Upload File

imagine, there’s no countries -...

  • Home
  • Documents
  • Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog
21
Imagine, There’s NO Countries Matija Mandarić [email protected]

Upload: others

Post on 24-Oct-2019

6 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Imagine, There’s NO Countries

Matija Mandarić [email protected]

Page 2: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog
Page 3: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog knjigovodstvenog softvera

M.E. Doc šalje kompromitovani update svim korisnicima;

• Unutar manje od 4h, nova varijanta naizgled postojećeg malwarea zahvaća:

• 4 bolnice;

• 22 banke;

• 2 aerodroma;

• Mrežu card procesora i bankomata;

• Elektroprivredu i povezane kompanije.

Page 4: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Rezultat?

• Preko 300 zaraženih firmi;

• 10% svih računara u državi onesposobljeno;

• Povratak u kameno doba: • Bankomati ne rade, kao ni POS terminali

• Ne postoje zapisi unutar firmi, bazi

• Gubitak podataka u državnim institucijama

Page 5: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Daleko je Ukrajina

NotPetya se nekontrolirano širi u firme

izvan Ukrajine:

• VPN, predstavništva međunarodnih firmi;

• Uz spomenute tu su još Saint-Gobain,

Beiersdorf, Mondelez i mnoge druge;

• Ukupna šteta se procenjuje na 10 mlrd USD

870

400

300

129

Po prvi put nakon dugog niza godina pojavio se destruktivni malware.

Page 6: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

• 800 brodova, 76 teretnih luka pod upravljanjem, 574 office-a u 130 država;

• 80000 računara;

27.6.2017.

• 150 DC-a, 1 preživio infekciju (offline radi gubitka struje u Ghani);

• 2 nedelje za osnovni oporavak;

• 2 meseca za potpuni oporavak mreže;

• Procena štete 300 mil USD (trošak sanacije, pravni troškovi, penali, izgubljen promet).

Maersk

Page 7: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Pogled ”ispod haube” • Čisti “network exploit” preko SMB protokola

• Ethernal Blue u kombinaciji sa Mimikatz

• NIJE 0-day

• Korisnik nema uticaja na infekciju

• Very unfocused and unpredictable spreading

• Technically - Same “virus” as 15 years ago

• Destructive purpose

Page 8: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

• U dobi cyber ratovanja granice ne postoje

• Pravovremena primena zakrpi i uopšte patch management su krucijalni za smanjivanje opsega potencijalne štete; • Tehnologija tzv. virtualnih zakrpi je podjednako primjenjivo rešenje za sve sisteme koje je

nemoguće ažurirati ili postoji rizik od zaustavljanja poslovnog/proizvodnog procesa;

• Korišćenje Multi Factor Autentikacije gde god to procesi dopuštaju, username i password je homeopatsko/placebo delovanje;

• Kontrola porta 445 (SMB group policy management), tj. mrežna segmentacija i kontrola CIFS/SMB komunikacije;

• Korišćenje antimalware sistema višestrukih slojeva zaštite (detekcija anomalija aplikacija i procesa, pokušaja neovlašćenog kriptiovanja diska, virtualne zakrpe te visoka stopa detekcije i zaustavljanje malwarea).

Lesson learned – ne postoji sigurna okolina

Page 9: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 9

LAN Server

Security

1995 2000 2005 2015 2010 1990

LAN Server Security

Leading Consumer Anti-Virus

MSN Hotmail Protection

Gateway Security

Integrated Virtualization

Security

Cloud Computing

Security

Advanced Threat

Detection

Network Defense Smart

Protection Network

30 Years of Innovation

Page 10: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 10

Page 11: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 12

Market Leadership Position

The market leader in server security

for the 7 straight years

Highest and Furthest to the Right in the Leader’s Quadrant in the Gartner

Magic Quadrant for Endpoint Protection Platforms, Jan 2017

#1 in protection and performance

• IDC, Securing the Server Compute Evolution: Hybrid Cloud Has Transformed the Datacenter, January 2017 #US41867116

• Gartner “Market Guide for Cloud Workload Protection Platforms”, Neil MacDonald, March 22, 2017

• NSS Labs Breach Detection Test Results (2014-2017); NSS NGIPS Test Results, 2017

• http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/

• https://resources.trendmicro.com/Gartner-Magic-Quadrant-

Endpoints.html • av-test.org (Jan 2014 to Oct 2017)

Recommended Breach Detection System for 4 straight years, and

Recommended Next-generation IPS

Leader in Gartner Magic Quadrant for Intrusion Detection and Prevention

Systems, January 2018

Trend Micro delivers the most cloud security controls (16 of 21) of all

evaluated vendors.

http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
Page 12: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 13

Application Control

Behavioral Analysis

Response & Containment

Intrusion Prevention

Machine Learning

Sandbox Analysis

Integrity Monitoring

Anti-Malware & Content Filtering

Application Control

Behavioral Analysis

Response & Containment

Intrusion Prevention

Machine Learning

Sandbox Analysis

Integrity Monitoring

Anti-Malware & Content Filtering

Application Control

Behavioral Analysis

Response & Containment

Intrusion Prevention

Machine Learning

Sandbox Analysis

Integrity Monitoring

Anti-Malware & Content Filtering

OPTIMIZED Minimizes IT impact

Page 13: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Application Control

Behavioral Analysis

Response & Containment

Intrusion Prevention

Machine Learning

Sandbox Analysis

Integrity Monitoring

Anti-Malware & Content Filtering

Slojevita zaštita

Page 14: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 15 reactive

SMB v1 File Sharing Protocol

Slojevita zaštita: NotPetya

Install Ransomware

Encrypt Data Files

SMB Vulnerability

WCRY

Spread Again

Network: NGIPS Traffic Inspection

Virtual Patching: Host IPS to block SMB exploit

Pre-execution: Application control Predictive ML Variant protection File-level signature

Run-time: Behavioral analysis & run-time ML

Page 15: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 16

The Undisclosed: Zero Day Initiative Preemptive Protection for “Undisclosed” Vulnerabilities

Public Disclosure Vulnerability is submitted to

ZDI

Vulnerability is Patched or

Remains Unfixed

Vendor Response

TREND MICRO TIPPINGPOINT CUSTOMERS PROTECTED AHEAD OF PATCH

OTHER NETWORK SECURITY VENDORS CUSTOMERS AT RISK

Digital Vaccine® Filter Created

Vendor Notified 72 DAYS

Average days of zero-day filter coverage from date of

DV filter shipped to ZDI public disclosure in 2017.

Page 16: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 17

Page 17: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 18

Page 18: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Cloud i virtualizacija

Klijenti

Poslovni sistemi

Ljudski faktor rizika

Široki spektar napada (email, web, usb, itd)

Ograničena vidljivost

Skriveni napadi

Različite tačke kompromitacije (npr. kompromitovani servisi)

Zaštita i sledivost

Performanse

Operativna efikasnost

Page 19: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

• Trend Micro blog: – https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-

attack-progress-hits-europe-hard/

• Wired članak: – https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-

world/

• Veracomp blog: – https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-

bitnu-inovaciju/

• Phish Insight, besplatni alat za testiranje znanja vaših korisnika emaila: – https://phishinsight.trendmicro.com

Za one koji žele znati više:

https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://veracompadria.com/hr/notpetya-ransomware-nastavak-wannacry-price-uz-bitnu-inovaciju/
https://phishinsight.trendmicro.com/
Page 20: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 25

Don’t work hard, work SMART!

Page 21: Imagine, There’s NO Countries - digital-dreams.bizdigital-dreams.biz/events/presentations/cio/Trend Micro - Imagine... · Jun 2017. • 27.06.2017. server za nadogradnje Ukrajinskog

Copyright 2017 Trend Micro Inc. 26

Hvala! [email protected]


Imagine wave JOHN LENNON (1940-1980) - IMAGINE -

Hardware Lane Melbourne Imagine Alleys - … Arcade Ann Arbor, Michigan Imagine Alleys. Sacramento Imagine Alleys. ... Pearl District Portland, OR Imagine Alleys. Melbourne Imagine

Digital Dreams - Powered by Advanced Machine Learning ...digital-dreams.biz/.../Aleksandar_Mijatovic-Conversational_assistant.… · Conversational assistant Powered by Advanced Machine

Imagine lennon

IMAGINE PHOTOGRAMMETRY - Imagem NL€¦ · IMAGINE Photogrammetry with the capabilities of ERDAS IMAGINE enables multiple workflows, including: Stereo Analyst for ERDAS IMAGINE is

Unlocking Industry Value with an Intelligent Enterprise Strategydigital-dreams.biz/events/presentations/cio2019/Dusan... · 2019-10-09 · Unlocking Industry Value with an Intelligent

Imagine Learning Evidence of Effectivenessildc.cdn.imaginelearning.com/Company/US/MA/Imagine... · Imagine Learning Evidence of Effectiveness Imagine Learning is an award-winning

Delivering Integrated Cyber Defense in the Cloud Generationdigital-dreams.biz/events/presentations/cio2019/... · Defense in the Cloud Generation Davor Perat Senior Technology Consultant

Imagine Dragons

Imagine the result Bookings and Backlog Imagine the result

Imagine Cup IT Challenge - download.microsoft.comdownload.microsoft.com/.../ImagineCupIT_Challenge.pdf · Imagine Cup Account: Once you register with the Imagine Cup and have an Imagine

Strong authentication and SSL certificates in Digital worlddigital-dreams.biz/events/presentations/cio2019/Mija_Bozic_2019... · 1 Strong authentication and SSL certificates in Digital

Imagine Durant: PUBLIC Dialogue Harvest Report Docs/Imagine Durant...Imagine Durant Public Dialogue licensed under a Creative Commons Attribution 4.0 International License. Imagine

ERDAS IMAGINE&IMAGINE Photogrammetry 2016

Lennons Imagine

SAFEGUARDS DATA SHEET (PID/ISDS) COMBINED PROJECT ...€¦ · 27.06.2017  · COMBINED PROJECT INFORMATION DOCUMENTS / INTEGRATED SAFEGUARDS DATA SHEET (PID/ISDS) Additional Financing

Imagine you are indigenous. Imagine your whole life

TRAINING FOR CRAFTSMEN MANUFACTURING Results of …...Jul 06, 2017  · TRAINING FOR CRAFTSMEN MANUFACTURING AROMATIC PLANTS: PROJECT ERASMUS+ HERBARTIS BARCELONA | 27.06.2017

Imagine John Lennon Imagine there's no heaven Imagine não haver o paraíso

Imagine. Explore. Create. - Milliken & Companyprodcat.milliken.com/ProductCatalogDocuments/Figurative II Brochure... · IMAGINE. EXPLORE. CREATE. The Imagine carpet collection by

Lennon. Imagine

Imagine johnlenon

Encryption and Authentication still Remain Base for ...digital-dreams.biz/events/presentations/cio2019/4 Thales - M.Bobinac... · Start with the basics of Security foundation: Encryption

TARGETED ANALYSIS // IMAGINE...TARGETED ANALYSIS // IMAGINE 8 ESPON // espon.eu Figure 1 - Imagine Dashboard 1.2 Imagine Web-app To conclude, it is also proposed an Imagine Web-app

ERDAS IMAGINE Configuration Guide for Solaris · ERDAS, ERDAS IMAGINE, ... About IMAGINE 9.1 ... About This Manual The ERDAS IMAGINE Installation Guide takes you step-by

Imagine Learning Lesson Guide by Curriculum Areaildc.cdn.imaginelearning.com/CloudContent/teacher...Imagine Learning®, Imagine Learning English®, Imagine Learning Español™, the

Imagine( IMAGINE - Open University...MK7 6AA UK. Email: [email protected] Imagine(IMAGINE . ANEXPLORATION Wewanttounderstandyourviewson(the history and legacy of cultural value within

CA Paris - 27.06.2017- 17-03240 fileCA Paris - 27.06.2017- 17-03240.pdf Author: Guy Created Date: 10/12/2017 9:17:49 PM Keywords ()

Building an Imagine Culture:. Goals for New Imagine Teachers Understand the history of Imagine Understand the basic philosophy of Imagine Know the opportunities

Just Imagine

Re Imagine

Imagine Schools Summer Math Challenge - SharpSchoolimagineschoolslakewoodranch.sharpschool.com/UserFiles/Servers... · Page 1 Imagine Schools Summer Math Challenge ... Imagine Standard:

Aachen konferenz Presse- September 27.06.2017 Special · Entdecker von Jamie Cullum, in London. Rhythm & Blues at it‘s best! Pressekonferenz AachenSeptemberSpecial 2017 KASALLA

Imagine

IMAGINE - Guidance on the Imagine methods