WEBSITE SECURITY THREATS:
NOVEMBER UPDATE
Thursday 7th November 2013
Andrew Horbury

Andrew Shepherd

Product Marketing Ma...
Agenda
1

Month in Numbers

2

Ransomware

3

Phishing

4

Attack toolkits and the Internet of Things

5

Stranger than Fi...
The Month in Numbers
The global price tag of consumer cybercrime
• $113BN enough to host the 2012 London Olympics nearly 1...
The month in numbers continued…..
22 hours Average time for malware
distributors to exploit news events
8 out of 10 malwar...
Ransomware
• New variant encrypts data files
• Uses strong encryption algorithms

• Demands payment in
Bitcoins/MoneyPak
•...
Phishing
• Campaign to harvest Apple IDs
– “Your Apple ID has been frozen
temporarily”
– Links to a website where accounts...
Hacking the internet of things
• Electricity substations – targeted
• Lack physical and infrastructure
hardening makes for...
Stranger than Fiction
• Could Dick Cheney have been hacked?
– Feared terrorists might hack his implanted
medical device
– ...
Toolkits: Try before you buy…

•
•
•
•

Trial software for free
Basic license costs $500
Full license costs $950.
Discount...
Updates from previous webinars
• WordPress 3.7 (aka Basie)
– Attempts to improve security
– “Updates while you sleep”
– Re...
Good News
• Silk Road “Mastermind” not so Smart
– Five stupid things Dread Pirate Roberts did to
get arrested

• TorRAT
– ...
Link Glossary (Press Print screen now)
• BT Cyber Attacks:
– http://www.computerweekly.com/news/2240208217/Olympic-cyberse...
Next webinar: Wednesday 4th December 2013
9.30am UK / 10.30am CET

Thank you!
Andrew Shepherd
andrew_shepherd@symantec.com...
Upcoming SlideShare
Loading in...5
×

Website Security Threats - November 2013 Update

2,635

Published on

November 2013 Website security solutions monthly threat update website join us each month at https://www.brighttalk.com/channel/6331/

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,635
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 8 out of 10 malware infections involve Trojans, says PandaLabs
  • Website Security Threats - November 2013 Update

    1. 1. WEBSITE SECURITY THREATS: NOVEMBER UPDATE Thursday 7th November 2013 Andrew Horbury Andrew Shepherd Product Marketing Manager EMEA Marketing Manager andrew_horbury@symantec.com andrew_shepherd@symantec.com
    2. 2. Agenda 1 Month in Numbers 2 Ransomware 3 Phishing 4 Attack toolkits and the Internet of Things 5 Stranger than Fiction 6 Follow-up on previous stories 7 Good news Website Security Threats: November 2013 Update
    3. 3. The Month in Numbers The global price tag of consumer cybercrime • $113BN enough to host the 2012 London Olympics nearly 10 times over • 212 million (11,000 malicious network requests a second) cyber attacks on the official website during 2012 Olympic and Para-Olympic Games • $298 - average cost per victim (represents a 50 percent increase over 2012) The scale of consumer cybercrime • 378 million victims per year - nearly 2.8 times as many babies born each year • 1 million+ victims per day - enough to fill Wembley football stadium (London, England) more than 10 times over Website Security Threats: November 2013 Update
    4. 4. The month in numbers continued….. 22 hours Average time for malware distributors to exploit news events 8 out of 10 malware infections involve Trojans 46% of firms believe they are “very vulnerable” or “vulnerable” to an insider attack. Website Security Threats: November 2013 Update
    5. 5. Ransomware • New variant encrypts data files • Uses strong encryption algorithms • Demands payment in Bitcoins/MoneyPak • Pay €300 or keys destroyed • No guarantee – so don’t pay! Website Security Threats: November 2013 Update
    6. 6. Phishing • Campaign to harvest Apple IDs – “Your Apple ID has been frozen temporarily” – Links to a website where accounts can be ‘re-accessed’ – Email sent just after latest OS download • “Ghost Brokers” – Taking advantage of high insurance prices for young drivers – Advertised online and offline – Victims often don’t realise Website Security Threats: November 2013 Update
    7. 7. Hacking the internet of things • Electricity substations – targeted • Lack physical and infrastructure hardening makes for a soft target • Carmel Tunnel toll road targeted in Israel • Road closed for 20 mins one day, 8 hours the next Website Security Threats: November 2013 Update
    8. 8. Stranger than Fiction • Could Dick Cheney have been hacked? – Feared terrorists might hack his implanted medical device – Dr turned off wireless capabilities – Hard-coded password flaw in 300 medical devices from 40 vendors • Beware of your Kettle! – Kettles and irons found in customs with spyware chips – Can exploit Wi-Fi without passwords – Sends data to foreign servers Website Security Threats: November 2013 Update
    9. 9. Toolkits: Try before you buy… • • • • Trial software for free Basic license costs $500 Full license costs $950. Discounts are offered to owners of other DDoS toolkits such as Dirt Jumper Website Security Threats: November 2013 Update
    10. 10. Updates from previous webinars • WordPress 3.7 (aka Basie) – Attempts to improve security – “Updates while you sleep” – Remains to be seen if this helps with plugin issues • Criminals Hit the ATM Jackpot – Technical characteristics of Backdoor.Ploutus – Actions performed – Interactions through keypad and GUI Website Security Threats: November 2013 Update
    11. 11. Good News • Silk Road “Mastermind” not so Smart – Five stupid things Dread Pirate Roberts did to get arrested • TorRAT – Dutch police arrest four men involved in largescale digital fraud and money laundering – 150 fraudulent transactions worth €1 million – Spear phishing was used to install malicious TorRAT malware onto victims' computers • Blackhole and Cool malware exploit kit suspect arrested – Alias Paunch – “If it’s true…it’s a very big deal” Website Security Threats: November 2013 Update
    12. 12. Link Glossary (Press Print screen now) • BT Cyber Attacks: – http://www.computerweekly.com/news/2240208217/Olympic-cybersecurity-down-to-design-and-testing-says-BT • Norton Cybercrime Report 2013 – http://www.symantec.com/about/news/release/article.jsp?prid=2013100 1_01 • Vulnerabilities in Power stations – http://www.wired.com/threatlevel/2013/10/ics/ • Guardian Article - Five stupid things Dread Pirate Roberts did – http://www.theguardian.com/technology/2013/oct/03/five-stupidthings-dread-pirate-roberts-did-to-get-arrested • Mexican ATM blog post – http://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot Website Security Threats: November 2013 Update
    13. 13. Next webinar: Wednesday 4th December 2013 9.30am UK / 10.30am CET Thank you! Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552896 Andrew Horbury andrew_horbury@symantec.com / +44 7703 468966 Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Website Security Threats: November 2013 Update
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×