How to Reduce Avenues of Attack:

Using Intel to Plan for Cyber Threats in 2017

Today’s Speakers

2

Adam MeyerChief Security StrategistSurfWatch Labs

Aaron BayChief Intelligence AnalystSurfWatch Labs

Top Cybercrime Targets from

2016

3

SurfWatch Labs collected data on more

than 6,000 targets associated with

cybercrime in 2016 - from open and dark

web sources

Prime Healthcare Services Inc

21st Century Oncology Holdings, Inc.

Top Cybercrime Targets from

2016

4

SurfWatch Labs collected data on more

than 6,000 targets associated with

cybercrime in 2016 - from open and dark

web sources

Interconnectivity Creates Many Avenues of Attack

5

Cybercriminals shift their tactics to find openings via side doors:• Expanding number of

vulnerable IoT devices

• Supply chains are increasingly being targeted

• Default, easy-to-guess, and/or re-used credentials are used in additional attacks

Driving Better Security Outcomes with Practical Threat Intelligence

6

• It is important to understand cybercriminals’ capability, intent and opportunity…

BUT

• You can really only control their level of opportunity by minimizing your vulnerable “level of presence”

THREATCAPABILI

TY INTENT

OPPORTUNITY

Exploring the Threat Triangle in the Context of Your Business

7

YOU

THREATCAPABILI

TY

OPPORTUNITY

INTENT

BRAND

LOYALTY

LEVEL OF PRESENCEOPE

N SOURCE

INFRASTRUCTURE

DARK WEB

CONTROLSREGULA

TORY

RISK

INTERNALTR

USTREPUTATION

Cybercrime Trend #1: Rise of the IoT Botnets

8

“Smart” devices provide convenience, but also create a wider attack surface• Proliferation of devices

• DDoS attacks

• Ease of weaponization – ala Mirai, which weaponizes vulnerable IoT devices

Distribution of Mirai Botnet in October attack

IoT Botnets Driving a Surge in Service Interruption

9

The percent of negative CyberFacts related to “service interruption” surged in the fourth quarter of 2016 due to attacks and concern around Mirai and other IoT-powered botnets.

Cyber Forecast: Expect Increasingly Creative IoT Attacks in 2017

10

• More devices being developed + more consumer and commercial use = More devices to target

• Cybercriminals are always looking for new opportunities

• As-a-service attack capabilities for sale on the Dark Web right now

Practical Risk Mitigation Steps You Can Take

11

1. Treat “smart” devices as an IT asset. Anything that is connected to the internet - i.e. a smart light bulb - should be treated as network device.

2. Focus on the basics. Segment your IoT devices on the network in their own zone (similar to BYOD segmentation).

3. Stay current and aware of relevant cyber threats within this technology area. Even better, ensure you have visibility of risks within your digital supply chain and your business.

Cybercrime Trend #2: Supply Chains Are a Weak Link

12

• Target was the first big “supply chain” breach that made headlines, but the problem has only grown larger over the years

• Percentage of targets publicly associated with 3rd party cybercrime nearly doubled over the last year

• NOTE – many breach announcements do not disclose the root cause

• Healthcare sector hit hard

More Cybercrime Tied to 3rd Parties

Supply Chain Threats Impact Many Industries

13

• Malvertising through online ad networks

• Data breaches via 3rd party PoS providers

• Financial thefts via ATM vulnerabilities

• Patient info stolen via 3rd party organizations being hacked/poorly secured

While many industries impacted, the effects varied:

Cyber Forecast: Your Level of Presence Will Continue to Grow – As Will Your Risk

14

• Supply chain accounts for a large part of your digital footprint

• Greater risk of fraud, extortion, ransom, compromised accounts, exploited assets, DDoS attacks

YouAre

Here

Or Here

Or Here

Practical Risk Mitigation Steps You Can Take

15

1. Ensure vendors are properly managing data and access credentials. Poor security practices and errors among 3rd parties regularly lead to unauthorized access and sensitive information being exposed.

2. Gain visibility of who is connected to your organization. Know who you’re working with, continue to evaluate their cyber risks and understand how they are digitally connected to you.

3. Look at threat activity outside your organization – as well as obviously from within. Threat intelligence provides insights as to where to focus your resources most effectively. The best approach leverages both internal and external intel – so you have a complete picture of risk.

Cybercrime Trend #3: Expanding Sea of Compromised Info

16

Password Reuse Makes Old Breaches New Again• More than 500 million accounts

breached in 2016

• Many users often reuse passwords across multiple sites

• Automation of credential stuffing

Stolen/Leaked Credentials Remain a Big Problem

17

Three of the largest data breach announcement ever in terms of compromised accounts was the reason for the dramatic spike in stolen/leaked credentials in 2016.

Cyber Forecast: Compromised Credentials Will Spawn New Breaches

18

What is Similar About These Companies?• Github

• Citrix

• Carbonite

• TeamViewer

• Twitter

• Reddit

• LogMein, Inc.

All were high-profile victims of password reuse attacks

Practical Risk Mitigation Steps You Can Take

19

1. Combat the ongoing and pervasive issue of password reuse. Educate employees. Implement policies around unique passwords. Require multi-factor authentication.

2. Be cautious of the amount of information freely provided. Public information is often used in social engineering attacks. One piece of info can be used to gain another piece, until the attackers have enough of the puzzle figured out.

3. Monitor dark web markets and sites such as Pastebin. These are examples of sites where bad actors publish or sell data dumps. Knowing if your company is associated with any of these can help you mitigate risk.

20

Completing YourCyber Risk Picture

Goals

Strategy

Tactics

Techniques

Procedures

Tools

Host & Network Artifacts

Atomic Indicators

What they want

(INTENT)

How they will get it CAPABILITY

Evidence of Presence

Design

Implementation

Technical Flaws

User Interaction

Vulnerabilities Present Due to:

21

Completing YourCyber Risk Picture

Goals

Strategy

Tactics

Techniques

Procedures

Tools

Host & Network Artifacts

Atomic Indicators

What they want

(INTENT)

How they will get it CAPABILITY

Evidence of Presence

Design

Implementation

Technical Flaws

User Interaction

Vulnerabilities Present Due to:

What You DO Control

What You DO NOT Control

22

Q&A and Additional SurfWatch Labs Resources

23

SurfWatch Cyber Advisor:www.surfwatchlabs.com/cyber-advisor

Dark Web Intelligence: www.surfwatchlabs.com/dark-web-intelligence

Personalized SurfWatch Demonstration:info.surfwatchlabs.com/request-demo

Strategic and Operational Threat Intelligence

Q&A

24

1. Nation-state cyber skirmishes will increase and get louder

2. Ransomware will continue to be a moneymaker for cybercriminals

3. Extortion will increase

4. More organizations will look to threat intel as a way to minimize risk exposure