Well-organized, highly sophisticated cyber attacks continue to make headlines, hitting major U.S. banks and global companies like Adobe to name a few. In support of October as National Cyber Security Awareness Month, Lumension CEO Pat Clawson, Prolexic CEO Scott Hammack, security industry expert and author, Richard Stiennon and industry analyst and webcast moderator Eric Ogren will share their unique insight into these recent news-making attacks and what they mean for enterprises everywhere.
Learn:
•The latest, seemingly extraordinary attacks;
•How these attacks could escalate to the point where they matter to you and;
•What you should be doing to secure against them.
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Sensational Headlines or Real Threats? What New Attacks Mean For You.
1. Sensational Headlines
or Real Threats?
What New Attacks
Mean to You.
Richard Stiennon | IT-Harvest
Scott Hammack | Prolexic
Pat Clawson | Lumension
October 2012
2. Saudi Aramco
» Targeted Malware (Shamoon) infects
30,000 PCs on August 15, 2012
» Data Destroyed, Burning American flag
displayed
» Attribution fairly strong to Iranian hackers
Cutting Sword of Justice
Source: http://bits.blogs.nytimes.com/2012/08/27/connecting-the-dots-after-cyberattack-on-saudi-aramco/
2
3. Massive DDoS against US Banks
» Bank of America, JP Morgan Chase,
Capital One, BB&T and Wells Fargo, PNC…
» Izz ad-Din al Qassam Cyber Fighters
claim responsibility
» High Orbit Ion Cannon
just a part of the attack
» Compromised Joomla servers explain the
success
3
4. Adobe breach
» September 29, 2012 Adobe warns of breach
» Attackers compromise a “build server” to access signing certificate
» Use certificate to sign to applications
» Most likely for use in a very targeted attacks
» Adobe revokes signing certificate
4
5. US Defense Secretary issues Cyber Pearl Harbor speech
» Strongest language yet from the
Pentagon
» Credible considering the insider
knowledge held by US Defense Secretary
5
6. What’s next?
» When will hacktivists adopt techniques of
APT?
» If terrorist organizations are discovering
cyber attacks what could be next?
» Is US Defense Secretary right to expect
an attack on critical infrastructure?
6