2016 system security updatefiles.meetup.com/19560011/2016-11-10-security...2016/11/10 · 2016...
TRANSCRIPT
2016 System Security Update
Surviving and Staying safe in a connected world.
Jim Hutchins South Sound IT Olympia, WA 866.827.9889
Today Current Threats Prevention Mitigation Recovery
Current Threats Ransomware Malware Ransomware Phishing Ransomware DDOS/Intrusion Ransomware
Malware Spotify Free – caused the default browser
to open malware/virus sites HummingBad Android-infecting Malware OSX/Keydnap malware – keylogger Linux/IRCTelnet Internet of Things (IoT) New ATM malware family – Ripper AtomBombing: Brand New Code Injection
for Windows
Malware in the Cloud 2-year old ransomware strain - Virlock Started spreading itself via cloud storage
and collaboration applications “Virlock has effectively weaponized every
data file it encrypts” There are “Cloud Anti-Virus” solutions Represents unmanaged risk
Phishing Targeting individuals Mining social media for information Customized email – with a malicious link Link takes them to a compromised site That site downloads the payload The payload executes in the background
DDOS Attack DynDNS, aka Dyn.com, attacked by a very
aggressive DDoS attack – October 2016 Paypal, Netflix, Wordcamp, Github, Twitter,
Esty, Soundcloud, Spotify, Amazon, Heroku, Shopify, PagerDuty, ZenDesk, Braintree, Fastly, Cloudflare
IoT devices infected with a botnet (cameras) 500,000 devices were infected and only 10% of
them were used in the attack.
Ransomware Polymorphic - on the fly mutation New (hacker) tools are readily available Rootkits are “everyday person” accessible Device specific versions Billion dollar industry
December 2015 17% of all observed malware dropped by exploit kits was Ransomware
May 2016 61% of all observed malware dropped by exploit Kits was Ransomware
259% increase in 5 months
Prevention Common sense Policy & Procedure Anti-virus Anti-exploit Segmented networking Management awareness and buy-in There is no 100%
Malware AV & AE
Malwarebytes ESET
Mobile Prey – lost/stolen 360 Mobile Security Bitdefender/ESET
Phishing
Minimizing impacts DDOS - secondary DNS provider Phishing – Filters/Pre-education Remote Access/Trojans – Outbound
detection/filtering Ransomware/Malware – Backups
DDNS attacks OpenDNS has DNS server addresses:
208.67.222.222 208.67.220.220
Secondary DNS provider Ingress/Egress Filltering Lock out unexpected transactions
Private VPNs
TOR: The Onion Routing program
Recovery Phishing - Systems, Training, Policy Ransomware/Malware - Restore data
Phishing Update/improve Email and Firewall filters
and rules Establish/Improve/Expand Phishing
training for users Establish and enforce more rigorous
policies & procedures
Ransomware Wipe & Restore from backup Just save critical files
Wipe & Restore from backup Clean the system with purchased
software Wipe & Restore from backup
Pay someone else to clean it up
Wipe & Restore from backup!!
Backups
New USB connector – Type C
Ransomware