SlideShare a Scribd company logo

Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė

Download as PPT, PDF
TEO LT, AB
TEO LT, AB

Kokį pavojų kibernetiniai nusikaltimai kelia verslui? Kaip užkirsti jiems kelią? Pranešimo autorius – Guillaume Lovet, įmonės „Fortinet“ grėsmių tyrimų centro vadovas, garsus kibernetinių nusikaltimų ekspertas ir tyrėjas (Prancūzija) Pranešimas skaitytas konferencijoje – INFORMACINIŲ SISTEMŲ SAUGUMAS, vykusioje 2013 m. balandžio 11d., skirtoje valstybės institucijų ir valstybinės reikšmės organizacijoms.

TechnologyNews & Politics
1 of 29
Cyber Threats Targetting Enterprises & Organizations Guillaume Lovet 3 Times BlackHat Speaker Pwnie Award Nominee M.S. Georgia Tech Sr. Manager FortiGuard Fortinet Confidential
Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
Risks: What you don't want to happen •Denial of Service (DoS) attack •Data Theft •Destruction •Loss of Reputation CONFIDENTIAL
Risks: What you don't want to happen • Denial of Service (DoS) attack From outside, by a Botnet / Zombie network (Example?) From inside, on purpose or not (eg: Conficker Worm) • Data Theft • Destruction • Loss of Reputation CONFIDENTIAL
Risks: What you don't want to happen • Denial of Service (DoS) attack • Data Theft Customer data (Example?) Intellectual Property Corporate Info (incl. banking credentials) • Destruction • Loss of Reputation CONFIDENTIAL
Risks: What you don't want to happen • Denial of Service (DoS) attack • Data Theft • Destruction Data Computer systems Physical/Industrial systems (Example?) • Loss of Reputation CONFIDENTIAL
Risks: What you don't want to happen • Denial of Service (DoS) attack • Data Theft • Destruction • Loss of Reputation Often a consequence of the above Top risk identified by UK companies (Aon Ltd, 2005) Adds up to the rest. Example: $318/rec in 2010 (Ponemon) CONFIDENTIAL
Loss of Reputation: Heartland Breach CONFIDENTIAL
The other side of the Mirror: Attackers’ Motivation •Financial Pay or I DdoS you! (eBay, Amazon...) Selling stolen data (Heartland, Sony PSN?) •Competitive Industrial Spying (“Israeli Trojan”) •Political / Hacktivism Espionnage (Ghostnet, Quai D'Orsay, Operation Aurora) Retaliation (Paypal, Master Card, Visa, Sony PSN?) •Military DDoS (Russia / Georgia) Seek & Destroy Worm (Stuxnet) CONFIDENTIAL
Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
Information System Penetration • Via stolen credentials (Phishing / Social Engineering / Insider) • Via Exploitation of flaws • Via Infection: Trojan Horses / Bots / Worms CONFIDENTIAL
Multiple Infection Vectors •E-Mail & IM •Web Sites •Social Networks •Physical Infection Vectors CONFIDENTIAL
Multiple Infection Vectors • E-Mail & IM Attachments: executable, archives AND documents Links • Web Sites • Social Networks • Physical Infection Vectors CONFIDENTIAL
Targeted attacks against Tibetan communities: Email infection
Multiple Infection Vectors • E-Mail & IM • Web Sites  60% of bot infections: “Drive-By Install” (Enisa) “Packs” available for purchase on the underground market • Social Networks • Physical Infection Vectors CONFIDENTIAL
CONFIDENTIAL
Multiple Infection Vectors • E-Mail & IM • Web Sites • Social Networks Intelligence source for targeted attacks Worms (eg: Koobface) • Physical Infection Vectors CONFIDENTIAL
CONFIDENTIAL
CONFIDENTIAL
CONFIDENTIAL
Multiple Infection Vectors • E-Mail & IM • Web Sites • Social Networks • Physical Infection Vectors Laptops USB Keys CDs CONFIDENTIAL
Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
Key Elements to Modern Defense You need AV, IPS, AS, WCF Above all, you need them altogether And most importantly, you need them working altogether Goal: when facing a threat, be able to tackle it from different angles => Intelligent Redundancy CONFIDENTIAL
Two Examples of Enhanced Security by Intelligent Redundancy Phishing • Phish Letter blocked by AS • If not, blocked by AV • If not, Phish Site blocked by WCF Backdoor / Bot • Binary blocked by AV • If not, access to C & C blocked by IPS • If not, by WCF => The bot cannot “phone home” CONFIDENTIAL
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė

Recommended

Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Trends in Web Attacks
Trends in Web AttacksTrends in Web Attacks
Trends in Web AttacksIWMW
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of ComputersGronHatchat
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-InteractiveGronHatchat
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 
Finish Your Year Strong
Finish Your Year StrongFinish Your Year Strong
Finish Your Year StrongDebra Trappen
 
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Ben Woelk, CISSP, CPTC
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 

Recommended

Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Trends in Web Attacks
Trends in Web AttacksTrends in Web Attacks
Trends in Web AttacksIWMW
 
The Nasty of Computers
The Nasty of ComputersThe Nasty of Computers
The Nasty of ComputersGronHatchat
 
The Computer Virus-Interactive
The Computer Virus-InteractiveThe Computer Virus-Interactive
The Computer Virus-InteractiveGronHatchat
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 
Finish Your Year Strong
Finish Your Year StrongFinish Your Year Strong
Finish Your Year StrongDebra Trappen
 
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Ben Woelk, CISSP, CPTC
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011Ben Woelk, CISSP, CPTC
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data HackingMd Abu Syeem Dipu
 
Resist Doxing & Take Back Your Online Privacy
Resist Doxing & Take Back Your Online PrivacyResist Doxing & Take Back Your Online Privacy
Resist Doxing & Take Back Your Online PrivacyKit O'Connell
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteAngelito Quiambao
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Take Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityTake Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityKit O'Connell
 
John locke-word camp-sacramento-2015
John locke-word camp-sacramento-2015John locke-word camp-sacramento-2015
John locke-word camp-sacramento-2015John Locke
 
Keep your Kids Safe Online
Keep your Kids Safe OnlineKeep your Kids Safe Online
Keep your Kids Safe Online_chimes_
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-bBbAOC
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Mobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicMobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicTjylen Veselyj
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...Egyptian Engineers Association
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4gpioa
 
Cyber security ppt final
Cyber security ppt finalCyber security ppt final
Cyber security ppt finalSanishShrestha2
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonwacko07
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonspkiely
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 

More Related Content

What's hot

Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011Ben Woelk, CISSP, CPTC
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Resist Doxing & Take Back Your Online Privacy
Resist Doxing & Take Back Your Online PrivacyResist Doxing & Take Back Your Online Privacy
Resist Doxing & Take Back Your Online PrivacyKit O'Connell
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteAngelito Quiambao
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Take Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityTake Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityKit O'Connell
 
John locke-word camp-sacramento-2015
John locke-word camp-sacramento-2015John locke-word camp-sacramento-2015
John locke-word camp-sacramento-2015John Locke
 
Keep your Kids Safe Online
Keep your Kids Safe OnlineKeep your Kids Safe Online
Keep your Kids Safe Online_chimes_
 

What's hot (10)

Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
Top Ten Tips for Shockproofing Your Use of Social Media, Lavacon 2011
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data Hacking
 
Resist Doxing & Take Back Your Online Privacy
Resist Doxing & Take Back Your Online PrivacyResist Doxing & Take Back Your Online Privacy
Resist Doxing & Take Back Your Online Privacy
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Take Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityTake Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer Security
 
John locke-word camp-sacramento-2015
John locke-word camp-sacramento-2015John locke-word camp-sacramento-2015
John locke-word camp-sacramento-2015
 
Keep your Kids Safe Online
Keep your Kids Safe OnlineKeep your Kids Safe Online
Keep your Kids Safe Online
 

Similar to Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė

Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-bBbAOC
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Mobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicMobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicTjylen Veselyj
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...Egyptian Engineers Association
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4gpioa
 
Cyber security ppt final
Cyber security ppt finalCyber security ppt final
Cyber security ppt finalSanishShrestha2
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonwacko07
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonspkiely
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 

Similar to Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė (20)

Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-b
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Mobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicMobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final Public
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4
 
Cyber security ppt final
Cyber security ppt finalCyber security ppt final
Cyber security ppt final
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
 
Cyber security
Cyber securityCyber security
Cyber security
 
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
 
pp.pptx
pp.pptxpp.pptx
pp.pptx
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Cyber security
Cyber security Cyber security
Cyber security
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
Network security
Network securityNetwork security
Network security
 

More from TEO LT, AB

K. Šliužas at "CEO meets investors" 2014
K. Šliužas at "CEO meets investors" 2014K. Šliužas at "CEO meets investors" 2014
K. Šliužas at "CEO meets investors" 2014TEO LT, AB
 
Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...
Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...
Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...TEO LT, AB
 
TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...
TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...
TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...TEO LT, AB
 
TEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptį
TEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptįTEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptį
TEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptįTEO LT, AB
 
Televizijos ateitis. Šiandien
Televizijos ateitis. ŠiandienTelevizijos ateitis. Šiandien
Televizijos ateitis. ŠiandienTEO LT, AB
 
TEO Wi-Fi strategy including offering Wi-Fi for schools
TEO Wi-Fi strategy including offering Wi-Fi for schoolsTEO Wi-Fi strategy including offering Wi-Fi for schools
TEO Wi-Fi strategy including offering Wi-Fi for schoolsTEO LT, AB
 
Saugi ir išmani mokykla
Saugi ir išmani mokyklaSaugi ir išmani mokykla
Saugi ir išmani mokyklaTEO LT, AB
 
Wi-Fi Lietuvos mokyklose
Wi-Fi Lietuvos mokykloseWi-Fi Lietuvos mokyklose
Wi-Fi Lietuvos mokykloseTEO LT, AB
 
How telecommunications are changing the world and themselves
How telecommunications are changing the world and themselvesHow telecommunications are changing the world and themselves
How telecommunications are changing the world and themselvesTEO LT, AB
 
Kompiuterių istorija vaikams
Kompiuterių istorija vaikamsKompiuterių istorija vaikams
Kompiuterių istorija vaikamsTEO LT, AB
 
Provisioning business services on IMS
Provisioning business services on IMSProvisioning business services on IMS
Provisioning business services on IMSTEO LT, AB
 
Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?
Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?
Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?TEO LT, AB
 
Lietuvos įmonių IT saugumo tyrimas. 2013 04 11
Lietuvos įmonių IT saugumo tyrimas. 2013 04 11Lietuvos įmonių IT saugumo tyrimas. 2013 04 11
Lietuvos įmonių IT saugumo tyrimas. 2013 04 11TEO LT, AB
 
Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...
Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...
Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...TEO LT, AB
 
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?TEO LT, AB
 
Aleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektai
Aleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektaiAleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektai
Aleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektaiTEO LT, AB
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...
Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...
Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...TEO LT, AB
 
Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...
Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...
Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...TEO LT, AB
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...TEO LT, AB
 

More from TEO LT, AB (20)

K. Šliužas at "CEO meets investors" 2014
K. Šliužas at "CEO meets investors" 2014K. Šliužas at "CEO meets investors" 2014
K. Šliužas at "CEO meets investors" 2014
 
Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...
Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...
Kibernetinis saugumas: iššūkiai, atakų tipai bei telekomunikacijų operatoriau...
 
TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...
TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...
TEO atsinaujina: Televizijos GALA ir interneto ZEBRA paslaugos bus teikiamos ...
 
TEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptį
TEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptįTEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptį
TEO generalinis direktorius Kęstutis Šliužas apie naują TEO veiklos kryptį
 
Televizijos ateitis. Šiandien
Televizijos ateitis. ŠiandienTelevizijos ateitis. Šiandien
Televizijos ateitis. Šiandien
 
TEO Wi-Fi strategy including offering Wi-Fi for schools
TEO Wi-Fi strategy including offering Wi-Fi for schoolsTEO Wi-Fi strategy including offering Wi-Fi for schools
TEO Wi-Fi strategy including offering Wi-Fi for schools
 
Saugi ir išmani mokykla
Saugi ir išmani mokyklaSaugi ir išmani mokykla
Saugi ir išmani mokykla
 
Wi-Fi Lietuvos mokyklose
Wi-Fi Lietuvos mokykloseWi-Fi Lietuvos mokyklose
Wi-Fi Lietuvos mokyklose
 
How telecommunications are changing the world and themselves
How telecommunications are changing the world and themselvesHow telecommunications are changing the world and themselves
How telecommunications are changing the world and themselves
 
Kompiuterių istorija vaikams
Kompiuterių istorija vaikamsKompiuterių istorija vaikams
Kompiuterių istorija vaikams
 
Provisioning business services on IMS
Provisioning business services on IMSProvisioning business services on IMS
Provisioning business services on IMS
 
Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?
Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?
Nerijus Ivanauskas. Ką ir kaip žiūrėsime rytoj?
 
Lietuvos įmonių IT saugumo tyrimas. 2013 04 11
Lietuvos įmonių IT saugumo tyrimas. 2013 04 11Lietuvos įmonių IT saugumo tyrimas. 2013 04 11
Lietuvos įmonių IT saugumo tyrimas. 2013 04 11
 
Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...
Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...
Vytautas Bučinskas. Šalies kibernetinis saugumas – didžiausio Lietuvos teleko...
 
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
Mehis Hakkaja. Kaip gali būti įsilaužta į Jūsų kompiuterį?
 
Aleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektai
Aleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektaiAleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektai
Aleksandras Samuchovas. Praktiniai veiklos tęstinumo valdymo aspektai
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
 
Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...
Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...
Dr. Rytis Rainys. Interneto saugumo valdymas Lietuvoje tinklų infrastruktūros...
 
Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...
Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...
Gintaras Čiurlionis. Kibernetinės erdvės iššūkiai Lietuvoje – teisiniai, inst...
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė

  • 1. Cyber Threats Targetting Enterprises & Organizations Guillaume Lovet 3 Times BlackHat Speaker Pwnie Award Nominee M.S. Georgia Tech Sr. Manager FortiGuard Fortinet Confidential
  • 2. Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
  • 3. Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
  • 4. Risks: What you don't want to happen •Denial of Service (DoS) attack •Data Theft •Destruction •Loss of Reputation CONFIDENTIAL
  • 5. Risks: What you don't want to happen • Denial of Service (DoS) attack From outside, by a Botnet / Zombie network (Example?) From inside, on purpose or not (eg: Conficker Worm) • Data Theft • Destruction • Loss of Reputation CONFIDENTIAL
  • 6. Risks: What you don't want to happen • Denial of Service (DoS) attack • Data Theft Customer data (Example?) Intellectual Property Corporate Info (incl. banking credentials) • Destruction • Loss of Reputation CONFIDENTIAL
  • 7. Risks: What you don't want to happen • Denial of Service (DoS) attack • Data Theft • Destruction Data Computer systems Physical/Industrial systems (Example?) • Loss of Reputation CONFIDENTIAL
  • 8. Risks: What you don't want to happen • Denial of Service (DoS) attack • Data Theft • Destruction • Loss of Reputation Often a consequence of the above Top risk identified by UK companies (Aon Ltd, 2005) Adds up to the rest. Example: $318/rec in 2010 (Ponemon) CONFIDENTIAL
  • 9. Loss of Reputation: Heartland Breach CONFIDENTIAL
  • 10. The other side of the Mirror: Attackers’ Motivation •Financial Pay or I DdoS you! (eBay, Amazon...) Selling stolen data (Heartland, Sony PSN?) •Competitive Industrial Spying (“Israeli Trojan”) •Political / Hacktivism Espionnage (Ghostnet, Quai D'Orsay, Operation Aurora) Retaliation (Paypal, Master Card, Visa, Sony PSN?) •Military DDoS (Russia / Georgia) Seek & Destroy Worm (Stuxnet) CONFIDENTIAL
  • 11. Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
  • 12. Information System Penetration • Via stolen credentials (Phishing / Social Engineering / Insider) • Via Exploitation of flaws • Via Infection: Trojan Horses / Bots / Worms CONFIDENTIAL
  • 13. Multiple Infection Vectors •E-Mail & IM •Web Sites •Social Networks •Physical Infection Vectors CONFIDENTIAL
  • 14. Multiple Infection Vectors • E-Mail & IM Attachments: executable, archives AND documents Links • Web Sites • Social Networks • Physical Infection Vectors CONFIDENTIAL
  • 15.
  • 16. Targeted attacks against Tibetan communities: Email infection
  • 17. Multiple Infection Vectors • E-Mail & IM • Web Sites  60% of bot infections: “Drive-By Install” (Enisa) “Packs” available for purchase on the underground market • Social Networks • Physical Infection Vectors CONFIDENTIAL
  • 19.
  • 20.
  • 21. Multiple Infection Vectors • E-Mail & IM • Web Sites • Social Networks Intelligence source for targeted attacks Worms (eg: Koobface) • Physical Infection Vectors CONFIDENTIAL
  • 25. Multiple Infection Vectors • E-Mail & IM • Web Sites • Social Networks • Physical Infection Vectors Laptops USB Keys CDs CONFIDENTIAL
  • 26. Agenda Attack consequences Attack consequences for the enterprise for the enterprise Forms of attacks Forms of attacks Defense Defense
  • 27. Key Elements to Modern Defense You need AV, IPS, AS, WCF Above all, you need them altogether And most importantly, you need them working altogether Goal: when facing a threat, be able to tackle it from different angles => Intelligent Redundancy CONFIDENTIAL
  • 28. Two Examples of Enhanced Security by Intelligent Redundancy Phishing • Phish Letter blocked by AS • If not, blocked by AV • If not, Phish Site blocked by WCF Backdoor / Bot • Binary blocked by AV • If not, access to C & C blocked by IPS • If not, by WCF => The bot cannot “phone home” CONFIDENTIAL