cyber threat intelligence

0 Copyright 2015 FUJITSU

Human Centric Innovation

Fujitsu Forum 2015

18th – 19th November


Cyber Threat Intelligence


Rob Norris Director of Enterprise & Cyber Security

Lead Threat Intelligence Analyst Bryan Campbell


Cyber Security should no longer be seen as an IT Department issue but one that extends from the end user to the boardroom


Don’t take our word for it…

of businesses would be discouraged from investing in a business that had been hacked 79%

Source KPMG FTSE 350 Management Board Survey


IoT - A digital world and an evolving threat landscape

2003 2015

Rise of Digital Devices – Today 3 billion+ internet users


Data breach losses globally by 2019

£1.34 trillion

IoT - A digital world and an evolving threat landscape

50 bn 2020

10bn 2013

Things connected to the internet

Source – Juniper research


The Threat


Cyber Crime – Some key facts

Large corporations reported a cyber

breach in the past year

93 %

Small businesses reported a cyber breach

in the past year

87 %

The time it takes for 60% of security vulnerabilities

to be identified

9 Months

Source - Mandiant


Major threats predictions for 2015

State sponsored cyber

espionage POS Malware

Major Software Flaws Ransomware ATM

Jackpotting Crimeware as a service

Banking Trojans

DDOS attacks

Mobile platform threat IoT Attacks


What is Dridex?

A banking Trojan which evolved from ZeuS & Cridex families of Botnets

Malicious, spoofed emails

Embedded macro downloading executable from compromised servers

Targets banking sites

Socially engineered subject lines

Can survive reboots

Avoids detection against Sandboxes


A Dridex timeline

August 2014 Dridex first observed

February 2015 UAC avoidance

observed

April 2015 Database containing 385m email addresses captured from Command & Control

Server by Fujitsu


Dridex on the world map

1

Hosts

Russia 91.58% 261 source hosts 1.

UK 1.75% 5 source hosts 2.

US 1.4% 4 source hosts 3.

2

3

1

261


Dridex in numbers

989

Unique malicious destination addresses

112

Unique subject lines used

97

Unique hash values derived

12

Unique ‘spoofed’ user agents used

19

Abuse emails sent to hosting companies

11

‘Takedowns’ resulting from abuse emails

213

Unique command & control servers identified

3

Campaigns in a single day


Dridex by campaign

1

2

3

4

Word Excel Word / Excel EXE


Demo of data exfiltration


Fujitsu Cyber Security – 4 decades of experience

40+ Year History in design & delivery of

large scale, cyber security services

Highest Partner Accreditations

Operating in Public and Private sector,

and National Defence Businesses

R&D Capability – developing/delivering

Fujitsu security products, e.g. PalmSecure

5 Global Security Operations Centres

operating to highest National Government

security levels

1000+ Security professionals

– over 400 in EMEIA

IDS/IPS Data Loss Prevention

Web & email security

End point protection

Firewalls

Palm Secure Secure

Infrastructure

Products

Cloud Assessment

Training & Awareness

Technical Design

DLP Assessment Continuity & Security Consultancy

3rd Line Support

Advanced Cyber Ops

SIEM

Vulnerability Management

Identity & Access Mgmt

Consult & Services


Partners


Everyone must be vigilant

Analyse and correlate across

multiple security technologies

Security Operation Centres provide awareness and

context

Conclusion

cyber threat intelligence

Technology