Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Out of the Blue:Responding to New Zero-Day Threats       An Ethical Hacker’s View                              Peter Wood ...
Who is Peter Wood?      Worked in computers & electronics since 1969      Founded First Base in 1989 (one of the first eth...
Agenda          1. Why zero-day threats are a concern to CIOs          2. Examples of zero-day attacks          3. Minimis...
Why CIOs are concerned          • Criminals targeting intellectual property and            corporate credentials          ...
Why CIOs are concernedSlide 5   http://www.net-security.org/secworld.php?id=11850   © First Base Technologies 2012
Examples of zero-day attacksSlide 6                          © First Base Technologies 2012
The Aurora attackSlide 7   http://threatpost.com/   © First Base Technologies 2012
The Aurora attack          “If you have done or been around any high-level incident response,          you would know that...
The RSA attack          •   Research public information about employees          •   Select low-value targets          •  ...
Slide 10   http://blogs.rsa.com/rivner/anatomy-of-an-attack/   © First Base Technologies 2012
Organisations remain vulnerableSlide 11                            © First Base Technologies 2012
Some background in the newsSlide 12   http://www.forbes.com/sites/andygreenberg/   © First Base Technologies 2012
Minimising your vulnerabilitiesSlide 13                            © First Base Technologies 2012
Traditional thinking           • Firewalls & perimeter defences           • Anti-virus           • SSL VPNs           • De...
Think like an attacker!           Hacking is a way of thinking:              - A hacker is someone who thinks outside the ...
Do you know how vulnerable you are?Slide 16                              © First Base Technologies 2012
Talk to the CIO before an attack!           CIO, we need budget for:           •Security standards and procedures         ...
Need more information?                 Peter Wood               Chief Executive Officer           First Base Technologies ...
Upcoming SlideShare
Loading in …5
×

Out of the Blue: Responding to New Zero-Day Threats

4,199 views

Published on

Out of the Blue: Responding to New Zero-Day Threats, An Ethical Hackers View

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Out of the Blue: Responding to New Zero-Day Threats

  1. 1. Out of the Blue:Responding to New Zero-Day Threats An Ethical Hacker’s View Peter Wood Chief Executive Officer First Base Technologies LLP
  2. 2. Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‘expert’ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group Corporate Executive Programme UK Chair FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, MensaSlide 2 © First Base Technologies 2012
  3. 3. Agenda 1. Why zero-day threats are a concern to CIOs 2. Examples of zero-day attacks 3. Minimising your vulnerabilities 4. Responding to the CIO Beware: this presentation offers no easy solutions!Slide 3 © First Base Technologies 2012
  4. 4. Why CIOs are concerned • Criminals targeting intellectual property and corporate credentials • Attacks are strategic • Tools are ‘drag and drop’ • Malicious attacks cause 37% of data breaches (2012 Ponemon Cost of a Data Breach survey)Slide 4 © First Base Technologies 2012
  5. 5. Why CIOs are concernedSlide 5 http://www.net-security.org/secworld.php?id=11850 © First Base Technologies 2012
  6. 6. Examples of zero-day attacksSlide 6 © First Base Technologies 2012
  7. 7. The Aurora attackSlide 7 http://threatpost.com/ © First Base Technologies 2012
  8. 8. The Aurora attack “If you have done or been around any high-level incident response, you would know that these advanced persistent threats have been going on in various sectors for years. Nor is it a new development that the attackers used an 0day client- side exploit along with targeted social engineering as their initial access vector. What is brand new is the fact that a number of large companies have voluntarily gone public with the fact that they were victims to a targeted attack. And this is the most important lesson: targeted attacks do exist and happen to a number of industries besides the usual ones like credit card processors and e-commerce shops.” Dino Dai Zovi http://trailofbits.com/2010/01/24/one-exploit-should-not-ruin-your-day/Slide 8 © First Base Technologies 2012
  9. 9. The RSA attack • Research public information about employees • Select low-value targets • Spear phishing email “2011 Recruitment Plan” with.xls attachment • Spreadsheet contains zero-day exploit that installs backdoor through Flash vulnerability (Backdoor is Poison Ivy variant RAT reverse-connected) 5. Digital shoulder surf & harvest credentials 6. Performed privilege escalation 7. Target and compromise high-value accounts 8. Copy data from target servers 9. Move data to staging servers and aggregate, compress and encrypt it 10. FTP to external staging server at compromised hosting site 11. Finally pull data from hosted server and remove tracesSlide 9 © First Base Technologies 2012
  10. 10. Slide 10 http://blogs.rsa.com/rivner/anatomy-of-an-attack/ © First Base Technologies 2012
  11. 11. Organisations remain vulnerableSlide 11 © First Base Technologies 2012
  12. 12. Some background in the newsSlide 12 http://www.forbes.com/sites/andygreenberg/ © First Base Technologies 2012
  13. 13. Minimising your vulnerabilitiesSlide 13 © First Base Technologies 2012
  14. 14. Traditional thinking • Firewalls & perimeter defences • Anti-virus • SSL VPNs • Desktop lock down (GPOs) • Intrusion Detection / Prevention • Password complexity rules • HID (proximity) cards • Secure server rooms • Visitor IDsSlide 14 © First Base Technologies 2012
  15. 15. Think like an attacker! Hacking is a way of thinking: - A hacker is someone who thinks outside the box - Its someone who discards conventional wisdom, and does something else instead - Its someone who looks at the edge and wonders whats beyond - Its someone who sees a set of rules and wonders what happens if you dont follow them [Bruce Schneier] Hacking applies to all aspects of life - not just computersSlide 15 © First Base Technologies 2012
  16. 16. Do you know how vulnerable you are?Slide 16 © First Base Technologies 2012
  17. 17. Talk to the CIO before an attack! CIO, we need budget for: •Security standards and procedures •On-going staff training •Secure builds and secure development OR •On-going scans and penetration tests •Fixes to the problems we find … and we need sign-off for the risk! Remember: I said “no easy solutions”Slide 17 © First Base Technologies 2012
  18. 18. Need more information? Peter Wood Chief Executive Officer First Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Twitter: peterwoodxSlide 18 © First Base Technologies 2012

×