Advanced Targeted Attack
Enabling a Smart Protection Strategy – Trend Micro Approach
Manas Sarkar
Head Technical Consultan...
2.4B
Internet Users

1

665M
Web Sites

1 Trillion+
3

URLs indexed
by Google
2

54%

1B

of Facebook
Access is via
Mobile...
Unprecedented Adoption Rates
66.1M
iPads

21.2M
iPhones

1.3M
0

1

iPods
2

Source: KPCB, Apple Quarterly Results
Copyrig...
Source:
Asymco.com, June 2012

Copyright 2013 Trend Micro Inc.
1 Million Users

9
Days

9
Months

9
Years
Source: ReadWriteWeb, March 2012

Copyright 2013 Trend Micro Inc.
90
2.5

%

INFORMATION CREATED IN
HAS BECOME
QUINTILLION
BYTES OF YEARS
LAST 2 DATA/DAY!
YOUR MOST STRATEGIC ASSET

Source...
Payment Card Industry (PCI)
Protected Health Information (PHI)

1
55
90

COMMERCIAL EXPLOIT KITS
NEW THREAT CREATED
ORGANI...
Threat Landscape
DAMAGE CAUSED

•
Now, it’s personal
•
Financially motivated.
Evolution to Cybercrime most valuable assets...
What do modern attacks have in common?
What do they need to make money?
Challenges with current security controls
• AV just doesn’t work with APT
– 63% of malware used in APT are
customized

• E...
Today’s Attacks: Social, Sophisticated, Stealthy!
Gathers intelligence
about organization and
individuals

Targets individ...
Gathers intelligence
about organization and
individuals

Targets individuals
using social
engineering

$$$$
Attacker

Extr...
A Custom Defense Lifecycle
Detect
malware, communicati
ons and behavior
invisible to standard
defenses

Network-wide
Detec...
Visibility of Network
Malicious content
• Embedded doc exploits
• Drive-by downloads
• Zero-day
• Malware

Suspicious
comm...
Thank You!
Upcoming SlideShare
Loading in …5
×

eBihar 2014 - Emerging Technologies – Big Data Analytics, Networking, Cloud Computing & Security - Shri Manas Sarkar, Trendmicro

649 views

Published on

eBihar 2014 - Emerging Technologies – Big Data Analytics, Networking, Cloud Computing & Security - Shri Manas Sarkar, Trendmicro

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
649
On SlideShare
0
From Embeds
0
Number of Embeds
76
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • We live in incredible times! We are more connected than ever.<click>About 1/3 of the world’s population is on the Internet. 2.4B users (about 12% or 276M in NA alone…about 2/3 the population) (Source: Internet World Stats, Dec 2012)<click>We have more information at our fingertips than we could have imagined. Google now indexes over 1 Trillion URLs each day. (Source: Google, 2008)<click>…and there are 665M web sites – amazing when you consider this number was only 50M in 2003. (Source: Netcraft Site Data, July 2012)<click>Not only are we using the Internet to access information more quickly and easily, but we are using it to connect with others. To learn from others. To share with others. Facebook now has over 1B users – incredibly rapid growth from 2003 when Mark Zuckerberg was at Harvard and first launched Facebook. (Source: Facebook, Oct 2012)<click>We use our smart phones not only to find the nearest coffee shop or directions on Google Maps, but to send real-time updates to our friends, family and colleagues. Over half of Facebook users use their mobile devices to access and update their social networking information. (Source: Gartner 2012)<click>One of the reasons that Internet traffic is accelerating so quickly is of course the access by mobile devices. They now account for 10% or Internet traffic. Last year there were 427M smart phones sold last year alone. (Source: SocialBakers May 2012)How quickly our world has changed!!
  • Not only are we more connected, but the adoption rates are unprecedented. If you think about how much iPods changed our view of portable devices, yet Apple only sold 1.3M iPods in its first two years. Compare that with the I first two years of iPad sales, Apple sold 66M iPads. (Source: KPCB, Apple Quarterly Results)Recently, Apple sold out of its 5 Million iP hone 5s in its first 3 days!!
  • This willingness for us as consumers to adopt mobile devices has also made like much more challenging for IT. This chart shows the change in platforms that have shipped over the past 35 years or so.Not surprisingly, this growth of mobile devices is changing our landscape forever. ( Source: Asymco.com June 2012)<click to show first bubble>Only 15 years ago, there was really only one dominant platform to support. Windows on the PC. And maybe some Mac as well.<click for second bubble> Now, with the rapid adoption of new technologies, mobile devices now outsell PCs. And we are about to see an individual mobile platform (Android) to overtake the PC. And these mobile devices are not just for home use. The global install base of tablets, for example, will be 760 million by 2016, with 375 million sold just in that year. And according to Forrester, one third of them will be sold to businesses. This platform evolution will change your jobs in IT irreversibly.
  • A key indicator of business growth is how long it takes to get to 1 million users For example, it took AOL 9 years to get to 1 million users…9 months to do the same for Facebook…but only 9 DAYS for DrawSomething! ! (Source: ReadWriteWeb March 2012)This new world is causing complexity AND great opportunity.
  • All of this global connectivity has resulted in a HUGE data explosion.According to IBM, We now produce 2.5 quintillion bytes of data/day (that’s to the power of 18)… (Source: IBM)But even more interesting is that we’ve created most of the world’s data in the past couple of years . The era of big data has arrived!
  • And this is the same information that Cybercriminals are after.It has truly become a business. 1 new threat is created every second (Source: Trend Micro SPN statistics)<Click>It has become its own underground economy. Virtually all cybercriminals use toolkits. They can download prebuilt executables that allows them to exploit know vulnerabilities.<click>Not surprisingly, we have found that 90% of organizations have active malware, <click>and shockingly more than half are not aware of intrusions. (Source: Trend Micro)<click>And this is so important to organizations because it costs them money - millions of dollars per breach, which they claimed from their insurance companies. (Source: Netdiligence: Cyber Liability and Data Breach Insurance Claims, October 2012)
  • The threat environment has evolved over the years. All of these threats still exists out there, but new and more damaging threats are being developed each year. Now, we are dealing with targeted attacks, advanced persistent threats and creative mobile attacks that take advantage of new vulnerabilities, social engineering and mobile proximity.They are stealthy and are designed to fly under the radar, undetected, and to steal your valuable data. And your data is everywhere--in the cloud, on virtualized servers, and on mobile devices. It needs to be protected, w/out slowing you downStreet crime is down 20%. Why? It is becoming so much more profitable and lucrative to enter into the world of cybercrime. And it is getting easier.Cyber criminals use a seemingly endless array of techniques to compromise and infiltrate nearly every aspect of our electronic environment. As our lives, and for that matter, the entire global economy, have become increasingly dependent on Web-based systems and interconnectivity to operate smoothly, cyber-attacks have emerged to stalk us nearly every step of the way. In fact, they’ve grown so complex and varied that traditional IT system defenses such as antivirus (AV) software and intrusion prevention systems (IPSs) are not enough on their own. Cybercrime has become big business with commercialized exploit kits and cybercriminal counter intelligence available to the hackers. This has greatly accelerated the volume, variety and velocity of threats we are dealing with.There are specific emerging trends in cyber-attack: Professionalization and Commoditization of Exploit Kits. i.e. BlackHole Exploit Kit Modularization: We have also observed a high degree of modularization in more advanced malware like SpyEye and FLAME. Increased Sophistication with Traffic Direction Systems (TDS): Traffic Direction Systems (TDS) are used as initial landing pages, also known as “doorway pages”, which direct traffic to content. RansomwareNew Exploitation Vectors Introduced via HTML5 •Evolution of Mobile ThreatsContinued Exploitation of Social Networks As these threats evolve, it is clear that traditional techniques won’t be able to prevent all threats. Additional layered security and specialized visibility into these attacks is needed.
  • Todays attacks are social, sophisticated, and stealthy. <click>They are targeted attacks and advanced persistent threats – and they typically start with the attacker gathering intelligence about the organization and individuals using Facebook, Linkedin, Google+ and other social networking applications.  <Click>Next, they target individuals using social engineering based on the intelligence they’ve gathered – perhaps sending a targeted “spear phishing” email at specific employees from one of their co-workers.  <Click>Once they have gained access to the organization by compromising a single machine, they establish a command and control server link so they can remotely control the attack from the outside – <Click>…giving the attacker the time and means to control their attack and move within the organizations network compromising other machines.<Click>They continue to look for  valuable data by exploring the organization from within the internal network.<Click> Once they have found it, they will extract the data from the organization – and this may go undetected for months!
  • All of these capabilities enable a complete lifecycle for dealing with targeted threats and APTs – including…Detectmalware, communications and behavior invisible to standard defensesAnalyzetherisk and characteristics of the attack and attackerAdaptsecurity automatically (IP black lists, custom signatures…)Respond using the insight needed to respond to your specific attackers
  • eBihar 2014 - Emerging Technologies – Big Data Analytics, Networking, Cloud Computing & Security - Shri Manas Sarkar, Trendmicro

    1. 1. Advanced Targeted Attack Enabling a Smart Protection Strategy – Trend Micro Approach Manas Sarkar Head Technical Consultancy – India & SAARC
    2. 2. 2.4B Internet Users 1 665M Web Sites 1 Trillion+ 3 URLs indexed by Google 2 54% 1B of Facebook Access is via Mobile Facebook Users 6 427M 4 Smart Phones Sold Last Year 5 Sources – 1: Internet World Stats, Dec 2012; 2: Google, 2008; 3: NetCraft Site Data, July 2012; 4: Facebook, Oct 2012; 5: Gartner 2012; 6: SocialBakers, May 2012; Copyright 2013 Trend Micro Inc.
    3. 3. Unprecedented Adoption Rates 66.1M iPads 21.2M iPhones 1.3M 0 1 iPods 2 Source: KPCB, Apple Quarterly Results Copyright 2013 Trend Micro Inc. 3 4 5 6 7 8
    4. 4. Source: Asymco.com, June 2012 Copyright 2013 Trend Micro Inc.
    5. 5. 1 Million Users 9 Days 9 Months 9 Years Source: ReadWriteWeb, March 2012 Copyright 2013 Trend Micro Inc.
    6. 6. 90 2.5 % INFORMATION CREATED IN HAS BECOME QUINTILLION BYTES OF YEARS LAST 2 DATA/DAY! YOUR MOST STRATEGIC ASSET Source: IBM Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013
    7. 7. Payment Card Industry (PCI) Protected Health Information (PHI) 1 55 90 COMMERCIAL EXPLOIT KITS NEW THREAT CREATED ORGANIZATIONS HAVE NOT EVEN AWARE OF USED BY VIRTUALLY ALL EVERY SECOND ACTIVE MALWARE INTRUSIONS % EASTERN EUROPEAN CYBERCRIMINALS Intellectual Property (IP) Personally Identifiable Information (PII) Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013
    8. 8. Threat Landscape DAMAGE CAUSED • Now, it’s personal • Financially motivated. Evolution to Cybercrime most valuable assets • Targeting CRIMEWARE Intelligent Botnets Worm Outbreaks Vulnerabilities 2001 Spam Mass Mailers 2003 Web Threats Mobile Targeted Attacks Attacks Spyware 2004 2005 2007 2010 2012+
    9. 9. What do modern attacks have in common?
    10. 10. What do they need to make money?
    11. 11. Challenges with current security controls • AV just doesn’t work with APT – 63% of malware used in APT are customized • Employees are the weakest link in security – Spear-phishing a common tactic • Firewall and IDS/IPS are ineffective – Open standard ports and protocols for access • Vulnerabilities & Zero-day Exploits – What percentage of your servers and endpoints are patched? • Organizations don’t know they’re being targeted – Low and Slow – stealthy, unlike a virus outbreak.
    12. 12. Today’s Attacks: Social, Sophisticated, Stealthy! Gathers intelligence about organization and individuals Targets individuals using social engineering Attacker Establishes Command & Control server $$$$ Extracts data of interest – can go undetected for months! Moves laterally across network seeking data of interest Employees
    13. 13. Gathers intelligence about organization and individuals Targets individuals using social engineering $$$$ Attacker Extracts data of interest – can go undetected for months! Establishes Command & Control server Moves laterally across network seeking data of interest Employees A Custom Attack NEEDS a Custom Defense! Security Malicious Content Network Admin Suspect Communication Attacker Behavior
    14. 14. A Custom Defense Lifecycle Detect malware, communicati ons and behavior invisible to standard defenses Network-wide Detection Analyze the risk and characteristics of the attack and attacker Custom Sandboxes Advanced Threat Analysis Adapt security automatically (IP black lists, custom signatures…) Threat Intelligence Automated Security Updates Custom Defense Strategy Security Network Admin Respond using the insight needed to respond to your specific attackers Services and Support
    15. 15. Visibility of Network Malicious content • Embedded doc exploits • Drive-by downloads • Zero-day • Malware Suspicious communication • C&C access • Data stealing • Worms • Backdoor activity… Attack behavior • Propagation & dropper • Vuln. scan & bruteforce • Data exfiltration… DDI 0100100 0101 FW Gateway IPS Anti-virus software
    16. 16. Thank You!

    ×