Cyber Vigilantes. Rob Rachwald Director of Security Strategy. Porto Alegre, October 5, 2011

Similar documents
White Paper. The Industrialization of Hacking SUMMARY

Business Logic Attacks BATs and BLBs

Intelligent and Secure Network

IBM Security Network Protection Solutions

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Securing the SMB Cloud Generation

Security Trend of New Computing Era

Symantec Intelligence Quarterly: Best Practices and Methodologies October - December, 2009

Imperva Incapsula Website Security

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Advanced Threat Hunting:

Herd Intelligence: true protection from targeted attacks. Ryan Sherstobitoff, Chief Corporate Evangelist

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Top 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Cyber Crime Update. Mark Brett Programme Director February 2016

Table of Content Security Trend

with Advanced Protection

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Synchronized Security

Certified Ethical Hacker (CEH)

Network Security Fundamentals

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

The Scenes of Cyber Crime

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Security Gap Analysis: Aggregrated Results

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Maximum Security with Minimum Impact : Going Beyond Next Gen

Simple and Powerful Security for PCI DSS

(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Sales Training

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

CYBER SECURITY AND MITIGATING RISKS

Securing Today s Mobile Workforce

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

Curso: Ethical Hacking and Countermeasures

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

May the (IBM) X-Force Be With You

Top 10 Considerations for Securing Private Clouds

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Symantec Ransomware Protection

STEVE GOODING JUNE 15, 2018

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Be certain. MessageLabs Intelligence: May 2006

IT & DATA SECURITY BREACH PREVENTION

The Six Most Dangerous New Attack Techniques And What s Coming Next? Ed Skoudis CounterHackChallenge

Real Security. In Real Time. White Paper. Preemptive Malware Protection through Outbreak Detection

Application Security. Doug Ashbaugh CISSP, CISA, CSSLP. Solving the Software Quality Puzzle

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Securing intelligent networks: a guide for CISO and CIOs

Mitigating Security Breaches in Retail Applications WHITE PAPER

Most Common Security Threats (cont.)

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

John Coggeshall Copyright 2006, Zend Technologies Inc.

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

What is a security measure? Types of security measures. What is a security measure? Name types of security measures

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Artificial Intelligence Drives the next Generation of Internet Security

Fraud and Social Engineering in Community Banks

Internet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Security 08. Black Hat Search Engine Optimisation. SIFT Pty Ltd Australia. Paul Theriault

Caribbean Cyber Security: Not Only Government s Responsibility

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Mobile OS Landscape. Agenda. October Competitive Landscape Operating Systems. iphone BlackBerry Windows Mobile Android Symbian

90% of data breaches are caused by software vulnerabilities.

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

A fault tolerance honeypots network for securing E-government

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

IC B01: Internet Security Threat Report: How to Stay Protected

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Cisco Protects Internal Infrastructure from Web-Based Threats

Protect your apps and your customers against application layer attacks

McAfee Firewall Enterprise: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

The Interactive Guide to Protecting Your Election Website

Endpoint Protection : Last line of defense?

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

Intrusion Attempt Who's Knocking Your Door

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

New World, New IT, New Security

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Web Applications Security. Radovan Gibala F5 Networks

Transcription:

Cyber Vigilantes Rob Rachwald Director of Security Strategy Porto Alegre, October 5, 2011

Hacking: Industry Analysis Hacking has become industrialized. Attack techniques and vectors keep changing with an ever rapid pace. Attack tools and platforms keep evolving. 2

Hack Fact #1: Hackers Know the Value of Data Better Than the Good Guys 3

Data is hacker currency

Website Access up for Sale 5 - -

Website Access up for Sale 6 - -

Hack Fact #2: Hackers By Definition Are Early Adopters 7

Example: Mobile (In)Security 2500 Growth of Discussion of Mobile Platforms by year 2000 1500 Android Blackberry 1000 Nokia iphone 500 0 2007 2008 2009 2010 year Source: Imperva s Application Defense Center Research 8 - -

Hack Fact #3: The Good Guys Have More Vulnerabilities Than Time, Resourcing Can Manage 9

Situation Today # of websites (estimated: July 2011) # of vulnerabilities : : 357,292,065 x 230 1% 821,771,600 vulnerabilities in active circulation Source: http://news.netcraft.com/archives/2011/07/08/july-2011-web-server-survey.html https://www.whitehatsec.com/home/resource/stats.

Vulnerabilities by Industry Top Vulnerabilities by Industry (2010) 11 - - Source: WhiteHat 2011

Hack Fact #4: Attack Automation is Prevailing 12

Automation is Prevailing In one hacker forum, it was boasted that one hacker had found 5012 websites vulnerable to SQLi through automation. Things to note: Due to automation, for only a few dollars, hackers can be effective in small groups i.e. Lulzsec. Automation also means that attacks are equal opportunity offenders. They don t discriminate between well-known and unknown sites.

Studying Hackers Why this helps + Focus on what hackers want, helping good guys prioritize + Technical insight into hacker activity + Business trends of hacker activity + Future directions of hacker activity Eliminate uncertainties + Active attack sources + Explicit attack vectors Focus on actual threats Devise new defenses based on real data and reduce guess work

Cyber Vigilantes - -

Approach #1: Monitoring Communications 16

Method: Hacker Forums Tap into the neighborhood pub Analysis activity + Quantitative analysis of topics + Qualitative analysis of information being disclosed + Follow up on specific interesting issues 17 - -

Hacker Forum Analysis #1: General Topics Jan-June 2011 # Threads in Hacker Forums Beginner Hacking 3% 2% 2% 0% 3% 3% 5% 6% 8% 25% Hacking Tools and Programs Website and Forum Hacking Botnets and Zombies Hacking Tutorials Cryptography 21% 22% Social Engineering Phreaking Cells Mobiles Proxies and Socks Wireless Hacking IM Hacks Electronic and Gadgets Source: Imperva

Hacker Forum Analysis #2: Tech Discussions Jan-June 2011 12% 10% 12% Top 7 Attacks Discussed (# Threads with keyword) 9% 16% 22% 19% dos/ddos SQL Injection spam shell code brute-force zero-day HTML Injection

Approach #2: Knowing Hacker Business Models 20

Example: Rustock 21 - -

Approach #3: Technical Attack Analysis 22

Getting Into Command and Control Servers

No Honor Among Thieves

And You Can Monitor Trendy Attacks

And You Can Monitor Trendy Attacks

Approach #4: Traffic Analysis Via Honeypots 27

Automated Attacks Botnets Mass SQL Injection attacks Google dorks

Finding#1: Automation is Prevailing Apps under automated attack: 25,000 attacks per hour. 7 per second On Average: 27 attacks per hour 1 probe every two minutes

The Unfab Four

Finding #2: Reputation Matters 29 percent of the attack events originated from the 10 most active attack sources 31 - -

Research Compared to Lulzsec Activity Lulzsec was a team of hackers focused on breaking applications and databases. Our observations have a striking similarity to the attacks employed by Lulzsec during their campaign. Lulzsec used: SQL Injection, Crosssite Scripting and Remote File Inclusion.

Lulzsec Activity Samples 1 infected server 3000 bot infected PC power 8000 infected servers 24 million bot infected PC power

34 Conclusions

Get Proactive Quickly identify and block source of recent malicious activity. Enhance attack signatures with content from recent attacks. Identify sustainable attack platforms (anonymous proxies, TOR relays, active bots). Identify references from compromised servers. Introduce reputation-based controls. 35

Fight Automation Adjusted blocking - Black-list IPs - Keep lists reflective of real-time malicious sources CAPTCHA -Image -Other methods exist (solving a riddle, watching a video, audio, etc.) Adaptive authentication - Alert the user - Repeat password or answer previously recorded question Client-side computational challenges - Slow on the client, quick on the server Disinformation - Bogus links - Hidden Links 36

Conclusion The top five security providers led by Symantec and McAfee accounted for 44 percent of the $16.5 billion worldwide security software market in 2010, according to Gartner. That s down from 60 percent in 2006. Source: http://www.bloomberg.com/news/2011-08-04/hacker-armageddon-forces-symantec-mcafee-to-search-for-fixes.html 37 - -

Conclusion 38 - -

Conclusion The security industry may need to reconsider some of its fundamental assumptions, including 'Are we really protecting users and companies? --McAfee Source: http://www.nytimes.com/external/readwriteweb/2011/08/23/23readwriteweb-mcafee-to-security-industry-are-we-really-p-70470.html?partner=rss&emc=rss 39 - -

Important Dtails If you want slides, send: your credit card number, mother s maiden name and an email to: rob.rachwald@imperva.com 40 - -

Thank You 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback