2016 System Security Update

Surviving and Staying safe in a connected world.

Jim Hutchins South Sound IT Olympia, WA 866.827.9889

Today Current Threats Prevention Mitigation Recovery

Current Threats Ransomware Malware Ransomware Phishing Ransomware DDOS/Intrusion Ransomware

Malware Spotify Free – caused the default browser

to open malware/virus sites HummingBad Android-infecting Malware OSX/Keydnap malware – keylogger Linux/IRCTelnet Internet of Things (IoT) New ATM malware family – Ripper AtomBombing: Brand New Code Injection

for Windows

Malware in the Cloud 2-year old ransomware strain - Virlock Started spreading itself via cloud storage

and collaboration applications “Virlock has effectively weaponized every

data file it encrypts” There are “Cloud Anti-Virus” solutions Represents unmanaged risk

Phishing Targeting individuals Mining social media for information Customized email – with a malicious link Link takes them to a compromised site That site downloads the payload The payload executes in the background

DDOS Attack DynDNS, aka Dyn.com, attacked by a very

aggressive DDoS attack – October 2016 Paypal, Netflix, Wordcamp, Github, Twitter,

Esty, Soundcloud, Spotify, Amazon, Heroku, Shopify, PagerDuty, ZenDesk, Braintree, Fastly, Cloudflare

IoT devices infected with a botnet (cameras) 500,000 devices were infected and only 10% of

them were used in the attack.

Ransomware Polymorphic - on the fly mutation New (hacker) tools are readily available Rootkits are “everyday person” accessible Device specific versions Billion dollar industry

December 2015 17% of all observed malware dropped by exploit kits was Ransomware

May 2016 61% of all observed malware dropped by exploit Kits was Ransomware

259% increase in 5 months

Prevention Common sense Policy & Procedure Anti-virus Anti-exploit Segmented networking Management awareness and buy-in There is no 100%

Malware AV & AE

Malwarebytes ESET

Mobile Prey – lost/stolen 360 Mobile Security Bitdefender/ESET

Phishing

Minimizing impacts DDOS - secondary DNS provider Phishing – Filters/Pre-education Remote Access/Trojans – Outbound

detection/filtering Ransomware/Malware – Backups

DDNS attacks OpenDNS has DNS server addresses:

208.67.222.222 208.67.220.220

Secondary DNS provider Ingress/Egress Filltering Lock out unexpected transactions

Private VPNs

TOR: The Onion Routing program

Recovery Phishing - Systems, Training, Policy Ransomware/Malware - Restore data

Phishing Update/improve Email and Firewall filters

and rules Establish/Improve/Expand Phishing

training for users Establish and enforce more rigorous

policies & procedures

Ransomware Wipe & Restore from backup Just save critical files

Wipe & Restore from backup Clean the system with purchased

software Wipe & Restore from backup

Pay someone else to clean it up

Wipe & Restore from backup!!

Backups

New USB connector – Type C

Ransomware