1 cybersecurity and web-based attacks a perspective from symantec zoltan precsenyi government...
Post on 15-Jan-2016
218 Views
Preview:
TRANSCRIPT
1
Cybersecurity and web-based attacksA perspective from Symantec
Zoltan PrecsenyiGovernment Affairs Manager
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Agenda
2
About Symantec1
The web: a powerful tool2
Cyberattacks: the threat landscape3
Future trends: growing challenges4
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
3
About Symantec
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Symantec™ Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors• 200+ countries
Malware Intelligence• 133M client, server,
gateways monitored• Global coverage
Vulnerabilities• 40,000+ vulnerabilities• 14,000 vendors• 105,000 technologies
Spam/Phishing• 5M decoy accounts• 8B+ email messages/day• 1B+ web requests/day
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
4International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
5
The web: a powerful tool
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
6
http://www.symantec.com/about/news/release/article.jsp?prid=20110907_02
The webCybercrime steadily growing
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
The webUnderground Economy a soaring market
• Credit card information & bank account credentials still on top• Big range in bulk prices for credit cards
7International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
The webAttack Kits Get a Caffeine Boost
8
• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared
More Info:
Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
9
The webCommunication channel for criminals as well
http://www.cbsnews.com/stories/2007/03/02/60minutes/main2531546.shtml
http://news.bbc.co.uk/2/hi/americas/6197446.stmhttp://news.intelwire.com/2011/07/internet-provides-terrorists-with-tools.html
http://www.osce.org/atu/44197
Communicate
Recruit
Equip
Instruct
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
10
Cyberattacks: the threat landscape
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
11
OrganizedCrimeRings
WellMeaningInsiders
MaliciousInsiders Extremists
At this stage, terrorism is more a scenario than an actual incidentEffective communication and money laundering tool that should not be interrupted
Historically terrorism scenarios envisage cyber-attacks as amplifiers
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Threat LandscapeThe actors inside and outside
Symantec Internet Security Threat Report (ISTR), Volume 16 12
OrganizedCriminal
Well Meaning Insider
Malicious Insider
Disruption of critical infrastructure operations
Large-scale
DDoS attacks
Malware outbreaks within
protected networks
Stealthy ex-filtration or unintended
loss of confidential data
Website
defacing
Threat LandscapeThe objectives information and/or infrastructure
13
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
http://online.wsj.com/article/SB126102247889095011.html
Threat LandscapeAsymmetric warfare small investment, big damage
14
http://www.dailymail.co.uk/news/article-1197562/MI6-chief-blows-cover-wifes-Facebook-account-reveals-family-holidays-showbiz-friends-links-David-Irving.html
Threat LandscapeOSINT collection
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Threat LandscapeSocial Networking + Social Engineering = Compromise
15
• Hackers have adopted social networking – Use profile information to create targeted social engineering
– Impersonate friends to launch attacks
– Leverage news feeds to spread spam, scams and massive attacks
Detailed review of Social Media threats available in The Risks of Social Networking
More Info:
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
16
CAPTUREAccess data on
unprotected systems
Install root kits to capture network data
3
DISCOVERYMap organization’s
systems
Automatically find confidential data
2
INCURSIONAttacker breaks in via
targeted malware, improper credentials or
SQL injection
1
EXFILTRATIONConfidential data sent to hacker team in the clear,
wrapped in encrypted packets or in zipped files
with passwords
4
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Threat LandscapeTargeted Attacks process
Threat LandscapeTargeted Attacks evolution
17
• High profile attacks in 2010 raised awareness of impact of APTs
• Stuxnet was incredibly sophisticated– Four zero-day vulnerabilities
– Stolen digital signatures
– Ability to “leap” the air gap with USB key
– Potential damage to infrastructureDetailed review in the:W32.Stuxnet Dossier& W32.Stuxnet
More Info:
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
18
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Threat LandscapeMalicious activity by country
• 93% increase in Web-based attacks from 2009 to 2010 • Spikes related to specific activities (new attack kits, current
events, etc.)
19
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Threat LandscapeWeb based attacks on the rise
20
Future trends: growing challenges
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
21
Technology Strengths Weaknesses
Cloud
Enhanced overall security capabilities:• Detection• Protection• Backup and recovery
Blurred individual security perimeter:• Loss of control over certain assets• Increased interdependencies• New single points of failure
Virtualisation
Flexibility and efficiency:• More resilient infrastructure• Better use of hardware• Enhanced interoperability
Segregated tasks run on shared assets:• Physical proximity between isolated
virtual environments• Higher exposure to more
vulnerabilities
Mobile
Well, mobility:• Access to data anytime, anywhere• Federated identity management• Better convergence between
different communication channels
Well, again, mobility:• Lower security awareness and culture• Cross-exposure of federated identities
to vulnerabilities in one of them• Increased risk of data loss through
device loss
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Technology landscapeMega Trends
Threat Landscape2010 Trends
22
Social Networking
+ social engineering = compromise
Attack Kits get a caffeine boost
Targeted Attacks continued to evolve
Hide and Seek
(zero-day vulnerabilities and rootkits)
Mobile Threats increase
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
23
Threat LandscapeAttribution will remain an issue
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
• Who is behind the attack? What are their motives?• Do you know? Can you be sure?• Can you disclose the information? Should you?• Can you respond? Should you? How?
Mind your people:•Strong authentication for identity and access control•Security awareness training
Protect your devices:• Advanced reputation security• Device management• Removable media control
Harden your systems and networks:
• Vulnerability assessment• Intrusion prevention• Email and web gateway filtering
24
Protect your information:• Encryption• Data loss prevention
Understand the threat in close to real time:
• Advanced reputation security• Network threat and
vulnerability monitoring
Respond:• Security incident
management• Back-up and recovery
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
Security LandscapeWhat you can do to protect your assets
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
25
Zoltan Precsenyizoltan_precsenyi@symantec.com
International Conference on Terrorism and Democracy in the 21st Century, Budapest, September 29-30, 2011
top related