Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Conférence CISCO ACSS 2018
1. Oran – 4 Avril 2018
Consultant Securite Afrique
Cisco 2018
Annual Cybersecurity Report
Tendances Chez les Attaquants et
chez les Defendants
Babacar Wagne
2. 2018 Annual Cybersecurity Report
• Unprecedented levels of sophistication and impact
• Becoming more adept at evasion
• Exploiting new technology security gaps
4. Malicious Binaries and Encryption
Increase
November 2016
Attackers embrace encryption to conceal their command-and-control activity
19%
12% Increase
268%70%
50%
38%
Global Encrypted Web Traffic Malicious Sandbox Binaries with Encryption
October 2017
6. Malicious Documents in Email
January-May June-October
Compared usage of malicious attachments from first portion of 2017 to second
Office
55%
Archive
415%
PDF
255%
8. Sandbox Evasion Patterns
Attackers are constantly testing sandbox evasion techniques
Document Close
Doc Embedded
in PDF
Malicious Samples Total Samples
Oct 2016
Volume
Volume
Oct 2017 Oct 2016 Oct 2017
12. 53%
manage over half of
their infrastructure in
the cloud
Ease of use (46%)
Scalability (48%)
Lack of internal workforce (41%)
Better security (57%)
Appeal:
The Cloud
Organizations increase reliance on the cloud
13. Malicious Use of Legitimate Resources
Adaptability
Subverts Domain and
Certificate Intelligence
Easy Setup
Whitelisted
IP Address
Cybercriminals are adopting command-and-control channels that rely on legitimate
Internet services, making malware traffic almost impossible to shut down
Reduce Burning Infrastructure
Leverage
Encryption for C2
Source: Anomali
15. IoT and DDos
Application-layer attacks
are rising, network-layer
attacks are declining
Burst attacks are
increasing
Amplification attacks
• Complexity
• Frequency
• Duration
2/5of businesses experienced a
reflection amplification attack in
2017
of those organizations
mitigated the attacks2/3
Source: Radware
17. How Malicious Actors Leverage Domains
60%Spam
20%Malvertising
20%Other
Organizations need to minimize access to malicious domains
Type of Attack
RLD Registered
Times
New or Reused
Domains
80%
More than
1 week
20%
Less than
1 week
42%
New
58%
Reused
19. Insider Threat
Machine learning algorithms can greatly help detect internal malicious actors
62%
occur outside of
normal work hours
5200
docs per user /
1.5 months
PDFs
were the most
common file type
“Data”
was the most popular
keyword in doc titles
High*
accuracy of malicious activity
detection since June 2017
21. IT/OT Attack Sentiment
69%
of organizations believe
OT is a viable attack
vector in 2018
• 20% believe it will be
eventually
• 10% believe it will remain
in IT alone
22. ICS Vulnerabilities
Being Connected
to the Internet
Known Vulnerabilities
Rarely Patched
Lack of
Knowledge
Too Specialized
USB or DVD as Entry Point
Threat actors are actively engaged in
researching pivot points to facilitate
future attacks
Source: TrapX
24. We need a better way to improve patch management processes
High Severity Vulnerabilities and Patch Management
High severity is driven by headlines
MS17-010 Detections
Patches double as organizations
realize potential threat
Exploited vulnerability
makes headlines
Microsoft warns
of vulnerability
NumberofDetections
Month Source: Qualys
26. Alerts
44%of Alerts are
NOT Investigated
8%
Experienced NO
Security Alert
56%
of Alerts are
Investigated
34%
of Investigated
Alerts are
Legitimate
51%
of Legitimate Alerts
are Remediated
93%
Experienced
Security Alert
Uninvestigated alerts still create huge business risk
49%of Legitimate Alerts are
NOT Remediated
32. Strategic, Operational, and Tactical Issues
26%
can be addressed
by products alone
74%
might also require
people and/or
processes to address
People
Products Policies
An overemphasis on
product solutions can leave
openings for attackers
33. The Need for Outsourcing
In order to keep up, organizations are looking for outside help
54%
Consulting
(up 3%)
49%
Monitoring
(up 5%)
47%
Incident Response
(up 2%)
Most Frequently
Outsourced Services
34. Market Expectations: Threat Landscape
The threat landscape to remain complex and
challenging
• Few predict radically new threats on the horizon, but they
see more capable and more diabolical bad actors
• Believe they’ll need ever more sophisticated security
arsenals to keep they at bay
35. Market Expectations: Modern Workplace
The modern workplace will continue to create
conditions that favor the attackers
• The footprint security executives must secure continues to
expand
• Employees increasingly carry their work (and the
company’s data) with them wherever they go—a well-
documented source of exposure
• Clients, partners and suppliers all need secure access to
corporate resources
• With the increasing deployment of IoT sensors, etc.,
companies’ interfaces to the internet will multiply
dramatically
36. Market Expectations: Scrutiny
Additional scrutiny of their ability to secure
the organization
• Many expect they’ll be under additional scrutiny—from
regulators, executives, stakeholders, partners and clients
• Top scrutiny from Executive Leadership, Clients, and
Business Partners (76%, each)
• Several CISOs mention that the need to meet others’
expectations for accessibility puts increasing strains on staff
• Current and potential clients can be particularly demanding
of information regarding security processes and protocols
37. Market Expectations: Breaches Drive Budget
Budgets will remain stable, unless a security
breach drives unexpected investment
• 51%: Budgets based on previous year’s budget
• 51%: Organization’s security outcome objective
• 46%: Percent of revenue
• 47%: Breach drove improvements to a great extent
!
38. Market Expectations: AI and Machine Learning
More spending on AI/ML capabilities
• AI, ML and automation are all increasingly desired and
expected
• 83%: Reliant on automation to reduce the level of effort to
secure the organization
• 74%: Reliant on AI to reduce the level of effort to secure
the organization
• CISOs expect to take increasing advantage of AI and
robotics
39. Market Expectations: Outsourcing
More reliance on outsourcing services
• 53%: More cost efficient
• 52%: Desire for more unbiased insight
• 51%: More timely response to incidents
40. Observed Threats and TTD
Cloud-based security technology has been a key factor in helping Cisco
maintain a low median despite an increase in threat samples
Cisco Annual Median TTD
(Hours)
37.1
14
4.6
2015 2016 2017
Number of Observed Threat Samples
10x
Increase
2016 2017
41. Adversary tactics are continuously evolving, using encryption and legitimate Internet
services to conceal their activity and undermine traditional security technologies
Lead from the top: executives/board set the security tone, culture
Top 7 Actions:
. Educate by roles for maximum benefit
. Adhere to corporate policies, practices for application, system, and appliance patching
. Assume ownership of IoT device security and add scanning for these devices to security reviews
. Review, practice security response procedures
. Back up data often, test restoration procedures
. Review third-party efficacy testing of security technologies to reduce risk of supply chain attacks
. Conduct security scanning of micro-service, cloud service, and application administration systems
Conclusion/Recommendations
42. Download the Cisco 2018
Annual Cybersecurity Report
cisco.com/go/acr2018