SlideShare une entreprise Scribd logo

Targeted attacks

Télécharger en tant que PPTX, PDF
Barry Shteiman
Barry Shteiman

Imperva webinar 7/16/2013, Updated 11/7/2013 Covers insider threats and the compromised/malicious insider problem.

Technologie
1  sur  40
Targeted Attacks Barry Shteiman Director of Security Strategy 1 © 2013 Imperva, Inc. All rights reserved. Confidential
Agenda  Compromised Insider  Incident Analysis  Anatomy of an Attack  Current Controls  Reclaiming Security 2 © 2013 Imperva, Inc. All rights reserved. Confidential
Today’s Speaker - Barry Shteiman  Director of Security Strategy  Security Researcher working with the CTO office  Author of several application security tools, including HULK  Open source security projects code contributor  CISSP  Twitter @bshteiman 3 © 2013 Imperva, Inc. All rights reserved. Confidential
Compromised Insider Defining the Threat Landscape 4 © 2013 Imperva, Inc. All rights reserved. Confidential
―There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached.‖ Shawn Henry, Former FBI Executive Assistant Director NY Times, April 2012 5 © 2013 Imperva, Inc. All rights reserved. Confidential
Insider Threat Defined Risk that the access rights of a trusted person will be used to view, take or modify data or intellectual property. Possible causes:  Accident  Malicious intent  Compromised device 6 © 2013 Imperva, Inc. All rights reserved. Confidential
Compromised Insider Defined A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. 7 © 2013 Imperva, Inc. All rights reserved. Confidential
Malicious vs Compromised Potential 1% < 100% Source: http://edocumentsciences.com/defend-against-compromised-insiders 8 © 2013 Imperva, Inc. All rights reserved. Confidential
Look who made the headlines Hackers steal sensitive data related to a planned 2.4B acquisition. Hacker stole 4-million Social Security numbers and bank account information from state tax payers and businesses 9 © 2013 Imperva, Inc. All rights reserved. Confidential
Evaluating Magnitude California 2012 Data Breach Report: • More than half of the breaches were the result of intentional intrusions by outsiders or by unauthorized insiders. Source: State of California Department of Justice, July 2013 Source: Verizon Data Breach Report, 2013 10 © 2013 Imperva, Inc. All rights reserved. Confidential
Know your Attacker Governments • • Stealing Intellectual Property (IP) and raw data, Espionage Motivated by: Policy, Politics and Nationalism Industrialized hackers • • Stealing IP and data Motivated by: Profit Hacktivists • • 11 © 2013 Imperva, Inc. All rights reserved. Exposing IP and data, and compromising the infrastructure Motivated by: Political causes, ideology, personal agendas Confidential
What Attackers Are After Source: Verizon Data Breach Report, 2013 12 © 2013 Imperva, Inc. All rights reserved. Confidential
Two Paths, One Goal Online Application User with access rights (or his/her device) Malware (40%) Social Engineering (29%) Users (devices) 71% People 29% Hacking (various) used in 52% of breaches Servers 54% Data & IP Source: Verizon Data Breach Report, 2013 13 © 2013 Imperva, Inc. All rights reserved. Confidential
Incident Analysis The South Carolina Data Breach 14 © 2013 Imperva, Inc. All rights reserved. Confidential
What Happened? 4M Individual Records Stolen in a Population of 5M 80%. 15 © 2013 Imperva, Inc. All rights reserved. Confidential
A Targeted Database Attack Attacker steals login credentials via phishing email & malware 13-Aug-12 16 Attacker logs in remotely and accesses the database 27-Aug-12 © 2013 Imperva, Inc. All rights reserved. Additional reconnaissance, more credentials stolen 29-Aug-12 11-Sept-12 Confidential Attacker steals the entire database 12-Sept-12 14-Sept-12
The Anatomy of an Attack How does it work 17 © 2013 Imperva, Inc. All rights reserved. Confidential
Anatomy of an Attack Spear Phishing 18 © 2013 Imperva, Inc. All rights reserved. Confidential
Anatomy of an Attack Spear Phishing 19 C&C Comm © 2013 Imperva, Inc. All rights reserved. Confidential
Anatomy of an Attack Spear Phishing 20 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Confidential
Anatomy of an Attack Spear Phishing 21 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Broaden Infection Confidential
Anatomy of an Attack Spear Phishing 22 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Broaden Infection Confidential Main Data Dump
Anatomy of an Attack Spear Phishing 23 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Broaden Infection Confidential Main Data Dump Wipe Evidence
Searching on Social Networks… 24 © 2013 Imperva, Inc. All rights reserved. Confidential
…The Results 25 © 2013 Imperva, Inc. All rights reserved. Confidential
Next: Phishing and Malware Specialized Frameworks and Hacking tools, such as BlackHole 2.0, allow easy setup for Host Hijacking and Phishing. How easy is it?  A three-month BlackHole license, with Support included, is US$700 26 © 2013 Imperva, Inc. All rights reserved. Confidential
Drive-by Downloads Are Another Route September 2012 ―iPhone 5 Images Leak‖ was caused by a Trojan Download Drive-By 27 © 2013 Imperva, Inc. All rights reserved. Confidential
Cross Site Scripting Is Yet Another Path Persistent XSS Vulnerable Sites provide the Infection Platform GMAIL, June 2012 TUMBLR, July 2012 28 © 2013 Imperva, Inc. All rights reserved. Confidential
The Human Behavior Factor Source: Google Research Paper ―Alice in Warningland‖, July 2013 29 © 2013 Imperva, Inc. All rights reserved. Confidential
Current Controls Wont the NGFW/IPS/AV Stop It? 30 © 2013 Imperva, Inc. All rights reserved. Confidential
What Are the Experts Saying? ―Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.‖ Mikko Hypponen, F-Secure, Chief Research Officer Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/ 31 © 2013 Imperva, Inc. All rights reserved. Confidential
Security Threats Have Evolved… 2001 2013 AntiVirus Firewall IPS AntiVirus Firewall IPS Sources: Gartner, Imperva analysis 32 © 2013 Imperva, Inc. All rights reserved. Confidential
Security Redefined Forward Thinking 33 © 2013 Imperva, Inc. All rights reserved. Confidential
The DISA Angle ―In the past, we’ve all been about protecting our networks—firewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. We’ve got to remove those and go to protecting the data‖ Lt. Gen. Ronnie Hawkins JR – DISA. AFCEA, July 2012 34 © 2013 Imperva, Inc. All rights reserved. Confidential
Rebalance Your Security Portfolio 35 © 2013 Imperva, Inc. All rights reserved. Confidential
Assume You Can Be Breached 36 © 2013 Imperva, Inc. All rights reserved. Confidential
Incident Response Phases for Targeted Attacks Reduce Risk Size Up the Target Prevent Compromise Compromise A User Detection Initial Exploration Containment Solidify Presence Impersonate Privileged User Insulate sensitive data Password Remediation Steal Confidential Data Device Remediation Cover Tracks Post-incident Analysis 37 © 2013 Imperva, Inc. All rights reserved. Confidential
Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Post-Webinar Discussions Webinar Recording Link 38 Answers to Attendee Questions Join Group © 2013 Imperva, Inc. All rights reserved. Confidential
Questions? www.imperva.com 39 © 2013 Imperva, Inc. All rights reserved. Confidential
Thank You! 40 © 2013 Imperva, Inc. All rights reserved. Confidential

Recommandé

Targeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted AttacksTargeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted Attacks
Imperva
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
centralohioissa
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
centralohioissa
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 

Recommandé

Targeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted AttacksTargeted Defense for Malware & Targeted Attacks
Targeted Defense for Malware & Targeted Attacks
Imperva
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
centralohioissa
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
centralohioissa
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Information Security and Corporate Risk
Information Security and Corporate RiskInformation Security and Corporate Risk
Information Security and Corporate Risk
AgilOne
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
centralohioissa
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurity
United Technology Group (UTG)
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
Online
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
United Technology Group (UTG)
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
IBM Security
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLER
Cyber 51 LLC
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
Sweta Kumari Barnwal
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
Imperva
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
ForgeRock
 

Contenu connexe

Tendances

Information Security and Corporate Risk
Information Security and Corporate RiskInformation Security and Corporate Risk
Information Security and Corporate Risk
AgilOne
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
centralohioissa
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
IBM Security
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 

Tendances (20)

#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Information Security and Corporate Risk
Information Security and Corporate RiskInformation Security and Corporate Risk
Information Security and Corporate Risk
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurity
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
 
Insider threat
Insider threatInsider threat
Insider threat
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLER
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
 

Similaire à Targeted attacks

The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
Imperva
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
Seculert
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
TechWell
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
Patrick Florer
 

Similaire à Targeted attacks (20)

Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
 
info-sys-security3.pptx
info-sys-security3.pptxinfo-sys-security3.pptx
info-sys-security3.pptx
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
 
Information security
Information securityInformation security
Information security
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
 
Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Dernier (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Targeted attacks

  • 1. Targeted Attacks Barry Shteiman Director of Security Strategy 1 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 2. Agenda  Compromised Insider  Incident Analysis  Anatomy of an Attack  Current Controls  Reclaiming Security 2 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 3. Today’s Speaker - Barry Shteiman  Director of Security Strategy  Security Researcher working with the CTO office  Author of several application security tools, including HULK  Open source security projects code contributor  CISSP  Twitter @bshteiman 3 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 4. Compromised Insider Defining the Threat Landscape 4 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 5. ―There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached.‖ Shawn Henry, Former FBI Executive Assistant Director NY Times, April 2012 5 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 6. Insider Threat Defined Risk that the access rights of a trusted person will be used to view, take or modify data or intellectual property. Possible causes:  Accident  Malicious intent  Compromised device 6 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 7. Compromised Insider Defined A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. 7 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 8. Malicious vs Compromised Potential 1% < 100% Source: http://edocumentsciences.com/defend-against-compromised-insiders 8 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 9. Look who made the headlines Hackers steal sensitive data related to a planned 2.4B acquisition. Hacker stole 4-million Social Security numbers and bank account information from state tax payers and businesses 9 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 10. Evaluating Magnitude California 2012 Data Breach Report: • More than half of the breaches were the result of intentional intrusions by outsiders or by unauthorized insiders. Source: State of California Department of Justice, July 2013 Source: Verizon Data Breach Report, 2013 10 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 11. Know your Attacker Governments • • Stealing Intellectual Property (IP) and raw data, Espionage Motivated by: Policy, Politics and Nationalism Industrialized hackers • • Stealing IP and data Motivated by: Profit Hacktivists • • 11 © 2013 Imperva, Inc. All rights reserved. Exposing IP and data, and compromising the infrastructure Motivated by: Political causes, ideology, personal agendas Confidential
  • 12. What Attackers Are After Source: Verizon Data Breach Report, 2013 12 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 13. Two Paths, One Goal Online Application User with access rights (or his/her device) Malware (40%) Social Engineering (29%) Users (devices) 71% People 29% Hacking (various) used in 52% of breaches Servers 54% Data & IP Source: Verizon Data Breach Report, 2013 13 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 14. Incident Analysis The South Carolina Data Breach 14 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 15. What Happened? 4M Individual Records Stolen in a Population of 5M 80%. 15 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 16. A Targeted Database Attack Attacker steals login credentials via phishing email & malware 13-Aug-12 16 Attacker logs in remotely and accesses the database 27-Aug-12 © 2013 Imperva, Inc. All rights reserved. Additional reconnaissance, more credentials stolen 29-Aug-12 11-Sept-12 Confidential Attacker steals the entire database 12-Sept-12 14-Sept-12
  • 17. The Anatomy of an Attack How does it work 17 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 18. Anatomy of an Attack Spear Phishing 18 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 19. Anatomy of an Attack Spear Phishing 19 C&C Comm © 2013 Imperva, Inc. All rights reserved. Confidential
  • 20. Anatomy of an Attack Spear Phishing 20 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Confidential
  • 21. Anatomy of an Attack Spear Phishing 21 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Broaden Infection Confidential
  • 22. Anatomy of an Attack Spear Phishing 22 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Broaden Infection Confidential Main Data Dump
  • 23. Anatomy of an Attack Spear Phishing 23 C&C Comm © 2013 Imperva, Inc. All rights reserved. Data Dump & Analysis Broaden Infection Confidential Main Data Dump Wipe Evidence
  • 24. Searching on Social Networks… 24 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 25. …The Results 25 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 26. Next: Phishing and Malware Specialized Frameworks and Hacking tools, such as BlackHole 2.0, allow easy setup for Host Hijacking and Phishing. How easy is it?  A three-month BlackHole license, with Support included, is US$700 26 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 27. Drive-by Downloads Are Another Route September 2012 ―iPhone 5 Images Leak‖ was caused by a Trojan Download Drive-By 27 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 28. Cross Site Scripting Is Yet Another Path Persistent XSS Vulnerable Sites provide the Infection Platform GMAIL, June 2012 TUMBLR, July 2012 28 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 29. The Human Behavior Factor Source: Google Research Paper ―Alice in Warningland‖, July 2013 29 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 30. Current Controls Wont the NGFW/IPS/AV Stop It? 30 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 31. What Are the Experts Saying? ―Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.‖ Mikko Hypponen, F-Secure, Chief Research Officer Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/ 31 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 32. Security Threats Have Evolved… 2001 2013 AntiVirus Firewall IPS AntiVirus Firewall IPS Sources: Gartner, Imperva analysis 32 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 33. Security Redefined Forward Thinking 33 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 34. The DISA Angle ―In the past, we’ve all been about protecting our networks—firewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. We’ve got to remove those and go to protecting the data‖ Lt. Gen. Ronnie Hawkins JR – DISA. AFCEA, July 2012 34 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 35. Rebalance Your Security Portfolio 35 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 36. Assume You Can Be Breached 36 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 37. Incident Response Phases for Targeted Attacks Reduce Risk Size Up the Target Prevent Compromise Compromise A User Detection Initial Exploration Containment Solidify Presence Impersonate Privileged User Insulate sensitive data Password Remediation Steal Confidential Data Device Remediation Cover Tracks Post-incident Analysis 37 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 38. Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Post-Webinar Discussions Webinar Recording Link 38 Answers to Attendee Questions Join Group © 2013 Imperva, Inc. All rights reserved. Confidential
  • 39. Questions? www.imperva.com 39 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 40. Thank You! 40 © 2013 Imperva, Inc. All rights reserved. Confidential

Notes de l'éditeur

  1. Barry: “Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.”
  2. 2013 VDBIRMalware 40% of breachesSocial 29%Hacking 52%Assets compromisedServers 54User (devices) 71People 29
  3. Anna Kournikova virus author stands trialLenient sentence in prospectBy John LeydenPosted in Security, 14th September 2001 13:58 GMTThe author of the infamous Anna Kournikova email worm has appeared in court in the Netherlands with prosecutors calling for a lenient sentence for his admitted crime.Lawyers for 20-year old Jan de Wit have called for the dismissal of charges against him, arguing that the worm caused minimal damange. The FBI submitted evidence to the Dutch court, suggesting that $166,000 in damages was caused by the worm, based on reports of damage from 55 firms