and what we learned from them - RiskIQ€¦ · LET’S TALK INITIAL ATTACK VECTORS 5. 13/06/2019...
Transcript of and what we learned from them - RiskIQ€¦ · LET’S TALK INITIAL ATTACK VECTORS 5. 13/06/2019...
SAFELY ENABLING BUSINESS www.securelink.net
2 0 . 0 0 0 a t t a c k s b y p a s s i n g o u r d e f e n s e sa n d w h a t w e l e a r n e d f r o m t h e m
E w a r d D r i e h u i s • @ e 3 h u i s • w w w . s e c u r e l i n k . n e t
SAFELY ENABLING BUSINESS www.securelink.net
THIS STORY IS BASED ON TRUE DATA
• 700+ SecureLink’ers
• 2100 customers in 2018
• 5 Cyber Defense Centers
• Over 10 trillion signals
2019-06-132
RESEARCH
SAFELY ENABLING BUSINESS www.securelink.net32019-06-13
2006 - 2010
2013
2017
2019
SAFELY ENABLING BUSINESS www.securelink.net13/06/2019
A LOOK AT OUR NUMBERS
4
• Signal to incident process
• Layered detection: malware wins
• Many “strange events”
SAFELY ENABLING BUSINESS www.securelink.net13/06/2019
• Cybercriminals & spies using same methods: social engineering
• Automated scanning: software & versions, password stuffing
LET’S TALK INITIAL ATTACK VECTORS
5
Safely Enabling Business www.securelink.de13/06/2019
BIGGER IS MORE SECURE
6
ATTACK FACTORper 100/employees
9.1 1.5 1.3
SAFELY ENABLING BUSINESS www.securelink.net13/06/2019
• Ransomware is hard work• Cryptojacking super easy• Inverse correlation
HIGH BITCOIN PRICE, HIGH SECURITY?
7
0
5
10
15
20
25
jan feb mrt apr mei jun jul aug sep okt nov dec jan feb mrt apr
Qtr1 Qtr2 Qtr3 Qtr4 Qtr1 Qtr2
2018 2019
CryptocurrencyMinerRansomware
SAFELY ENABLING BUSINESS www.securelink.net8
SAFELY ENABLING BUSINESS www.securelink.net
OPPORTUNITY FOR
VETERANCRIMINALS
2019-06-139
Quietly enter network• Look for value• Steal or extort value
Plan B• Destroy online back-ups• Ransom network• Extort enterprise ransom
SAFELY ENABLING BUSINESS www.securelink.net
THE POWEROF BIG NUMBERS
10
BIG DATA
RETAIL FRAUD
CREDIT CARD THEFT
RANSOMWARE &
MINING
BESPOKE ATTACKS
RANSOM / EXTORTION
ESPIONAGE
SAFELY ENABLING BUSINESS www.securelink.net13/06/2019
GEOPOLITICSTHE AGE OF CYBER WARFARE
11
Showing destruction
Filling budget gaps
Gentlemanspies
SAFELY ENABLING BUSINESS www.securelink.net
ARE YOU INTERESTING?
OR ARE YOU LUCKY?
TARGET
VICTIM
COLLATERAL
LUCKY122019-06-13
SAFELY ENABLING BUSINESS www.securelink.net13/06/2019
We stillencounter
“Wannacry”Sometimes for
understandablereasons
WE NEED TO EVOLVE, BUT… WE DON’T.
DepressingCSIRT tales
Single factor + cloud
= guaranteed
pwnage
13
SAFELY ENABLING BUSINESS www.securelink.net
RISK IS NOT WHAT IS
USED TO BE
• CxOs manage more risks than cyber• Talk about likeliness & impact, be “realistic”• Draw two lines in the sand
prevent
detect & respond
accept / insure
SAFELY ENABLING BUSINESS www.securelink.net2019-06-1315
SAFELY ENABLING BUSINESS www.securelink.net2019-06-13
• We need toevolve as peopleto keep in pace with tech
WE TALK THE TALK…
• We lackfoundation
• We lack visibility• Specifically on
the 1%
16
SAFELY ENABLING BUSINESS www.securelink.net2019-06-1317
SAFELY ENABLING BUSINESS
HTTPS://SECURELINK.NET/SMA
Download our 2019 SMA at: