Clear and present danger: The rise of critical infrastructure attacks in the Americas
•Télécharger en tant que PPTX, PDF•
0 j'aime•674 vues
Destructive cyber attacks on strategic assets are increasing, deleting and destroying back-end critical infrastructure. A new cyber threat webinar from Trend Micro reveals the present and future of cyber security. Watch full webinar: http://www.trendmicro.com/us/security-intelligence/events/?commid=151605
Recommandé
Recommandé
Contenu connexe
Plus de Trend Micro
Plus de Trend Micro (20)
Dernier
Dernier (20)
Clear and present danger: The rise of critical infrastructure attacks in the Americas
- 1. Clear and Present Danger: The Rise of CI Attacks in the Americas Tom Kellermann, Chief Cybersecurity Officer at Trend Micro
- 2. Advanced Malware Targeted Attacks Advanced Malware Targeted Attacks Employee Data Leaks Traditional Malware Vulnerability Exploits 300K new malware programs daily! Copyright 2015 Trend Micro Inc.
- 4. Trends of Attack 2015 • Cloud App Attacks • Watering Hole Attacks • Destructive ICS Attacks • Mobile Attacks • Ransomware 4/22/2015 Watch the free on-demand webinar: http://www.trendmicro.com/us/security-intelligence/events/?commid=151605
- 5. Critical Infrastructure Security 1. Conduct penetration tests. 2. Use Two-factor authentication. 3. Utilize a bastion host 4. Apply Whitelisting 5. Utilize a host based intrusion prevention system. 6. Deploy file integrity monitoring. 7. Sandbox your cloud apps. 8. Implement whitelisting. 9. Utilize a Breach Detection System. Watch the free on-demand webinar: http://www.trendmicro.com/us/security-intelligence/events/?commid=151605
- 6. Clear and Present Danger: The Rise of CI Attacks in the Americas Tom Kellermann, Chief Cybersecurity Officer at Trend Micro Watch the free on-demand webinar: http://www.trendmicro.com/us/security-intelligence/events/?commid=151605
Notes de l'éditeur
- Attacks have evolved in complexity from being opportunistic to targeted. Malware is being designed and customized to serve a definitive purpose of breaching a specific organization. As such, security defenses which were designed with detecting and stopping ‘mass attacks’ are no longer capable of identifying unknown attacks or evolving attack methods. As such… although they remain of value and a vital part of a layered defense… they need to be enhanced. Employee Data Leaks ?? Traditional Malware – typically widely distributed and used on for opportunistic attacks. These are a form of ‘virus” with generic functions such as stealing passwords or data. These types of threats are typically dealt with using signatures for purposes of detection and blocking in technologies such as firewalls, intrusion prevention and intrusion detection systems Vulnerability Exploits – attackers take advantage of buffer overflows, memory dumps and other ‘software and/or security bugs” to encroach on and extract data from a desktop, server or other device. These types of threats are typically address by vulnerability patching, IPS and IDS products. Advanced Malware – attackers establish a foothold on a trusted device and use it as a launching pad to access other areas of your network and exflitrate information. In addition, this form of malware tends to contain subroutines and processes to create the perception of legitimate access and purpose. The malware can automate the selection of IP addresses, communication protocols and other techniques. Detecting this form of malware requires analysis of network traffic, heuristics, algorithms and malware analysis capabilities. Targeted Attacks - Similar to a bank heist, attackers research their target and identify the security, processes, and location of what they want to steal. After completing advance reconnaissance they devise a detailed plan of attack, custom design and build their attack code, test their plan of attack and then execute. The key design criteria is to evade detection, enable freedom of movement within your network and access to the assets they wish to target. In so doing attackers will take whatever means are at their disposal. If it is clear that you have a hardened means to monitor web traffic , they will use another protocol. They will determine how your firewall is configured and what ports might yield safe passage. They will attempt to erase their footprints and ensure they can move within your network and improve their intelligence on your environment through every stage of the attack. By the time you are aware they have what they want, have likely already turned it into cash and are either long gone, or have come back for more.
- Percentage of Organizations That Experienced Attempts To Have Information Deleted Or Destroyed By Organization Type. Including 44% in the communications sector. According to the ICS-CERT in the USA 32% of attacks occurred in the energy sector and 27% of over 245 attacks occurred in Manufacturing.
- Deploying anti-malware where possible throughout the ICS environment. Using a bastion host to prevent unauthorized access to secure locations throughout the ICS environment. Applying application whitelisting throughout the ICS environment to prevent unauthorized applications from running. Deploying a Breach Detection System. Enabling a USB lockdown on all SCADA environments. This prevents malware from physically entering the environment. Deploying basic security measures in between network segments, such as firewalls/IPS, in between the business network and the ICS network.