The Corporate Web Security Landscape


Published on

The Corporate Web Security Landscape - An Ethical Hacker's View

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Welcome to another trip down the Internet highway, with me your friendly security guide.
  • I’m going to briefly examine three web security issues …
  • Enterprise users experienced an average of 274 Web malware encounters per month in 1Q11 This is a 103% increase compared with 2010 Unique Web malware encountered also increased (46%) in 1Q11 Up from 72,294 unique Web malware in January 2011 to 105,536 in March
  • There are still plenty of out-of-date browsers out there, ripe for exploitation. StatCounter is a web analytics service. From their web site: As of 1 June 2010, our tracking code is installed on more than 3 million sites globally. (These sites cover various activities and geographic locations.) Every month, we record billions of hits to these sites. For each hit, we analyse the browser/operating system used and we establish if the hit is from a mobile device. We do not manipulate the data in any way. We do not collate it with any other information sources. No artificial weightings are used. We simply publish the data as we record it. In other words we calculate our Global Stats on the basis of more than 15 billion hits per month, by people from all over the world onto our 3 million+ member sites. By collating our data in this way, we track the activity of third party visitors to our member websites. We do not calculate our stats based on the activity of our members. This helps to minimise bias in the data and ensures a random sample is achieved. In May 2010, our global sample consisted of 16.3 billion hits (US: 4.0 billion); 2.1 billion of these were search engine referrals (US: 532 million); 109 million of these were social media referrals (US: 51 million).
  • Operation Aurora is a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China. The attacks were both sophisticated and well resourced and consistent with that associated with an Advanced Persistent Threat. The exploit used a zero-day vulnerability in Internet Explorer. Even if you were patched up to date, you were still at risk.
  • Here’s an example of a simple spear phishing email that we used to test our client’s ‘human firewall’. People still fall for these!
  • This is data from my home PC as analysed by Secunia’s Personal Software Inspector (PSI)
  • We use the NoScript plugin for Firefox
  • The Corporate Web Security Landscape

    1. 1. The Corporate Web Security Landscape Peter Wood Chief Executive Officer First • Base Technologies LLP An Ethical Hacker’s View
    2. 2. Who is Peter Wood? <ul><li>Worked in computers & electronics since 1969 </li></ul><ul><li>Founded First • Base in 1989 (one of the first ethical hacking firms) </li></ul><ul><li>CEO First Base Technologies LLP </li></ul><ul><li>Social engineer & penetration tester </li></ul><ul><li>Conference speaker and security ‘expert’ </li></ul><ul><li>Chair of Advisory Board at CSA UK & Ireland </li></ul><ul><li>Vice Chair of BCS Information Risk Management and Audit Group </li></ul><ul><li>Vice President UK/EU Global Institute for Cyber Security + Research </li></ul><ul><li>Member of ISACA Security Advisory Group </li></ul><ul><li>Corporate Executive Programme Expert </li></ul><ul><li> Expert </li></ul><ul><li>IISP Interviewer </li></ul><ul><li>FBCS, CITP, CISSP, MIEEE, M.Inst.ISP </li></ul><ul><li>Registered BCS Security Consultant </li></ul><ul><li>Member of ACM, ISACA, ISSA, Mensa </li></ul>1969 1989
    3. 3. Information leakage
    4. 4. Web Security Issues <ul><li>Drive-by malware infection </li></ul><ul><li>Phishing and spear phishing </li></ul><ul><li>Social networking attacks </li></ul>
    5. 5. Web Security Issues <ul><li>Drive-by malware infection </li></ul><ul><li>Phishing and spear phishing </li></ul><ul><li>Social networking attacks </li></ul>
    6. 6. The Statistics Cisco 1Q11 Global Threat Report
    7. 7. Drive-by Malware Infection <ul><li>Just surfing to a compromised website is enough to infect your computer </li></ul><ul><li>The malware exploits security holes in browsers and plug-ins </li></ul>
    8. 8. Drive-by Malware Infection <ul><li>Web sites often employ JavaScript, Java, ActiveX, PHP or Adobe Flash </li></ul><ul><li>These allow continuous communication between browser and server without user intervention </li></ul><ul><li>Legitimate uses include changing web banners, loading lists or sending data to servers </li></ul><ul><li>If a browser has an unpatched vulnerability, malicious scripts can access a user's computer directly </li></ul><ul><li>Thus malware can move from the server to the browser, and via the vulnerability to the user's computer, without any conscious action by the website visitor at all </li></ul><ul><li>Even legitimate, well-known and frequently-visited websites can be infected </li></ul>
    9. 9. Browser Version %
    10. 10. Operation Aurora <ul><li>Two days after the attack became public, McAfee reported that the attackers had exploited purported zero-day vulnerabilities (unfixed and previously unknown to the target system developers) in Internet Explorer and dubbed the attack ‘Operation Aurora’ </li></ul><ul><li>In an advisory on January 14, 2010, Microsoft said that attackers targeting Google and other U.S. companies used software that exploits a hole in Internet Explorer </li></ul><ul><li>The vulnerability affected Internet Explorer versions 6, 7, and 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4 </li></ul>
    11. 11. Web Security Issues <ul><li>Drive-by malware infection </li></ul><ul><li>Phishing and spear phishing </li></ul><ul><li>Social networking attacks </li></ul>
    12. 13. Spear phishing
    13. 14. Web Security Issues <ul><li>Drive-by malware infection </li></ul><ul><li>Phishing and spear phishing </li></ul><ul><li>Social networking attacks </li></ul>
    14. 15. Malware on LinkedIn January 2009 -
    15. 16. Malware on Facebook <ul><li>Users don’t always realize that third-party widgets for Facebook, for example, aren’t written by Facebook </li></ul><ul><li>Some collect more information than necessary or safe </li></ul><ul><li>Others have been written specifically to install adware or generate revenue </li></ul><ul><li>“ Secret Crush” on Facebook spread spyware </li></ul><ul><li>Victims received an invitation to find out who has a secret “crush” on them, lured them into installing the Secret Crush app, which spread spyware via an iFrame </li></ul><ul><li>The attack became worm-like when it required the victim to invite at least five friends before learning who their “crush” was </li></ul><ul><li>Kelly Jackson Higgins, DarkReading </li></ul>
    16. 17. 3 May 2011-
    17. 18. Social Networking Attacks
    18. 19. DON’T PANIC! (assuming you’re the only user)
    19. 20. Patch and Check Regularly!
    20. 21. Control Your Web Browsing
    21. 22. Think Before You Click!
    22. 23. Don’t Forget to Cross Your Fingers!
    23. 24. <ul><li>Peter Wood </li></ul><ul><li>Chief Executive Officer </li></ul><ul><li>First • Base Technologies LLP </li></ul><ul><li>[email_address] </li></ul><ul><li>Twitter: peterwoodx </li></ul><ul><li>Blog: </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul>Need more information?