PRESENTED BY:

Size: px

Start display at page:

Download "PRESENTED BY:"

Evan Ferguson
5 years ago
Views:

1 PRESENTED BY:

2 APPLICATIONS ARE The reason people use the Internet The business the target The gateway to DATA

3 765 Average # of Apps in use per enterprise 6 min before its scanned 1/3 If vulnerable, you could be PWND in Mission critical <2 hrs

Cross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking

Dictionary attacks DDoS DDoS Eavesdropping Protocol abuse Man-in-the-middle Network API

DDoS Abuse of functionality Credential theft Credential stuffing Session hijacking Brute

4 Cross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware DNS Client Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping Protocol abuse Man-in-the-middle Network API attacks Cross-site scripting Injection Cross-site request forgery Malware Man-in-the-middle DDoS Abuse of functionality Credential theft Credential stuffing Session hijacking Brute force DDoS Key disclosure Protocol abuse Session hijacking Certificate spoofing App services Phishing Access TLS

Cross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware DNS Client Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS

5 Cross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware DNS Client Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping Protocol abuse Man-in-the-middle Network API attacks Cross-site scripting Injection Cross-site request forgery Malware Man-in-the-middle DDoS Abuse of functionality Credential theft Credential stuffing Session hijacking Brute force DDoS Key disclosure Protocol abuse Session hijacking Certificate spoofing App services Phishing Access TLS ( US states) 30% (10 years 26 countries) 53% ( US states) 26% (10 years 26 countries) 33%

7 Injection PHP & SQL Login Affiliates Admin Betablock Cart Comments Exchweb SQL PHP 1% 1% 2% 2% 3% 4% 6% 56% 58%

8 2013 OWASP Top Injection 2. Broken authentication and session management 3. Cross-site scripting (XSS) 4. Insecure direct object references 5. Security misconfiguration 6. Sensitive data exposure 7. Missing function level access control 8. Cross-site request forgery (CSRF) 9. Using components with known vulnerabilities 10. Unvalidated redirects and forwards 2017 OWASP Top Injection 2. Broken authentication 3. Sensitive data exposure 4. XML external entities (XXE) 5. Broken access control 6. Security misconfiguration 7. Cross-site scripting (XSS) 8. Insecure deserialization 9. Using components with known vulnerabilities 10. Insufficient logging and monitoring

9 Access Attacks 5% 23% 34% 9% 26% 3%

10 Clients are phished malware installed Banking Trojans Fraud Trojans Fraud targets = any site with a login page

12 Affected Devices 74% Discovered in last 2 years CCTV DVRs SOHO routers ios WAPs Set-Top Boxes Media Center ICS Android IP Cameras Wireless Chipsets NVR Surveillance VoIP Devices Cable Modems Busybox Platforms Smart TVs Hydra Psyb0t Aidra 2Bots Darlloz Marcher Moon Gafgyt Family 3Bots Remaiten Crash override Mirai BigBrother Rediation 4Bots Hajime Trickbot IRC Telnet Annie Brickerbot 3Bots Satori Fam Amnesia Persirai 2Bots WireX Reaper 6Bots Masuta PureMasuta Hide N Seek JenX OMG DoubleDoor 7Bots SORA OWARI UPnPProxy OMNI RoamingMantis Wicked VPNFilter

Thingbot Attack Type Shifting from primarily DDoS to multi-purpose DNS Hijack Crypto-miner DDoS PDoS Proxy Servers Unknown Rent-a-bot Credential Collector

Remaiten Crash override Mirai BigBrother Rediation 4Bots Hajime Trickbot IRC Telnet Annie Brickerbot 3Bots Satori Fam Amnesia Persirai 2Bots WireX Reaper

13 Thingbot Attack Type Shifting from primarily DDoS to multi-purpose DNS Hijack Crypto-miner DDoS PDoS Proxy Servers Unknown Rent-a-bot Credential Collector Install-a-bot Multi-purpose Bot Fraud trojan ICS protocol monitoring Tor Node Sniffer Hydra Psyb0t Aidra 2Bots Darlloz Marcher Moon Gafgyt Family 3Bots Remaiten Crash override Mirai BigBrother Rediation 4Bots Hajime Trickbot IRC Telnet Annie Brickerbot 3Bots Satori Fam Amnesia Persirai 2Bots WireX Reaper 6Bots Masuta PureMasuta Hide N Seek JenX OMG DoubleDoor 7Bots SORA OWARI UPnPProxy OMNI RoamingMantis Wicked VPNFilter

14 2017 Study on Mobile and IoT Application Security

15 2017 Study on Mobile and IoT Application Security

16 2017 Study on Mobile and IoT Application Security

18 CISO S #1 MISSION EVERYONE S #1 CHALLENGE 1 Understand Your Environment Prevent Downtime Visibility

19 Sub domains hosting other versions of the main application site Web service methods Server-side features such as search Cookies/state tracking mechanisms 2 Reduce Your Attack Surface Dynamic web page generators HTTP headers and cookies Data entry forms Events of the application triggered server-side code Web pages and directories Shells, Perl/PHP APIs Administrative and monitoring stubs and tools Data/active content pools the data that populates and drives pages Backend connections through the server (injection) Admin interfaces Apps/files linked to the app Helper apps on client (java, flash)

20 Every 9 hrs CRITICAL vulnerability is released Attackers are weaponizing VULNERABILITIES in <24 hrs Does it apply to you? Has a patch been released? WAF configuration Did you test it? Did you apply it? ATTACKED!

21 3 Prioritize Defenses Based on Attacks Focus OpEx & CapEx spend

22 Facebook LinkedIn Twitter Laptops HR Desktops Execs Accounting Phones Sys Admins Mis configurations Identities Company website People search engines

24 Articles Threat Blog CISO to CISO Thought Leadership Blog General Threat Trends Phishing Encryption IoT (Attacker Hunt Series)

25 53% of breaches start here CLIENT INTEGRITY DEFENSE 33% of breaches start here 2018 F5 Networks

Copyright

Copyright 1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?