Eward Driehuis, SecureLink's research chief, will guide you through the bumpy ride we call the cyber threat landscape. As the industry has over a decade of experience of dealing with increasingly sophisticated attacks, you might be surprised to hear more attacks slip through the cracks than ever. From analyzing 20.000 of them in 2018, backed by a quarter of a million security events and over ten trillion data points, Eward will outline why this happens, how attacks are changing, and why it doesn't matter how neatly or securely you code.
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
1. SAFELY ENABLING BUSINESS www.securelink.net
2 0 . 0 0 0 a t t a c k s b y p a s s i n g o u r d e f e n s e s
a n d w h y s e c u r e c o d i n g i s n ’ t t h e a n s w e r
E w a r d D r i e h u i s • @ e 3 h u i s • w w w . s e c u r e l i n k . n e t
2. SAFELY ENABLING BUSINESS www.securelink.net
THIS STORY IS BASED ON TRUE DATA
• 24 years in tech / software & security
• 700+ SecureLinkers
• 2100 customers in 2018
• 5 Cyber Defense Centers
• Over 10 trillion signals
2019-05-192
RESEARCH
5. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019
A LOOK AT OUR NUMBERS
5
• Signal to incident process
• Layered detection: malware wins
• Many “strange events”
6. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019
• Cybercriminals & spies using same
methods: social engineering
• Automated scanning: software &
versions, password stuffing
LET’S TALK INITIAL ATTACK VECTORS
6
7. Safely Enabling Business www.securelink.de19/05/2019
BIGGER IS MORE SECURE
7
ATTACK FACTOR
per 100/employees
9.1 1.5 1.3
8. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019
• Ransomware is hard work
• Cryptojacking super easy
• Cryptojacking surpassed
ransomware
• … For a while. It’s not as big as
some say it is.
THE YEAR CRYPTOJACKING TOOK OVER?
8
jan feb mrt apr mei jun jul aug sep okt nov dec
CryptoJacking Ransomware
10. SAFELY ENABLING BUSINESS www.securelink.net
OPPORTUNITY
FOR
VETERAN
CRIMINALS
2019-05-1910
Quietly enter network
• Look for value
• Steal or extort value
Plan B
• Destroy online back-ups
• Ransom network
• Extort enterprise ransom
11. SAFELY ENABLING BUSINESS www.securelink.net
THE POWER
OF BIG
NUMBERS
11
BIG DATA
RETAIL FRAUD
CREDIT CARD THEFT
RANSOMWARE
&
MINING
BESPOKE
ATTACKS
RANSOM /
EXTORTION
ESPIONAGE
13. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019
GEOPOLITICS
THE AGE OF CYBER WARFARE
13
Showing
destruction
Filling
budget gaps
Gentleman
spies
15. SAFELY ENABLING BUSINESS www.securelink.net19/05/2019
We still
encounter
“Wannacry”
Sometimes for
understandable
reasons
WE NEED TO EVOLVE, BUT… WE DON’T.
Depressing
CSIRT
tales
Single factor
+ cloud
=
guaranteed
pwnage
15
16. SAFELY ENABLING BUSINESS www.securelink.net2019-05-19
• FORCED HUMAN ERROR – Social engineering
• CONFIGURATION ERROR – Website / CMS hacking
• BUDGET ERROR – Diginotar
• 3RD PARTY ERROR – Supply chain attacks
• ARCHITECTURAL ERROR – Wannacry
• BUG
REASONS WE GET PWNED
16
17. SAFELY ENABLING BUSINESS www.securelink.net2019-05-19
• OF COURSE
SECURE
CODING
MATTERS!
• But we can’t
reverse time:
IF SECURE CODING ISN’T THE ANSWER…
WHAT IS?
• Learn & do better
• APPSEC is going
to be the #1
concern in the
future
• In the mean time,
plugging holes
• The system is
weak & full of
errors
• Most attacks are
“system” attacks
(people, process,
tech)
17
18. Safely Enabling Business www.securelink.de
ANNUAL SECURITY REPORT
https://lp.securelink.net/asr
19/05/201918
SAFELY ENABLING
BUSINESS
Editor's Notes
(With this background they now see the benefits of these “numbers”)
Take your time and walk through every bullet.