Threat landscapes by Segment
Upcoming SlideShare
Loading in...5
×
 

Threat landscapes by Segment

on

  • 179 views

An industry perspective on cybercrime threats and responses

An industry perspective on cybercrime threats and responses
And how Managed Security Service Providers (MSSP’s) can help

Statistics

Views

Total Views
179
Views on SlideShare
178
Embed Views
1

Actions

Likes
0
Downloads
5
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Two-thirds of the breaches that we studied involved ATMs. Focusing on issues such as ATM placement and regular monitoring may help reduce tampering-related incidents. <br /> But ATMs weren’t the only target — attackers cast their nets far and wide. Other assets need protecting too. <br /> Financial services companies were also subject to an onslaught of denial of service attacks. While these attacks don’t compromise any data, they can massively compromise the company’s ability to do business and damage customer service. <br />
  • The wide range of threat actions compared to other industries is likely due to the relatively strong security posture of the typical financial institution. <br /> While this robustness enables the company to withstand the simple opportunistic attacks that so often succeed against softer targets, financial service companies are frequently targets of choice rather than opportunity. So, some criminals will continue to try different techniques until they find a hole. <br /> This results in a more diverse threat landscape, and, therefore, the need for a more sophisticated control landscape. <br />
  • The most common discovery method for breaches was external fraud detection providers, who uncovered 31% of attacks. <br /> Law enforcement came second at 20%, a full 15 percentage points lower than the average across industries. This suggests banks are less reliant on the police to detect breaches. <br /> Customers accounted for 15% of discoveries — more than twice the average across all the industries that we looked at. This suggests that customers are more vigilant against fraud when it comes to checking bank statements. <br />
  • There are some simple actions that you can take that will quickly improve the strength of your defenses: <br /> Choose the physical placement of ATM machines carefully, considering how the environment will affect the likelihood of tampering. <br /> Train employees and customers to look for signs of tampering and fraud; and, where possible, carry out regular physical checks. <br /> Implement two-factor authentication where appropriate to reduce the effectiveness of credential-capturing malware. <br /> Blacklist IP address blocks/regions that have no legitimate business purpose and restrict administrative connections — perhaps only allow them from specific internal sources. <br /> Increase application testing and code review to reduce the risk of SQL injection attacks, cross-site scripting and other common weaknesses. <br /> Implement a Security Development Lifecycle (SDLC) approach for application development. <br /> Train users to spot signs of breaches and report them. <br /> Educate employees about commonly used social engineering methods and the dangers they bring. <br />
  • Mitigating DDoS attacks <br /> Our DoS Defense service detects and diverts potentially malicious traffic away from your network, maintaining the availability of your websites, applications and voice services for legitimate users. <br /> verizonenterprise.com/products/security/managed/ <br /> Spotting breaches <br /> You shouldn’t have to rely on law enforcement or your own customers to spot a problem. Our intrusion detection and threat management solutions help detect and mitigate breaches quickly, limiting the damage caused. <br /> verizonenterprise.com/products/security <br /> Addressing security standards and regulations <br /> We can help you address security standards and regulations like PCI DSS, FFIEC and the Gramm–Leach–Bliley Act. We’ll assess your status against the requirements of the relevant standards and help you close any gaps. <br /> verizonenterprise.com/products/security/risk-compliance/pci-compliance.xml <br /> Detecting vulnerabilities <br /> Our vulnerability management solution scans your systems and infrastructure to highlight weaknesses — enabling you to see where you can tighten up network and server security. <br /> verizonenterprise.com/us/products/security/risk-compliance/vulnerability-management.xml <br />
  • The vast majority of attackers seek information from which they can directly or indirectly profit. This includes personal and payment information, including patient health and insurance data. This focus on financial gain explains why organized criminal gangs were behind 92% of the breaches that we investigated. <br />
  • We saw signs of hacking and malware in nearly all the healthcare breaches that we investigated. It’s not unusual to see these two techniques used together — they are easy to automate and are proven to be effective. <br /> Attacks targeting remote desktop sessions were particularly common in healthcare. Most attacks of this nature start with the attacker using scripts to automatically scour the internet for RDP (remote desktop protocol) sessions. <br /> Once they find a session, the attacker will then try default credentials, common passwords and brute-force attacks to gain entry. <br /> This isn’t a very sophisticated approach, but it’s easy to automate and can be very effective. <br /> Once they are in, the attacker will typically install some type of malware, such as a keylogger, to capture data. <br />
  • A staggering 98% of compromises took just minutes to execute. This reflects the types of attack that we saw; it simply doesn’t take very long to crack weak passwords on exposed POS devices or remote desktop sessions. <br /> But worryingly, 78% of the breaches that we investigated took weeks or even months to be discovered. <br /> Not only did healthcare companies take a long time to spot breaches, very often they didn’t even spot the compromise themselves. <br /> Law enforcement agencies detected and reported 84% of breaches — across all industries the average is just 35%. <br /> Furthermore, even when breaches were detected, in 50% of cases the company took weeks to contain it. <br />
  • There are some simple actions that you can take that will quickly improve the strength of your defenses: <br /> Make sure that you use strong authentication on all POS systems — easily guessable passwords make the hackers job much easier. <br /> Implement a firewall or access control list on all remote access services — if hackers can’t reach your system, they can’t breach it. <br /> Avoid using POS systems for activities that use the internet — malicious websites and email attachments are major sources of malware. <br /> Make sure your POS application is PCI DSS-compliant. <br /> PCI DSS provides an excellent framework for auditing your security position and protecting your patients’ money, but Verizon research found that only 21% of organizations were compliant with PCI DSS on their initial assessment. <br />
  • Identifying vulnerabilities <br /> Our vulnerability management solution scans your defense systems and infrastructure to highlight weaknesses — enabling you to see where you can tighten up on security. <br /> verizonenterprise.com/us/products/security/risk-compliance/vulnerability-management.xml <br /> Detecting breaches <br /> You shouldn’t have to rely on law enforcement to spot a problem. Our intrusion detection and threat management solutions help detect and mitigate breaches quickly, limiting the damage caused. <br /> verizonenterprise.com/products/security <br /> Addressing security standards and regulations <br /> We can help you address security standards and regulations like PCI DSS and HIPAA. We’ll assess your status against the requirements of the relevant standards and help you close any gaps. <br /> verizonenterprise.com/us/products/security/risk-compliance <br />
  • Despite the high turnover of staff (including cashiers), retailers suffered little from internal attacks — 92% were primarily external. <br /> Our data shows that 73% of attacks on retailers were perpetrated by organized criminal groups. 99% of attacks were financially motivated. <br /> 58% of attacks originated from Romania, 12% from Armenia and 8% from Russia. The US was also a popular base for attackers (18% of attacks originated here). <br />
  • Attackers take the path of least resistance. They went straight for the systems that retailers use to gather and process payments. <br /> 97% of attacks involved tampering, generally of payment systems — including payment servers (59%), payment terminals and pay-at-the-pump devices (47%). <br /> Payment terminals at small stores and restaurants are often particularly soft targets. <br />
  • 67% of breaches involved some form of malware and 76% involved hacking. <br /> Even when attackers used malware — such as a keylogger — it was largely installed directly on the target machine after gaining access through other means. <br />
  • Most breaches were found by law enforcement (46%) or external fraud detection mechanisms (45%) — typically banks, card providers and payment aggregators that have robust monitoring processes in place. <br /> Very few breaches were spotted by the victim (only 4%). This suggests that the fraud detection systems in place at payment providers are working pretty well. But that shouldn’t be a cause for complacency. <br /> Other sources of detection: <br /> Customer (external): 1% <br /> Log review (internal): 1% <br /> Fraud detection (internal): 1% <br />
  • There are some simple actions that you can take that will quickly improve the strength of your defenses: <br /> Make self-service terminals — like pay-at-the-pump devices — tamper-evident and inspect them regularly for signs of foul play. <br /> Make sure that you use strong authentication on all POS systems — easily guessable passwords make the hacker’s job much easier. <br /> Avoid using POS systems for activities that use the internet — malicious websites and email attachments are threats that you can easily prevent. <br /> Enforce “clipping levels” on POS systems to lock out systems after a reasonable number of failed access attempts. <br /> Protect public-facing websites — they’re great for attracting customers, but they’re also a magnet for criminals. <br /> Make sure your POS application is PCI PA-DSS-compliant. <br /> PCI DSS provides an excellent framework for auditing your security position and protecting your customers’ money, but Verizon research found that only 21% of organizations were compliant with PCI DSS on their initial assessment. <br />
  • Protecting payment systems <br /> Our vulnerability management solutions find flaws in POS and other front-line systems — the main target for breaches in the retail industry. <br /> verizonenterprise.com/products/security <br /> Securing smaller stores <br /> Smaller businesses are just as likely to be attacked, yet may lack the security infrastructure of larger retailers. Verizon Managed Security Services - Cloud give you access to the expertise you need, where you need it, cost-effectively. <br /> verizonenterprise.com/us/products/security/managed <br /> Detecting breaches <br /> You shouldn’t have to rely on payment partners or law enforcement to spot a problem. Our intrusion detection and threat management solutions help detect and mitigate breaches, limiting the damage caused. <br /> verizonenterprise.com/products/security <br /> Complying with PCI DSS <br /> We can help you avoid the risks and costs associated with non-compliance with PCI DSS. We’ll assess your state of compliance and help you close the gaps. <br /> verizonenterprise.com/products/security/risk-compliance/pci-compliance.xml <br />
  • 51% of all IP thefts we looked at involved state-affiliated espionage. <br /> More than half of these external actors come from China. <br /> While most attacks targeting IP came from outside of the organization, the proportion of attacks involving insiders — 21% — is almost twice the average of all data breaches. <br /> In 65% of cases the motive of the internal actor was financial. This encompasses “unwitting” theft (like a departing employee taking customer contact lists with them) and downright malicious attacks, like an engineer stealing plans and other proprietary information to trade for cash. <br />
  • Attackers were interested in all kinds of IP: customer lists, designs, product roadmaps, algorithms, code. <br /> This explains why the targets of IP-related attacks are spread all across the organization. <br /> In the other kinds of breaches that we analyzed, the choice of target was nearly always one of opportunity. <br /> But in IP thefts, the premeditated nature of the attacks determined what IT assets they targeted and what methods they used. <br /> Database and file servers were the most frequently compromised assets, simply because they are where most organizations store internal data and knowledge. <br />
  • Leveraging insider help — whether malicious or accidental, through phishing or social engineering — is common in IP data breaches. <br /> But if an attacker can’t get an insider to help, stealing their credentials will work almost as well — malware and hacking techniques dominated the top spots in our list of most common attack vectors. <br />
  • A huge 91% of compromises took just hours or less to perpetrate. And, worryingly, 62% of attacks took months or even years to detect. <br /> This massive gap in time gives thieves plenty of opportunities to snoop around to get what they want. <br /> Perhaps even more worryingly, 79% of IP thefts were only detected by external parties, such as law enforcement, fraud detection or even customers. <br /> Only 10% of breaches were detected by somebody from inside the company. <br />
  • There’s no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one size- fits-all solution. Given that, we offer a few recommendations. <br /> • Use pre-employment screening to reduce the risk of having an internal problem before it starts. Don’t give users more privileges than they need. <br /> • Educate employees about social engineering. We often see users clicking on links they shouldn’t and opening attachments received from unidentified senders. <br /> • Consider two-factor authentication, IP blacklisting, and restricting administrative connections (e.g. only from specific internal sources). <br /> • Implement time-of-use rules and “last logon” banners. <br /> • Monitor and filter network egress traffic. By understanding and controlling outbound traffic you will greatly increase your chances of mitigating malicious activity. <br /> • Enable application and network logs and monitor them. All too often, evidence of events leading to breaches was available but it was neither noticed nor acted upon. <br /> • Identify what is critical and what constitutes normal behavior, then put mechanisms in place to sound the alarm upon deviations from expected norms. <br /> • Focus on the obvious things rather than the minutia. A simple script that counts log file length and alerts administrators to exceptions can be pretty effective, and save time, effort and money. <br />
  • Detecting vulnerabilities <br /> Our vulnerability management solution scans your defense systems and infrastructure to highlight weaknesses — helping you to see where you can tighten up server security. <br /> verizonenterprise.com/products/security <br /> Spotting breaches <br /> You shouldn’t have to rely on law enforcement or your own customers to spot a problem. Our intrusion detection and threat management solutions help detect and mitigate breaches, limiting the damage caused. <br /> verizonenterprise.com/products/security <br /> Prioritizing defenses <br /> Our data discovery services will help you identify where your most sensitive IP sits and will help you to focus your defenses accordingly. <br /> verizonenterprise.com/us/products/security/risk-team/ediscovery.xml <br /> Controlling access <br /> Our identity and access management services help you keep user identities secure and limit access to only those users that need it. <br /> verizonenterprise.com/us/products/security/identity-access/ <br />

Threat landscapes by Segment Threat landscapes by Segment Presentation Transcript

  • THREAT LANDSCAPES BY SEGMENT By: Tom Kirby Evaluating the threats and ways to mitigate them
  • OVERVIEW An industry perspective on cybercrime threats and responses And how Managed Security Service Providers (MSSP’s) can help Let’s review the threat landscape for the following industries: +Financial services +Healthcare +Retail, accommodation and food services +Manufacturing, services and technology
  • 01/ FINANCIAL SERVICES
  • FINANCIAL SERVICES OVERVIEW • Who are the attackers? • What are they targeting? • What methods do they use? • How are breaches detected? • What can you do to respond? • How can Verizon help?
  • FINANCIAL SERVICES Who is attacking financial services organizations and why? + 92% of attacks that we studied were perpetrated by organized criminal groups. + Over three-quarters of attacks originated in North America or Eastern Europe + 94% of attacks were financially motivated 1. http://www.verizonenterprise.com/DBIR/
  • FINANCIAL SERVICES What assets do attackers target? + 66% of attacks targeted ATMs but other assets are also at risk. + As well as data breaches, denial of service attacks are also common.
  • FINANCIAL SERVICES What methods do attackers use? + Reflecting the attacks on ATMs, tampering is top of the list. + But outside of that, the threat landscape for the financial services industry is very diverse. + Most of the non-ATM attacks we studied involved some from of malware or hacking
  • FINANCIAL SERVICES How reliable is breach detection in financial services? + Breaches take just hours — or even minutes — to perpetrate, but often take weeks to contain. + This gives attackers plenty of opportunity to find what they are looking for. + External fraud detection spotted 31% of breaches in our study. + Customers were first to spot 15% of breaches.
  • FINANCIAL SERVICES What can you do to respond? + Review ATM placement and train employees + + + + to spot physical attacks. Implement two-factor authentication. Blacklist blocks of IP addresses. Increase testing and code reviews, implement a SDLC approach. Train users and employees about breaches and social engineering attack methods.
  • FINANCIAL SERVICES How can MSSP's help? + Divert potentially malicious traffic away from your network with our DoS Defense service. + Detect breaches quickly with our intrusion managed security solutions. + Reduce the risks and costs associated with non-compliance with regulations and standards — like PCI DSS — with our compliance services. + Spot vulnerabilities in your systems and infrastructure with our vulnerability management services.
  • 02/ HEALTHCARE
  • HEALTHCARE OVERVIEW • Who are the attackers? • What are they targeting? • What methods do they use? • How are breaches detected? • What can you do to respond? • How can Verizon help?
  • HEALTHCARE Who is attacking financial services organizations and why? + The majority of attacks were motivated by financial gain. + 92% of attacks that we studied were perpetrated by organized criminal groups. + 93% of attacks originated in Eastern Europe. 1. http://www.verizonenterprise.com/DBIR/
  • HEALTHCARE What assets do attackers target? + Attackers are more interested in personal details than medical information. + Point of sale (POS) systems and desktops were the most common targets.
  • HEALTHCARE What methods do attackers use? + Hacking and malware were used in nearly all the healthcare breaches we investigated. + Remote desktop sessions are a common target. + Password guessing is often used to gain entry. + Once they have access, attackers commonly use malware such as keyloggers to expand their attack.
  • HEALTHCARE How reliable is breach detection in healthcare? + The vast majority of healthcare breaches took just minutes to execute. + 84% of breaches were first spotted by law enforcement, not the company affected. + Breach containment was often slow, giving attackers plenty of opportunity to search for valuable information.
  • HEALTHCARE What can you do to respond? + Use strong authentication on all POS systems. + Implement a firewall or access control on all remote access services. + Avoid using POS systems for internet activity — like web browsing and email. + Make sure your POS system is PCI DA-DSScompliant.
  • HEALTHCARE How can MSSP's help? + Spot vulnerabilities in your defense systems and infrastructure with our vulnerability management services. + Detect breaches quickly with our managed security solutions. + Reduce the risks and costs associated with non-compliance with regulations and standards — like PCI DSS — with our compliance services.
  • 03/ RETAIL, ACCOMMODATION AND FOOD SERVICES
  • RETAIL, ACCOMMODATION AND FOOD SERVICES OVERVIEW • Who are the attackers? • What are they targeting? • What methods do they use? • How are breaches detected? • What can you do to respond? • How can Verizon help?
  • RETAIL, ACCOMMODATION AND FOOD SERVICES Who is attacking retail and hospitality organizations, and why? + 99% of attacks in the retail, accommodation + + + + and food services sector were motivated by financial gain. 92% of breaches didn’t involve staff. 73% involved organized criminal groups. 78% of attacks originated from Eastern Europe. 58% came from Romania alone. 1. http://www.verizonenterprise.com/DBIR/
  • RETAIL, ACCOMMODATION AND FOOD SERVICES What assets do attackers target? + 74% of breaches compromised payment data. + 97% of attacks involved tampering, generally of payment systems. + Payment servers were targeted in 59% of attacks. + Payment terminals and pay-at-the-pump devices were targeted in 47% of attacks.
  • RETAIL, ACCOMMODATION AND FOOD SERVICES What methods do attackers use? + Attackers use relatively few methods to access data. + Most breaches relied on simple methods like password guessing and tampering.
  • RETAIL, ACCOMMODATION AND FOOD SERVICES How reliable is breach detection in retail? + 65% of compromises took just minutes to perpetrate. + A large time lag between breach and detection allows attackers plenty of time to extract valuable data. + 46% of breaches were found by law enforcement agencies. + Other external fraud detection mechanisms detected 45%.
  • RETAIL, ACCOMMODATION AND FOOD SERVICES What can you do to respond? + Make self service terminals tamper-evident + + + + and inspect them regularly. Use strong authentication on all POS systems. Block POS systems from web browsing and email. Make sure your POS system is PCI DA-DSScompliant. Protect public-facing websites.
  • RETAIL, ACCOMMODATION AND FOOD SERVICES How can MSSP's help? + Identify flaws in payment systems with our vulnerability management solutions. + Get security expertise when you need it with Verizon Managed Security Services - Cloud. + Identify beaches quickly with our intrusion detection and threat management solutions. + Reduce the risks and costs associated with non-compliance with regulations and standards — like PCI DSS — with our compliance services.
  • 04/ MANUFACTURING, SERVICES AND TECHNOLOGY
  • MANUFACTURING, SERVICES AND TECHNOLOGY OVERVIEW • Who are the attackers? • What are they targeting? • What methods do they use? • How are breaches detected? • What can you do to respond? • How can Verizon help?
  • MANUFACTURING, SERVICES AND TECHNOLOGY Who is attacking manufacturing, services and technology organizations, and why? + 51% of all IP theft incidents we studied involved state-affiliated actors. + 57% of attack originated in China. + 21% of attacks involved insiders — more than twice the average across all industries. + In 65% of cases the motive of the attack was financial gain. 1. http://www.verizonenterprise.com/DBIR/
  • MANUFACTURING, SERVICES AND TECHNOLOGY What assets do attackers target? + IP attacks are less opportunistic, more premeditated and determined. + IP attacks affect many assets and many functions — from finance to marketing. + Databases and file servers were the most frequently compromised assets.
  • MANUFACTURING, SERVICES AND TECHNOLOGY What methods do attackers use? + Insider help is particularly useful in IP attacks as IP is often hard to find and better protected. + Phishing and other forms of social engineering are common tactics in IP data breaches. + Once in, attackers often use malware and hacking techniques to achieve their aims.
  • MANUFACTURING, SERVICES AND TECHNOLOGY How reliable is breach detection in manufacturing, services and technology ? + 91% of compromises took hours or less to perpetrate. + 62% of attacks took months or even years to detect. + 79% of IP thefts were detected by external parties. + Only 10% were detected by someone within the company.
  • MANUFACTURING, SERVICES AND TECHNOLOGY What can you do to respond? + Conduct extensive pre-employment + + + + + screening. Educate employees about social engineering Use two-factor authentication and IP blacklisting. Implement time-of-use rules. Monitor and log network egress traffic. Identify normal behavior to easily spot deviations.
  • MANUFACTURING, SERVICES AND TECHNOLOGY How can MSSP's help? + Our vulnerability management solutions will help you to identify weaknesses. + Our intrusion detection and threat management solutions will help you detect and mitigate breaches more quickly + Our data discovery services will help you to identify where your most sensitive IP sits, and focus your defenses accordingly. + Our ID and access governance services will help simplify managing users and rights.