Downloaded 16 times
Uploaded byKaseya
Protect Yourself Against Today's Cybercriminals and Hackers
This document discusses the threats from cybercriminals and hackers and provides recommendations for protecting endpoints. It notes that even companies making large security efforts have trouble keeping up with sophisticated cybercriminals. The endpoint is highlighted as the primary target and line of defense now. Kaseya is presented as a solution for blended protection across a unified platform with remediation and partnerships.
More Related Content
Similar to Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
- 1. Protect Yourself AgainstToday's Cybercriminals and HackersSept 14, 2011
- 2. SpeakersJeff KeyesProduct MarketingScottBrackettProduct Manager
- 3. What We SeeTheImpact of Endpoint Attacks9/20/20113Copyright 2010. All Rights Reserved.
- 4. Losing the BattleAgainst Cybercrime9/20/20114Copyright 2010. All Rights Reserved.Even those companies making sizable efforts to keep their data secure admit it's almost impossible to outpace the bad guys.– Bill Brenner, Senior Editor, CIO Magazine
- 5. Losing the BattleAgainst Cybercrime9/20/20115Copyright 2010. All Rights Reserved.The number of attacks is now so large and the criminals sophistication is so great that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first.– SANS.ORG, “The Top Cyber Security Risks”
- 6. Your Business isa TargetCyber criminals have stolen at least from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud…$100million— Brian Krebs, Washington Post, 26 October 2009
- 7. Malware Categories*WikiPedia9/20/2011Copyright 2010.All Rights Reserved.7
- 8. VirusesPrograms that attach/ embed to other applications (and then attempt to hide).DistributionFile sharingEmailInstant MessengerHosted EmailPolymorphic /Metamorphic9/20/2011Copyright 2010. All Rights Reserved.8
- 9. Worms (i.e. Conficker)9/20/2011Copyright2010. All Rights Reserved.9
- 10. Trojans9/20/2011Copyright 2010. AllRights Reserved.10
- 11. Rootkits9/20/2011Copyright 2010. AllRights Reserved.11
- 12. Malware For ProfitSpywareSearchrevenue, Pop up adsKey loggerInformation pushed to bad guysBotnetGeneral purpose networkDoS, SPAM, Brute Force Attacks129/20/2011Copyright 2010. All Rights Reserved.
- 13.
- 14. Losing the BattleAgainst Cybercrime9/20/201114Copyright 2010. All Rights Reserved.88% of Fortune 500 companies has compromised PC’s running Trojan’s in their environments. – Uri Rivner, RSA
- 15. "Endpoint .. . solutions are now a PRIMARY line of defense . . .”— Charles KolodgyResearch Director,IDC Security Products Program The Endpoint Is The TargetMalware On The Desktop Is The Goal9/20/201115Copyright 2010. All Rights Reserved.
- 16. "Endpoint .. . solutions are now a PRIMARYline of defense . . .”— Charles KolodgySearch Director, IDC Security Products Program Why The Endpoint Is The TargetMalware On The Desktop Is The Goal9/20/201116Copyright 2010. All Rights Reserved.Decentralized DataKeys To The KingdomComplete Control
- 17. Why The EndpointIs The TargetThe Endpoint is An Easy Target9/20/201117Copyright 2010. All Rights Reserved.Easy AccessMobile DataMultiple Vectors
- 18.
- 19. The Web UnderPermanent SiegeTargeted Attacks200820092010 (Jan/Feb)61.20%49.50%38.50%34.55%28.61%24.30%19.97%16.87%7.40%7.10%6.90%5.10%Adobe ReaderMS WordMS ExcelMS PowerPoint
- 20. Losing the BattleAgainst Cybercrime9/20/201120Copyright 2010. All Rights Reserved.“Once infected, malware, typically Trojans, will start recording all Internet related traffic, perform keylogging, grab emails, browser-stored passwords, and a long list of additional items. – Uri Rivner, RSA
- 21. Key Protection Elements9/20/2011Copyright2010. All Rights Reserved.21
- 22. Kaseya’s Solution9/20/2011Copyright 2010.All Rights Reserved.22Blended Protection / Unified Platform / Remediation / Partners
- 23. Why Is KasperskyDifferent?A Pioneer in Fighting IT Threats for 25 YearsSecurity Technology of Choice9/20/2011Copyright 2010. All Rights Reserved.23
- 24. The Most ImmediateProtectionSmall Updates for the Best Protection and User ExperienceKaseya Antivirus664138Microsoft33Symantec32Trend Micro28CA24McAfee0100200300400500600700Updates per Month9/20/201124Copyright 2010. All Rights Reserved.
- 25. Fastest Response Timeto New ThreatsKaseya Antivirus< 2 hours2 to 4 hoursEset2 to 4 hoursSophosSymantec4 to 6 hoursMcAfee4 to 8 hours02468Hours9/20/201125Copyright 2010. All Rights Reserved.
- 26. AV Competition: GeneralOverview
- 27. International awards| September 20, 2011Kaspersky Lab Technology Alliances Business DivisionPAGE 27 |The largest number of industry awards from IT publications and malware testing organizations globally
- 28. Why Anti-Malware?Best inthe industry100+Million Downloads 5+ Billion Threats RemovedWhat does it add?Layered Protection Lightweight Add-on to AntivirusFocuses MAINLY on Working WITH Antivirus EnginesZero DayPulled from WebAntivirus WeaknessesRemediation & Cleaning9/20/2011Copyright 2010. All Rights Reserved.28
- 29. CleanupBest in theindustry for cleanup Completely automated cleaningCleaning all aspectsProcessesBrowser Helper ObjectsToolbarsRegistryFilesOrphaned FoldersRootkits9/20/2011Copyright 2010. All Rights Reserved.29
- 30.
- 31. Typical WorkflowConsider location-specificsettingsDeploy SoftwareMonitor & Remediate
- 32. RoadmapAggressive feature-set enhancements:ServerSupport (KAV)LAN Share SupportAlert IntegrationImproved ReportingEnhanced logging and forensicsIntegration with newest releasesUI Refinement and standardizationMuch more…
- 33. Question & AnswersJeffKeyesProduct Marketing Jeff.keyes@kaseya.comScott BrackettProduct Manager scott.brackett@kaseya.com
- 34. Industry Buzz““Kaseya'sproducts havea reputation for being easy to install and use, compared with many competitive products.Gartner, 2011 (#G00209766)Kaseya’s IT Automation Framework can help many types of IT management organizations. Quickly. Affordably.EMA, 2008 (#1429091307)””““Kaseya’s strength lies in the ease of implementation, support for their customers, and comprehensive service level management.IDC, 2009 (#219336)Service automation is vital to IT success. Kaseya is purpose-built for this next era of computing.OVUM, 2010 (#TA001974ITM) ””
- 35.
- 36. ResourcesLearn More AboutKaseya http://www.kaseya.com/industries/service-providers.aspxFree Trialhttp://www.kaseya.com/forms/free-trial.aspxPrice Quotehttp://www.kaseya.com/forms/price_ent.aspxContact Ussales@kaseya.com,or toll free +1 415-694-5700
Editor's Notes
- #4 CLICK ONE: On November 8, 2009, cybercriminals acquired the banking credentials, username and password, for Hilliary Machinery, Inc., out of Plano Texas. With these stolen credentials, the perpetrators processed more than 47 separate transactions to more than 40 different payees. Over the course of just 3 days, Hilliary Machinery lost $801,495. While the company was able to recover some of the money, there is still over $250K that remains unaccounted for, in addition to attorney fees and court costs resulting from of the an ongoing lawsuit between Hilliary Machinery and its bank. According to Troy Owen, owner of Hillary Machinery, “while the loss did not cause us to go out of business, it certain put off business growth plans that we had.”The cybercriminal used ACH transactions, Automated Clearing House system for electronic payment processing. According to a copy of a Nov. 12 memo between two PlainsCapital employees that was given to Owen, the institution's commercial banking platform requires that each customer not only enter a user name and password, but also register their computer's Internet address by entering a secure access code sent to the e-mail address on file for the customer. On Nov. 8, according to the memo, secure access code e-mails were sent to a Hillary email address, but that the request came from a computer with an Internet address in Italy. The memo then says the actual wire transfer requests were made from IP addresses in Romania. Owen says when Hillary Machinery people saw this, "We were all scratching our heads. Because we don't even do international business, let alone have anyone working in Italy or Romania." Owen says no one at Hillary received any of the secure access request emails. The cybercriminal was able to capture the username and password and, by spoofing the IP, capture the return authorization email. All of this happened inside of Hillary’s network, not the banks.CLICK TWO: Hillary was able to get $600K back but asked the bank for the remaining $200K. The bank then sued Hillary stating that it was not their fault – they had 2-factor authentication in place. CLICK THREE: Hillary has counter-sued hoping to recover all of their funds plus court costs.This is just one of many stories of companies that believed they were secure but suffered substantial losses as a result of cybercriminals gaining access to the endpoint.
- #5 Open a newspaper any given day and you’ll read stories of companies being attacked by cybercriminals. Data breaches are rampant. Banker Trojans are stealing online-banking credentials resulting in massive financial losses. In the 2010 Cyber Security Watch Survey, conducted by CSO Magazine, Senior Editor Bill Brenner said, “Even those companies making sizable efforts to keep their data secure admit it’s almost impossible to outpace the bad guys.” It is a war out there, a war against cybercriminals who have one goal in mind – to make money! Today’s cybercriminals are constantly after data that can be easily converted into profit, or after credentials that will allow them to transfer money directly from company coffers.
- #6 According to SANS.ORG in its report “The Top Cyber Security Risks:” “ the number of attacks is now so large and the criminals’ sophistication is so great that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first.” As IT Departments spend on security today, many are overlooking the real targeted attack vector of cybercriminals today – The Endpoint.
- #7 In addition to more virulent attack methods that result in more money stolen per intrusion, cybercriminals no longer target only large-sized companies. Small businesses, State and Local Government and Education organizations are specifically being targeted by cybercriminals because they are often behind in security spend. Mid-sized companies in the US lost over $100 million dollars in 2009 to fraudulent bank transfers.
- #15 RSA’s latest whitepaper on cybercrime reveals that 88% of Fortune 500 companies have compromised PC’s running Trojans in their environments. According to RSA’s Uri Rivner, “these Trojans are busy moving terabytes of corporate data to stealthy drop zones scattered around the ’Dark Cloud’ of the Cybercrime infrastructure.”
- #16 The Endpoint – a user’s desktop, laptop, or even a smartphone, and even the servers that support them – has become a wide open target for cybercriminals today. Endpoint systems have become more mobile, both outside the office and across the Internet, making the traditional perimeter ineffective in providing the right level of protection for these valuable corporate assets. According to IDC, “Endpoint . . . solutions are now a PRIMARY line of defense…” because cybercriminals are targeting the endpoint for the theft of data and money.In this presentation we’ll discuss the growing malware threat, how cybercrimals are targeting the endpoint, and how you can protect your endpoints from cybercrime.
- #17 As mentioned earlier, EPS are the primary line of defense.Why is the Endpoint a Target?The increasing malware threat is focused on one target today – The Endpoint. But why? Why are cybercriminals so interested in the endpoint today? There are several factors that make the endpoint interesting to cybercriminals:Decentralized Data. Data no longer resides on the mainframe. Sensitive and confidential corporate data now resides on the desktop, the laptop and the smartphone. Gaining access to these devices means gaining access to data with a monetary value.Keys to the Kingdom. Placing the right Trojan on an endpoint system gives a cybercriminal access to data and credentials to other corporate systems, including online banking systems. Millions of dollars are lost every day due to fraudulent transfers from corporate bank accounts through the use of login information captured by Banker Trojans.Complete Control. Gaining root access to the endpoint also gives cybercriminals access to any system or data the end-user can access. The cybercriminal also has the ability to make the endpoint part of a larger botnet, using the system to spread malware to other systems. In addition, endpoint access can give hackers the ability to watch email content, IM chats, web traffic, log keystrokes, etc., making the endpoint a wealth of opportunity.
- #18 Computer hackers today are not yesterday’s script-kiddies looking for fame and glory. Today’s cybercriminal seeks to gain access to the endpoint and remain hidden so that they can steal data and money without the user’s knowledge. There are a number of factors that make the endpoint an easy target:Easy Access. As the network perimeter has become more porous, allowing end users access to all that the Internet has to offer, the endpoint has become the new perimeter and, in turn, the new target for cybercrime.Mobile Data. Corporate road warriors span the globe on a daily basis connecting to unsecured networks in airports, hotels, at home and on airplanes. These systems, which are outside the confines of the corporate perimeter, are a constant threat to corporate data and make the perimeter even more porous and accessible to cybercrime.Multiple Attack Vectors. End-users today are using the corporate Internet for both business and personal purposes, providing the cybercriminal multiple attack vectors into the endpoint. Valid business websites (77%) are distributing malware. Social media sites have become a playground for cybercriminals, as they prey upon individuals and companies alike that are trying to understand and embrace social media to keep track of friends, family, customers, prospects and partners. Personal web surfing, dating sites, music sites, video sites, etc., are also vectors for cybercriminals to spread malware to the endpoint. And, let’s not forget the ever-present threat via Email. It is no wonder, and not by mistake, that cybercriminals are targeting the endpoint. Without the right endpoint protection organizations are subject to attack through a multitude of endpoint targets!
- #20 IT Departments rarely know what versions of these applications are running in their environment, let alone know what patch levels these applications have installed. According to Secunia PSI statics, only 2% of Windows computers are fully patched. It is through these vulnerabilities that cybercriminals are gaining access to the company endpoint and using malware to carry out their nefarious schemes.
- #21 The ultimate goal of all of these attack techniques is to get malware on the endpoint. According to Uri Rivner of RSA:“Once infected,” “malware, typically Trojans, will start recording all Internet related traffic, perform keylogging, grab emails, browser-stored passwords, and a long list of additional items. The Trojan doesn’t stop at online banking credentials and credit card data: it steals your social network posts, your medical content, your private chats, your constituent letters, and all of your work related content: credentials for internal systems, emails you sent or received, corporate financial results, sensitive customer-related web forms you completed in CRM systems.”
- #22 Excellent firewalls / routers / UTM devices on the market todayBasic firewallContent filteringSpam filteringVirus filteringLock down wireless accessWEP / WPA have been cracked – use higher levelsUse guest networksSPAM / Virus filtered mailAvailable on the router, email server, and desktop itselfPhishingAvailable via the firewall and on the desktop. Use bothPatching OS, key MS apps, key 3rd party applicationsAntivirusFile AV – on access scannersWeb content, web siteMail checkingIMBehavioral engineAntiMalware / AntiSpywareLayered with AV. Backup as a last resort (for cleaning, etc.)Imaging solution for total system restores
- #24 There is no “Mr. McAfee” or “Mr. Symantec.” But there is a “Mr. Kaspersky!” For over 25 years, Eugene Kaspersky has been developing technology that has set the standard for malware protection, resulting in more than 54 global technology patents, including those that are pending. Kaspersky “best of breed” heuristics engines span multiple operating systems, including Linux, Unix, Netware and Microsoft. Kaspersky’s iChecker and iSwift technologies ensure the best in performance.Kaspersky continues to have the best in detection rates for both known and unknown malware, including polymorphic and macro viruses as well as multi-level detection within archived files.Kaspersky also updates faster than any company today ensuring that our customers have the latest in malware protection.
- #25 Update FrequencyAn AV solution is only as good as it’s last update. With 3500+ signatures being created a day, it is critical that updates are timely and do not impact the performance of the system.Kaspersky updates more than anyone in the industry, 664 times per month, almost one per hour, making sure that our customers have the latest in protection while minimizing the impact of updates on system performance.
- #26 Response Time RankingAccording to AV-Test.org Kaspersky responses faster to new threats than anyone in the industry, dramatically reducing the window of vulnerability for our customers.