1

Cybersecurity and web-based attacksA perspective from Symantec

Zoltan PrecsenyiGovernment Affairs Manager

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Agenda

2

About Symantec1

The web: a powerful tool2

Cyberattacks: the threat landscape3

Future trends: growing challenges4

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

3

About Symantec

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Symantec™ Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact

Information ProtectionPreemptive Security Alerts Threat Triggered Actions

Global Scope and ScaleWorldwide Coverage 24x7 Event Logging

Rapid Detection

Attack Activity• 240,000 sensors• 200+ countries

Malware Intelligence• 133M client, server,

gateways monitored• Global coverage

Vulnerabilities• 40,000+ vulnerabilities• 14,000 vendors• 105,000 technologies

Spam/Phishing• 5M decoy accounts• 8B+ email messages/day• 1B+ web requests/day

Austin, TXMountain View, CACulver City, CA

San Francisco, CA

Taipei, Taiwan

Tokyo, Japan

Dublin, IrelandCalgary, Alberta

Chengdu, China

Chennai, India

Pune, India

4International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

5

The web: a powerful tool

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

6

http://www.symantec.com/about/news/release/article.jsp?prid=20110907_02

The webCybercrime steadily growing

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

The webUnderground Economy a soaring market

• Credit card information & bank account credentials still on top• Big range in bulk prices for credit cards

7International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

The webAttack Kits Get a Caffeine Boost

8

• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared

More Info:

Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

9

The webCommunication channel for criminals as well

http://www.cbsnews.com/stories/2007/03/02/60minutes/main2531546.shtml

http://news.bbc.co.uk/2/hi/americas/6197446.stmhttp://news.intelwire.com/2011/07/internet-provides-terrorists-with-tools.html

http://www.osce.org/atu/44197

Communicate

Recruit

Equip

Instruct

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

10

Cyberattacks: the threat landscape

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

11

OrganizedCrimeRings

WellMeaningInsiders

MaliciousInsiders Extremists

At this stage, terrorism is more a scenario than an actual incidentEffective communication and money laundering tool that should not be interrupted

Historically terrorism scenarios envisage cyber-attacks as amplifiers

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Threat LandscapeThe actors inside and outside

Symantec Internet Security Threat Report (ISTR), Volume 16 12

OrganizedCriminal

Well Meaning Insider

Malicious Insider

Disruption of critical infrastructure operations

Large-scale

DDoS attacks

Malware outbreaks within

protected networks

Stealthy ex-filtration or unintended

loss of confidential data

Website

defacing

Threat LandscapeThe objectives information and/or infrastructure

13

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

http://online.wsj.com/article/SB126102247889095011.html

Threat LandscapeAsymmetric warfare small investment, big damage

14

http://www.dailymail.co.uk/news/article-1197562/MI6-chief-blows-cover-wifes-Facebook-account-reveals-family-holidays-showbiz-friends-links-David-Irving.html

Threat LandscapeOSINT collection

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Threat LandscapeSocial Networking + Social Engineering = Compromise

15

• Hackers have adopted social networking – Use profile information to create targeted social engineering

– Impersonate friends to launch attacks

– Leverage news feeds to spread spam, scams and massive attacks

Detailed review of Social Media threats available in The Risks of Social Networking

More Info:

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

16

CAPTUREAccess data on

unprotected systems

Install root kits to capture network data

3

DISCOVERYMap organization’s

systems

Automatically find confidential data

2

INCURSIONAttacker breaks in via

targeted malware, improper credentials or

SQL injection

1

EXFILTRATIONConfidential data sent to hacker team in the clear,

wrapped in encrypted packets or in zipped files

with passwords

4

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Threat LandscapeTargeted Attacks process

Threat LandscapeTargeted Attacks evolution

17

• High profile attacks in 2010 raised awareness of impact of APTs

• Stuxnet was incredibly sophisticated– Four zero-day vulnerabilities

– Stolen digital signatures

– Ability to “leap” the air gap with USB key

– Potential damage to infrastructureDetailed review in the:W32.Stuxnet Dossier& W32.Stuxnet

More Info:

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

18

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Threat LandscapeMalicious activity by country

• 93% increase in Web-based attacks from 2009 to 2010 • Spikes related to specific activities (new attack kits, current

events, etc.)

19

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Threat LandscapeWeb based attacks on the rise

20

Future trends: growing challenges

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

21

Technology Strengths Weaknesses

Cloud

Enhanced overall security capabilities:• Detection• Protection• Backup and recovery

Blurred individual security perimeter:• Loss of control over certain assets• Increased interdependencies• New single points of failure

Virtualisation

Flexibility and efficiency:• More resilient infrastructure• Better use of hardware• Enhanced interoperability

Segregated tasks run on shared assets:• Physical proximity between isolated

virtual environments• Higher exposure to more

vulnerabilities

Mobile

Well, mobility:• Access to data anytime, anywhere• Federated identity management• Better convergence between

different communication channels

Well, again, mobility:• Lower security awareness and culture• Cross-exposure of federated identities

to vulnerabilities in one of them• Increased risk of data loss through

device loss

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Technology landscapeMega Trends

Threat Landscape2010 Trends

22

Social Networking

+ social engineering = compromise

Attack Kits get a caffeine boost

Targeted Attacks continued to evolve

Hide and Seek

(zero-day vulnerabilities and rootkits)

Mobile Threats increase

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

23

Threat LandscapeAttribution will remain an issue

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

• Who is behind the attack? What are their motives?• Do you know? Can you be sure?• Can you disclose the information? Should you?• Can you respond? Should you? How?

Mind your people:•Strong authentication for identity and access control•Security awareness training

Protect your devices:• Advanced reputation security• Device management• Removable media control

Harden your systems and networks:

• Vulnerability assessment• Intrusion prevention• Email and web gateway filtering

24

Protect your information:• Encryption• Data loss prevention

Understand the threat in close to real time:

• Advanced reputation security• Network threat and

vulnerability monitoring

Respond:• Security incident

management• Back-up and recovery

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011

Security LandscapeWhat you can do to protect your assets

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Thank you!

25

Zoltan Precsenyizoltan_precsenyi@symantec.com

International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011