Is your website the soft underbelly of your organisation?
-
date post
19-Oct-2014 -
Category
Technology
-
view
497 -
download
1
description
Transcript of Is your website the soft underbelly of your organisation?
Is your website the soft underbelly of your organisation? 1
Is your website the soft underbelly of your organisation?
Andrew HorburySenior Product Marketing Manager - Symantec
Today’s Agenda
Is your website the soft underbelly of your organisation? 2
What is an APT and targeted attacks1
Spear Phishing
Targeted attacks by co. size and vertical
Cybercrime and targeted attacks
Watering hole attacks
Vulnerabilities
Next steps
2
3
4
5
6
7
What is an APT?• A type of targeted attack
– Using a variety of techniques• Drive by downloads• SQL Injection• Phishing• Spam• Spyware• And more…..
• An APT is always a targeted attack but atargeted attack is not necessarily an APT.
• APTs differ for targeted attacks:– Customized
– Low and Slow
– Higher Aspirations
– Specific AttacksIs your website the soft underbelly of your organisation? 3
GhostNet
• GhostNet is perhaps a stand out classic example of a long-term, persistent, targeted attack
• Starting in May 2007 it continued for nearly two years, infecting some computers for as long as 660 days
Is your website the soft underbelly of your organisation? 4
What is a targeted attack• Targeted attacks
– Aimed at one person or a specific group
– Driven by financial motives cybercriminals targeted attacks are replacing global widespread virus outbreaks.
Is your website the soft underbelly of your organisation? 5
6
Send an email to a person of interest
Spear Phishing
7
Send an email to a person of interest
Spear Phishing
Infect a website
and lie in wait for
them
Watering Hole
Attack
Spear Phishing
Is your website the soft underbelly of your organisation? 8
• Research shows that calling ahead adds credibility to a targeted attack
Using the Phone to back up a Phishing Attack• What can attackers do to improve success rate of phishing
email?• On 11 April 2013, an employee in an “Organisation A” in
France received a phone call• French speaking caller, urges her to download an invoice
from a link she will receive through email• Link doesn’t go to an invoice but instead
installs a version of W32.Shadesrat, a well-known Remote Access Trojan.
9Is your website the soft underbelly of your organisation?
10
Targeted Attacks by Company Size
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Employees2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500501 to 1,000251 to 500
1 to 250
18%in 2011
9%
2%3%5%
31%
Is your website the soft underbelly of your organisation?
11
Targeted Attacks by Company Size
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Employees2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500501 to 1,000251 to 500
1 to 250
18%in 2011
9%
2%3%5%
31%
87% of SMBs suffered a cyberattack last year, only
44% see security as a priority
Is your website the soft underbelly of your organisation?
12
Transportation, Communications, Electric, Gas
Aerospace
Retail
Wholesale
Services – Professional
Energy/Utilities
Government
Services – Non-Traditional
Finance, Insurance & Real Estate
Manufacturing
0% 5% 10% 15% 20% 25% 30%
1%
2%
2%
2%
8%
10%
12%
17%
19%
24%Manufacturing
Finance, Insurance & Real Estate
Services – Non-Traditional
Government
Energy/Utilities
Services – Professional
Wholesale
Retail
Aerospace
Transportation, Communications, Electric, Gas
Targeted Attacks by Industry: 2012
Is your website the soft underbelly of your organisation?
13
Transportation, Communications, Electric, Gas
Aerospace
Retail
Wholesale
Services – Professional
Energy/Utilities
Government
Services – Non-Traditional
Finance, Insurance & Real Estate
Manufacturing
0% 5% 10% 15% 20% 25% 30%
1%
2%
2%
2%
8%
10%
12%
17%
19%
24%Manufacturing
Finance, Insurance & Real Estate
Services – Non-Traditional
Government
Energy/Utilities
Services – Professional
Wholesale
Retail
Aerospace
Transportation, Communications, Electric, Gas
Targeted Attacks by Industry: 2012
Is your website the soft underbelly of your organisation?
0%
5%
10%
15%
20%
25%
30% R&D27%
Senior12%
C-Level17%
Sales24%
Shared Mailbox
13%
Recruitment4% Media
3% PA1%
• Attacks may start with the ultimate target but often look opportunistically for any entry into a company
14
Targeted Attacks by Job Function: 2012
Is your website the soft underbelly of your organisation?
Why is a targeted attack different from ‘vanilla’ cyber crime?
15
Is your website the soft underbelly of your organisation?
cyber crime Targeted attack“Advanced Persistent Threats (APT)”
Aurora, Nitro, NightDragon, ShadyRAT, Taidoor, LuckyCAT
16
Is your website the soft underbelly of your organisation?
What does CyberCrime mean?
17
Online banking credentials
P.I.I / Credit Card numbers
Fake AV
Purchasing scams / Fraud
Botnet &Pay Per Install
Is your website the soft underbelly of your organisation?
Cyber crime Targeted attack“Advanced Persistent Threats (APT)”
Aurora, Nitro, NightDragon, ShadyRAT, Taidoor, LuckyCAT
18
Is your website the soft underbelly of your organisation?
Cost of a data breach• In 2012, the average per capita cost of a UK data breach caused
by a malicious or criminal attack was $157.*• The most and least expensive breaches.
– German and US co’s had the most costly data breaches ($199 and $188 per record
– These countries also experienced the highest total cost (US at $5.4 million and Germany at $4.8 million). The least costly breaches occurred in Brazil and India ($58 and $42, respectively). In Brazil total cost was $1.3 million and in India it was $1.1 million.
*Source: http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-global-report-2013.en-us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2013Jun_worldwide_CostofaDataBreach Is your website the soft underbelly of your organisation? 1
9
It’s not just about direct attacks or e-mail
20
Is your website the soft underbelly of your organisation?
21
Targeted Attacks predominantly start as spear phishing attacks
In 2012, Watering Hole Attacks emerged
Send an email to a person of interest
Spear Phishing
Infect a website and lie in wait for them
Watering Hole Attack
Is your website the soft underbelly of your organisation?
22
Effectiveness of Watering Hole Attacks
Watering Hole attacks are targeted at specific groups
Can capture a large number of victims in a very short time
http://bit.ly/Elderwood
Infected 500 Companies
Watering Hole Attack in 2012
1All Within 24 Hours
Is your website the soft underbelly of your organisation?
Watering Hole Targeted iOS Developers
23
In 2013 this type of attack will become widely usedSeveral high profile companies fell victim to just such an attack
Is your website the soft underbelly of your organisation?
Recent Examples of Water Hole Attack
• In 2013 we predict this type of attack will become more widely used
• In February this year several high profile companies fell victim to this type of attack
24
Is your website the soft underbelly of your organisation?
Zero-Day Vulnerabilities
2006 2007 2008 2009 2010 2011 2012
13
15
9
12
14
8
14
Total Volume
Total Volume
25
Is your website the soft underbelly of your organisation?
Zero-Day Vulnerabilities
2006 2007 2008 2009 2010 2011 20120
5
10
15
20
25
1315
912
14
8
14
42
3 4
Total VolumeElderwoodStuxnet
One group can significantly affect yearly numbersThe Elderwood gang drove the rise in zero day vulnerabilities
26
Is your website the soft underbelly of your organisation?
All vulnerabilities
2006 2007 2008 2009 2010 2011 20120
1000
2000
3000
4000
5000
6000
7000
All vulnerabili-ties 5291
All vulnerabilities
• No significant rise or fall in discovery of new vulnerabilities in last six years
27
Is your website the soft underbelly of your organisation?
2010 2011 20120
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
74,000
55,000
43,000
New unique malicious web domains
DecreaseIn new malicious domains
28
Is your website the soft underbelly of your organisation?
29
30% increasein web attacks blocked…
190,370
2011 2012
247,350
Is your website the soft underbelly of your organisation?
30
Our Websites are Being Used Against Us
61%of web sites serving
malware are legitimate sites 25%
have critical vulnerabilities unpatched
53%of legitimate websites have unpatched vulnerabilities
Is your website the soft underbelly of your organisation?
Warning…..your site is infected and you might never recover
Is your website the soft underbelly of your organisation? 31
What do I need to do now?• Employees: your first line of defence
– 38 percent of employees say their manager views data protection as a business priority
• Security awareness and the respecting the value of company data needs to be ingrained throughout the company culture
Is your website the soft underbelly of your organisation? 32
What happens when the first line fails• Use spyware to log keystrokes, switch on microphones and cameras
and record with them, and listen in on VOIP calls and IM• Use your servers and websites to launch additional malware attacks• Infiltrate your email system to distribute spam or, more, likely further
targeted attacks• Look for further vulnerabilities in your network to exploit• Monitor your network and website traffic• Infect your websites to target visitors with malicious code• Search for encryption keys in your servers• Export customer data, intellectual property and financial information• Take control over automated systems• Send messages from and display messages on individual devices.
Is your website the soft underbelly of your organisation? 33
Knowledge and technology: your second line of defence
Is your website the soft underbelly of your organisation? 34
Assessment type What we look for
Malicious Activity Uncover and analyse malicious activities in your environment, such as suspicious network activity
Targeted Attacks Look for evidence of infection specific to your organisation
Data Loss Find data spills that could be targets for hackers
Vulnerability Analyse web applications, databases, servers, and network devices for vulnerabilities.
Protection through policy: your final line of defence
Ponemon 2013 Cost of Data Breach Study* found:• A strong security posture, reduced the per capita cost by $20• An incident response plan, reduced the per capita cost by $20• The appointment of a Chief Information Security Officer (CISO)
who has centralised responsibility for data protection, which reduced the per capita cost by $14
* Pomenon 2013 Cost of Data Breach Study
http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-2013
Is your website the soft underbelly of your organisation? 35
How Symantec can help (Print Screen) Symantec technology What it does How it can help
Symantec Extended Validation SSL Certificates
Encrypts confidential information, such as credit card data, between the browser and your servers. Also confirms the identity of the website in the browser address bar.
• Powerful encryption• Visible security• Authenticates the website• Greater customer trust• Increased conversions.
Web Site Malware Scanning Scans websites for malware infections. Reduces the risk of warnings and blocking by search engines and the risk of reputation damage when a site infects its visitors.
Symantec Managed PKI for SSL Lets website managers keep track of all their SSL certificates from a web-hosted management console.
Reduce the risk of accidental certificate expiry and credibility-damaging certificate warnings.
Always-on SSL with Symantec Secure Site Pro SSL Certificates
Always-on SSL is used by sites such as Google, Facebook and LinkedIn to protect all the user’s interactions with the site.
Build trust and encourage user interaction by making sure that it is all encrypted and secure.
The Norton™ Secured Seal Shows customers that you value their trust and that your site is secure because it has been scanned weekly for malware and vulnerabilities.
The Norton™ Secured Seal is the most recognised trust mark on the Internet
Symantec Seal-in-Search™ Displays the widely-recognised Norton Secured Seal trust mark in web search results.
Increase search trafficIncrease customer trust and confidence.
36
Is your website the soft underbelly of your organisation?
Stay informed
• Follow us on twitter @nortonsecured @threatintel• www.symantec.com/threatreport • go.symantec.com/ssl• Blogs
www.symantec.com/connect/blogs/website-security-solutions
37
Is your website the soft underbelly of your organisation?
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Is your website the soft underbelly of your organisation? 38
Andrew [email protected]+44 207 4485 623