cyber threat intelligence
TRANSCRIPT
0 Copyright 2015 FUJITSU
Human Centric Innovation
Fujitsu Forum 2015
18th – 19th November
1 Copyright 2015 FUJITSU
Cyber Threat Intelligence
2 Copyright 2015 FUJITSU
Rob Norris Director of Enterprise & Cyber Security
Lead Threat Intelligence Analyst Bryan Campbell
3 Copyright 2015 FUJITSU
Cyber Security should no longer be seen as an IT Department issue but one that extends from the end user to the boardroom
4 Copyright 2015 FUJITSU
Don’t take our word for it…
of businesses would be discouraged from investing in a business that had been hacked 79%
Source KPMG FTSE 350 Management Board Survey
5 Copyright 2015 FUJITSU
IoT - A digital world and an evolving threat landscape
2003 2015
Rise of Digital Devices – Today 3 billion+ internet users
6 Copyright 2015 FUJITSU
Data breach losses globally by 2019
£1.34 trillion
IoT - A digital world and an evolving threat landscape
50 bn 2020
10bn 2013
Things connected to the internet
Source – Juniper research
7 Copyright 2015 FUJITSU
The Threat
8 Copyright 2015 FUJITSU
Cyber Crime – Some key facts
Large corporations reported a cyber
breach in the past year
93 %
Small businesses reported a cyber breach
in the past year
87 %
The time it takes for 60% of security vulnerabilities
to be identified
9 Months
Source - Mandiant
9 Copyright 2015 FUJITSU
Major threats predictions for 2015
State sponsored cyber
espionage POS Malware
Major Software Flaws Ransomware ATM
Jackpotting Crimeware as a service
Banking Trojans
DDOS attacks
Mobile platform threat IoT Attacks
10 Copyright 2015 FUJITSU
What is Dridex?
A banking Trojan which evolved from ZeuS & Cridex families of Botnets
Malicious, spoofed emails
Embedded macro downloading executable from compromised servers
Targets banking sites
Socially engineered subject lines
Can survive reboots
Avoids detection against Sandboxes
11 Copyright 2015 FUJITSU
A Dridex timeline
August 2014 Dridex first observed
February 2015 UAC avoidance
observed
April 2015 Database containing 385m email addresses captured from Command & Control
Server by Fujitsu
12 Copyright 2015 FUJITSU
Dridex on the world map
1
Hosts
Russia 91.58% 261 source hosts 1.
UK 1.75% 5 source hosts 2.
US 1.4% 4 source hosts 3.
2
3
1
261
13 Copyright 2015 FUJITSU
Dridex in numbers
989
Unique malicious destination addresses
112
Unique subject lines used
97
Unique hash values derived
12
Unique ‘spoofed’ user agents used
19
Abuse emails sent to hosting companies
11
‘Takedowns’ resulting from abuse emails
213
Unique command & control servers identified
3
Campaigns in a single day
14 Copyright 2015 FUJITSU
Dridex by campaign
1
2
3
4
Word Excel Word / Excel EXE
15 Copyright 2015 FUJITSU
Demo of data exfiltration
16 Copyright 2015 FUJITSU
Fujitsu Cyber Security – 4 decades of experience
40+ Year History in design & delivery of
large scale, cyber security services
Highest Partner Accreditations
Operating in Public and Private sector,
and National Defence Businesses
R&D Capability – developing/delivering
Fujitsu security products, e.g. PalmSecure
5 Global Security Operations Centres
operating to highest National Government
security levels
1000+ Security professionals
– over 400 in EMEIA
IDS/IPS Data Loss Prevention
Web & email security
End point protection
Firewalls
Palm Secure Secure
Infrastructure
Products
Cloud Assessment
Training & Awareness
Technical Design
DLP Assessment Continuity & Security Consultancy
3rd Line Support
Advanced Cyber Ops
SIEM
Vulnerability Management
Identity & Access Mgmt
Consult & Services
17 Copyright 2015 FUJITSU
Partners
18 Copyright 2015 FUJITSU
Everyone must be vigilant
Analyse and correlate across
multiple security technologies
Security Operation Centres provide awareness and
context
Conclusion
19 Copyright 2015 FUJITSU