Securing Your Digital Assets Against Hijacking, Phishing, and DDoS Attacks
33
Securing Your Digital Assets Against Hijacking, Phishing, and DDoS Attacks Mark Flegg, Product Director, Domains and Security, CSC Rohit Kinra, Director of Product Technology, Verisign Inc.
-
Upload
corporation-service-company -
Category
Internet
-
view
64 -
download
1
Transcript of Securing Your Digital Assets Against Hijacking, Phishing, and DDoS Attacks
Securing Your Digital Assets Against Hijacking, Phishing, and DDoS AttacksMark Flegg, Product Director, Domains and Security, CSCRohit Kinra, Director of Product Technology, Verisign Inc.
Page 2
What’s in a Digital Brand?
DIGITAL ASSETS
Domains
DNS
DigitalCertificates
SocialMedia
Handles
MobileApps
DIGITALBRAND
Page 3
Digital Brand – Cyber Threats
DDoS ATTACKS
Cyber Criminals
“Hacktivists”
DIGITALASSETS
MALWARE & RANSOMWAREPHISHING
SQL INJECTIONSOCIAL HIJACKING
DOMAIN HIJACKING
Page 4
Motivations Behind Attacks
DDoS ATTACKS
Cyber Criminals
“Hacktivists”
DIGITALASSETS
MALWARE & RANSOMWAREPHISHING
SQL INJECTIONSOCIAL HIJACKING
DOMAIN HIJACKING
Page 5
Digital Brand: Cyber Threats
DDoS ATTACKS
Cyber Criminals
“Hacktivists”
DIGITALASSETS
MALWARE & RANSOMWAREPHISHING
SQL INJECTIONSOCIAL HIJACKING
DOMAIN HIJACKING
Page 6
POTENTIAL THREATSDOMAIN HIJACKINGDNS HIJACKINGDOMAIN SHADOWING
Domains
Securing Access to Your Digital Assets
Page 7
Domain and DNS Hijacking
Page 8
October 2016
Page 9
Threat: Domain Shadowing
Source: CSO Online
Page 10
POTENTIAL THREATSPOOR MANAGEMENTMALWAREESPIONAGE
SSLs
Securing Access to Your Digital Assets
Page 11
SSL Risks: Expired Certificates
Page 12
Page 13
Expired Certificate Examples
Page 14
Expired Certificates: Impact
“The average Global 5,000 company spends about $15 million
to recover from the loss of business due to a certificate outage—and faces another
$25 million in potential compliance impact.”
Source: CSOonline.com
Page 15
POTENTIAL THREATSSOCIAL HIJACKING
Social Media Handles
Securing Access to Your Digital Assets
Page 16
Examples: Social Media Hacking and Hijacking
Page 17
Securing Access to Your Digital Assets
Digital Asset ManagementCorporate registrarConsolidate all digital assets
Secure Portal AccessIP validationTwo-factor authentication
Page 18
Securing Access to Your Digital Assets
Secure User ManagementCore accountAccess rightsRequestor/approverFederated identity
Security-Conscious CultureCustomer Service Request Validation TrainingPhishing Awareness Training
Page 19
Securing Access to Your Digital Assets
CSC’s MultiLockRegistrar lockRegistry lock
Page 20
Defending Your Infrastructure
DIGITAL ASSETS
Domains
DNS
DigitalCertificates
SocialMedia
Handles
MobileApps
DIGITALBRAND
Page 21
Application Downtime Affects….
Online Revenue
Reputation and Brand
Service and
Information Delivery
Productivity and
Communications
Supply Chain
Page 22
More to Protect
By 2017, 80% of workload will be in cloud
data centers*
Source: Cisco Global Cloud Index 2014-2019*, http://bit.ly/1rcw6VD
Page 23
Increased Attack Surfaces
82% of enterprises
have a multi-cloud strategy*
Source: Rightscale 2015 State of Cloud Survey*, http://bit.ly/2c8xdFN
Page 24
How Easy is it to “DDoS” Someone?
DDoS-for-Hire: Interfering With a Business for $5Information Security Buzz, June 30, 2016“Think about what you could do with five dollars. You could get dinner for yourself at McDonald’s, so long as you don’t upsize the fries.”
The increasing availability of DDoS-for-hire serviceSome can be hired for less than $5 US an hour*DDoS-for-hire capabilities have advanced in both success and popularity
http://www.informationsecuritybuzz.com/articles/ddos-hire-interfering-business-5/, Retrieved Aug. 25, 2016
Page 25
Bad Guys Likely Have More Bandwidth Than You!
World’s largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart DevicesThe Hacker News, Sep 2016“Do you know – Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed.”
Weak Device Security Turns IoT Into Powerful Weapon in DDoS AttackseWeek, Sep 2016“For the past several days, security researcher Brian Krebs has been battling a cyber-attack on a scale….”
Sources:http://thehackernews.com/2016/09/ddos-attack-iot.html
http://www.eweek.com/security/weak-device-security-turns-iot-into-powerful-weapon-in-ddos-attacks.html
Page 26
DDoS Attacks Are On The Rise
Source: Verisign Customer Mitigation Data Q4 2016
DDoS attacks are more widespread
across various industries
Page 27
Source: Verisign Customer Mitigation Data Q4 2016
52% of DDoS
attacks peaked
over5 GB or more
Page 28
DDoS Attackers Are Using Multiple Methods
Source: Verisign Customer Mitigation Data Q4 2016
65%of DDoS attacks
use3 OR MORE
attack methods
Page 29
Why Protect DNS
DNS is a mission-critical component of the Internet Ensure users can reach you during an attackBlock threats upstream
Page 30
Summary
Consolidate Digital Asset ProvidersSecure Portal Access with 2FA & IP validationSecure User Management rightsSpecifically for domains utilise Multilock
Chose the best DNS infrastructure (outsource or secondary)Adopt DNSSECDDoS mitigation is essential
Chose a provider with a Security-conscious CultureCreate a Security-conscious Culture internally
Questions?
Page 32
More Information / Upcoming CSC Events:
Blog: cscdigitalbrand.services/blog/
Cyber Security report:cscdigitalbrand.services/en/cyber-security-report
Upcoming events:Melbourne – 22nd MarchParis – 28th MarchSydney – 5th AprilStockholm – 27th AprilCopenhagen – 28th AprilSan Francisco – 4th May
Page 33
Contact Us
Mark Flegg, CSC Rohit Kinra, Verisign
Product Director, Domains & Security Director of Product Technology
PH. 1 800-927-9801 x 65647 PH. +1 703-948-4048
[email protected] [email protected]
www.cscglobal.com www.verisign.com
