217/Olympic-cybersecurity-down-to-design-and-testing-says-BT • Norton Cybercrime Report 2013 – http://www.symantec.com/about/news/release/article.jsp?prid=2013100 1_01 • Vulnerabilities in Power stations – http://www.wired.com/threatlevel/2013/10/ics/ • Guardian Article - Five stupid things Dread Pirate Roberts did – http://www.theguardian.com/technology/2013/oct/03/five-stupidthings-dread-pirate-roberts-did-to-get-arrested • Mexican ATM blog post – http://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot Website Security Threats: November 2013 Update
  • 13. Next webinar: Wednesday 4th December 2013 9.30am UK / 10.30am CET Thank you! Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552896 Andrew Horbury andrew_horbury@symantec.com / +44 7703 468966 Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Website Security Threats: November 2013 Update