Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2014 IBM Corporation 
BusinessConnect 
A New Era of Smart 
Hotlandskapet på Internet 
Ola Wittenby 
ola.wittenby@se.ibm....
A New Era of Smart 
© 2014 2 
IBM Corporation
A New Era of Smart 
A new security reality is here 
61% 
of organizations say 
data theft and cybercrime 
are their greate...
A New Era of Smart 
© 2014 4 
IBM Corporation
A New Era of Smart 
We are in an era of continous breaches 
2011 2012 2013 
SQL 
injection 
Spear 
phishing 
Attack types ...
A New Era of Smart 
The cybercrime ecosystem 
Developer / Malware writer 
Exploiter / Distributor 
•Spam 
•Phishing 
•Phar...
A New Era of Smart 
One-day attack methods demonstrate how quickly attackers rush to 
exploit a vulnerability 
© 2014 7 
I...
A New Era of Smart 
Attackers optimize and refine target selection 
© 2014 8 
IBM Corporation
A New Era of Smart 
Effectively targeting end-users 
Watering Hole Malvertising 
 Attacker injects malware 
on special in...
A New Era of Smart 
Spam continues to be a main channel for malware into companies 
In March 2014, we saw the highest leve...
A New Era of Smart 
Significant increase in Java vulnerabilities 
© 2014 11 
IBM Corporation
A New Era of Smart 
Weponized content focused on end-user applications 
© 2014 12 
IBM Corporation
A New Era of Smart 
Attackers exploit application vulnerabilities to access sensitive data 
50% of web applications they h...
A New Era of Smart 
Attackers use exploit kits to deliver payload 
Styx Exploit Kit 
Rising in popularity 
Successful in...
A New Era of Smart 
The cybercrime ecosystem 
Criminals just buy what they need… 
•Weaponized content (Malware) 
•Delivery...
A New Era of Smart 
© 2014 16 
IBM Corporation
A New Era of Smart 
Statement of Good Security Practices: IT system security involves protecting systems and information t...
Upcoming SlideShare
Loading in …5
×

Ola Wittenby - Hotlandskapet på Internet

659 views

Published on

Att bekämpa brott på internet blir för de flesta företag inte lättare med tiden. Cyberbrottslingar ökar hela tiden takt och sinnrikhet i deras attacker. Tekniken och tillvägagångssätten förbättras stadigt och attackerna blir ännu svårare att hitta och hindra.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Ola Wittenby - Hotlandskapet på Internet

  1. 1. © 2014 IBM Corporation BusinessConnect A New Era of Smart Hotlandskapet på Internet Ola Wittenby ola.wittenby@se.ibm.com Stockholm 2014-10-07
  2. 2. A New Era of Smart © 2014 2 IBM Corporation
  3. 3. A New Era of Smart A new security reality is here 61% of organizations say data theft and cybercrime are their greatest threats 2012 IBM Global Reputational Risk & IT Study $3.5M Average cost of a data breach 2014 Cost of Data Breach, Ponemon Institute 70% of security executives have cloud and mobile security concerns 2013 IBM CISO Survey 83% have difficulty finding the security skills they need 2012 ESG Research 85 45 of enterprises 614% security tools from Mobile malware growth in just one year 2012 - 2013 Juniper Mobile Threat Report vendors IBM client example © 2014 3 IBM Corporation
  4. 4. A New Era of Smart © 2014 4 IBM Corporation
  5. 5. A New Era of Smart We are in an era of continous breaches 2011 2012 2013 SQL injection Spear phishing Attack types Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change DDoS Third-party software Physical access Malware XSS Watering hole Undisclosed Note: Size of circle estimates relative impact of incident in terms of cost to business. © 2014 5 IBM Corporation
  6. 6. A New Era of Smart The cybercrime ecosystem Developer / Malware writer Exploiter / Distributor •Spam •Phishing •Pharming •Social Engineering Hosting / Outsourcing © 2014 6 IBM Corporation
  7. 7. A New Era of Smart One-day attack methods demonstrate how quickly attackers rush to exploit a vulnerability © 2014 7 IBM Corporation
  8. 8. A New Era of Smart Attackers optimize and refine target selection © 2014 8 IBM Corporation
  9. 9. A New Era of Smart Effectively targeting end-users Watering Hole Malvertising  Attacker injects malware on special interest website  Vulnerable niche users exploited  Attacker injects malware on ad network  Malicious ad embedded on legitimate websites  Vulnerable users exploited © 2014 9 IBM Corporation
  10. 10. A New Era of Smart Spam continues to be a main channel for malware into companies In March 2014, we saw the highest levels of spam measured during the last two and a half years. © 2014 10 IBM Corporation
  11. 11. A New Era of Smart Significant increase in Java vulnerabilities © 2014 11 IBM Corporation
  12. 12. A New Era of Smart Weponized content focused on end-user applications © 2014 12 IBM Corporation
  13. 13. A New Era of Smart Attackers exploit application vulnerabilities to access sensitive data 50% of web applications they have deployed Test and Remediate AppVulns  Not testing puts the organization at risk.  Broken authentication can result in that the attacker looks like a legitimate user. of organizations underestimate the number Protect Web Servers  Bugs means increased risks for loss of critical information.  Mitigating potential damages makes cleanup a challenge. Expect the Unexpected  Plan incident response for the unkown rather than the known. © 2014 13 IBM Corporation
  14. 14. A New Era of Smart Attackers use exploit kits to deliver payload Styx Exploit Kit Rising in popularity Successful in exploiting IE and Firefox on Windows © 2014 14 IBM Corporation
  15. 15. A New Era of Smart The cybercrime ecosystem Criminals just buy what they need… •Weaponized content (Malware) •Delivery (spam, phishing, pharming…) •Hosting •SLA Developer / Malware writer Exploiter / Distributor •Spam •Phishing •Pharming •Social Engineering Hosting / Outsourcing Or just rent a hacker to get what they need… •Industrial espionage •Bank fraud © 2014 15 IBM Corporation
  16. 16. A New Era of Smart © 2014 16 IBM Corporation
  17. 17. A New Era of Smart Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. © 2014 17 IBM Corporation

×