0
1©2014 Check Point Software Technologies Ltd.
Cyber Attacks: Protecting against the
Unknown Unknowns
Keith D. Holtham
Chec...
2©2014 Check Point Software Technologies Ltd.
The Internet of everything
3©2014 Check Point Software Technologies Ltd.
The Internet of everything BRINGS WITH IT new challenges
4©2014 Check Point Software Technologies Ltd.
Adobe breach hit more than 150
million usernames and passwords
According to ...
5©2014 Check Point Software Technologies Ltd.
6©2014 Check Point Software Technologies Ltd.
Value of a Hacked PC
http://krebsonsecurity.com
7©2014 Check Point Software Technologies Ltd.
ASD Top 35 – Top 14 Mitigation Strategies
1. Application white listing
2. Ap...
8©2014 Check Point Software Technologies Ltd.
Target: 40 million credit & debit cards
9©2014 Check Point Software Technologies Ltd.
TARGET attack
10©2014 Check Point Software Technologies Ltd.
40 000 machines
1797 stores
11©2014 Check Point Software Technologies Ltd.
TARGET attack
12©2014 Check Point Software Technologies Ltd.
TARGET attack
13©2014 Check Point Software Technologies Ltd.
TARGET attack
14©2014 Check Point Software Technologies Ltd.
TARGET attack
15©2014 Check Point Software Technologies Ltd.
TARGET attack
16©2014 Check Point Software Technologies Ltd.
TARGET attack
17©2014 Check Point Software Technologies Ltd.
TARGET attack
18©2014 Check Point Software Technologies Ltd.
TARGET attack
 RAM-scraping kit: BlackPOS (VBScript – 207kB)
 Created in ...
19©2014 Check Point Software Technologies Ltd.
TARGET attack – who’s next ?
20©2014 Check Point Software Technologies Ltd.
Critical Infrastructure at Risk!
Critical and industrial systems
make our m...
21©2014 Check Point Software Technologies Ltd.
Important Attacks
Stuxnet, Duqu, Flame
Pacific Energy,
Saudi Arabia Aramco
...
22©2014 Check Point Software Technologies Ltd.
3 steps of modern attacks
23©2014 Check Point Software Technologies Ltd.
FIND THE
WEAKEST
LINK
GET
ACCESS
EXTRACT
DATA
3 steps of modern attacks
24©2014 Check Point Software Technologies Ltd.
FIND THE
WEAKEST
LINK
Designing an attack
25©2014 Check Point Software Technologies Ltd.
FIND THE
WEAKEST
LINK
Designing an attack
26©2014 Check Point Software Technologies Ltd.
Top Vulnerable Applications
list of leading vulnerable applications in 2012...
27©2014 Check Point Software Technologies Ltd.
WOULD YOU OPEN
THIS ATTACHMENT?
“Over 90% of targeted emails use malicious ...
28©2014 Check Point Software Technologies Ltd.
Gathering Intelligence
29©2014 Check Point Software Technologies Ltd.
Gathering Intelligence
First Name
Last Name
Likes
Gender
Email
Phone Number...
30©2014 Check Point Software Technologies Ltd.
Choosing the right weapon
Zero-Day
Exploits
Patched
Vulnerabilities
31©2014 Check Point Software Technologies Ltd.
In reality, it’s impossible to patch everything
32©2014 Check Point Software Technologies Ltd.
33©2014 Check Point Software Technologies Ltd.
WHAT ABOUT
NEW ATTACKS?
Block download of
malware infested files
Detect and...
34©2014 Check Point Software Technologies Ltd.
ONLY DEALS
WITH THE
KNOWN
Multi-Layered Threat Prevention
IPS
Anti-Bot
Anti...
35©2014 Check Point Software Technologies Ltd.
HOW TO DEAL
WITH THE
UNKNOWN ?
Multi-Layered Threat Prevention
IPS
Anti-Bot...
36©2014 Check Point Software Technologies Ltd.
Known Unknowns –
Top Vulnerable Applications
list of leading vulnerable app...
37©2014 Check Point Software Technologies Ltd.
TARGETED ATTACKS BEGIN
WITH ZERO-DAY EXPLOITS
Duqu Worm Causing Collateral ...
38©2013 Check Point Software Technologies Ltd.
Threat Emulation
Discover and STOP new threats based-on
threat behavior
[Co...
39©2014 Check Point Software Technologies Ltd.
That’s why we need to
segment networks
Initial
infection on
laptop
Only pat...
40©2014 Check Point Software Technologies Ltd.
Hierarchical Lines of Defense
“Establish hierarchical lines of defense that...
41©2014 Check Point Software Technologies Ltd.
Segment Grouping
Site
42©2014 Check Point Software Technologies Ltd.
ASD Top 35 – Top 14 Mitigation Strategies
1. Application white listing
2. A...
43©2014 Check Point Software Technologies Ltd.
How do you manage the unknown in 2014?
Use of unknown malware exploded in 2...
44©2014 Check Point Software Technologies Ltd.
Thank You !
Upcoming SlideShare
Loading in...5
×

Check point presentation june 2014

1,479

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,479
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
216
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Check point presentation june 2014"

  1. 1. 1©2014 Check Point Software Technologies Ltd. Cyber Attacks: Protecting against the Unknown Unknowns Keith D. Holtham Check Point Software Technologies Australia
  2. 2. 2©2014 Check Point Software Technologies Ltd. The Internet of everything
  3. 3. 3©2014 Check Point Software Technologies Ltd. The Internet of everything BRINGS WITH IT new challenges
  4. 4. 4©2014 Check Point Software Technologies Ltd. Adobe breach hit more than 150 million usernames and passwords According to foreign media the organization behind the attack is suspected to be an unnamed government organization... Target credit card hack reveals need for updated security The U.S. is the juiciest target for hackers hunting credit card information. And … 4.6 Million Snapchat usernames and phone numbers leaked A new website called SnapchatDB! Has allegedly leaked 4.6 million Snapchat..
  5. 5. 5©2014 Check Point Software Technologies Ltd.
  6. 6. 6©2014 Check Point Software Technologies Ltd. Value of a Hacked PC http://krebsonsecurity.com
  7. 7. 7©2014 Check Point Software Technologies Ltd. ASD Top 35 – Top 14 Mitigation Strategies 1. Application white listing 2. Application patching 3. OS Patching 4. Restrict Admin privileges 5. User application configuration hardening 6. Automated dynamic analysis of email and web content (Sandboxing) 7. Operating system Generic exploit mitigation 8. Host based Intrusion Detection/Prevention 9. Disable Local Admin accounts 10.Network Segmentation 11.Multi-Factor Authentication 12.Software-Based Application firewall - Incoming 13.Software-Based Application firewall – Outgoing 14.Non-Persistent virtualised sandboxing
  8. 8. 8©2014 Check Point Software Technologies Ltd. Target: 40 million credit & debit cards
  9. 9. 9©2014 Check Point Software Technologies Ltd. TARGET attack
  10. 10. 10©2014 Check Point Software Technologies Ltd. 40 000 machines 1797 stores
  11. 11. 11©2014 Check Point Software Technologies Ltd. TARGET attack
  12. 12. 12©2014 Check Point Software Technologies Ltd. TARGET attack
  13. 13. 13©2014 Check Point Software Technologies Ltd. TARGET attack
  14. 14. 14©2014 Check Point Software Technologies Ltd. TARGET attack
  15. 15. 15©2014 Check Point Software Technologies Ltd. TARGET attack
  16. 16. 16©2014 Check Point Software Technologies Ltd. TARGET attack
  17. 17. 17©2014 Check Point Software Technologies Ltd. TARGET attack
  18. 18. 18©2014 Check Point Software Technologies Ltd. TARGET attack  RAM-scraping kit: BlackPOS (VBScript – 207kB)  Created in March 2013  Kit author: Rinat Shabayev, 23 years old  Cost: 1800-2300$
  19. 19. 19©2014 Check Point Software Technologies Ltd. TARGET attack – who’s next ?
  20. 20. 20©2014 Check Point Software Technologies Ltd. Critical Infrastructure at Risk! Critical and industrial systems make our modern world Like other IT systems, they are prone to attacks The consequences of such attacks are much greater: - Power failures - Water pollution or floods - Disruption of transportation systems - Malfunction of Production Lines
  21. 21. 21©2014 Check Point Software Technologies Ltd. Important Attacks Stuxnet, Duqu, Flame Pacific Energy, Saudi Arabia Aramco German Power Utility, 50Hertz Queensland, Harrisburg and Willows Water System
  22. 22. 22©2014 Check Point Software Technologies Ltd. 3 steps of modern attacks
  23. 23. 23©2014 Check Point Software Technologies Ltd. FIND THE WEAKEST LINK GET ACCESS EXTRACT DATA 3 steps of modern attacks
  24. 24. 24©2014 Check Point Software Technologies Ltd. FIND THE WEAKEST LINK Designing an attack
  25. 25. 25©2014 Check Point Software Technologies Ltd. FIND THE WEAKEST LINK Designing an attack
  26. 26. 26©2014 Check Point Software Technologies Ltd. Top Vulnerable Applications list of leading vulnerable applications in 2012 Adobe Reader Adobe Flash Firefox Java Microsoft Office Internet Explorer 30 Critical vulnerabilities 17 Critical vulnerabilities 16 Critical vulnerabilities 57 Critical vulnerabilities 91 Critical vulnerabilities 14 Critical vulnerabilities
  27. 27. 27©2014 Check Point Software Technologies Ltd. WOULD YOU OPEN THIS ATTACHMENT? “Over 90% of targeted emails use malicious file attachments as the payload or infection source” Wall Street Journal Nov, 2012
  28. 28. 28©2014 Check Point Software Technologies Ltd. Gathering Intelligence
  29. 29. 29©2014 Check Point Software Technologies Ltd. Gathering Intelligence First Name Last Name Likes Gender Email Phone Number Topic of Interest Usernames Social Profile Technical Profile IP Address Browser Type Plug-ins deployed OS Type Patch History Anti-Virus Brand Applications User permissions
  30. 30. 30©2014 Check Point Software Technologies Ltd. Choosing the right weapon Zero-Day Exploits Patched Vulnerabilities
  31. 31. 31©2014 Check Point Software Technologies Ltd. In reality, it’s impossible to patch everything
  32. 32. 32©2014 Check Point Software Technologies Ltd.
  33. 33. 33©2014 Check Point Software Technologies Ltd. WHAT ABOUT NEW ATTACKS? Block download of malware infested files Detect and prevent bot damage Stops exploits of known vulnerabilities Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  34. 34. 34©2014 Check Point Software Technologies Ltd. ONLY DEALS WITH THE KNOWN Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  35. 35. 35©2014 Check Point Software Technologies Ltd. HOW TO DEAL WITH THE UNKNOWN ? Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  36. 36. 36©2014 Check Point Software Technologies Ltd. Known Unknowns – Top Vulnerable Applications list of leading vulnerable applications in 2012 Adobe Reader Adobe Flash Firefox Java Microsoft Office Internet Explorer 30 Critical vulnerabilities 17 Critical vulnerabilities 16 Critical vulnerabilities 57 Critical vulnerabilities 91 Critical vulnerabilities 14 Critical vulnerabilities We know that in the upcoming year 200–300 new currently unknown vulnerabilities will be discovered in popular business applications
  37. 37. 37©2014 Check Point Software Technologies Ltd. TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
  38. 38. 38©2013 Check Point Software Technologies Ltd. Threat Emulation Discover and STOP new threats based-on threat behavior [Confidential] For designated groups and individuals INSPECT EMULATE PREVENTSHARE
  39. 39. 39©2014 Check Point Software Technologies Ltd. That’s why we need to segment networks Initial infection on laptop Only pathway across network controlled through security gateway Infection can’t spread if there’s no open path
  40. 40. 40©2014 Check Point Software Technologies Ltd. Hierarchical Lines of Defense “Establish hierarchical lines of defense that provide protections for data and systems hosted within the corresponding segment boundaries” Site (Host, Network) Mobile Cloud
  41. 41. 41©2014 Check Point Software Technologies Ltd. Segment Grouping Site
  42. 42. 42©2014 Check Point Software Technologies Ltd. ASD Top 35 – Top 14 Mitigation Strategies 1. Application white listing 2. Application patching 3. OS Patching 4. Restrict Admin privileges 5. User application configuration hardening 6. Automated dynamic analysis of email and web content (Sandboxing) 7. Operating system Generic exploit mitigation 8. Host based Intrusion Detection/Prevention 9. Disable Local Admin accounts 10.Network Segmentation 11.Multi-Factor Authentication 12.Software-Based Application firewall - Incoming 13.Software-Based Application firewall – Outgoing 14.Non-Persistent virtualised sandboxing
  43. 43. 43©2014 Check Point Software Technologies Ltd. How do you manage the unknown in 2014? Use of unknown malware exploded in 2013 Integrated malware sandboxing is a must-have1 Malware exposure and infections increased Anti-bot and antivirus must have global intelligence 2 High-risk applications expanded in the enterprise Policy-driven application control must be integrated 3 Data loss events grew across industries and data types Data loss prevention must expand across the network 4
  44. 44. 44©2014 Check Point Software Technologies Ltd. Thank You !
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×