advanced waf para amenazas avanzadas · f5 advanced waf solution. password-stealing malware is a...
TRANSCRIPT
![Page 1: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/1.jpg)
Advanced WAF para amenazas avanzadas
Carlos Valencia – Sr Systems Engineer
![Page 2: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/2.jpg)
…have a public facing web property?
…have a high-sensitivity web property?
…contend with bots and unwanted automation?
…have compliance obligations?
…have difficult to upgrade software stacks?
…have legacy web applications?
…need zero day breathing room?
…want to reduce your development time-to-market?
Do you…
![Page 3: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/3.jpg)
If you answered YESto any of the above…
WAFmight be for
you!
![Page 4: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/4.jpg)
Is security policy being enforced? Is it enforceable?
•
![Page 5: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/5.jpg)
Is security policy being enforced? Is it enforceable?
•
•
•
•
![Page 6: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/6.jpg)
Non-API
Users
Self-selected UseTech Savvy Consumers
Innovators
Disruptors
Enterprise UseBusiness Partners
Distribution Partners
Suppliers
Product IntegrationBusiness Partners
Product Ecosystem
Tech-savvy Consumers
Open Web APIs
B2B APIsProduct
APIs
Digital
Experience
Mobile
Web
Internal API
Enterprise Applications (custom, off-the-shelf, on premise, cloud) Products
![Page 7: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/7.jpg)
Web App Attacks Are the #1 Single Source Entry Point of Successful Data Breaches…
3%
11%
33%
53%
Other (VPN, PoS, infra.)
Physical
User / Identity
Web App Attacks
![Page 8: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/8.jpg)
The evolving risk of tomorrow needs Advanced WAF today
Traditional WAF
Blacklisting
OWASP Top 10
Regulatory Compliance
Protections against well
known attack vectors
Provides coverage as a
compensating control
Filtering of known bad
requests (signatures)
Does not take into account evolving
attack vectors
(L7 DDoS, Intellectual Property Theft, Bot Fraud, etc.)
![Page 9: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/9.jpg)
F5 Advanced WAF Solution
![Page 10: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/10.jpg)
Password-Stealing Malware is a Key Tool for Cybercriminals
Figure Credit: Verizon 2017 Data Breach Investigations Report
![Page 11: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/11.jpg)
How do we stop this?
11
• #1 is Protect Passwords• F5 DataSafe application layer encryption
• #2 is Protect the Web Application• Brute Force Login Protection, IP Intelligence and Anti-Bot Mobile SDK
• Credential Stuffing Subscription, Threat Campaigns and Centralized DeviceID
• #3 is Properly Managing Access• Use APM for MFA and Federation
* Coming in future releases
![Page 12: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/12.jpg)
Attacker
What is Credential / Form Grabbing?
The victim is infected
with malware
The victim makes a secure
connection to a web site
This triggers the
malware
The victim enters data
into the web form
This content can be
stolen by the malware
The victim submits
the web form
The information is encrypted
and sent to the web server
The information is also sent
to the drop zone in clear text
Web Site
Victim
Drop zone
![Page 13: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/13.jpg)
USERNAME Credit Card
Data
USERNAME Intellectual
Property
USERNAME Healthcare
Data
USERNAME Passport
Data
USERNAME Financial
Data
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
How Credential Stuffing Works
Credentials from Previous Breaches
![Page 14: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/14.jpg)
Username = 4TTFEQmlebq47+1s+AlykmQc9+A7quLctkKA/rC2CGo=
Username = averagejoe
Password = 85Mustang
Password = J+4OfaGXwPqVCuDmOb9kY8Ama/P6AVxOSSfeCtGnAJI=
Application Layer Encryption
![Page 15: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/15.jpg)
HTML Field Obfuscation (HFO)
• Protects against malicious scripts that seek out form elements before HFO runs.
• Adds fake form fields to further confuse attackers.
• Dynamically changes field names on a frequent interval.
Obscures visibility and slows down attackers
NikwQH38GADKDm4ShuYKw0t6KYLSnGyMElRpctLOFF8= = 4TTFEQmlebq47+1s+AlykmQc9+A7quLctkKA/rC2CGo=
ILdDJKaLSiopyvRjNw+V3V3NKTL4mFUeTL7alr+Swjk= = J+4OfaGXwPqVCuDmOb9kY8Ama/P6AVxOSSfeCtGnAJI=
Username = averagejoe
Password = 85Mustang
![Page 16: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/16.jpg)
How DataSafe Uses Encryption to Protect Confidential Data?
The user is already
infected with malwareThe malware runs and the
user enters their credentials
LTMBIG-IP LTM + Application Layer
Encryption
Web applicationThe obfuscated code is
added
The public key is included
in the response
The user requests a
logon page
FPS uses the private key to
decrypt the password field
The malware sends the
content to the drop zone
The hacker is unable to
decrypt and therefore
unable to use the contentFPS takes a public and
private key pair
Attacker Dropzone
Victim
![Page 17: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/17.jpg)
Proactive Bot Defense
Half of Internet traffic
comes from bots
30% is malicious
web attacks
77% of web app attacks
were the targets of botnet
activity
account takeover
Total account takeover
losses reached $2.3B in
2016
Vulnerability Scanning
Web Scraping
Denial of Service
![Page 18: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/18.jpg)
What Do Malicious Bots Do?
There are millions of bots
Attack web and mobile apps
Launch Denial of Service
Tamper with transactions
Infect users with malware
Gain unauthorized
access to accounts
![Page 19: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/19.jpg)
Advanced Bot Detection
Customer
First time
request to
web server
WAF Responds
with Injected JS:
Request is not
passed to the server
Browser responds
to challenge and
resends request
No challenge
response
from Bots.
Bots are
droppedValid response is
sent to the server
Future valid
browser requests
bypass challenge
Legitimate Browser Verification
Server
WAF
WAF verifies response authenticity.
Cookie is signed, time stamped,
and finger printed.
Continuous
invalid bot
attempts are
blocked
JSJS
![Page 20: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/20.jpg)
F5 Anti-Bot Mobile SDK
![Page 22: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/22.jpg)
APPLICATION PROTECTION
ADVANCED WAF
APP-LAYER
ENCRYPTION
BEHAVIORAL
DDOS
ANTI-BOT
MOBILE SDK
PROACTIVE
BOT DEFENSE
![Page 23: Advanced WAF para amenazas avanzadas · F5 Advanced WAF Solution. Password-Stealing Malware is a Key Tool for Cybercriminals Figure Credit: Verizon 2017 Data Breach Investigations](https://reader033.vdocument.in/reader033/viewer/2022050401/5f7fa7a83f79764e8b4dfa56/html5/thumbnails/23.jpg)