Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.

1. CenturyLink and Cyber Security
Dave Mahon, Chief Security Officer

2. Security Concerns: What Keeps You Up at Night?
IDC Worldwide Big Data & Analytics Report for 2015
Am I meeting the
latest regulatory
requirements?
Will I pass the audit?
Do I need cyber
insurance?
What sort of policy?
What’s the cost?
Am I personally
liable should
something happen
to the company?
Is my brand
at risk?
2
Am I going
to get
breached?

3. 783 US. data breaches tracked in 2014, with a 261% increase in size over 2013!
70 M credit cards
compromised due
to vendor leak
56 M credit cards
leaked after security
turnover & software
issues.
Digital business
assets exploited,
damaging the brand,
and taking down
parts of the network
for months.
$200 Million+
$200 Million
$15 Million+
2014: The Year of the Data Breach
3

4. Five Primary Sources of Threats: Inside and Outside The Network
Employees
Malicious or not,
represent up to 40%
of data breaches
INSIDER THREATS
Where is the danger?
Top threats in 2014:
1. Malicious Code
2. Web-based attacks
3. Web application attacks
4. Botnets
5. DDos
6. Spam
7. Phishing
8. Exploit Kits
9. Data Breaches
10.Physical damage /
threat / loss
11. Insider threats
12. Information Leakage
13. Identity Theft / Fraud
14. Cyber espionage
15. Ransomare
Protesters with
an Axe to Grind
Promote political
ends by targeting
specific companies
HACKTIVISTS
Zealots with
Strong Views
Seek revenge,
damage, change
TERRORISTS
Well Funded
Criminals
Seek companies with
customers and
money to lose
CYBER CRIMINALS
Government
Funded
Espionage
Target governments
and private industry to
further political change
STATE SPONSORED
4

5. How the Underground Economy Works
Source: Michael Yip, The University of Southhampton, Oct 2012
ATTACK SERVICES
Zero-day
exploit finders
Malware
authors
Botnet
herders
Spammers Phishers
Intruders &
Crackers
Rogue
web admins
Rogue Hosting
Spoof website
designers
Bank data
stealers
Plastic vendors
& encoders
Cashiers Scammers
Identity theft
& fraud
Carders
DELIVERY
BLENDED
SERVICES
FINANCIAL CRIME/
INDENTITY THEFT
Game login/
Envelope
stealers
Virtual asset
traders
Blackmailers Gangs/Mafia
TRADITIONAL ORGANISED
CRIMINAL GROUPS
VIRTUAL ASSETS
TRADING
Virtual currency
sellers
Mules/Drops
Exchangers
MONEY LAUNDERING
Security Service
providers
Needed by all parties
Flow of demand
Potential influence

6. Attack Example: State-Sponsored Espionage
Send
Spearphishing
Email
May 2013
Gain Access to
network, steals
token data
Using stolen RSA
token data and
credentials, logs into
Lockheed’s VPN.
Attack detected
only after an
attempt to
steal data.
March 2012
Victims
Aerospace and defense organizations,
computer hardware and software, legal,
energy/gas, finance, telecommunications,
mainly in the US
Stolen
Intellectual property: technology blueprints
proprietary manufacturing processes, test
results, business plans, pricing documents,
partnership agreements, and executive email
address /contact lists.
The Chinese People’s Liberation Army (PLA) accessed hundreds of
terabytes of data from over 141 organizations from 2006 – 2011
Impact
Wanted by the FBI
6

7. Attack Example: Cyber-Criminals
“The biggest hack in U.S. retail history”
• $148M hard costs in 6 months
• Loss consumer confidence
• CEO/top execs forced to resign
• 90 lawsuits in 90 days
• USG investigations
• Total costs could reach billions
• 40 million Target customer credit card information
• 70 million customer personal information
Target’s Point of Sale (POS) systems were
infected with a “RAM scraping” attack.
Unencrypted credit card data was collected as it
passed through the infected machine’s memory
before being transferred to Target’s payment
processing provider. Target’s intrusion detection
and anti-virus systems alerted on the malware
but it was not acted upon.
September 2013
Rinat Shabayev
develops
BlackPOS
malware and
sells it online.
November 2013
In 2 days, Malware
had reached most
Target POS devices,
and intruders were
collecting live credit
card transactions.
Phishing email sent
to Target’s payment
processing
contractor Fazio
Mechanical.
Hackers steal
credentials and gain
remote access to
Target’s billing
system.
Stolen data is
FTP’d to external
servers and
appears for sale in
online black
markets.
Hackers move
laterally inside
Target’s network to
access POS
Systems and install
BlackPOS malware.
December 2013
Impact
7

8. 8
• Spearphishing attack
• Similar malware, attack infrastructure, and tactics
previously used by North Korea.
• Stole large amounts of sensitive corporate and
personal data.
• Released destructive malware that deleted data and
rendered thousands of Sony computers inoperable.
• Released Sony’s sensitive data to the public.
• Sensitive data made public
including emails, scripts, salaries,
and 47,000 employee records.
• Corporate data deleted
• Thousands of employee computers
unusable
• Damage to company image with
public, employees and industry
talent.
• Financial cost of both remediating
the attack & limiting movie’s
release.Likely to prevent the release of Sony‘s movie, “The
Interview,” depicting a fictional plot to assassinate North
Korea’s leader.
What?
8
Attack Example: Terrorists
Why?
Impact

9. Attack Example: Hacktivists
9
Offshoot of Anonymous LulzSec & Sony Pictures
May - June 2011
UAT Students “Join”
LulzSec
Hack Sony Pictures
website, access
account info
Post stolen data
on Pastebin
Goal: To “have fun,” embarrass website
owners, ridicule security measures
Victim: Sony Pictures, protesting their action
against a hacker for “jailbreaking” PS3
Impact: 37,000 comprehensive customer
contact records including passwords
stolen
Cody Kretsinger, 23
(AKA “Recursion”)
Raynoldo Rivera, 18
(AKA “Neuron”)

10. April 2012
Downloads first
classified
documents as
Dell contractor in
Hawaii
Edward Snowden - “Whistleblower”
American cybersecurity expert, former CIA system admin and counter intelligence trainer at
Defense Intelligence Agency (DIA). Leaked millions of classified documents to journalists.
Charged with: violating the Espionage Act, theft of government property, unauthorized
communication of national defense information, and willful communication of classified
intelligence. Fled to Russia in 2013 where he remains today.
Dec-Jan 2013
Flies to Hong
Kong, reveals
numerous NSA
docs to
Greenwald &
Poitras
Snowden connects
with reporter/
filmmaker Glenn
Greenwald
New job gives
him greater access
to classified docs.
Download 1.7 M
files using spider
program
First article
published,
Snowden
goes public.
Leaks 1st
intelligence
reports, takes
leave of absence
after 4 weeks on
the job.
Attack Example: Insider Threats
March 2013 April 2013 May 2013 June 2013
10

11. Collaborating
On NIST
Cyber Security
Framework
CenturyLink
CEO on
committee
Active
contributor/
participant
Who We Work With: CenturyLink Works with Many Government and Private Entities for National
Security and Customer Protection
Permanent
seat on
NCCIC floor
Member of
Cyber Unified
Coordination
Group
DEFENSE HOMELAND SECURITY JUSTICE
FCC
WHITE HOUSE, STATE, COMMERCE,
AND STATE GOVERNMENTS PRIVATE SECTOR
Network Service Provider
(NSP) Security (NSP-SEC)
Network Information
Sharing Exchange (NSIE)
Defense Industrial Base
Information Sharing Exchange
(DSIE)
OPS-Trust
24/7
presence
within
DHS
CSRIC
Working
Groups
DIB Cyber
Security /
Information
Assurance
Botnet
Takedowns
APT Mitigations
Global Infrastructure
Alliance for Internet
Safety
11

12. 12
INTEGRATING DATA FOR HOLISTIC THREAT PICTURE
1 Confidential
Enterprise Managed Security Portfolio
CENTURYLINK
DATACENTER
MANAGED
HOSTING
ENVIRONMENT
Branch
Office
CUSTOMER
PREMISES
Headquarters
Fully Managed Defense-In-Depth Security
Security
Services
CenturyLink SOC
 Comprehensive set of security products and services at the customer premise, in the network and at the
data center managed through the Security Operations Centers
 24/7 Monitoring , Management and Incident Response
 Security Services Web Portal
IAAS CLOUD COMPUTING CONTROLS
• Robust reporting and self management
portal
• Monitored and managed, with configuration
support
•Security functionality provided from the
network
NETWORK-BASED
SERVICES
Corporate Firewall
Internet
Corporate Network