Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

MindTheSec Anatomia de um Ataque

MindTheSec Keynote in São Paulo 2015

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

MindTheSec Anatomia de um Ataque

  1. 1. Anatomia de um Ataque Wolfgang Kandek, Qualys wkandek@qualys.com @wkandek 27 Agosto 2015 mindthesec - São Paulo, Brasil
  2. 2. Verizon Data Breach Investigation Report
  3. 3. Verizon Data Breach Investigation Report
  4. 4. Verizon Data Breach Investigation Report
  5. 5. Verizon Data Breach Investigation Report
  6. 6. 2122 Data Breaches
  7. 7. 2122 Data Breaches Dados financeiros, Dados de Produtos, Dados pessoais, Usuários/Senhas
  8. 8. Vulnerabilidades
  9. 9. > 99% mais que 1 ano
  10. 10. > 99%
  11. 11. Mas 40 em 2014
  12. 12. Mas 40 em 2014 e 50% em 2 semanas
  13. 13. > 99%
  14. 14. Malware Infects Computer Exploit for known Vulnerability Targeted E-mail Spear Phishing Social Media Profile Exploit for 0-day Vulnerability Known Worm/Virus Infected USB Drive Find infected Computers Command and Control Username/ Passwords Dataloss Brand Finance Others
  15. 15. > 99%
  16. 16. 1. CTO (fan de punk), ticket punk rock show, abriu doc, script falhou 2. Empregado, oferta de emprego, abriu doc, script rodou 3. COO (Historia Grega), comentário de artigo, não abriu doc 4. Empregado, pedido de informação sobre projeto, não abriu doc 5. Empregado, formulário de pesquisa de um emprego passado, abriu doc, script rodou, mas não teve acesso a conta 6. Administrator de Sistemas, oferta de associação professional, abriu doc, script roda, -> Infecção
  17. 17. Demo
  18. 18. Demo
  19. 19. Phishing Treinamento
  20. 20. Phishing Treinamento 10%->2%
  21. 21. Vulnerabilidades Patch
  22. 22. Vulnerabilidades Patch 95%/99%
  23. 23. > 99%
  24. 24. > 99%
  25. 25. Vulnerabilidades Patch 95%/99% Prioridade em Exploitável MS15-020, MS14-068
  26. 26. Obrigado Wolfgang Kandek wkandek@qualys.com @wkandek http://www.qualys.com
  27. 27. Resources • Verizon DBIR 2015 http://www.verizonenterprise.com/DBIR/ • Chevron https://www.rsaconference.com/events/us15/agenda/sessions/1983/ building-a-next-generation-security-architecture • BSI https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikatio nen/Lageberichte/Lagebericht2014.pdf • Phishing Example https://www.reddit.com/r/Bitcoin/comments/3bpdb4/bitstamp_inciden t_report_22015/

    Be the first to comment

    Login to see the comments

MindTheSec Keynote in São Paulo 2015

Views

Total views

216

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

4

Shares

0

Comments

0

Likes

0

×