Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

Meetup Protect from Ransomware Attacks

Download to read offline

Meetup Protect from Ransomware Attacks

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Meetup Protect from Ransomware Attacks

  1. 1. © 2021, Amazon Web Services, Inc. or its Affiliates. Mike P., Solutions Architect Eduardo Lovera, Solutions Architect August 17, 2021 Ransomware Protecting and Recovering
  2. 2. © 2021, Amazon Web Services, Inc. or its Affiliates. Agenda • What is Ransomware? • AWS and Provable Security • Protection and Recovery • Amazon GuardDuty • Amazon Detective • AWS Backup • Q&A
  3. 3. © 2021, Amazon Web Services, Inc. or its Affiliates. What is Ransomware?
  4. 4. © 2021, Amazon Web Services, Inc. or its Affiliates. 1989 The first known ransomware, the 1989 AIDS Trojan is written. Multiple variants on multiple platforms are causing damage. 2015 A ransomware worm based on the Stamp.Ek exploit kit surfaces and a Mac OS X-specific ransomware worm arrives on the scene. CryptoLocker rakes in $5 million in the last four months of the year. 2013 A ransomware worm imitating the Windows Product Activation notice appears. 2011 By mid-2006, worms such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip and May Archive start using more sophisticated RSA Encryption. 2006 In May, extortion ransomware appears. 2005 Ransomware evolution
  5. 5. © 2021, Amazon Web Services, Inc. or its Affiliates. Ransomware – From minor annoyance to BIG business Annoyance Disruption Extortion
  6. 6. © 2021, Amazon Web Services, Inc. or its Affiliates. Does not encrypt files; it locks the victim out of their device, preventing them from using it. Once they are locked out, cybercriminals demand a ransom to unlock the device. Locker Ransomware Crypto Ransomware Encrypts valuable files on a computer so that the user cannot access them; attackers make money by demanding victims pay a ransom to get their files back. Main types of ransomware
  7. 7. © 2021, Amazon Web Services, Inc. or its Affiliates. Why has ransomware been effective?
  8. 8. © 2021, Amazon Web Services, Inc. or its Affiliates. Concrete examples of customer security events Diverse initial vectors and impacts • Exploit based • Active Directory lateral movement • Database vector • AWS Credential vector • S3 bucket ransom • Threats of resource deletion
  9. 9. © 2021, Amazon Web Services, Inc. or its Affiliates. AWS and Provable Security
  10. 10. © 2021, Amazon Web Services, Inc. or its Affiliates. Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer
  11. 11. © 2021, Amazon Web Services, Inc. or its Affiliates. Principle of least privilege Storage Development & Management Tools Content Delivery Analytics Compute Messaging Database App Services Mobile Payments Networking On-Demand Workforce VPC Securely control individual And group access to your AWS resources User IAM
  12. 12. © 2021, Amazon Web Services, Inc. or its Affiliates. Segment Amazon Virtual Private Clouds
  13. 13. © 2021, Amazon Web Services, Inc. or its Affiliates. But how do you know proactively that you are prepared? Not enough time, resources, money, or know-how . . .
  14. 14. © 2021, Amazon Web Services, Inc. or its Affiliates. 1. Inventory 2. Vulnerability management 3. Policy enforcement 4. Integrity monitoring 5. Logging and baselining 6. Backups 7. Secure storage 8. Network protection 9. Blocklisting
  15. 15. © 2021, Amazon Web Services, Inc. or its Affiliates. What is the NIST Cybersecurity Framework? Executive Order Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” charges NIST in Feb. 2013 Legislation Cybersecurity Enhancement Act of 2014 reinforced the legitimacy and authority of the CSF by codifying it and its voluntary adoption into law 15 In February 2014, the National Institute of Standards and Technology (NIST) published the “Framework for Improving Critical Infrastructure Cybersecurity” (or CSF), a voluntary framework to help organizations of any size and sector improve the cybersecurity, risk management, and resilience of their systems. Originally intended for critical infrastructure, but broader applicability across all organization types. Executive Order Presidential EO 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” mandates the use of CSF for all federal IT
  16. 16. © 2021, Amazon Web Services, Inc. or its Affiliates. Identify Which workloads are critical for recovery? Recover Set up your ability to recover Protect, Detect, and Respond Implement best security practices to prevent an attack Aligning to AWS services
  17. 17. © 2021, Amazon Web Services, Inc. or its Affiliates. Protection and Recovery
  18. 18. © 2021, Amazon Web Services, Inc. or its Affiliates. Map Services/Solutions to the NIST CSF Identify – AWS Systems Manager Inventory, Config Protect – Network Segmentation, IAM, SCP, Federate Access, AWS Systems Manager Patch Manager, Control Tower Detect – Inspector, Security Hub, GuardDuty, Security Assessment Solution Respond – Detective, ProServe Security Gameday, Incident Response Plan Recover – Backup, S3 Cross-Region Replication/Glacier, CloudEndure Identify Protect Detect Respond Recover
  19. 19. © 2021, Amazon Web Services, Inc. or its Affiliates. Detect Detect AWS Security Hub Amazon Inspector Amazon GuardDuty Self Assessment Tool AWS Well- Architected Framework
  20. 20. © 2021, Amazon Web Services, Inc. or its Affiliates. What is Amazon GuardDuty? Amazon GuardDuty is a threat detection service that uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Protects AWS accounts, workloads, and data stored in S3. Identify malicious & highly suspicious activity
  21. 21. © 2021, Amazon Web Services, Inc. or its Affiliates. How Amazon GuardDuty works? VPC flow logs DNS Logs CloudTrail Events Findings Data Sources Threat intelligence Anomaly Detection (ML) AWS Security Hub CloudWatch Event Finding Types Examples Bitcoin Mining C&C Activity Unusual User behavior Example: • Launch instance • Change Network Permissions Amazon GuardDuty Threat Detection Types HIGH MEDIUM LOW Unusual traffic patterns Example: • Unusual ports and volume Amazon Detective S3 Data Plane Events
  22. 22. © 2021, Amazon Web Services, Inc. or its Affiliates. Respond Respond Amazon Detective AWS Security Hub AWS Professional Services
  23. 23. © 2021, Amazon Web Services, Inc. or its Affiliates. Amazon Detective Analyze and visualize security data to rapidly get to the root cause of potential security issues.
  24. 24. © 2021, Amazon Web Services, Inc. or its Affiliates. Hosted Service: Automated data collection, synthesis, analysis AWS Amazon Detective Findings Telemetry Enrichment Role User Instance IP Address Bucket Behavior & Baselines Behavior Graph Analytics & Insights Data & context S3 data storage How Amazon Amazon Detective works?
  25. 25. © 2021, Amazon Web Services, Inc. or its Affiliates. Recover Recover AWS Storage Gateway CloudEndure Disaster Recovery Amazon S3 Glacier Amazon Simple Storage Service AWS Backup
  26. 26. © 2021, Amazon Web Services, Inc. or its Affiliates. Introducing AWS Backup Amazon EFS Amazon EBS Amazon RDS Amazon DynamoDB AWS Storage Gateway AWS Backup A fully managed, policy- based backup service that makes it easy to centrally manage and automate the backup of data across AWS services Amazon Aurora Amazon EC2 FSx for Lustre FSx for Windows
  27. 27. © 2021, Amazon Web Services, Inc. or its Affiliates. DR & Ransomware Recovery with AWS Backup Vault characteristics: • Backups are highly efficient incremental forever • Backup copies cannot be changed or encrypted • Manage with vault specific CMK/KMS best practices • Air-gapped backups using vault access policies • Prescriptive guidance for vault account access provided AWS Backup Recovery options: • Supports 1-to-many, many-to- many, many-to-1, etc. • Recover from same account locally or from across region • Recover from cross-account locally or across region • Recover from RPOs that are hours, days, weeks or months old • Simple workflow to apply any forensic analysis Build an Isolated Backup Vault
  28. 28. © 2021, Amazon Web Services, Inc. or its Affiliates. So what do I do? Categorize applications into criticality Align to a security framework Test your incident response plan Test your backups Use AWS services to implement provable security / resiliency Meet with AWS to do a deep dive on your mitigation strategy for ransomware.
  29. 29. © 2021, Amazon Web Services, Inc. or its Affiliates. Q&A Mike P. Eduardo Lovera
  30. 30. © 2021, Amazon Web Services, Inc. or its Affiliates. Mike P. preirmi@amazon.com AWS Solutions Architect Thank you Eduardo Lovera edulover@amazon.com AWS Solutions Architect

Meetup Protect from Ransomware Attacks

Views

Total views

71

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

7

Shares

0

Comments

0

Likes

0

×