Kokį pavojų kibernetiniai nusikaltimai kelia verslui? Kaip užkirsti jiems kelią?
Pranešimo autorius – Guillaume Lovet, įmonės „Fortinet“ grėsmių tyrimų centro vadovas, garsus kibernetinių nusikaltimų ekspertas ir tyrėjas (Prancūzija)
Pranešimas skaitytas konferencijoje – INFORMACINIŲ SISTEMŲ SAUGUMAS, vykusioje 2013 m. balandžio 11d., skirtoje valstybės institucijų ir valstybinės reikšmės organizacijoms.
1. Cyber Threats
Targetting Enterprises & Organizations
Guillaume Lovet
3 Times BlackHat Speaker
Pwnie Award Nominee
M.S. Georgia Tech
Sr. Manager FortiGuard
Fortinet Confidential
2. Agenda
Attack consequences
Attack consequences
for the enterprise
for the enterprise
Forms of attacks
Forms of attacks
Defense
Defense
3. Agenda
Attack consequences
Attack consequences
for the enterprise
for the enterprise
Forms of attacks
Forms of attacks
Defense
Defense
4. Risks: What you don't want to happen
•Denial of Service (DoS) attack
•Data Theft
•Destruction
•Loss of Reputation
CONFIDENTIAL
5. Risks: What you don't want to happen
• Denial of Service (DoS) attack
From outside, by a Botnet / Zombie network (Example?)
From inside, on purpose or not (eg: Conficker Worm)
• Data Theft
• Destruction
• Loss of Reputation
CONFIDENTIAL
6. Risks: What you don't want to happen
• Denial of Service (DoS) attack
• Data Theft
Customer data (Example?)
Intellectual Property
Corporate Info (incl. banking credentials)
• Destruction
• Loss of Reputation
CONFIDENTIAL
7. Risks: What you don't want to happen
• Denial of Service (DoS) attack
• Data Theft
• Destruction
Data
Computer systems
Physical/Industrial systems (Example?)
• Loss of Reputation
CONFIDENTIAL
8. Risks: What you don't want to happen
• Denial of Service (DoS) attack
• Data Theft
• Destruction
• Loss of Reputation
Often a consequence of the above
Top risk identified by UK companies (Aon Ltd, 2005)
Adds up to the rest. Example: $318/rec in 2010 (Ponemon)
CONFIDENTIAL
10. The other side of the Mirror: Attackers’ Motivation
•Financial
Pay or I DdoS you! (eBay, Amazon...)
Selling stolen data (Heartland, Sony PSN?)
•Competitive
Industrial Spying (“Israeli Trojan”)
•Political / Hacktivism
Espionnage (Ghostnet, Quai D'Orsay, Operation Aurora)
Retaliation (Paypal, Master Card, Visa, Sony PSN?)
•Military
DDoS (Russia / Georgia)
Seek & Destroy Worm (Stuxnet)
CONFIDENTIAL
11. Agenda
Attack consequences
Attack consequences
for the enterprise
for the enterprise
Forms of attacks
Forms of attacks
Defense
Defense
12. Information System Penetration
• Via stolen credentials (Phishing / Social Engineering /
Insider)
• Via Exploitation of flaws
• Via Infection: Trojan Horses / Bots / Worms
CONFIDENTIAL
17. Multiple Infection Vectors
• E-Mail & IM
• Web Sites
60% of bot infections: “Drive-By Install” (Enisa)
“Packs” available for purchase on the underground
market
• Social Networks
• Physical Infection Vectors
CONFIDENTIAL
25. Multiple Infection Vectors
• E-Mail & IM
• Web Sites
• Social Networks
• Physical Infection Vectors
Laptops
USB Keys
CDs
CONFIDENTIAL
26. Agenda
Attack consequences
Attack consequences
for the enterprise
for the enterprise
Forms of attacks
Forms of attacks
Defense
Defense
27. Key Elements to Modern Defense
You need AV, IPS, AS, WCF
Above all, you need them altogether
And most importantly, you need them working altogether
Goal: when facing a threat, be able to
tackle it from different angles
=> Intelligent Redundancy
CONFIDENTIAL
28. Two Examples of Enhanced Security by Intelligent
Redundancy
Phishing
• Phish Letter blocked by AS
• If not, blocked by AV
• If not, Phish Site blocked by WCF
Backdoor / Bot
• Binary blocked by AV
• If not, access to C & C blocked by IPS
• If not, by WCF
=> The bot cannot “phone home”
CONFIDENTIAL