Understanding Your Attack Surface and Detecting & Mitigating External Threats Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how. Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How: What is a Digital Footprint? Breakdown of External Threats (Social, Mobile, Web) What are blended attacks? What is actually being targeting at your company? How are your brands, customers, and employees being attack outside of your company? How to become proactive in threat monitoring on the internet? Considerations in External Threat solutions Threat correspondence tracking considerations Is legal cease and desist letters adequate in stopping attacks? Examination of a phishing attack campaign How phishing kits work Analysis and lesson learned from recent published attacks What are the most important capability in a digital risk monitoring solution?

1. ©2017 RiskIQ 1
YOU’RE AT WAR
Understanding Your Digital Attack Surface and
Mitigating External Threat Damage:
The What, Why, How
Ulf Mattsson
CTO Security Solutions
Atlantic Business Technologies
ulf.mattsson@atlanticbt.com
David Morris
david.morris@morriscybersecurity.com
Benjamin Powell
Product Marketing Manager
RISKIQ
1.888.415.4447

2. ©2017 RiskIQ 2
The Presenters

3. ©2017 RiskIQ 3
David Morris
Thought Leader and Pioneer in the Cybersecurity space, Mr. Morris has
founded, managed and advised several start-ups and later stage companies
leading them to multi-million dollar revenues.
His particular areas of technical expertise are:
- Cryptography, Threat Intelligence, Third Party Risk Management, Biometric
Systems, Penetration Tests and Vulnerability Assessments
Currently Mr. Morris advises end-users, technology developers and investors in
the area of Cybersecurity.
david.morris@morriscybersecurity.com

4. ©2017 RiskIQ 4
Ulf Mattsson
Inventor of more than 55 US Patents
Industry Involvement:
• PCI DDS - PCI Security Standards Council
Encryption & Tokenization Task Forces, Cloud & Virtualization SIGs
• IFIP - International Federation for Information Processing
• CSA - Cloud Security Alliance
• ANSI - American National Standards Institute
ANSI X9 Tokenization Work Group
• NIST - National Institute of Standards and Technology
NIST Big Data Working Group
• User Groups
Security: ISACA & ISSA
Databases: IBM & Oracle

5. ©2017 RiskIQ 5
Benjamin Powell
Technical Marketing Manager at RiskIQ
Skills & Competencies:
Leadership, systems architecture, project management, staff
development, professional services, pre and post-sales support,
security architect & investigator, business development, problem
resolution, communication skills, strategic planning, critical
thinking, future focused, demand generation programs, partner
marketing, and field marketing. Currently holds CEH
5

6. ©2017 RiskIQ 6
YOU’RE AT WAR
Understanding Your Digital Attack Surface and
Mitigating External Threat Damage:
The What, Why, How
Benjamin Powell
Product Marketing Manager

7. ©2017 RiskIQ 7
What is your Digital Footprint?
•Your digital footprint contains all of your external-facing assets
•These include websites, servers, landing pages, web
applications, and other assets put online (some of which were
created outside official protocol and thus, unknown/unmanaged)
•Without the knowledge and inventory of these assets by IT
security teams, you can’t protect what you don’t know about
–Shadow IT
–Rogue developers, rogue marketing teams

8. ©2017 RiskIQ 8
What are blended attacks?
Web Social Mobile
• Domain
infringement
• Phishing
• Brand abuse
• Malware, exposed
vulnerabilities
• Phishing
• Fake apps and rogue
apps on third-party sites
• Malware and
compromise
• Brand, exec imposters
• Phishing
• Scams and fraud

9. ©2017 RiskIQ 9
How easy is it to become a victim of a phishing campaign?
Freeware Application for phishing
•Free fully functioning phishing
application framework.
–Linux, Windows, and Mac
versions available
•Gophish is a powerful, easy-to-use,
open-source phishing toolkit meant
to help pen-testers and businesses
conduct real-world phishing
simulations.
For Educational Purposes Only

10. ©2017 RiskIQ 10
Real Email For Template In Phishing Attack
Real Email Message
View Source
gophish Phish Email Template

11. ©2017 RiskIQ 11
Importing Targeted Landing Pages For Attack
Targeted Website gophish Targeted Landing Gage for phish Attack

12. ©2017 RiskIQ 12
Phishing Campaign & Tracking
Creating Phishing Campaign
Tracking Phishing Campaign

13. ©2017 RiskIQ 13
How to get proactive in monitoring the internet for threats?
• Know your digital footprint
• Patch and update your internet-facing
servers and assets often
• Monitor & block newly observed domains
• Monitor what websites are linking to your
assets (host pairs)
• Track your correspondence of security
incidents outside of email inboxes so
everyone knows what is happening at
any given time.

14. ©2017 RiskIQ 14
Considerations in External Threat solutions
• Automated discovery of assets in your digital footprint
• Continuous monitoring of critical internet-facing assets
• Reporting on risky infrastructure issues and potential vulnerabilities
• Monitoring of the internet, mobile app stores, and social media for
threats, impersonation, active attacks
• Integrated, automated mitigation workflows with in-app correspondence
tracking and audit trails
• Dedicated support team to help with complicated threats

15. ©2017 RiskIQ 15
Security Incident Response Steps
1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned
Sample Incident Handling Forms
https://www.sans.org/score/incident-forms

16. ©2017 RiskIQ 16
Common Attacks you should have a plan for
• Domain infringement
• Phishing attack
• Fraudulent Social Media Profile
• Malware being served from your website
• Rogue mobile application
• Website defacement
• Vulnerable infrastructure
• Web Compliance
• Ransomware

17. ©2017 RiskIQ 17
Lessons Learned
1. Create security incident response plans.
2. Practice your security incident response plans.
3. Use tools, services, or both that make your organization
proactive in facing external threats.
4. Communication is key in handling security incidents.
5. Mitigate threats immediately by utilizing global black listing
services with Google, Microsoft (95% of worlds browsers).
6. Learn from your drills and real incidents to become better and
more proactive.

18. ©2017 RiskIQ 18
Domain Infringement?
•A domain that has the same spelling and a different Top Level
Domain (Typosquatting) ?
–riskiq.om
–risciq.com
–risk-iq.com
Yes or No?
Answer: No

19. ©2017 RiskIQ 19
Domain Infringement?
•A domain that has the same spelling and a different Top Level
Domain?
–riskiq.om
–risciq.com
–risk-iq.com
•Now the domain has your logos on the website.
Yes or No?
Answer: Yes

20. ©2017 RiskIQ 20
Domain Infringement?
•A domain that has the same spelling and a different Top Level
Domain?
–riskiq.om
–risciq.com
–risk-iq.com
•Now the domain has your logos on the website.
•Now the domain has a login page just like your real site.
Yes or No?
Answer: Yes, but it now a potential phishing attack as well

21. ©2017 RiskIQ 21
Recently Seen Rogue Mobile App Scenarios
•You have a mobile application on the Google Play Store and
Apple iTunes.
–You Charge $0 and it is free for everyone.
–Threat actors down load your free application and upload it to one
of the other 178 different app store around the world.
–They state it is new and improved and charge $1.00

22. ©2017 RiskIQ 22
RISKIQ Community Edition
https://community.riskiq.com

23. ©2017 RiskIQ 23
SecDevOps

24. ©2017 RiskIQ 24
Security Tools for DevOps
Static
Application
Security
Testing
(SAST)
Dynamic Application Security Testing (DAST)
Fuzz testing is
essentially
throwing lots of
random garbage
Vulnerability
Analysis
Runtime Application
Self Protection
(RASP)
Interactive
Application Self-
Testing (IAST)

25. ©2017 RiskIQ 25
Security Metrics from DevOps
# Vulnerabilities
Time

26. ©2017 RiskIQ 26
Generating Key Security Metrics
# Vulnerabilities
Time

27. ©2017 RiskIQ 27

28. ©2017 RiskIQ 28
Atlantic BT Application Security Solutions
•Data Security. We map the flow of data across your digital footprint, applications
environment, library framework, source code, and storage to pinpoint risks before
they turn into attacks.
•Secure Hosting. We create dynamic, cloud-based environments with inside-out
security controls to protect your systems and storage from attacks and other service
disruptions.
•Application Security. We practice “secure by design” discipline in our software
development. This protects your custom applications by automating secure coding
standards and automation in testing at every step.
•Active Application Monitoring and Vulnerability Management. We can monitor
your systems, applications, and digital interactions for threats and ongoing security
process improvements.
https://www.atlanticbt.com/services/cybersecurity/

29. ©2017 RiskIQ 29
Thank you!
Ulf Mattsson
CTO Security Solutions
Atlantic Business Technologies
ulf.mattsson@atlanticbt.com
David Morris
david.morris@morriscybersecurity.com
Benjamin Powell
Product Marketing Manager
RISKIQ
1.888.415.4447