HP Enterprise Business Template Angle Light 16:9 Red

Report
Next Generation Cyber Threats
Shining the Light on the Industries' Best Kept
Secret
“Achieving victory in Cyber Security is not going
to be won at the traditional point product” -JP
Rohan Kotian | Author, NSA IAM, CEH
Product Line Manager | Next Generation Security Platforms
[email protected]
1
©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda
– Next Generation Cyber Threats
– Advanced Persistent Threats
– Question and Answer
2
Footer Goes Here
Next Generation Cyber Threats
"The wonderful thing about the Internet is that you're connected to
everyone else. The terrible thing about the Internet is that you're
connected to everyone else."
Vint Cerf (Vice President and Chief Internet Evangelist Google)
3
Footer Goes Here
Risks are Real & More Visible
Stuxnet Worm
Sophisticated worm attacks
Iran’s Siemen’s SCADA & MS
Windows industry control
systems
Applications and information are the business
4
Footer Goes Here
If it Isn’t Secure, it is for Sale
5
Footer Goes Here
If it Isn’t Secure, it is for Sale
6
Footer Goes Here
Understanding data breaches
1200
• Significant spike in
2011 for the number of
data breaches
• Breaches are evolving
from stolen laptops to
more sophisticated
techniques
1000
800
600
400
200
0
2003
2004
2005
2006
2007
2008
2009
2010
2011
*Data pulled from DataLossDB.com looking at incidents over time
7
Footer Goes Here
2012
Vulnerabilities Decreasing
• Vulnerabilities in
commercial applications
down 20 percent from
2010
• Spike in 2006, for most
part steady decline
• But is not a good
indicator or risk
*Vulnerabilities measured by OSVDB, 2000 - 2011
8
Footer Goes Here
Vulnerability Severity Increasing
Low level Severity
(CVSS 1-4)
Mid level Severity
(CVSS 5-7)
High level Severity
(CVSS 8-10)
• HS Vulnerabilities can cause remote code execution
• Percentage of HS vulnerabilities has increased by 17
percent in 5 years
*Data pulled from OSVDB, 2000 - 2011
9
Footer Goes Here
Web applications – the “new” frontier
• 4 of the 6 most
popular OSVDB
vulnerabilities are
exploitable via the
Web
• Web application
vulnerabilities
(categorically)
account for 36
percent of all
vulnerabilities
• Further complicated
by customization and
add-ons – increased
vulnerabilities
10
Footer Goes Here
*Data pulled from OSVDB, 2000 - 2011
Web Applications Remain a Leading Issue
The number and costs of breaches continue to rise
– 80% of successful attacks target the application layer (Gartner)
– 86% of applications are in trouble
•
Web App Security Consortium studied security tests across 12,186 applications
•
13% of applications could be compromised completely automatically
•
86% had vulnerabilities of medium or higher severity found by completely
automated scanning
$202
X
Total average cost of
a data breach per
compromised record*
11
Footer Goes Here
30,000
~
Average # of
compromised
records
per breach^
* Ponemon Institute, 2008 Annual Study: $U.S. Cost of a Data Breach
$6.65 M
Average Total Cost
per breach*
^Source: The Open Security Foundation
The Cost of a Compromised Web
Application/Server
• Sony Play Station Network (PSN) Breach
•
LulzSec claimed it only took a single SQL Injection
•
What was compromised:
– Usernames
– Passwords
– Credit
card details
– Security
answers
– Purchase
– Address
•
history
information
Estimated Damages
– $177
Million (USD)
Sony’s official earning forecast and we quote:
Complacency Is a Suckers Bet
– Your Adversaries Count On Your Subscription and Resistance
Toward Change
– Traditional security is a suckers bet as well!
•
ACLs
• AV / AS
• FW
• SMTP / Web Gateways
• HIPS
• Encryption
• IDS / IDS
• Logging / SIEM / SEM
• THEY COUNT ON YOUR ORGANIZATION BEING COMPLIANT AND THEY
DON’T CARE!!!!
13
Footer Goes Here
Traditional Security Is a Suckers Bet
– You have to think beyond tradition
– Abandon those ideas which may be promoted by analysts and /
or cleverly crafted reports
– You must get outside the norms
– Embrace ulterior technology and philosophy
– Cannot fight a symmetrically wwhen the war requires
asymmetric approaches be embraced, employed and acted out
n
14
Footer Goes Here
Classifying the Cyber Actor
Non-Intentional Act
Intentional Act
(The technical threat telemetry is endless)
Expertise
None
(Normal End-User)
+
Motivation
Notoriety
+ Attack Vector
Email
and
Attachments
=
Result
Compromise of an Asset/Policy
and/or
Intellectual Property
Destruction
Novice
(Script Kiddie)
IM,IRC,P2P
Espionage
Money
Corporate/Government
Web Browsers
Intermediate
(Hacker for Hire)
Expert
(Foreign Intel Service,
Terrorist Organization
and/or Organized Crime)
15
Footer Goes Here
Moral
Agenda
Open
Ports
Theft
Vulnerable
Operating System
Fame
Unwitting
Fun
Embracing Asymmetry
– Non-traditional intelligence acquisition and digestion
– Aggressive, pro-active forensic analytic analysis
– Baseline establishment and monitoring
– Cyber Reputation Management ® techniques
– Advanced & aggressive adoption and deployment of new,
innovative, purpose built solutions
16
Footer Goes Here
Next Generation Cyber Threats
(Here Today, Gone Tomorrow)
– What’s in a name and MS Tuesday
– Hacking as a Service
– Botnetting as a Service
– Spamming as a Service
– DDoSing as a Service
– Opportunistic Targets (Retail -> Critical Infrastructure)
17
Footer Goes Here
Threats Have Advanced
– People
•
•
•
Underestimate threat  introduce risk
Lack InfoSec knowledge and experience
Often not empowered by stake holders due
to lack of alignment with business
– Process
• What Gets Measured Is Supposed
•
To Get Results
− Horrible IT metrics at best
Focus on compliance vs. security
– Technology
•
18
Deep holes in network visibility that must be addressed
Footer Goes Here
Focus on Compliance Versus Security
Compliance
19
Footer Goes Here
Security
Network Visibility and Situational Awareness
(Gaps Are Critical)
• Firewalls
• Intrusion Detection/Prevention
• Content Monitoring
Defense in Depth
Expecting different results
using the same technology
• Anomaly Detection
• End-Point Protection
• SIEM
20
Footer Goes Here
Massive Gaps
Without insight/visibility…what
you don’t know will hurt you.
Advanced Persistent Threat’s
21
Footer Goes Here
Advanced Persistent Threat
(Selective, Sophisticated and Silent)
– Slow, silent and deadly
– What’s in not having a name: Encryption, Beacon’s, Custom,
Blended…
– Recent Examples
22
Footer Goes Here
Historic Overview:
1997
Eligible
Receiver
“The cyber criminal sector in particular has displayed
remarkable technical innovation with an agility presently
exceeding the response capability of network defenders.
The Subversives
The
Classicsnew, difficult-to-counter tools.“
Criminals are
developing
2011
1998
1999
2004
2007
2009
2010
"Criminals are collaborating globally and exchanging tools and
Solar
Byzantine
Moonlight
Titan
US Power
expertise
to circumvent
defensive
efforts,
it Stuxnet
Sunrise
Footholdwhich makes
Maze
Rain
Grid
increasingly difficult for network defenders and law
Exxon
enforcement to detect and disrupt malicious activities."
Operation
Shockwave
Aurora
Ghostnet
23
Footer Goes Here
Advanced Persistent Threat Lifecycle
24
Footer Goes Here
Lifecycle Similarities & Differences
Threat
APT
Botnet
Initial Entry
Recon & social engineering perhaps
via e-mail (phishing, link, or
attachment)
Spam, phishing, malicious links (all perhaps
leveraging social engineering)
Intrusion
Vulnerability, obfuscation, exploitation
Vulnerability, obfuscation, exploitation,
Infection
Malware – custom, off the shelf, DIY
Malware – custom, off the shelf, DIY
Repeat
Lateral movement, data extrusion,
persistence
Zombie used to send more spam or drive by
web application attacks
25
Footer Goes Here
Public APT Activity
(Ghost Net) aka Byzantine Foothold
– What Happened
• Verified in 103 countries
▫
Over 1,295 infected hosts identified
▫ Impacts + / - a dozen computers on a weekly basis
• Commonly Used Tools (Not Too Sophisticated):
▫
▫
▫
▫
26
Remote access tool called gh0st RAT (Remote Access Tool)
Data harvest
Email siphoning
Listening / Recording of Conversations via microphone and / or webcams
Footer Goes Here
Key Point’s
• Known
Current Solutions Not Good Enough
• Regulatory
• Advanced
Compliance != Security
Persistent Threat Will Become
Pervasive
• What
27
Footer Goes Here
are you doing to tackle the problem?
Outcomes that matter.
28
Footer Goes Here

similar documents