SlideShare une entreprise Scribd logo

Declaration of Mal(WAR)e

NetSPI
NetSPI
Technologie
1  sur  50
DECLARATION of MAL(WAR)E The good, the bad, and the ugly
Who are we? IT Security Consultants @ NetSPI We help organizations: • Identify vulnerabilities • Determine impact • Develop remediation plans • Reduce risk
• What is malware? • Who creates malware? • Why do they create malware? • What skill level is required? • The malware lifecycle ‒The “good” guy’s role ‒The “bad” guy’s role • The “ugly” truth Presentation Overview?
What is Malware?
Wikipedia definition: …“software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems”… Our definition: …“software created to do bad things and is generally a pain in the butt”… What is Malware?
Types of Malware • Remote Exploits • Local Exploits • Trojans • Backdoors • Rootkits • Viruses • Worms
Malware Kit
Who would do such a thing?
Who is Creating Malware? • Organized crime • Governments • Political activist “hacktivists” • Evil developers • Bored teenagers • You?
Why would they do that?
Why are they Creating Malware? • Sell, sell, sell • Steal money • Steal information • Strategic position • Denial of Service • Political gain • Hacking as a hobby • Internal employees . .. . . .. . .
Who’s got the skills?
What skill level is required? • Malware Developers = Programmers ‒ More advanced programming skillset ‒ Create custom malware • Less likely to be noticed • Personal use or sold to specific group ‒ Commoditized malware kits • More likely to be noticed • Free and commercial • Malware Kit Users ‒ Don’t require advanced skillset ‒ Much more likely to cause damage by mistake
The Malware Lifecycle
The Malware Lifecycle Malware Development Malware Deployment Malware Detection Malware Correction Malware Protection Bad Guys Good Guys
Developers! Developers! Developers!
Malware Development • Professional Malware Development ‒ Often work like software companies ‒ Often produce very secure malware • Create different types of malware ‒ Remote exploits ‒ Local exploits ‒ Backdoors, “bots”, and/or rootkits ‒ Worms or viruses ‒ Command and control ‒ Update functions
Deploy! Deploy! Deploy!
Malware Deployment 69%Of all breaches incorporate malware As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
Malware Deployment 79%Of all breaches were targets of opportunity As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
Malware Deployment • Malware is often deployed via: ‒ Social engineering – email, phone, physical ‒ Default passwords on management applications ‒ Web application issues ‒ “Water holing” web applications • Web Browser Issues etc Email Users Apps PassMalware Package
Detect! Correct! Protect!
“…the median number of days advanced attackers are on the network before being detected is…” 416 Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
94% Of organizations learn they are victims of targeted attacks from an external entity Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
Detecting Malware! • Where threats being detected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are threats being detected: ‒ Behavioral / Anomaly based analysis ‒ Signature based analysis ‒ SIEM / Statistics based analysis ‒ Canaries / Honey pots !Detect
Detecting Malware! • Challenges: ‒Identify signatures related to • undocumented malware • encrypted traffic ‒Keeping up with the amount of malware being released ‒Creating dependable behavioral based profiles ‒Creating useful statistical rules ‒Identifying malware in memory!Detect
Detect! Correct! Protect!
Correcting Affected Assets! • Where does correction occur: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How does correction occur: ‒ Incident response ‒ Patch systems and applications ‒ Code applications securely ‒ Securely configure • Firewalls • Servers • Applications • User accounts • Training XCorrect
Correcting Affected Assets! • Challenges: ‒Creating patches for exploits before they are widely used ‒Patching 3rd party software ‒Creating and managing secure code ‒Legacy and unsupported applications ‒Vendor contracts ‒Providing adequate training XCorrect
Detect! Correct! Protect!
Protecting Assets! • Where are assets protected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are assets being protected: ‒ Build/manage secure configurations ‒ Build/manage secure applications ‒ Network Access Control & Intrusion Prevention Systems ‒ Proactive exploit development ‒ Proactive vulnerability identification ‒ Development of signatures ‒ 3rd Party Risk assessments PProtect
Protecting Assets! • Challenges: ‒Security vs. usability ‒Asset inventory ‒Managing secure configurations ‒Communication/risk related to partners, contractors, and vendors ‒Cost / Time / Skills ‒Education and training PProtect
Putting it All Together
The Malware Deployment Cycle
The Malware Deployment Cycle Example Time
Simplified Network Diagram
Gain Access via Exploit
Escalate Privileges via Exploit
Install Backdoor or Bot
Propagate via Worm or Virus
Command and Control: Phone Home
Command and Control: Get Orders
Good Guys Detect
Good Guys Correct
Good Guys Protect
The Ugly Truth
The Ugly Truth: Bad Guys Bad guys are creating Malware that is: • Not going away • Getting more advanced • Getting harder to detect • Getting easier to use • Getting used by more people
The Ugly Truth: Good Guys Good guys need to: • Continue to fight the good fight! • Continue to develop new methods of detection, correction, and prevention • Develop better security policies that make attacks: • Harder to execute • Easier to detect • Easier to respond to and contain • Focus on proactive vulnerability identification • Get rid of unnecessary sensitive data • Encrypt remaining sensitive data • Educate more users more often That can start with you…
What’s Next? What can I do? • Don’t visit sketchy web sites • Don’t open mail from unknown senders • Review links before clicking them in emails • Patch your systems and software • Validate website before providing sensitive information Click the “little lock” in your browser • Don’t create and/or use malware ... …unless it’s for the good guys 
Questions? Questions? Comments? Quarrels?

Recommandé

What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 

Recommandé

What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment TechniquesDenim Group
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWAReScott Sutherland
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 

Contenu connexe

Tendances

Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment TechniquesDenim Group
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 

Tendances (20)

Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testing
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through Injections
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular users
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
 

Similaire à Declaration of Mal(WAR)e

How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.pptErAdityaSingh1
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks revetonMumbere Joab
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementMuhammad FAHAD
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 

Similaire à Declaration of Mal(WAR)e (20)

How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.ppt
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Malware Infections
Malware InfectionsMalware Infections
Malware Infections
 
C3
C3C3
C3
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks reveton
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 

Plus de NetSPI

Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerNetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingNetSPI
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
GPU Cracking - On the Cheap
GPU Cracking - On the CheapGPU Cracking - On the Cheap
GPU Cracking - On the CheapNetSPI
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingNetSPI
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksNetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingNetSPI
 

Plus de NetSPI (11)

Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
GPU Cracking - On the Cheap
GPU Cracking - On the CheapGPU Cracking - On the Cheap
GPU Cracking - On the Cheap
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Declaration of Mal(WAR)e

  • 1. DECLARATION of MAL(WAR)E The good, the bad, and the ugly
  • 2. Who are we? IT Security Consultants @ NetSPI We help organizations: • Identify vulnerabilities • Determine impact • Develop remediation plans • Reduce risk
  • 3. • What is malware? • Who creates malware? • Why do they create malware? • What skill level is required? • The malware lifecycle ‒The “good” guy’s role ‒The “bad” guy’s role • The “ugly” truth Presentation Overview?
  • 5. Wikipedia definition: …“software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems”… Our definition: …“software created to do bad things and is generally a pain in the butt”… What is Malware?
  • 6. Types of Malware • Remote Exploits • Local Exploits • Trojans • Backdoors • Rootkits • Viruses • Worms
  • 8. Who would do such a thing?
  • 9. Who is Creating Malware? • Organized crime • Governments • Political activist “hacktivists” • Evil developers • Bored teenagers • You?
  • 11. Why are they Creating Malware? • Sell, sell, sell • Steal money • Steal information • Strategic position • Denial of Service • Political gain • Hacking as a hobby • Internal employees . .. . . .. . .
  • 12. Who’s got the skills?
  • 13. What skill level is required? • Malware Developers = Programmers ‒ More advanced programming skillset ‒ Create custom malware • Less likely to be noticed • Personal use or sold to specific group ‒ Commoditized malware kits • More likely to be noticed • Free and commercial • Malware Kit Users ‒ Don’t require advanced skillset ‒ Much more likely to cause damage by mistake
  • 15. The Malware Lifecycle Malware Development Malware Deployment Malware Detection Malware Correction Malware Protection Bad Guys Good Guys
  • 17. Malware Development • Professional Malware Development ‒ Often work like software companies ‒ Often produce very secure malware • Create different types of malware ‒ Remote exploits ‒ Local exploits ‒ Backdoors, “bots”, and/or rootkits ‒ Worms or viruses ‒ Command and control ‒ Update functions
  • 19. Malware Deployment 69%Of all breaches incorporate malware As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
  • 20. Malware Deployment 79%Of all breaches were targets of opportunity As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
  • 21. Malware Deployment • Malware is often deployed via: ‒ Social engineering – email, phone, physical ‒ Default passwords on management applications ‒ Web application issues ‒ “Water holing” web applications • Web Browser Issues etc Email Users Apps PassMalware Package
  • 23. “…the median number of days advanced attackers are on the network before being detected is…” 416 Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
  • 24. 94% Of organizations learn they are victims of targeted attacks from an external entity Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
  • 25. Detecting Malware! • Where threats being detected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are threats being detected: ‒ Behavioral / Anomaly based analysis ‒ Signature based analysis ‒ SIEM / Statistics based analysis ‒ Canaries / Honey pots !Detect
  • 26. Detecting Malware! • Challenges: ‒Identify signatures related to • undocumented malware • encrypted traffic ‒Keeping up with the amount of malware being released ‒Creating dependable behavioral based profiles ‒Creating useful statistical rules ‒Identifying malware in memory!Detect
  • 28. Correcting Affected Assets! • Where does correction occur: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How does correction occur: ‒ Incident response ‒ Patch systems and applications ‒ Code applications securely ‒ Securely configure • Firewalls • Servers • Applications • User accounts • Training XCorrect
  • 29. Correcting Affected Assets! • Challenges: ‒Creating patches for exploits before they are widely used ‒Patching 3rd party software ‒Creating and managing secure code ‒Legacy and unsupported applications ‒Vendor contracts ‒Providing adequate training XCorrect
  • 31. Protecting Assets! • Where are assets protected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are assets being protected: ‒ Build/manage secure configurations ‒ Build/manage secure applications ‒ Network Access Control & Intrusion Prevention Systems ‒ Proactive exploit development ‒ Proactive vulnerability identification ‒ Development of signatures ‒ 3rd Party Risk assessments PProtect
  • 32. Protecting Assets! • Challenges: ‒Security vs. usability ‒Asset inventory ‒Managing secure configurations ‒Communication/risk related to partners, contractors, and vendors ‒Cost / Time / Skills ‒Education and training PProtect
  • 35. The Malware Deployment Cycle Example Time
  • 37. Gain Access via Exploit
  • 40. Propagate via Worm or Virus
  • 41. Command and Control: Phone Home
  • 42. Command and Control: Get Orders
  • 47. The Ugly Truth: Bad Guys Bad guys are creating Malware that is: • Not going away • Getting more advanced • Getting harder to detect • Getting easier to use • Getting used by more people
  • 48. The Ugly Truth: Good Guys Good guys need to: • Continue to fight the good fight! • Continue to develop new methods of detection, correction, and prevention • Develop better security policies that make attacks: • Harder to execute • Easier to detect • Easier to respond to and contain • Focus on proactive vulnerability identification • Get rid of unnecessary sensitive data • Encrypt remaining sensitive data • Educate more users more often That can start with you…
  • 49. What’s Next? What can I do? • Don’t visit sketchy web sites • Don’t open mail from unknown senders • Review links before clicking them in emails • Patch your systems and software • Validate website before providing sensitive information Click the “little lock” in your browser • Don’t create and/or use malware ... …unless it’s for the good guys 