Slide 1

Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Threat Intelligence to Defend Your Enterprise Phil Exel Federal Solutions Architect HP Enterprise Security January 29, 2013 Slide 2 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2012: Looking back at the Major hacks, leaks and data breaches Zack Whittaker for Zero Day | December 17, 2012 As posted on ZDNet Slide 3 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3 2012 In Review January: Symantec Norton source code theft In January, hackers breached a network belonging to the Indian intelligence service and acquired a vast amount of Symantec's Norton anti-virus source code. It was subsequently posted on Pastebin, often used by hackers to post leak data and source code anonymously.subsequently posted on Pastebin Symantec was quick to state that the source code does not reflect the firm's current work. By analyzing the anti-malware source code, malware writers would be able to find weaknesses in order to bypass the software and hijack machines for malicious purposes. It's understood that the Indian authorities intended to inspect the source code, which was stolen from an insecure network.intended to inspect the source code Slide 4 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4 2012 In Review January: 24 million affected by Zappos hack Online retail store Zappos suffered a significant data breach that exposed the accounts of about 24 million. Security experts thought it was the largest consumer data breach of 2012.the largest consumer data breach Amazon.com-owned Zappos said hackers attacked an internal corporate network through a Kentucky-based server, and swiped customer account information, including email addresses, the last four- digits of credit card details, and cryptographically scrambled passwords.attacked an internal corporate network Slide 5 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5 2012 In Review March: Global Payments hacked; MasterCard, Visa customers affected MasterCard and Visa customers were warned after a massive data breach that affected more than 1.5 million credit and debit card owners. While a hacker initially claimed responsibility for the data breach, it was quickly debunked by a source within the banking industry speaking to ZDNet.a massive data breach that affected more than 1.5 million banking industry speaking to ZDNet Global Payments, the company that was hit by the data breach, explained that only credit card numbers -- not names, addresses, or Social Security numbers -- but would ultimately cost the card processing firm around $84 million to clean up. Responsibility for the data breach, it was quickly debunked by a source within the banking industry speaking to ZDNet. ultimately cost the card processing firm around $84 million Global Payments, the company that was hit by the data breach, explained that only credit card numbers -- not names, addresses, or Social Security numbers -- but would ultimately cost the card processing firm around $84 million to clean up Slide 6 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6 2012 In Review June: LinkedIn password breach affects 6.46 million users A Russian forum user claimed to have downloaded 6.46 million passwords belonging to LinkedIn users, though the stolen passwords were cryptographically hashed. However, many of those passwords weren't salted, meaning it was relatively easy to convert the simpler passwords into a readable format. cryptographically hashed LinkedIn shortly confirmed the data breach but did not explain how the passwords were accessed. Affected accounts were disabled and password reset emails were sent out. The later cleanup effort cost the professional social networking company around $1 million, and another $2-3 million in forensic work and security upgrades.Affected accounts were disabledaround $1 million Slide 7 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7 2012 In Review Password breach hits 1.5 million eHarmony users Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.firm's security practices were not as strong Slide 8 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8 2012 In Review Last.fm next in line to suffer massive password breach Next in line to suffer a security breach in June was Last.fm, which after claims of a similar attack on the online music social network. (ZDNet and Last.fm are both owned by CBS). It became quickly apparent that the incidents were linked, but led to further widespread criticism of the password encryption standards and security features offered by Web services. In the aftermath, many Web sites and services bolstered their security to prevent such breaches occurring again.quickly apparent that the incidents were linked Slide 9 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9 2012 In Review July: Yahoo password breach exposes 450,000 user logins Yahoo, beleaguered by corporate failures and a revolving door of CEOs, came under fire once again after hackers were able to attack the firm's networks by exploiting a flaw and downloading 450,000 plain-text login credentials.downloading 450,000 plain-text login credentials While the breach was not as large as others, such as LinkedIn or Global Payments, but details of the breach were soon reported and it became quickly apparent how easy it was to acquire the vast cache of data. Using a union-based SQL injection attack, it showed just how insecure Yahoo's security was. Yahoo was subsequently sued for negligence shortly after the hack in a San Jose, California court. The hackers said in a blog post: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat." A week later, the former Web portal giant gave the all clear and resumed its operations.sued for negligence shortly after the hackgave the all clear and resumed its operations Slide 10 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10 2012 In Review September: Apple's UDID leaks linked to Florida data breach, not FBI With the rollout of iOS 6 imminent, a wave of unique iOS-powered device codes (UDIDs) were stolen by Anonymous, allegedly from the FBI, and were uploaded to the Web. UDID codes are used by developers for analytics, but could also be used to personally identify users. There was enough suspicion to suggest either Apple had passed on the device codes for FBI surveillance, or the iPhone and iPad maker was forced to. It blew up a privacy brouhaha for close to a fortnight.unique iOS-powered device codes (UDIDs) were stolen by Anonymous Apple said, in a rare public statement, that the data had not been requested by the FBI or provided it to any organization. Eventually, after both Apple and the FBI denied any knowledge or involvement, a small company in Florida admitted to a data breach, which led to the UDID codes leaking to the Web. Apple's iOS 6 mobile operating system was rolled out only a few weeks later, which removed UDIDs from iOS- powered devices. in a rare public statementsmall company in Florida admitted to a data breach Slide 11 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11 2012 In Review October: South Carolina suffers huge Social Security records theft The state of South Carolina suffered a massive data loss of more than 3.6 million Social Security records, after government servers were breached. With a population of 4.6 million, this breach represented about 78 percent of the state's population. 16,000 credit card details were also stolen without encryption.more than 3.6 million Social Security records The figure also included 670,000 businesses affected by the data breach. It took close to three weeks before the hack came to light after U.S. Secret Service first received information regarding an incident on October 10, 2012.also included 670,000 businesses Slide 12 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12 2012 In Review December: Nationwide Mutual hacked, 1.1 million Americans affected And last but not least, insurance giant Nationwide Mutual suffered a hack that affected 1.1 million Americans, according to North Carolina Attorney General. It's thought that the hackers may have been from overseas, and may not have been on U.S. soil. that affected 1.1 million Americans Customers' names, Social Security numbers, and driver's license details were all pilfered by the hackers, and the possibility of date of birth and marital status, gender and their employers name could not be ruled out. The extent of the hack may not be realized until the early part of 2013. The insurance company prepared a statement and said it was "very sorry," but was not aware of "any misuse of customers' information." Slide 13 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13 Customers struggle to manage the security challenge Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) 1 ResearchInfiltrationDiscoveryCaptureExfiltration A new market adversary Slide 14 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14 Attacks and attackers are becoming more sophisticated The Threat Landscape is Evolving Only 16% of Firms Have a Security Policy in Place to Protect Against Advanced, Targeted Threats. * Broad Attacks Advanced Targeted Threats Recreational Hackers Organized Crime & Nation States StuxnetDuquAurora * Source: Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September 2011 Slide 15 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15 Cybercrime Environment Slide 16 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16 Turn-key attack applications are rapidly evolving Exploit Toolkits Slide 17 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17 Is your website for sale? Source: Imperva via cyberinsecure.com Slide 18 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18 18 Enterprise Security HP Confidential Slide 19 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19 Customers struggle to manage the security challenge Nature & Motivation of Attacks (Fame fortune, market adversary) 1 Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) 1 Transformation of Enterprise IT (Delivery and consumption changes) 2 Traditional DC Private Cloud Managed Cloud Public Cloud NetworkStorageServers Virtual Desktops Notebook s Tablets Smart phones Consumption Delivery ResearchInfiltrationDiscoveryCaptureExfiltration A new market adversary Slide 20 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20 Customers struggle to manage the security challenge Transformation of Enterprise IT (Delivery and consumption changes) 2 Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) 1 Transformation of Enterprise IT (Delivery and consumption changes) 2 Regulatory Pressures (Increasing cost and complexity) 3 Traditional DC Private Cloud Managed Cloud Public Cloud NetworkStorageServers Virtual Desktops Notebook s Tablets Smart phones Consumption Delivery Basel III DIACAP Policies and regulations NDAA Section 900 FISMA Slide 21 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21 Typical Attack Scenario Stage 1Initial Breach Targeted Spear Phishing Stage 2Control of Asset Malicious Code Compromises Host Stage 3Reconnaissance Map Assets & Acquire Target Stage 4Data Exfiltration Loss of Critical Data Slide 22 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22 Quality Research and Strong Threat Intelligence Protect against 1000s of Vulnerabilities Block Millions of Known Bad Hosts Bad IPs/ DNS names Granular App Control and Rate Limiting App Inspect and Protect Web Apps Custom Filter Tool with Import Capability Monitor the Global Threat Landscape Slide 23 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23 10 Defenses Against a Targeted Attack 5:00 AM Finance person receives a spearphishing email 8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability NEXT DAY / 12:01AM NMAP scan to identify and classify network resources 8:30 AM Opens to see 2012 Recruitment plan with.xls file 11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com OVER THE NEXT 10 DAYS Collect data over a period of time 12TH DAY Attack hits the headlines 8:32 AM Poison Ivy RAT is initiated 13472 5 6 89 10 DAY Spearphishing Attack Detect mail traffic containing phishing attack techniques Reputation monitoring blocks mail traffic from known sources of phishing emails Malicious Email Attachment Leverages content filters based on strong research and threat intelligence to prevent download of emails with malicious attachments Exploit Application Over 100 filters to protect against Adobe exploit Content filters detect download of Poison Ivy RAT Reputation monitoring detects downloads from known sources of malware and spyware Reconnaissance and Mapping Detect the scan, quarantine the host, determine USER ID and alert end user and admin GEOLOCATION information from event shows attack shift from external to internal External Access to Host Detect and block Poison Ivy command and control TRAFFIC Reputation monitoring takes action on communication with known malicious hosts Data Leakage Reputation monitoring detects and blocks communications with known bad hosts, domains, and unapproved geographies Attack Blocked Combination of mitigations prevent attack from being from successful Scanning and Data Collection Real time monitoring identifies anomalous internal activities by analyzing and correlating every event, then dashboards, notifications or reports to the security administrator Slide 24 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24 An era of advanced targeted attacks call for advanced defenses. The question that matters most is how prepared are you against an advanced targeted attack? I think this little guy knows Slide 25 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25 Slide 26 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you