Webroot Threat Brief 2016 · » Attackers can license ransomware from third parties -...

1Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information

Webroot Threat Brief 2016

George Anderson

Tuesday, May10th 2016


Business needs, threats and mitigation strategies

» SMB’s and Cybersecurity

» Threat Brief 2016

» 100% ‘most of the time’

» Avoid being a victim

» Q&A


How are SMB’s managing cybersecurity today?

Source: Webroot – 2015 SMB Threat Report, December 2015

» 24% - specialist staff

» 32% - generalist staff

» 27% - mix in-house/outsource

» 9% - outsource

» 5% - non-IT staff

» 3% - no IT security


How prepared are their cybersecurity defences?

63% not completely confident in their readiness to counter attacks


MITIGATION

PREPAREDNESS

RESPONSE

RECOVERY


How confident at addressing an attack?

84% say they are confident they could fully address an attack!



How do they view outsourcing – help or hindrance?

81% see outsourcing as positive


28%


Annual IT Security Budget for 2016?

81% increasing their budget by an average of 22% in 2016



SMB’s and cybersecurity - conclusions

» Under prepared and informed to handle cyberattacks

» Need better overall threat protection

» Outsourcing is their opportunity to improve overall

security and business situation

» Have upped budgets to fund better cybersecurity

» A major market opportunity

» SpiceHeads ideally placed to serve needs


Hands-up feedback

» Is lack of SMB expertise main driver of sales?

» Are you seeing better security budgets in 2016?

» Is endpoint security the primary IT Security driver (or back-

up/business continuity now more important)?


Threat Brief 2016

Webroot Threat Intelligence Platform


Data feeding the Webroot Threat Brief

Millions of customer &

partner nodes act as real-

time Global Internet sensor

network

1. Input

Infinitely scalable & geo-

redundant Advanced cloud

architecture

2. Cloud

Automated machine

learning & ‘00’sTB

of constantly added threat

data

3. Big Data

Powered by Webroot Threat

Intelligence & BrightCloud

service portfolio coverage

4. Services

Real-time feedback loop

Collective Intelligence

Prediction grows more

effective

5. Feedback Loop


Webroot Threat Intelligence Platform – the numbers

Continuously classify and score 95% of the Internet by monitoring entire

IPv4 space and in-use IPv6 addresses

27+Billion URLs

9+Billion File Behavior Records

600+Million Domains

20+Million Mobile Apps

4+Billion IP Address

10+Million Connected Sensors

Source: Webroot – 2016 Threat Brief, February 2016


Daily detection of previously unknown threats

25kNew malicious URLs

11kNew phishing sites

100kNew malicious IPs

New malware

& PUA

101k1m+New file

encountersSource: Webroot – 2016 Threat Brief, February 2016


Polymorphic malware on the rise

PUA’s = Potentially Unwanted Applications



Polymorphic malware the norm!



Evolution of ransomware

» Attackers increasing adoption of IP

anonymizing services

» Attackers can license ransomware from

third parties - ransomware-as-a-service

» Varieties getting harder to detect

through thread injection, process

hollowing, and other exploit methods

– e.g. CTB-Locker uses a position-

independent payload wrapper

» Expanding past Windows to Mac OS X



More IP addresses to launch attacks

» 32M new malicious IP

addresses were

discovered

» Russia and China saw

big drops in malicious

IP’s compared to 2014

» Japan saw biggest

increase in 2015



Malicious IP address attacks by threat type (ex-Spam)



‘Good’ websites are often very risky

» Attackers in

high-risk

countries

host malicious sites

in more trustworthy

countries

» The USA and China host

most malicious URLs



The risk from ‘Good’ websites



Shifts in phishing targets

Phishing Sites By Target (% of Category) Phishing Sites By Target (% companies within each Category)



Shifts in phishing targets



Mobile apps riskier than ever…


Number of Android

apps categorized

in 2015 doubled

from 10M -2014 to

20M+ - 2015!


Mobile Apps riskier than ever



Mobile Apps are Riskier Than Ever



Threat thoughts

» Polymorphic threats are the ‘standard’

» Any defense needs per-endpoint awareness of

the application space to be effective

» Ransomware attacks will continue to increase

» Ransom demands will be dynamic to the data

that is encrypted

» Data security, backup and continuity solutions

are now a must

» Continuous user education is needed to help

disrupt social engineering effectiveness


Hands-up feedback

» How many have seen infections rise in past year?

» How many have suffered a crypto-ransomware attack?

» How many of you have paid-up?

» How many of you have business continuity?


What does 100% ‘most of the time’

mean to us today?


100% ‘most of the time’

» Detection and efficacy have never been 100% all of the time

» When the impact was a few endpoints - marginally acceptable

» When the impact closes down a Business, Hospital, University or a

Government office– it’s not!

» Today the difference is the table stakes – their high

» The issue is - ‘what to do about it’?


Avoid being a victim

1. Use reputable and proven endpoint security

2. Back up your data

3. Show hidden file extensions

4. Filter EXEs in email

5. Disable files running from AppData/

LocalAppData folders


Avoid being a victim (continued)

6. Disable RDP

7. Patch and keep software up to date

8. User education

9. Limit end user access to mapped drives

10. Use pop-up blockers

11. Disable macros


Q&A

George Anderson - [email protected]

– Get the full reports at our Stand, or –

www.webroot.com

Webroot Threat Brief 2016 · » Attackers can license ransomware from third parties -...

Documents

Transcript of Webroot Threat Brief 2016 · » Attackers can license ransomware from third parties -...