2015 Security Report
•Download as PPTX, PDF•
3 likes•980 views
Last year, 106 unknown malware hit an organization every hour. And, 83 percent of organizations had existing bot infections. To get a clear view of what's trending in the threat landscape, read Check Point’s annual security report.
![©2015 Check Point Software Technologies Ltd. 2[Restricted] ONLY for designated groups and individuals
2015 Security Report Sources:
16,000+ Organizations
Over 300,000 Monitoring
Hours1,300 Security Checkup Reports
1 Million Smartphones
3,000 Security Gateways
122 Countries and Various
Industries](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to 2015 Security Report
Similar to 2015 Security Report (20)
Recently uploaded
Recently uploaded (20)
2015 Security Report
- 1. ©2015 Check Point Software Technologies Ltd. 1
- 2. ©2015 Check Point Software Technologies Ltd. 2[Restricted] ONLY for designated groups and individuals 2015 Security Report Sources: 16,000+ Organizations Over 300,000 Monitoring Hours1,300 Security Checkup Reports 1 Million Smartphones 3,000 Security Gateways 122 Countries and Various Industries
- 3. ©2015 Check Point Software Technologies Ltd. 3 c MALWARE IS EVOLVING EVOLVINGAND SO ARE THE TYPES OF THREATS
- 4. ©2015 Check Point Software Technologies Ltd. 4 2014A YEAR OF… UNPRECEDENTED BREACHES EXPLODING RATES OF NEW MALWARE DDoS ATTACKS DOUBLING IN VOLUME
- 5. ©2015 Check Point Software Technologies Ltd. 5 Let’s start with a true story A German steel mill – thousands of employees
- 6. ©2015 Check Point Software Technologies Ltd. 6[Restricted] ONLY for designated groups and individuals The story starts with a spear-phishing attack on the steel mill’s business network.
- 7. ©2015 Check Point Software Technologies Ltd. 7[Restricted] ONLY for designated groups and individuals Phase 1: Infiltration Attackers sent a targeted email that appeared to come from a trusted source, tricking employees to open a malicious attachment.
- 8. ©2015 Check Point Software Technologies Ltd. 8[Restricted] ONLY for designated groups and individuals The malware exploited a vulnerability on the employee computers.
- 9. ©2015 Check Point Software Technologies Ltd. 9[Restricted] ONLY for designated groups and individuals Phase 2: Lateral Movement This established a beachhead for horizontal movement.
- 10. ©2015 Check Point Software Technologies Ltd. 10[Restricted] ONLY for designated groups and individuals Phase 3: Compromised Control Systems Failures accumulated in individual control components and entire systems.
- 11. ©2015 Check Point Software Technologies Ltd. 11[Restricted] ONLY for designated groups and individuals Phase 4: Unable to Shut Down Blast Furnace Factory incurs massive damage.
- 12. ©2015 Check Point Software Technologies Ltd. 12 2014KEY FINDINGS UNKNOWN MALWARE KNOWN MALWARE MOBILITY HIGH-RISK APPLICATIONS DATA LOSS
- 13. ©2015 Check Point Software Technologies Ltd. 13[Restricted] ONLY for designated groups and individuals 2014 2013 2012 2011 2010 2009 142M 83M 34M 18.5M 18M 12M 142MNew Malware in 2014 and a 71% increase versus 2013 2015 Security Report Statistics
- 14. ©2015 Check Point Software Technologies Ltd. 14[Restricted] ONLY for designated groups and individuals Malware Downloads 63% of organizations 34Unknown malware is downloaded sec 6Known malware is downloaded min
- 15. ©2015 Check Point Software Technologies Ltd. 15[Restricted] ONLY for designated groups and individuals Unknown Known
- 16. ©2015 Check Point Software Technologies Ltd. 16[Restricted] ONLY for designated groups and individuals 41% of organizations downloaded at least one unknown malware 34 sec unknown malware is downloaded Unknown Malware
- 17. ©2015 Check Point Software Technologies Ltd. 17[Restricted] ONLY for designated groups and individuals Bots 1 Command and Control min Infected organizations 2013 73% 2014 83% Known Malware
- 18. ©2015 Check Point Software Technologies Ltd. 18[Restricted] ONLY for designated groups and individuals DDoS Known Malware 2014 2013 TOP ATTACK VECTORS 30 DDoS attackmin
- 19. ©2015 Check Point Software Technologies Ltd. 19[Restricted] ONLY for designated groups and individuals Known Malware: Top IPS Events Percent of Total 60% 40% CLIENT SERVER NO ONE TO BLAME BUT OURSELVES
- 20. ©2015 Check Point Software Technologies Ltd. 20[Restricted] ONLY for designated groups and individuals Known Malware: Endpoint Vulnerabilities and Misconfigurations
- 21. ©2015 Check Point Software Technologies Ltd. 21[Restricted] ONLY for designated groups and individuals Mobile Threat Research 60% 40% ANDROID iOS SURVEY: 500K+ Android and 400K iOS devices in 100+ countries 42% Suffered mobile security incidents costing more than $250,000
- 22. ©2015 Check Point Software Technologies Ltd. 22[Restricted] ONLY for designated groups and individuals Mobile Threat Research 20+ Malware Variants 18 MRAT Families Found
- 23. ©2015 Check Point Software Technologies Ltd. 23[Restricted] ONLY for designated groups and individuals 2013 75% 2014 77% P2P File Sharing Applications
- 24. ©2015 Check Point Software Technologies Ltd. 24[Restricted] ONLY for designated groups and individuals 305x per day, Once every 5 mins High-Risk Applications Used 2013 56% 2014 62% Anonymizer Proxy Applications
- 25. ©2015 Check Point Software Technologies Ltd. 25[Restricted] ONLY for designated groups and individuals Data Loss 36 sensitive data sent min 2013 88% 2014 81%
- 26. ©2015 Check Point Software Technologies Ltd. 26[Restricted] ONLY for designated groups and individuals sent credit card data 30% sent sensitive personal information 25% Data Sent Outside Organization by Employees % of Organizations
- 27. ©2015 Check Point Software Technologies Ltd. WHAT DO WE DO ABOUT IT?
- 28. ©2015 Check Point Software Technologies Ltd. 28 Check Point Closes the Gaps CATCHES KNOWN OR OLD MALWARE Of known malware, 71 in 1000 are not caught IPS, ANTI-VIRUS & ANTI-BOT DETECTS NEW OR UNKNOWN MALWARE With both OS- and CPU-level prevention OS- AND CPU-LEVEL ZERO-DAY PROTECTION COMPLETE THREAT REMOVAL Reconstructs and delivers malware-free documents THREAT EXTRACTION
- 29. ©2015 Check Point Software Technologies Ltd. 29 • Reduces the size of the challenge • Limits the scope of a breach Segmentation
- 30. ©2015 Check Point Software Technologies Ltd. 30 Weaponized PDF Threat Emulation (CPU and OS level) / Threat Extraction Command and Control Anti-Bot Malware Infestation IPS and Anti-Malware Multi-Layered Threat Prevention
- 31. ©2015 Check Point Software Technologies Ltd. 31 Integrated, Real-Time Event Management Unified Policies Across All Protections Change Automation and Orchestration Management and Visibility
- 32. ©2015 Check Point Software Technologies Ltd. 32 ADVANCED THREATS WILL CONTINUE THE CYBER WAR IS RAGING ON CHECK POINT SECURITY WILL PROTECT YOU
- 33. ©2015 Check Point Software Technologies Ltd. 33 TOGETHER WE SECURE THE FUTURE
- 34. ©2015 Check Point Software Technologies Ltd. 34 WE SECURE THE FUTURE Download the 2015 Security Report at: www.checkpoint.com/securityreport
Editor's Notes
- Good morning. Every year, Check Point publishes the findings that it observes of security events to better inform our customers and the public about security incidents as well as how they can mitigate them.
- In the 2015 Check Point Annual Security Report, we analyzed trends from Events discovered through ThreatCloud which connects to security gateways of over 16,000 organizations around the world Over 1300 security check up reports that we performed in organizations representing a wide range of businesses and industries; More than 3000 gateways using ThreatCloud emulation services and over 1 Million smartphones In all, over 122 countries and 300,000 hours of monitoring have gone into our trend analysis. (Note the 122 countries was obtained from last year’s report. There was no mention of the number of countries in this report but this is a good stat to have).
- When we look at anything over time, some of the mystery dissolves and trends emerge – trends that can help us predict the future. The world of cyber threats has evolved over the past 25 years as protections are introduced and cyber criminals find pathways around them. Cyber criminals study defensive structures and think through how they can achieve their desired outcomes. The have one big advantage, launching attacks is both low risk and inexpensive so they can launch a lot and see what works. So let’s see how the trends have evolved this past year.
- Let’s start with a true story about a German steel mill. The report, issued by Germany’s Federal Office for Information Security (or BSI), indicates the attackers gained access to the steel mill through the plant’s business network. [Source: http://www.wired.com/2015/01/german-steel-mill-hack-destruction/]
- Most in the security industry know about Spear Phishing – the concept of an email coming from a known and trusted source that has malicious content. An estimated 91% of hacking attacks begin with a phishing or spear-phishing email. It only takes one click to launch the payload. And that’s where the German steel mill’s story begins, with a spear phishing attack. Here is how it worked. [Source of the 91% figure: http://www.wired.com/2015/04/hacker-lexicon-spear-phishing/]
- Phase 1 started the process. An email got sent that appeared to come from a trusted source. The intent of the email was to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware was downloaded to the individual’s computer. Worth noting is a study by the Online Trust Alliance: Of the more than 1000 breaches in the first half of 2014, more than 25% were caused by employees clicking on phishing links. When they click, the payload is launched. It is believed that this is how the attackers gained initial access to the steel mill. [Source of the 25%, https://otalliance.org/system/files/files/resource/documents/dpd_2015_guide.pdf]
- In most phishing attacks, the payload will exploit a vulnerability in employees’ computers allowing external access. Once that access is gained, additional attacks can be launched.
- The initial infected network is often called a ‘beachhead’, or a stable starting point from which internal movements throughout the network can take place. In an ideally structured network, this is as far as an attack would progress because each network would be segmented, but this was not the case in the German steel mill incident.
- Once the attackers got a foothold on one system, they were able to explore the company’s networks, including the industrial components on the production network. The industrial controls were supposed to be completely segmented from the Internet-connected network.
- In the case of the German mill, “Failures accumulated in individual control components or entire systems,” the report notes. As a result, the plant was “unable to shut down a blast furnace in a regulated manner” which resulted in “massive damage to the system.”
- Now let’s turn our attention back to what Check Point researchers learned across the key areas we focus on: Unknown Malware, Known Malware, Mobility, High-Risk Applications, and Data Loss Prevention.
- In general, the trend of the past several years has shown an exponential rise in new malware. 2014 was no different. New malware variants increased 71% from 83 Million in 2013 to 142 million in 2014. Malware kits capable of creating new malware variants are readily available for even novice users to execute.
- We observed across our gateway network that 63% of organizations analyzed attempted download of a malicious payload in 2014. Every 34 seconds, a new piece of unknown malware is downloaded because for most organizations there are no protections in place to stop them. Every 6 minutes a known malware is downloaded.
- It raises the question, which is more scary, unknown malware or known malware? Most organizations think unknown malware is more dangerous. But that’s not necessarily true. Both are equally as dangerous should they get inside your network. The only difference is the type of protection needed to defend against them. Even if a malware is known, if system vulnerabilities are not patched or the intrusion prevention system not updated with the latest signatures, it can wreak havoc. Let’s look a little closer at unknown malware.
- Unknown malware is one that most IPS or AV systems don’t recognize or don’t have a signature for. It can be zero-day or simply a small modification on known malware to change the signature of it so that it is not recognized. Of the 41% of organizations that downloaded at least one infected file with unknown malware, 52% of those files were PDFs where people thought they were safe by definition. Our research showed that one piece of unknown malware is being downloaded every 34 seconds.
- And yet, as frightening as unknown malware is, known malware keeps chugging along, continuing to at a steady rate. One of the more efficient ways to amplify and accelerate its spread is through bots – where an infected computer allows third party control over some or all of the machine’s functions. In 2014, there was a rise in the number of infected organizations. 83% of the organizations studies were infected with bots--and these bots communicate with their command and control every minute. When it is time to launch a distributed denial of service, these bots can be organized to attack a specific target at a specific time. Some of their objectives: to steal credentials, disable security services, perform click fraud, enable remote access or any number of other backdoor attack scenarios.
- In 2014, Distributed Denial of Service (DDoS) accounted for 60 percent of all attacks, almost double from the previous year. DDoS attacks, which temporarily knock a server or other network resource out of service, were occurring 48 times per day in 2014—up from eight times per day in 2013 representing a 500 percent increase! In 2013, the majority of DDoS attacks were found largely in the consulting sector. In 2014, they spanned almost two thirds of businesses across all industries.
- Within the category of malware, we have many areas that show vulnerability. In 2013, servers were the preferred target. In 2014, this all changed. Clients are now the weakest link. Client-side attacks increased from 32% to 60% while server side dropped from 68% to 40% at the same time. The shift is due to increases in phishing attacks. Why? Because hackers discovered that through social engineering, humans are easier to trick than machines.
- When looking across all of the known and unknown event types, the most dominant points of entry are enterprise endpoints. And, the biggest cause of enterprise endpoint vulnerabilities is negligence. According to our findings, 20 percent of enterprise hosts are not running a desktop firewall; 10 percent of enterprise hosts don’t have updated service packs; 25 percent don’t have updated versions of their software; and 17 percent don’t have anti-virus installed at all. In addition, 35 percent of enterprise hosts are configured such that users have local administrator permissions, putting their operating systems at greater risk for malware exploitation. And 54% are still allowing Bluetooth – a communication avenue that is known to have real vulnerabilities.
- In our mobile threat research, more than 500,000 Android and 400,000 iOS devices that connected to corporate Wi-Fi through Check Point firewalls in more than 100 countries were studied. If devices communicated with a command and control (C&C) server, they were considered infected. Researchers found that 1 out of every 1,000 devices was infected. Commercial mobile surveillance kits, typically used for monitoring children—or in some cases spying—were put under the microscope. Such products are vulnerable to mobile remote-access Trojans (mRATs), which top the list of mobile malware. If there are 2,000 devices or more in an organization, there is a 50 percent chance that there are at least six infected or targeted mobile devices on their network. By mobile platform, that breaks down to 60 percent Android and 40 percent iOS. Check Point found that 42% of businesses suffered mobile security incidents costing more that $250,000 to remediate.
- As we just reviewed, the next big attack are employee mobile devices. Malicious mRATs allow potential attackers to steal sensitive information from a device. They can take control of the different sensors to execute keylogging, steal messages, turn on video cameras, and more. There are many types of mobile RATs and by type, here is what we found in terms of popularity and usage. Now let’s look at High-Risk Applications.
- We found that the combining of personal and business on the same devices breeds poorer security postures. Users will tend to engage high risk applications more often on their personal devices mostly because they don’t understand the risks. High risk applications come in many forms, but one of the main categories that people voluntarily use are called peer-to-peer file sharing applications. BitTorrent Protocol and SoulSeek are just two popular examples of what is typically used for media exchange like music, videos, or real-time communication, and 2014 saw an increase in usage of P2P file-sharing applications. People love getting things for free, and P2P gives the illusion that they are getting videos and songs for free. But it may be coming at the cost of their jobs if hackers steal information from their corporate network.
- When safeguards are put in place by Corporate IT, many users try to get around it by using tools like anonymizers—browser plugins or web services such as Tor or OpenVPN allow users to interact online, anonymously. These can be used legitimately, to minimize risk, but all too often, they are used for malicious purposes. Last year’s top three included Tor, Ultrasurf, and Hide My Ass. This year: Tor slipped to third place; OpenVPN and Coralcdn were numbers one and two. Organizations experience nearly 13 high risk application usages every hour. That’s 305 times per day, or about once every 5 minutes.
- But even if you’re doing everything right and keeping high-risk applications in check, there’s another security issue that lurks: data loss from the inside. In general, every 36 minutes sensitive data is sent out side the organization. The question becomes how well this data is safeguarded. Data loss is the biggest risk an organization faces. In 2014, organizations suffered a data loss at a rate of 1.7 times per hour, or 41 times per day. In 2014, 81% of organizations experienced at least one potential data loss incident. Although we saw a decline from last 2013, 81% is still a very large number.
- Of the information sent by employees, 30% involve credit card data and 25% is sensitive personal information. The result is a lot of data being sent – some safeguarded, some not.
- So what can you do?
- Close the gaps It is vital to have a multi-layered security strategy. Protect against known malware with IPS and anti-virus. If infected, then leverage anti-bot to ensure that communication does not occur to a command and control center. That said, protecting against known malware, only solves part of the puzzle. Zero day protection solutions such as CPU and OS level sandboxing identify new, unknown malware. And for complete threat removal, threat extraction reconstructs documents so that they are malware free. Source: 1- Kaspersky Labs Virus Bulletin (www.virusbtn.com) – October 2014
- Best practices in security recommend segmentation. By partitioning your network, you limit access if infiltrated to simply that segment versus your whole network. Smaller network segments are easier to protect and limit the scope should a breach occur.
- Multi-layer protection is the best protection approach. Weaponized documents like Microsoft Office and PDFs can be analyzed and protected using threat emulation. It’s recommended that both CPU level and OS level sandboxing is used. Also, to ensure your employees always receive malware free documents, it’s recommended to use threat extraction to ensure that only safe documents are delivered. Command and control communications can be blocked using anti-bot protection. Malware infestation can be blocked using IPS and anti-malware protections such antivirus
- For management and visibility, a single console view gives you holistic view of the events that are happening on your network and provide the best possible security approach. With so many protection tools, it is vital to be able to visualize and control them in concert rather than one at a time. Having integrated real time event management that uses unified policies across all of the tools and automates changes to they are simultaneous and orchestrated are vital to real protection.
- The cyber war is happening whether you decide to protect yourself or not. The trends are quite real and will continue to advance at the same pace. Check Point Security will protect your organization from today’s and tomorrow’s threats.
- Together, we secure the future.
- Download the entire security report today at www dot checkpoint dot com.