Globally cybercrime casused €83bn of damage, this presentation looks at the dangers and the measures you can take to stay safe. To view the webcast click here https://www.brighttalk.com/webcast/6331/90937
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
ERAU webinar november 2016 cyber security Bill Gibbs
Embry-Riddle Aeronautical University Professor Dr. Jon Haass presents a webinar on Cyber Security. Called Cyber Security Problems and Solutions. Dr. Haass developed the nation's first cyber security bachelor's degree program, which is offered at the ERAU campus in Prescott, Arizona.
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
This presentation is designed to give an insight into cyber risk.
The importance of protecting your data has never been more significant. Every week the media features stories of companies suffering data breeches leading to financial difficulties and unhappy customers.
The internet is growing rapidly. It has given rise to new opportunities in every field we can think of be it entertainment, business, sports or education.
There’re two sides to a coin. Internet also has it’s own disadvantages is cyber crime- illegal activity committed on the internet.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Now a days Cyber Crime is detected as Most Powerful Criminal Activities. If you have no awareness about Cyber Crime and Cyber Security then you might be victim of Any Cyber Crime.
Computer crime or Cyber Crime is criminal activity that involves unlawful access to computer systems.
Cyber crime is an illegal activity committed on the internet.
hackin is an unauthorized access to the computer system by a hacker..
#Stay_Secure :)
ERAU webinar november 2016 cyber security Bill Gibbs
Embry-Riddle Aeronautical University Professor Dr. Jon Haass presents a webinar on Cyber Security. Called Cyber Security Problems and Solutions. Dr. Haass developed the nation's first cyber security bachelor's degree program, which is offered at the ERAU campus in Prescott, Arizona.
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
This presentation is designed to give an insight into cyber risk.
The importance of protecting your data has never been more significant. Every week the media features stories of companies suffering data breeches leading to financial difficulties and unhappy customers.
The internet is growing rapidly. It has given rise to new opportunities in every field we can think of be it entertainment, business, sports or education.
There’re two sides to a coin. Internet also has it’s own disadvantages is cyber crime- illegal activity committed on the internet.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Now a days Cyber Crime is detected as Most Powerful Criminal Activities. If you have no awareness about Cyber Crime and Cyber Security then you might be victim of Any Cyber Crime.
Computer crime or Cyber Crime is criminal activity that involves unlawful access to computer systems.
Cyber crime is an illegal activity committed on the internet.
hackin is an unauthorized access to the computer system by a hacker..
#Stay_Secure :)
Two trends make code signing more important than ever: the explosion of consumer applications for mobile and desktop devices and the proliferation of malware.
Cybercriminals recognize this as an opportunity and seek to trick us into installing malicious software (malware). Mobile network providers and software publishers increasingly require code signing from a trusted Certificate Authority (CA) before accepting code for distribution.
Find out how code signing can benefit your software in our whitepaper and SlideShare presentation.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors.
While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy?
View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure.
Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.
4th annual global study of 13,000 online adults, their experiences with cybercrime, their attitudes and adoption of online security best practices, blurred lines between work and home with BYOD and the social stress brought on by our addiction to mobile devices and social networks.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
A Glimpse into the Cybercrime Underground
In this session, Trusteer’s senior fraud prevention strategist, Etay Maor, will dive into the latest tools, techniques and threats developed and utilized by cybercriminals. The presentation will include a market overview of the latest offerings from the criminal underground, with a deep dive into some of the techniques discussed by cybercriminals, and review how they manifest as real attacks with real examples and case studies. A share of the presentation will also be dedicated to possible mitigation strategies and techniques.
During this webinar you will learn about:
- New malware attack and evasion techniques
- The latest underground offerings on the “fraud as a service” market
- The latest rumors and discussions around malware and malware authors from the underground
- Real-time intelligence and adaptable counter measures
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
The 2014 Internet Security Threat Report gives an overview of global threat activity for the past year based on data from Symantec’s Global Intelligence Network.
Part one of the Symantec Website Security Threat Report white paper is available here: http://bit.ly/17XOM54
These slides give insights from the Symantec Website Security's annual global threat report.We look at website malware, malvertising, targeted attacks, watering hole attacks, ransomware and website vulnerabilities.
One afternoon. Nine pitches. Who will get your 'investment'?
Enter the CyberDen and take your place in the dragon's seat. We're sending in eight leading cyber security vendors who will pitch their solutions to try and pique your interest.
We've rounded up some of the biggest names in the industry and exciting new players to provide you with an informative and relaxed afternoon. The RSA Vaults act as the perfect setting to make you feel like you're stepping in the den. You can then vote to 'invest' in the pitches that impress you or excite your interest.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
INFOGRAPHIC: Secure Computing as Threats EvolveSymantec
Symantec’s 2014 Internet Security Threat Report shows a marked decrease in many forms of malware and product vulnerabilities, plus faster responses to zero-day attacks. Symantec is blocking more attacks, more quickly, each year.
An analysis of security trends in the Financial Services industry. 56% of attacks originate from IP addresses within the US but attackers could be anywhere in the world.
Presentation by Bill Wright, Symantec on the Cyber Threat Environment presented at the Government Technology & Services Coalition (GTSC) meeting The National Security Supply Chain: Reducing the Vulnerabilities
Två trender gör kodsignering viktigare än någonsin: alla nya konsumentappar för mobila och stationära enheter, samt alla nya sabotageprogram. Datorbrottslingar ser detta som en möjlighet och försöker lura oss att installera skadliga program (sabotageprogram). Programutgivare och mobilnätsoperatörer kräver i allt högre grad kodsignering av en betrodd certifikatutfärdare (CU) innan någon kod godkänns för distribution. Ta reda på vilken nytta dina program kan ha av kodsignering i vår rapport och i vår SlideShare-presentation.
Возрастанию значения подписания кода способствуют две тенденции: рост популярности пользовательских приложений для мобильных и настольных устройств и распространение вредоносных программ. Для киберпреступников это открывает возможность заставить пользователей обманным путем устанавливать вредоносные программы. Прежде чем принять код для распространения, издатели ПО и операторы мобильных сетей все чаще требуют сертификат подписания кода, выданный надежным центром сертификации. Узнайте о преимуществах подписания кода: загрузите нашу официальную публикацию и презентацию SlideShare.
Due trend rendono oggi la firma del codice più importante che mai: il boom delle applicazioni commerciali per i dispositivi mobili e desktop e la proliferazione del malware. Per i criminali informatici si tratta di un'opportunità imperdibile, che cercano di sfruttare in ogni modo inducendoci a installare software dannoso (malware). Per gli autori di software e gli operatori di rete mobile è sempre più essenziale ottenere la firma del codice destinato alla distribuzione da parte di un'autorità di certificazione (CA), prima di accettarlo come sicuro. Scopri quali vantaggi può avere la firma del codice per il tuo software nel nostro white paper e nella presentazione SlideShare.
La signature de code s’impose plus que jamais comme un impératif incontournable sous l’impulsion de deux grandes tendances : 1) l’explosion des applications grand public sur les terminaux fixes et mobiles, et 2) la prolifération des logiciels malveillants (malwares). En clair, les cybercriminels y voient là une formidable opportunité de vous faire installer des malwares à votre insu. En conséquence, les éditeurs de logiciels et les opérateurs mobiles exigent désormais que tout code destiné à être diffusé soit signé par une autorité de certification (AC) de confiance. Vous souhaitez connaître les avantages de la signature de code pour vos logiciels ? Lisez notre document technique et notre présentation SlideShare.
El boom de las aplicaciones de consumidor para dispositivos móviles y de escritorio y la proliferación de malware han hecho que la firma de código sea más importante que nunca. Los ciberdelincuentes no han tardado en aprovechar el auge de las aplicaciones para distribuir software malicioso. Para evitar que esto ocurra, los distribuidores de software y los proveedores de redes móviles exigen con cada vez más frecuencia la firma de código por parte de una autoridad de certificación (CA) de confianza. Descubra en nuestro libro blanco o en la presentación de SlideShare las ventajas de la firma de código para su software
Das Zusammentreffen zweier Trends macht Code Signing zur unerlässlichen Sicherheitsmaßnahme: die rasant steigende Anzahl an Mobilgeräte- und Desktopanwendungen auf dem Verbrauchermarkt und die zunehmende Verbreitung von Malware. Internetkriminelle nutzen diese beiden Trends gezielt aus, um uns zum Installieren schädlicher Software (Malware) zu verleiten. Immer mehr Softwareanbieter und Betreiber von Mobilfunknetzwerken bestehen darauf, dass zum Herunterladen angebotene Software von einer vertrauenswürdigen Zertifizierungsstelle (CA) signiert wird. Nutzen Sie unser Whitepaper und die SlideShare-Präsentation, um sich über die Vorteile von Code Signing für den Vertrieb Ihrer Software zu informieren.
Two trends make code signing more important than ever: the explosion of consumer applications for mobile and desktop devices and the proliferation of malware.
Cybercriminals recognise this as an opportunity and seek to trick us into installing malicious software (malware). Mobile network providers and software publishers increasingly require code signing from a trusted Certificate Authority (CA) before accepting code for distribution.
Find out how code signing can benefit your software in our whitepaper and SlideShare presentation.
Two trends make code signing more important than ever: the explosion of consumer applications for mobile and desktop devices and the proliferation of malware.
Cybercriminals recognise this as an opportunity and seek to trick us into installing malicious software (malware). Mobile network providers and software publishers increasingly require code signing from a trusted Certificate Authority (CA) before accepting code for distribution.
Find out how code signing can benefit your software in our whitepaper and SlideShare presentation.
Join us each month on https://www.brighttalk.com/channel/6331 for the Symantec Website security threat update webinar a short 25 mins of web threats and security update news.
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...Symantec Website Security
O mundo do e-commerce nunca fica estático.
Sua estratégia de e-commerce também não precisa ficar. Com conexões Web via smartphones e tablets superando os computadores convencionais, e com o refinamento dos anúncios e resultados de pesquisa no Google de acordo com localização e dispositivo, as técnicas tradicionais de SEO e propaganda online estão cada vez mais ineficazes. Nosso novo guia de e-commerce mostra a empresários frustrados como melhorar a aquisição e a conversão de clientes no mundo multidispositivo sempre conectado de hoje.
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Symantec Website Security
La planète e-commerce ne cesse d’évoluer
Vous devez donc vous adapter en permanence. Désormais, les internautes se connectent davantage par smartphone et tablette que par des ordinateurs classiques. Pour sa part, Google adapte ses résultats de recherche en fonction de la localisation et du terminal mobile de l’utilisateur. Conséquence : les techniques traditionnelles de référencement (SEO) et de publicité en ligne s’avèrent de moins en moins efficaces. Ce nouveau guide vous livre toutes les clés d’une amélioration de vos taux de conversion et de fidélisation, à l’heure des connexions non-stop sur de multiples terminaux.
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarliSymantec Website Security
Il mondo dell'e-commerce non si ferma mai.
E una strategia di e-commerce di successo deve stare al passo. Con il sorpasso delle connessioni Web da smartphone e tablet rispetto a quelle da computer tradizionali e la personalizzazione dei risultati di ricerca e degli annunci Google in base al luogo e al dispositivo degli utenti, le tecniche di SEO e di pubblicità online tradizionali si stanno rivelando sempre meno efficaci. La nostra guida per l'e-commerce mostra ai proprietari dei siti Web come superare l'impasse migliorando i tassi di acquisizione e di conversione dei visitatori in una realtà dominata da una molteplicità di dispositivi e sempre attiva.
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsSymantec Website Security
El mundo del comercio electrónico nunca se detiene
... y su estrategia comercial también tiene que evolucionar. Vivimos en una era en la que los smartphones y tabletas superan en número de conexiones a los ordenadores convencionales, y Google adapta los anuncios y los resultados de búsqueda a la ubicación y al dispositivo del usuario. En este mundo multicanal y permanentemente conectado, las técnicas tradicionales de posicionamiento y publicidad online resultan cada vez menos eficaces. Por eso hemos creado una nueva guía para el comercio electrónico que pretende ayudar a los empresarios a adaptarse a estos cambios y a potenciar la adquisición y conversión de clientes.
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsSymantec Website Security
El mundo del comercio electrónico nunca se detiene
... y su estrategia comercial también tiene que evolucionar. Vivimos en una era en la que los smartphones y tabletas superan en número de conexiones a los ordenadores convencionales, y Google adapta los anuncios y los resultados de búsqueda a la ubicación y al dispositivo del usuario. En este mundo multicanal y permanentemente conectado, las técnicas tradicionales de posicionamiento y publicidad online resultan cada vez menos eficaces. Por eso hemos creado una nueva guía para el comercio electrónico que pretende ayudar a los empresarios a adaptarse a estos cambios y a potenciar la adquisición y conversión de clientes.
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Symantec Website Security
La planète e-commerce ne cesse d’évoluer
Vous devez donc vous adapter en permanence. Désormais, les internautes se connectent davantage par smartphone et tablette que par des ordinateurs classiques. Pour sa part, Google adapte ses résultats de recherche en fonction de la localisation et du terminal mobile de l’utilisateur. Conséquence : les techniques traditionnelles de référencement (SEO) et de publicité en ligne s’avèrent de moins en moins efficaces. Ce nouveau guide vous livre toutes les clés d’une amélioration de vos taux de conversion et de fidélisation, à l’heure des connexions non-stop sur de multiples terminaux.
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“Symantec Website Security
Die Welt des E-Commerce unterliegt einem ständigen Wandel.
Dem sollte Ihre E-Commerce-Strategie gerecht werden. Der Trend beim Internetzugriff geht weg vom herkömmlichen Computer und hin zu Smartphones und Tablet-Computern. Google passt seine Suchergebnisse an den Standort und das Gerät des Nutzers an. Diese Entwicklungen haben dazu geführt, dass herkömmliche Methoden der Suchmaschinenoptimierung und Online-Werbung an Effizienz eingebüßt haben. Unser neuer E-Commerce-Leitfaden zeigt Händlern Wege auf, in einer zunehmend mobilen Welt die Neukundengewinnung zu verbessern und die Abschlussrate zu steigern.
The rise of hacktivism and insiders: new tactics, new motives
Insiders Outsiders, Hactivists, Cybercriminals – the lines have blurred but the game remains the same – how you can protect your infrastructure and organization from web based and cyber threats.
With incidences of malware and vulnerabilities on the rise – how does your organisation measure up and how are you prepared for the future? Is your web infrastructure robust enough to cope? Join Symantec to understand the threat landscape and motivations that drive them.
Join us each month on https://www.brighttalk.com/channel/6331 for the Symantec Website security threat update webinar a short 25 mins of web threats and security update news.
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
In the Adani-Hindenburg case, what is SEBI investigating.pptxAdani case
Adani SEBI investigation revealed that the latter had sought information from five foreign jurisdictions concerning the holdings of the firm’s foreign portfolio investors (FPIs) in relation to the alleged violations of the MPS Regulations. Nevertheless, the economic interest of the twelve FPIs based in tax haven jurisdictions still needs to be determined. The Adani Group firms classed these FPIs as public shareholders. According to Hindenburg, FPIs were used to get around regulatory standards.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
An introduction to the cryptocurrency investment platform Binance Savings.Any kyc Account
Learn how to use Binance Savings to expand your bitcoin holdings. Discover how to maximize your earnings on one of the most reliable cryptocurrency exchange platforms, as well as how to earn interest on your cryptocurrency holdings and the various savings choices available.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
3. Agenda today
1
Cybercrime cost in numbers
2
Attack types and targets
3
Vulnerabilities
4
Insiders
5
Phishing and Ransomware
6
Watering holes and different attack tactics
7
Conclusion and resources
3
4. The global price tag of consumer cybercrime
€83 BN
Which is enough to host the 2012 London
Olympics nearly 10 times over
OTHER 17%
FRAUD 38%
REPAIRS 24%
THEFT OR LOSS
21%
€220
Average cost per victim
50% increase over 2012
4
5. The global price tag of consumer cybercrime
.7 BN
RUSSIA
9
28 BN
USA
EUROPE
27 BN
CHINA
BN
3 BN
MEXICO
INDIA
2.2 BN
6 BN
.7 BN
JAPAN
BRAZIL
AUSTRALIA
SOUTH AFRICA
0.2 BN
ALL AMOUNTS IN EURO
.7 BN
5
6. Different motives – Different attacks
Hacktivism
Money
DDoS
Banking Trojan
Defacement
Extortion
SQL Injection
Scam
Espionage/Sabotage
6
12. Billions
Top Targeted Countries Per Financial Trojan Family
Count
$50,000.00
7
$45,000.00
6
5
$35,000.00
$30,000.00
4
$25,000.00
3
$20,000.00
$15,000.00
Trojan Family Count
Population x Wealth per Capita
$40,000.00
2
$10,000.00
1
$5,000.00
$-
0
Population x Wealth per Capita
Trojan Family Count
Linear (Trojan Family Count)
12
13. Billions
Top Targeted Countries Per Financial Trojan Family
Count
$50,000.00
7
$45,000.00
6
5
$35,000.00
$30,000.00
4
$25,000.00
3
$20,000.00
$15,000.00
Trojan Family Count
Population x Wealth per Capita
$40,000.00
2
$10,000.00
1
$5,000.00
$-
0
Population x Wealth per Capita
Trojan Family Count
Linear (Trojan Family Count)
13
14. Financial Trojans - Profile of Countries
• Preferred targets: developed country, sizeable wealthy population
• Fewer banks means, less variation needed by the attacker
Country
United Kingdom
Germany
Austria
Netherlands
Italy
France
Spain
Ireland
Finland
Banks
Population
Wealth Per Capita
Number of Threats
52
1873
752
277
729
644
322
472
313
62262000
81857000
8452835
16751323
60849247
65350000
46163116
4588252
5424360
128959
89871
66639
120086
119704
93729
92253
89327
38754
6
5
5
5
4
4
4
3
2
10561614
3180394
838897
417617
1294236
10839905
5445324
2061400
53357
22126
99526
75694
26361
85818
23968
36672
2
2
2
1
1
0
0
0
Portugal
154
Lithuania
141
Cyprus
137
Malta
27
Estonia
16
Belgium
107
Slovakia
29
Slovenia
25
Number of threats fund in EU countries
14
15. Financial Trojans - Profile of Countries
• Preferred targets: developed country, sizeable wealthy population
• Fewer banks means, less variation needed by the attacker
Country
United Kingdom
Germany
Austria
Netherlands
Italy
France
Spain
Ireland
Finland
Banks
Population
Wealth Per Capita
Number of Threats
52
1873
752
277
729
644
322
472
313
62262000
81857000
8452835
16751323
60849247
65350000
46163116
4588252
5424360
128959
89871
66639
120086
119704
93729
92253
89327
38754
6
5
5
5
4
4
4
3
2
10561614
3180394
838897
417617
1294236
10839905
5445324
2061400
53357
22126
99526
75694
26361
85818
23968
36672
2
2
2
1
1
0
0
0
Portugal
154
Lithuania
141
Cyprus
137
Malta
27
Estonia
16
Belgium
107
Slovakia
29
Slovenia
25
Number of threats fund in EU countries
15
25. Our Websites are Being Used Against Us
53%
61%
of web sites serving
malware are legitimate sites
of legitimate websites have
unpatched vulnerabilities
25%
have critical vulnerabilities
unpatched
25
27. Malicious Insiders could pose the greatest risk
Who are they?
1. The disgruntled
employee
2. The profit-seeking
employee
3. A soon to depart
employee
4. The one who owns
the code
27
28. Malicious Insiders could pose the greatest risk
Considerations
• Know your people
• Focus on
deterrence, not
detection
• Identify information that
is most likely to be
valuable
• Monitor ingress and
egress
• Baseline normal activity
28
34. Phishing (Brand impersonation)
Criminals use well-known brands
to trick people into disclosing
information or installing malware.
• 79% of companies experienced one
or more Web-borne attacks in
2012, and 55 percent were affected
by phishing attacks.*
• 20% more brands were targeted by
attackers in the first half of 2013
• 30% of people will still open a
suspicious email
*Webroot/Qualittics Research 2012
34
35. Ransomware
• Anti-Fraud Service for Fraudsters
• Multiple Pricing options
• “FBI" Ransomware
– Now offers optional extras
– Authors resort to disturbing images in bid to make
victims pay
• Cryptolocker
– Continues to cause problems
– Roughly 25 per cent of computers are not running any
real-time protection vs. malware
– Encrypts files with full PKI encryption and sets a deadline
– Offers a discount? 2 0.5 Bitcoins
37. Ransomware is ever present
• New variants encrypt data with strong cryptography
• Making an appearance on mobile devices
• Problem: People don’t back-up their data!
5.00%
4.50%
4.00%
3.50%
3.00%
Percentage of Ransomware
infections in the Netherlands
2.50%
2.00%
1.50%
1.00%
0.50%
0.00%
January February
March
April
May
June
July
August
37
38. Targeted Attacks can come via
partners, customers or suppliers
Everyone is a target now.
38
39. Top targeted sectors in 2013
Government / Public Sector / Academia
Manufacturing
Banking / Financial Services / Real Estate
Computer/IT
Energy
Services
Food/Agriculture
Transport/Logistic
Raw Material / Mining / Chemical
July-Dec 2012
Jan-June 2013
WholeSales / Distributor
0
0.05
0.1
0.15
0.2
0.25
0.3
39
40. Targeted Attacks by Company Size
50% 2,501+
50% 1 to 2,500
Employees
2,501+
9%
1,501 to 2,500
2%
3%
5%
1,001 to 1,500
501 to 1,000
251 to 500
50%
31%
1 to 250
18%
in 2011
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
40
41. Targeted Attacks by Company Size
50% 2,501+
50% 1 to 2,500
Employees
2,501+
9%
1,501 to 2,500
2%
3%
5%
1,001 to 1,500
501 to 1,000
87% of SMBs suffered a
cyberattack last year, only
50%
44% see security as a
31%
priority
251 to 500
1 to 250
18%
in 2011
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
41
42. Targeted Attacks by Job Function
30%
R&D
27%
Sales
24%
25%
C-Level
17%
20%
15%
Senior
12%
Shared
Mailbox
13%
10%
5%
Recruitment
4%
Media
3%
PA
1%
0%
Attacks may start with the ultimate target, but often look opportunistically for any
entry into a company
42
44. Spear Phishing
Watering Hole Attack
Send an email to a person
of interest
Infect a website and lie
in wait for them
Targeted Attacks predominantly start as spear phishing attacks
In 2012, Watering Hole Attacks emerged
44
45. Effectiveness of Watering Hole Attacks
Watering Hole
Attack in 2012
Infected 500
Companies
All Within
24 Hours
Watering Hole attacks are targeted at specific groups
Can capture a large number of victims in a very short time
45
46. Watering Hole Targeted iOS Developers
In 2013 this type of attack will become widely used
Several high profile companies fell victim to just such an attack
46
47. Using the Phone to back up a Phishing Attack
• What can attackers do to improve success rate of phishing
email?
• On 11 April 2013, an employee in an “Organisation A” in
France received a phone call
• French speaking caller, urges her to download an invoice
from a link she will receive through email
• Link doesn’t go to an invoice but instead
installs a version of W32.Shadesrat,
a well-known Remote Access Trojan
• Suspicious, the employee shuts
down the machine 15 minutes
later and contacts the CISO
47
48. The Motive – Financially Driven
• Targets accountants or finance department employees
• These targets may have access to…
• Sensitive commercial information
• May have authority to carry out financial
transactions
• May have access to information that
could facilitate future attacks
• Email addresses
• Phone numbers
• Invoices
• Account numbers
48
49. The potential attack space is growing...
Internet of things
Wearables (glasses)
Password theft
Targeted attacks
Ransom Trojans
419 scams
Bitcoin
SQL injection
Social media
Financial Trojans
Privacy
Cloud
SCADA attacks
DDoS attacks
WLAN hotspot
Cyberwarfare
Browser attacks
Auction scams
Mobile threats
Smart cars
Smart homes/TVs
49
51. Addressing Cyber Risk
Visibility of Risk
Risk Awareness
Technical Controls
Insider Abuse
Commodity Malware
Procedural Controls
Coordinated Attacks (APT)
Policy Management
Demonstrable Processes
Changing Landscape
Massive Data Volumes
Massive Data Volumes
Stay ahead
of threats
Complete
visibility
Focus
on top
priorities
Build a
sustainable
program
Present in
business
context
54. Conclusion
Avoid breaches and mitigate risks
• Patch, patch, patch
• Is your AV up to date?
• Scan your sites for vulnerabilities and malware
• Email and web gateway filtering
• Host based intrusion detection
• Two factor authentication
• Look inside as well as out.
54
55. Where you can learn more
Print Screen now
• Internet Security Threat
–
–
–
–
http://go.symantec.com/istr/
http://www.symantec.com/security_response/publications/
http://www.symantec.com/connect/blogs/elderwood-project-infographic
@threatintel
• Endpoint Security
– http://go.symantec.com/sep12/
• Website Security Solutions
–
–
–
–
–
http://go.symantec.com/ssl
http://www.symantec.com/connect/blogs/website-security-solutions
@NortonSecured
Monthly webinar channel – 4 December 2013
https://www.brighttalk.com/channel/6331
55
Hello everybody I’d like to welcome to you all to our webcast today. – my name is Andrew Horbury – I’m a Product Marketing Manager for Symantec Website Security Solutions. We are best known for providing SSL, Code signing and certificate automation and management tools. Due to the nature of our business a lot of what we see online gives us a fantastic insight into the threat landscape and the everyday threats that we see targeting consumers and businesses. This presentation is called attack of the cyber spies but the title only tells part of the story……. I’m going to talk about how we are being targeted, attacked and what we are potentially doing to make life easier for the cyber spies.Cybercrime is growing – but at what rate and who is being targeted? We as consumers are of course being targeted but at what level and what is the monetary value of what is being stolen? How are the targets and tactics changing, what's new and what is working. I’m, going to spend the next 40 minutes talking about this along the way there will be an opportunity for you to ask questions – and download resources….
I want to highlight where much of the information we are going to discuss today comes from and how it is sourced: As a company Symantec has established one of the most comprehensive sources of Internet threat intelligence in the world, which is compiled from around 70 million attack sensors which record thousands of events every second of every day in almost 160 countries. Symantec maintains one of the world’s most comprehensive vulnerability databases, which currently consists of more than 50K recorded vulnerabilities (spanning the last two decades) from almost 17K vendors representing over 43K products. Spam, phishing, and malware data is captured through a variety of sources, including a system of more than 5 million decoy accounts; Over 3 billion email messages and more than 1.4 billion Web requests are processed each day across 14 data centres. And then Symantec’s Website Security Solutions technology (this is the division of the business that I work in) scans over 1.5 million websites each year and on a daily basis scans over 130,000 URLs for malware and a further 1,400 vulnerability scans.
First I want to set the scene and give you an insight into what we see in the consumer world. On screen now, is a statistic that we track on an annual basis this is the total global cost of cybercrime. Which, for 2013, is EURO 83 billion. Last year, the cost was EURO75 billion, so we’ve seen a slight increase since 2012.These are figures from The Annual Norton Cybercrime Report which is a study that focuses on people – consumers like you and me. We’ve arrived at these numbers by taking the information directly reported to us by the 13,000 respondents to our annual cybercrime survey from 24 countries and extrapolating the figures to the worldwide population. We’ve also removed any anomalies – respondents who self-reported losses that were dramatically more than the average. The figure only includes direct costs and not the time spent resolving the crime.It’s also worth noting that though the total cost went up this year, we have seen consistent results year-over-year, across different respondent groups, providing further proof that the findings from this study are reliable, replicable and valid.The average victim of cybercrime loses EUR220, which represents a 50 percent increase over last year’s findings. Our research tells us that this is again the result of cybercriminals becoming more efficient in their attacks. While once fake antivirus software was the dominant threat, now we see ransomware has taken over. This has likely been a calculated move by cybercriminals, as ransomware is a lot more profitable for them. In previous years, we’ve seen a large percentage of people victimized by fake AV software, where they could be scammed out of EUR40-EUR100 – the “market price” of other, legitimate AV. However, with ransomware, where criminals pose as law enforcement or other authority, there is no limit to the amount they can demand from their victims.
Let’s take a closer look at the direct costs of cybercrime by focusing on the costs for particular countries and regions. Within our study, we extrapolated the direct cash costs for specific countries to bring the point home that cybercrime is a global problem that affects us all.Many of the figures for country and regional costs were similar to last years. One notable exception was the U.S., where losses have increased from 21 million to 38 million.
I think this year we’ve seen some significant differences in attack motives and I’d like to highlight the differences between so-called hacktivism and Cyber CriminalsBefore I do that though I’d like to refer to a recent survey from ESG who asked 244 enterprise security professionals working at companies employing 1,000 or more employees. ESG asked them to identify the groups that pose the greatest security threat to their organization (in terms of launching a targeted attack against them such as an Advanced Persistent Threat). The results were as follows (note: multiple responses were permitted):1. Hacktivists (defined as groups who use computer hacking as a form of protest or civil disobedience), 46%2. Organized crime, 42%3. Competitors conducting industrial espionage, 41%4, Nation state, 34%5. Terrorist organization, 28%6. None of the above, 5% Quite whether you deem Hacktivists criminals or not is a point I’m not going to cover here. With Hacktivist groups creating their fair share of misery and mayhem last year. They stole more data than any other group. Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches. While good old-fashioned greed and avarice were still the prime movers, ideological dissent and schadenfreude took a more prominent role.True, when it comes to motivation, there is a difference. Hacktivists are trying to advance a cause and target those they believe are against that cause. Obviously, a different motivation from the simple pursuit of other people's money. But the tactics and results are the same. For the targeted organization, that's what really matters. There shouldn't be any difference in the defences you put in place for a hacktivist or common thief. It is worth noting noting that the most common attack methods are social engineering (phishing and watering hole attacks for example) and the exploitation of weak passwords, a lack of up-to-date patching and other lax company security policies.The main point here is that if you discover your company has been breached, the nature of the stolen data and how it was lifted matter more than the motivation of the attackers.The answer to the threat is the same as it ever was: Organisations need a program of layered security technologies and policies. They have to make employees use stronger passwords. They have to educate the masses on the social engineering tricks out there.
I think this year we’ve seen some significant differences in attack motives and I’d like to highlight the differences between so-called hacktivism and Cyber CriminalsBefore I do that though I’d like to refer to a recent survey from ESG who asked 244 enterprise security professionals working at companies employing 1,000 or more employees. ESG asked them to identify the groups that pose the greatest security threat to their organization (in terms of launching a targeted attack against them such as an Advanced Persistent Threat). The results were as follows (note: multiple responses were permitted):1. Hacktivists (defined as groups who use computer hacking as a form of protest or civil disobedience), 46%2. Organized crime, 42%3. Competitors conducting industrial espionage, 41%4, Nation state, 34%5. Terrorist organization, 28%6. None of the above, 5% Quite whether you deem Hacktivists criminals or not is a point I’m not going to cover here. With Hacktivist groups creating their fair share of misery and mayhem last year. They stole more data than any other group. Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches. While good old-fashioned greed and avarice were still the prime movers, ideological dissent and schadenfreude took a more prominent role.True, when it comes to motivation, there is a difference. Hacktivists are trying to advance a cause and target those they believe are against that cause. Obviously, a different motivation from the simple pursuit of other people's money. But the tactics and results are the same. For the targeted organization, that's what really matters. There shouldn't be any difference in the defences you put in place for a hacktivist or common thief. It is worth noting noting that the most common attack methods are social engineering (phishing and watering hole attacks for example) and the exploitation of weak passwords, a lack of up-to-date patching and other lax company security policies.The main point here is that if you discover your company has been breached, the nature of the stolen data and how it was lifted matter more than the motivation of the attackers.The answer to the threat is the same as it ever was: Organisations need a program of layered security technologies and policies. They have to make employees use stronger passwords. They have to educate the masses on the social engineering tricks out there.
I think this year we’ve seen some significant differences in attack motives and I’d like to highlight the differences between so-called hacktivism and Cyber CriminalsBefore I do that though I’d like to refer to a recent survey from ESG who asked 244 enterprise security professionals working at companies employing 1,000 or more employees. ESG asked them to identify the groups that pose the greatest security threat to their organization (in terms of launching a targeted attack against them such as an Advanced Persistent Threat). The results were as follows (note: multiple responses were permitted):1. Hacktivists (defined as groups who use computer hacking as a form of protest or civil disobedience), 46%2. Organized crime, 42%3. Competitors conducting industrial espionage, 41%4, Nation state, 34%5. Terrorist organization, 28%6. None of the above, 5% Quite whether you deem Hacktivists criminals or not is a point I’m not going to cover here. With Hacktivist groups creating their fair share of misery and mayhem last year. They stole more data than any other group. Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches. While good old-fashioned greed and avarice were still the prime movers, ideological dissent and schadenfreude took a more prominent role.True, when it comes to motivation, there is a difference. Hacktivists are trying to advance a cause and target those they believe are against that cause. Obviously, a different motivation from the simple pursuit of other people's money. But the tactics and results are the same. For the targeted organization, that's what really matters. There shouldn't be any difference in the defences you put in place for a hacktivist or common thief. It is worth noting noting that the most common attack methods are social engineering (phishing and watering hole attacks for example) and the exploitation of weak passwords, a lack of up-to-date patching and other lax company security policies.The main point here is that if you discover your company has been breached, the nature of the stolen data and how it was lifted matter more than the motivation of the attackers.The answer to the threat is the same as it ever was: Organisations need a program of layered security technologies and policies. They have to make employees use stronger passwords. They have to educate the masses on the social engineering tricks out there.
So what type of activity do we see and how can you prepare and react to it? I'm going to talk about different motivations, the insider threat and how you might detect and react and to them
The first thing to note is that Cyber criminals have time and money – some groups are very well resourced
They are also global and highly skilled….
Reflecting what we saw in the earlier slide in terms of cybercrime. Attackers prefer to target companies and organisations in developed countries with relatively large populations and wealthy residents. This makes perfect sense as there is a large potential base of individuals to compromise with a high potential return. Spoken languages and countries where international transactions are more difficult and require local steps to launder the money are additional factors which influence attacker decisions – after all why make things difficult when they don’t necessarily have to be. Go for the low hanging fruit as there is plenty of it around. Looking at the graph above you can see there is a very definite sweet spot for the English speaking countries (or where English is acceptable to use) – because you can for the most part reuse and repurpose the attacks very easily.
Reflecting what we saw in the earlier slide in terms of cybercrime. Attackers prefer to target companies and organisations in developed countries with relatively large populations and wealthy residents. This makes perfect sense as there is a large potential base of individuals to compromise with a high potential return. Spoken languages and countries where international transactions are more difficult and require local steps to launder the money are additional factors which influence attacker decisions – after all why make things difficult when they don’t necessarily have to be. Go for the low hanging fruit as there is plenty of it around. Looking at the graph above you can see there is a very definite sweet spot for the English speaking countries (or where English is acceptable to use) – because you can for the most part reuse and repurpose the attacks very easily.
7 December 2012 —Wealthy countries with smaller populations are also attacked, but to a much lesser degree (as is the case with Malta and Cyprus, on screen now). In addition, attacking groups may change their targets over time, switching target institutions to avoid attracting too much attention. Interestingly Belgium, a developed nation with a population of approximately 10 million and wealth per capita of just over $80 thousand appears to be a good target, but no configuration files we examined targeted its institutions. Financial institutions in Belgium tend to use more robust security measures like smart card readers which may well deter would-be attackers who move on to other countries with less security or more profitable institutions. Out-of-band transaction verification significantly reduces the ability to socially engineer a fraudulent transaction. Although this technology is not immune to attack, the institution inherently becomes a less desirable target because why make life more difficult for yourself. Evidence that if you do have layers of security and prevention mechanisms then if really does help to protect you in some way shape or form. In the same way a car criminal will try car doors until finally they come across an unlocked car – this is much easier and less risky than smashing a window.
7 December 2012 —Wealthy countries with smaller populations are also attacked, but to a much lesser degree (as is the case with Malta and Cyprus, on screen now). In addition, attacking groups may change their targets over time, switching target institutions to avoid attracting too much attention. Interestingly Belgium, a developed nation with a population of approximately 10 million and wealth per capita of just over $80 thousand appears to be a good target, but no configuration files we examined targeted its institutions. Financial institutions in Belgium tend to use more robust security measures like smart card readers which may well deter would-be attackers who move on to other countries with less security or more profitable institutions. Out-of-band transaction verification significantly reduces the ability to socially engineer a fraudulent transaction. Although this technology is not immune to attack, the institution inherently becomes a less desirable target because why make life more difficult for yourself. Evidence that if you do have layers of security and prevention mechanisms then if really does help to protect you in some way shape or form. In the same way a car criminal will try car doors until finally they come across an unlocked car – this is much easier and less risky than smashing a window.
So who is doing this? Well rather than focus on the Hacktivist lets look at a group of Hackers for hire…I think we all know that there are organised gangs out there Wikipedia tells me the that a decent definition of Organised crime is a term that categorises transnational, national, or local groupings of highly centralized enterprises run by criminals and we’ve recently seen reports of what appears to be a to be a highly resourced, agile and organised hacking group that has been given the name of Hidden Lynx, (named after a string found in the command and control server communications). This team has been behind several campaigns including the compromise of Bit9’s trusted file-signing infrastructure in February of this year.
So who is doing this? Well rather than focus on the Hacktivist lets look at a group of Hackers for hire…I think we all know that there are organised gangs out there Wikipedia tells me the that a decent definition of Organised crime is a term that categorises transnational, national, or local groupings of highly centralized enterprises run by criminalsand we’ve recently seen reports of what appears to be a to be a highly resourced, agile and organised hacking group that has been given the name of Hidden Lynx, (named after a string found in the command and control server communications). This team has been behind several campaigns including the compromise of Bit9’s trusted file-signing infrastructure in February of this year.
So who is doing this? Well rather than focus on the Hacktivist lets look at a group of Hackers for hire…I think we all know that there are organised gangs out there Wikipedia tells me the that a decent definition of Organised crime is a term that categorises transnational, national, or local groupings of highly centralized enterprises run by criminals and we’ve recently seen reports of what appears to be a to be a highly resourced, agile and organised hacking group that has been given the name of Hidden Lynx, (named after a string found in the command and control server communications). This team has been behind several campaigns including the compromise of Bit9’s trusted file-signing infrastructure in February of this year.
The group has also targeted hundreds of different organisations in a whole host of regions and often undertakes campaigns concurrently. Symantec’s Threat Intelligence team have blogged extensively on this subject and believe that hidden lynx are the best of breed in terms of hackers for hire…..The Hidden Lynx attackers have demonstrated cutting-edge technical skills throughout these campaigns – if you’ve heard any of our webinars in the past you might well recall watering hole attacks – well it was this team that pioneered the watering-hole technique and had access to a number of zero-day vulnerabilities. Along with this, they have been seen attacking supply chains and lying in wait until they compromise their real targets through these channels. The attackers have proven to be very calculated, strategic and patient. Hidden Lynx are professional hackers-for-hire who allow prospective clients to contract with them in order to undertake campaigns. Given the type of skills and expertise offered it is likely that the group is made up of a considerable number of attackers, possibly somewhere between 50 to 100 operatives, who are split into at least two teams that focus on different activities using specific tools and methods. One team appears to focus on disposable tools with basic but effective techniques to attack several targets. Whilst the other main team is made up of elite attackers that use their tools more sparingly but focus primarily on high value targets.
As the previous slides have indicated criminals will look for your weakest link and your weakest link could be your employees, your website or even your unpatched servers.
Lets focus on the weak links in your infrastructure for a moment….in the last year we have seen an increase in zero-day vulnerabilities. There were 14 unreported vulnerabilities first seen being used in the wild in 2012.In the last three years much of the growth in zero-day vulnerabilities used in attacks can be attributed to two groups; the authors of Stuxnet and the Elderwood Gang. In 2010, Stuxnet was responsible for 4 of the 14 discovered zero-day vulnerabilities. The Elderwood Gang was responsible for 4 of the 14 discovered in 2012. The Elderwood Gang also used zero-day threats in 2010 and 2011, and they’ve used at least one so far in 2013. Generally speaking attackers use as many zero-day vulnerabilities as they need, not as many as they have – therefore they tend to keep their powder dry.Stuxnet and Elderwood make for an interesting contrast in the strategy of their use. Stuxnet remains the aberration, using multiple zero-day exploits in one attack. From what we know today, it was a single attack that was directed at a single target. Multiple zero-day exploits were used to ensure success so they would not need to attack a second time.By contrast the Elderwood Gang has used one zero-day exploit in each attack, using it continually until that exploit becomes public and it becomes patched. And once that occurs they move on to a new exploit. This makes it seem that the Elderwood Gang has a limitless supply of zero-day vulnerabilities and is able to move to a new exploit as soon as one is needed.
Looking at other vulnerabilities we can see that the number is slightly up in the last year, from 4,989 in 2011 to 5,291 in 2012. And whilst zero-day vulnerabilities present a very serious security threat, known (and even patched) vulnerabilities are dangerous if ignored. Many companies and consumers fail to apply published updates and patches in a timely way. Toolkits that target well-known vulnerabilities make it easy for criminals to target millions of PCs and find the ones that remain open to infection. And perhaps one of the most interesting points I want to make today is that, the vulnerabilities that are often the most exploited are not the newest.
And these vulnerabilities are being exploited looking at the graph on screen now you can see that the rate the rate of web based attacks blocked per day increased by 30 percent year on year, while the rate of discovery of vulnerabilities has only increased by 6 percent. As you can see cyber criminals still make extensive use of known vulnerabilities, it’s these unpatched loopholes that continue to be a popular means of carrying out attacks.The numbers are in itself I think quite telling particularly when you compare them to those searching for a security solution that cover the ‘threats of tomorrow. These numbers and the evidence that we’ve seen highlights how unsophisticated attacks on corporate networks can have an effect without resorting to expensive zero-day exploits. You know…. Whether it’s exploiting poor security practices, misconfigured security devices or staff that lack security training, companies should understand that it is possible to gain control of most parts of an organisation, even though no new attacks or methods are used.We’ve seen some data that indicates that the time from when a vulnerability is detected to when it is patched is “almost uniform in every country,” indicating that this is a global trend. It is therefore essential to shift the approach to security from stand-alone tools to integrated solutions as part of business processes.
So what might be a popular way in?Webservers can be attacked by malware just like desktop PCsIn 2012, Symantec scanned over 1.5 million websites for malwareOver 130,000 URLs were scanned for malware each day, with 1 in 532 websites found to be infected with malwareApproximately 53 percent of websites scanned were found to have unpatched, potentially exploitable vulnerabilities (36 percent in 2011), of which 25 percent were deemed to be critical. The most common vulnerability found was for cross-site scripting vulnerabilities.With all these unpatched vulnerabilities in legitimate websites there is no need for malware author to set up their own. In fact 61% of all malicious web sites are legitimate sites – so as we can see this is a significant issue.
And if its not the website that is being used against us then it might well be your employees.
So lets look at insiders….Fortune magazine reports: If a police sketch artist were to draw the person who was trying to steal internal data and information, what would that person look like? A masked Houdini, would it be a haggard, red-eyed hacker working in a basement? Would it be a member of the criminal underground or national secret agent, acting under orders?Or is it more likely to be the familiar,friendly, smiling face within your own organisation?http://www.forbes.com/sites/ciocentral/2012/08/27/intelectual-property-theft-beware-the-enemy-within/So far we’ve really focussed on the faceless threat which is why we have countermeasures such as firewalls, antivirus software, and intrusion detection systems that are all aimed at these threats. Yet these measures do little to counter an even greater threat - that of malicious insiders within the organisation.And it seems that many organisations do not treat these threats seriously. Such threats include fraud, sabotage, and theft or loss of confidential information caused by trusted insiders. These threats go beyond negligence. They represent purposeful action on the part of insiders to act in opposition to the interests of the organisation, whether for financial gain, retribution, or some other motivation. I think we can divide these up into four distinct categories…The disgruntled employee - The employee who feels to have been personally disrespected, perhaps due to an expected pay raise that failed to materialise or perhaps they’ve had a negative review or a disagreement over time off, demotions, transfers or other similar issues. In this instance, revenge would seem to be is the employee’s motive.Profit-seeking employee – this is like hacking for profit – driven by greed – as money is a simple motivation for many people. They work for a wage; however, by stealing information, they can make more money selling the stolen data or modifying the data to steal an identity. The information could be relatively easy to access and steal for the employee, plus the theft can be rationalised because, as a malicious insider might say, “The company won’t even miss it.”An employee who is moving on to a competitor or starting a business – For someone starting a business in the same field, the theft of customer lists, business plans, and even simple forms or templates can be tempting. Alternatively, imagine the employee leaving to work for a competitor. Perhaps the new employerhas hinted that such an exchange of information could help the new employee progress at a faster rate.Finally it could be an employee who believes they own the code or product – In this instance, employees feel a sense of ownership over code they wrote or a product they developed. Therefore, they take the code for their future use or even for their next job.What do you need to focus on here? You need to know your peopleFocus on deterrence, not detectionIdentify information that is most likely to be valuable –Monitor ingress and egress - look at and consider and potentially restricting the flow of information outbound from one network to another. look at solutions like data loss preventionBaseline normal activity – by that I mean start to consider base-lining normal user activity and looking at what could be perceived as abnormal activity.
So lets look at insiders….Fortune magazine reports: If a police sketch artist were to draw the person who was trying to steal internal data and information, what would that person look like? A masked Houdini, would it be a haggard, red-eyed hacker working in a basement? Would it be a member of the criminal underground or national secret agent, acting under orders?Or is it more likely to be the familiar,friendly, smiling face within your own organisation?http://www.forbes.com/sites/ciocentral/2012/08/27/intelectual-property-theft-beware-the-enemy-within/So far we’ve really focussed on the faceless threat which is why we have countermeasures such as firewalls, antivirus software, and intrusion detection systems that are all aimed at these threats. Yet these measures do little to counter an even greater threat - that of malicious insiders within the organisation.And it seems that many organisations do not treat these threats seriously. Such threats include fraud, sabotage, and theft or loss of confidential information caused by trusted insiders. These threats go beyond negligence. They represent purposeful action on the part of insiders to act in opposition to the interests of the organisation, whether for financial gain, retribution, or some other motivation. I think we can divide these up into four distinct categories…The disgruntled employee - The employee who feels to have been personally disrespected, perhaps due to an expected pay raise that failed to materialise or perhaps they’ve had a negative review or a disagreement over time off, demotions, transfers or other similar issues. In this instance, revenge would seem to be is the employee’s motive.Profit-seeking employee – this is like hacking for profit – driven by greed – as money is a simple motivation for many people. They work for a wage; however, by stealing information, they can make more money selling the stolen data or modifying the data to steal an identity. The information could be relatively easy to access and steal for the employee, plus the theft can be rationalised because, as a malicious insider might say, “The company won’t even miss it.”An employee who is moving on to a competitor or starting a business – For someone starting a business in the same field, the theft of customer lists, business plans, and even simple forms or templates can be tempting. Alternatively, imagine the employee leaving to work for a competitor. Perhaps the new employerhas hinted that such an exchange of information could help the new employee progress at a faster rate.Finally it could be an employee who believes they own the code or product – In this instance, employees feel a sense of ownership over code they wrote or a product they developed. Therefore, they take the code for their future use or even for their next job.What do you need to focus on here? You need to know your peopleFocus on deterrence, not detectionIdentify information that is most likely to be valuable –Monitor ingress and egress - look at and consider and potentially restricting the flow of information outbound from one network to another. look at solutions like data loss preventionBaseline normal activity – by that I mean start to consider base-lining normal user activity and looking at what could be perceived as abnormal activity.
And they are good at it
If they don’t get you one way they will try another…..
Here is one of those senior people – was targeted relentlessly – in the end they couldn’t get to him – so they wen to try someone else – someone easier to attack
And so how might they do this…? Criminals use well-known names and brands to trick people into disclosing confidential information or installing malware. Often, they use fake websites to fool people. The best-known example of this kind of attack, known as ‘phishing’, is when a fraudster uses a fake bank site to lure customers into revealing bank or credit card details and passwords.A more recent development has seen scammers use social media to lure people to fake websites where they disclose information, such as social media website passwords, in the hope of some reward such as free vouchers or a free phone. And this is part of the reasons why Malware is continuing to rise – Cybercriminals are taking advantage of social media, social media – social media is viral in nature and people of less suspicious of content from friends. And of course by installing malware then the known vulnerabilities can continue to be exploited and the readily availability of toolkits to distribute malware help the circle of life go on….79 percent of the companies experienced one or more Web-borne attacks in 2012, and 55 percent were affected by phishing attacks.
for those of you not familiar with Ransonware. Typically this is a tactic where an application is installed onto a PC which then locks it and can only be unlocked in return for a fee. There have been stories recently where Police departments have been caught out which is particularly ironic when you consider that the advice from law enforcement agencies the world over is to never pay the fee demanded by those holding a hostage, but one Massachusetts police department has admitted that it paid approximately US $700 to unlock one of its computers that had become infected with the CryptoLocker variant of the ransomware malware. The standard fee for unlocking appears to be a flat US$300 what they call "release fee" to free up the victim’s computer from some made up accusation. But, as the cybercriminals become more willy they have reasoned, if a victim is willing to pay US$300 for allegedly viewing “ something like pornography” then perhaps they may also like to buy other value added services, such as the option to wipe their criminal record and, as they’ve termed it – "avoid any problems at work and other places where criminal records can be checked", a snip at only US$450 extra! And of course – it’s all more money down the drain for the paranoid victim.
On screen now you can see a typical example of Ransomware and there are plenty of indications that Cryptolocker ransomware is wreaking havoc among unsuspecting users across the globe. At this point, all major AV providers have good protection against the Cryptolocker threat. However, as Microsoft reported a few months ago, roughly 25 per cent of computers are not running any real time protection against malware. This statistic is based on data from a pool of computers in excess of 600 million. If we assume these numbers to be correct, then this suggests that there are at least 150 million computers that are easily susceptible to infection by Cryptolocker. That’s clearly a huge number and with the Cryptolocker ransom at around US$300 computer that’s a whole lot of money to be made – around $45 Billion!
As we can see here from this graph the Ransomware threat is growing and growing and while it can be tempting to just pay up when faced with looming deadlines or potential loss of critical data, paying these fees will only further embolden the attackers. The police are setting a really bad example not just in terms of their response but also how they run their IT systems. In the case of Cryptolocker, the maxim of prevention is better than cure is most definitely true. A multi-layered approach is once again the best policy for dealing with this threat.
So lets look at targeted attacks and alternative ways in….earlier I spoke about assumptions that smaller business might not be targets…. Let take a look.
Targeted attacks are aimed at one person or a specific, group of people. Until relatively recently, writers of viruses were trying to spread their malware to as many computer users as possible in order to make a name for themselves. But today cybercriminals largely driven by financial motives and targeted assaults are replacing global widespread virus outbreaks because these are much more profitable. On screen now you can see that Public sector, banking and manufacturing are the most targeted industries.
So lets take a look at the sizes of businesses are being targeted….The graphic on screen now highlights that 50% of businesses targeted employ 2500+ but what’s surprised us more than anything recently is that for the last two years this makes up only half of the targeted attacks. The biggest growth we’ve seen was against smaller companies - those employing less than 250 people. This sector of the market made up 31% of all attacks. As we saw earlier the aim is make money, and criminals don’t care where the money comes from - they simply want to take it and will target who they think they can get it from and smaller business perhaps represent lower hanging fruit.
A Ponemon survey of 2000 IT Managers reports that 44% of those surveyed saying that a strong security policy is not a priority and 58% claiming that management do not see cyber attacks as a significant threat.
As we saw on a previous slide Executives are no longer the leading targets of choice – attackers have moved to knowledge workers - employees who work on or have access to company intellectual property. Sales employees are also a very popular target for attack. But all employees run the risk of being targeted and consequently should be protected.
You know…. Its not just about direct attacks or email….
The biggest innovation in targeted attacks was the emergence of watering hole attacks. This involves compromising a legitimate website that a targeted victim might visit and using it to install malware on their computer.
For example, this year we saw a line of code in a tracking script on a human rights organisation’s website with the potential to compromise a computer. It exploited a new, zero-day vulnerability in Internet Explorer to infect visitors. Our data showed that within 24 hours, people in 500 different large companies and government organizations visited the site and ran the risk of infection. The attackers in this case, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well- resourced team backed by a large criminal organization or a nation state.
I want to give a quick example of a watering hole attack…This example is of an attack on a legitimate site visited by iOS developers. The Elderwood gang managed to exploit a vulnerability in this website and inject malware into it. This site is by no means a mainstream site but the visitors tend to be the type of mobile developers targeted. There were about 40+ developers infected in this attack. But these victims worked for companies such as Twitter and Facebook but also smaller app developers…. By planting malware on this site the attackers were able to infect any visitor. It is unclear if the attackers were looking for one specific company to attack, or any vendor of iOS applications who visited the site. It’s important to remember that the web site used in a waterhole attack is also a victim. As a company Symantec has solutions we have solutions that can help protect your site from attacks like this – we have Website security solutions that can encrypt the traffic to your site and also scan your site for any possible vulnerabilities and malware. I know if I were running a similar site to this one right now I’d be exploring how I could demonstrate to my visitors that they can be assured that what happened here could not happen to them
This type of attack is not really so new… Particularly if you work in in sales, you’ve always known that, when possible, it helps to call ahead and let a prospect know that you’ll be sending an email with a proposal, or the details they requested… Well, it would also seem that cyber criminals have been paying attention to this tactic and are doing the same thing – with alarming success.This pretty sophisticated Spear Phishing attack, cyber criminals are calling various accounting and finance department employees in targeted French companies — along with their subsidiaries in Romania and Luxembourg — and asking if they can email over an invoice.
The unsuspecting victim on the other end of the phone (who typically deals with numerous invoices a day) agrees to receive the emailed invoice. However, when they open the email they either click a link or download an attachment that contains a variant of the remote access Trojan W32.Shadesrat, which can be used to steal passwords and launch DDoS attacks.As we noted a few slides back cyber criminals typically don’t have to look long and hard for data about their victims. Email address and phone numbers are often available in various websites and directories, or in corporate information such as brochures, white papers, executive reports and more – so this one is a relatively simple attack to carry out but the rewards can be fruitful. IT seems is really is better to call ahead before sending malware….
So as we’ve seen the cybercrime threat is very real and as there is seemingly malware for every device then we really need to be aware of what we use and how we use it. PC users are targeted with banking Trojans, ransomware and rootkits, but Mac users also face threats such as phishing sites, fake antiviruses and spyware. When it comes to smartphones and tablets, cybercriminals have developed all sorts of malicious elements designed to target such devices. So it’s clear that no matter what type of device we have, it’s vulnerable to cybercriminal attacks. This is why it’s important to deploy security software on all of them. The most efficient way to do this is by using a multi-device solution but can you control all the devices being brought into your organisations?
So….. coming to the end of the presentation in terms of where to go next. I wanted to quickly share this slide with you - this is perhaps how you might want to consider addressing cyber risks.Stay ahead of threats, gain complete visibility across your organisation, focus on top cyber priorities, build a sustainable program not one that works for today, and to gain buy in present it in a business context - understand the risk and present it accordingly.