auscert 2013 - information technology services - the … · · 2013-04-03• use web application...
TRANSCRIPT
1. Who are AusCERT, and what do they do?
2. AusCERT 2013 Conference and Tutorials
3. In the news
4. Ransomware case study
5. AusCERT blog posts
Overview
Copyright © 2013 AusCERT
• An operational computer emergency response team (CERT) with nearly 20 years experience
• University-based, non-government
• Independent and impartial
• Self-funded and not-for-profit
AusCERT is
Copyright © 2013 AusCERT
AusCERT’s people
Copyright © 2013 AusCERT
• Incident response
• Security bulletins
• Analysis and processing
• Software development
• Future capability
• System support
• AusCERT Conference
• Marketing
• Membership
AusCERT’s incident response
Copyright © 2013 AusCERT
• Compromised web sites
• Botnet CnC, drones
• Publicly disclosed data
• Vulnerabilities in software products
• Malware
• Phishing and other scams
• Notification and
repatriation
• Assistance for
members
AusCERT’s Services • Incident response assistance – proactive and reactive.
• Security bulletins via web, email and RSS tailored to each individual’s area of interest.
• SMS Early Warning Alert Service (unlimited mobile phones).
• Papers and blogs providing analysis and trends for information security managers.
• Malicious URL feed (blacklist).
• The AusCERT Remote Monitoring Service (ARMS).
• AusCERT Certificate Service for education and research organisations.
• The highly regarded AusCERT information security conference, tutorials and vendors exhibition at substantial discount rates.
Copyright © 2013 AusCERT
AusCERT Conference
Copyright © 2013 AusCERT
Speaker highlights include:
• Keynote: Michael T Jones, Google's Chief Technology Advocate
• Plenary: HD Moore, Rapid7
• Andrew van der Stock, OWASP Australia: “Enabling secure business via positive evidence
based controls”
For more information go to: http://conference.auscert.org.au/conf2013/
Draft program: http://conference.auscert.org.au/conf2013/program_main.html
AusCERT Conference
Copyright © 2013 AusCERT
Tutorials: http://conference.auscert.org.au/conf2013/tutorials.html
Half-day tutorials:
• ARM Android Code Injection
• Introduction to iPhone Forensics and Exploitation
• SAP Security: Attack and Defense
• Social Engineering - Attacks & Countermeasures
• Information Security Risk Assessment – Getting Started
• Advanced Information Security Risk Assessment
• Enterprise Security Architecture Workshop
AusCERT Conference
Copyright © 2013 AusCERT
Tutorials: http://conference.auscert.org.au/conf2013/tutorials.html
Full-day tutorials:
ISM Update (Australian Government Information Security Manual)
SOA, Web Services, & XML Security
Assurance Hands on Wireless Auditing
iOS security for the incident responder
Making the most of Security Metrics
Two-day tutorials:
From the cutting to the bleeding edge - OWASP tools to the REMeDE (short for Recon, Map, Discover Exploit)
In the news: University of Nebraska
• Social Security numbers, addresses, grades, transcripts, and housing and financial aid information for current and former NU students (dating back to 1985) for 654,000 staff, parents, students and applicants.
• Attacker gained access to database in May 2012. SQL injection?
Defences:
• Utilise log processing systems to actively look for attacks.
• Don’t rely solely upon automated vulnerability scans.
• Skilled penetration testers should be utilised to detect flaws in web apps.
• Use web application firewalls to detect attacks.
• Ensure web apps are built from the ground up with security in mind.
Copyright © 2013 AusCERT
In the news: Apple ID two-step verification
Apple have introduced two-step verification using SMS codes on Apple IDs.
• Go to the My Apple ID page
• Select “Manage your Apple ID” and sign in
• Select “Password and Security”
• Under Two-Step Verification, select “Get Started” and follow the on-screen instructions.
• Process takes three days to complete (to verify ownership of the account)
Now do the same for your Google, Facebook and Dropbox accounts!
Copyright © 2013 AusCERT
Ransomware: the simple stuff
• Ransomware “screen lockers” can occasionally be recovered using a “boot CD”.
• However targeted ransomware is the manifestation of a calculated attack by skilled operators.
Copyright © 2013 AusCERT
Ransomware case study
How?
• Access was gained by an insecure remote access system used by the medical practice.
When?
• Over a period of several weeks.
• After initial access was gained, the attacker gathered intelligence and deployed his attack.
What?
• The attacker took control of the medical practice database.
• Two types of regular backup were used by the practice. The attacker disabled one and took control of the other.
The damage?
• The practice database was unavailable.
• A ransom demand was made for $4,000.
Copyright © 2013 AusCERT
Blogs
AusCERT’s blog on ransomware
https://www.auscert.org.au/17155
• Two short case studies of ransomware attacks.
• Links to more information including the DSD’s “Top 4 Mitigation Strategies to protect your ICT System”.
• Tips on what to do if you have already been targeted by ransomware.
Copyright © 2013 AusCERT
Blogs
DSD's Strategies to Mitigate Targeted Cyber Intrusions
https://www.auscert.org.au/16633
• AusCERT’s perspective and advice on how to apply appropriate security controls using a risk-based approach, armed with DSD's Top 35 Cyber Mitigation Strategies.
• Link to AusCERT’s full paper on DSD’s Top 35 (member-only access)
Copyright © 2013 AusCERT
An interesting statistic
Hackers Exploit 'Zero-Day' Bugs For 10 Months On Average Before They're Exposed
Source: http://www.forbes.com/sites/andygreenberg/2012/10/16/hackers-exploit-
software-bugs-for-10-months-on-average-before-theyre-fixed/
Defences: Use AusCERT’s Security Bulletin Service to find out about software vulnerabilities as soon as possible in a consistent manner.
Tip: You can tailor the bulletin feed to suit your own product suite.
Copyright © 2013 AusCERT
Thank you. Questions?
www.auscert.org.au
Copyright © 2013 AusCERT