three simple steps to prevent targeted attacks
TRANSCRIPT
Three Simple Steps to Prevent Targeted Attacks
Kevin Haley Dr, PM, Symantec Security Technology & Response
2
+91% Increase in targeted attack campaigns
2012
2013
3
4
5
Zero-Day Vulnerabilities
13 15
9 12
14
8
14
23
0
5
10
15
20
25
30
2006 2007 2008 2009 2010 2011 2012 2013
Zero-Day Vulnerabilities, Annual Total, 2006 - 2013 Source: Symantec
23 zero-day vulnerabilities discovered in 2013 Increase from 14 in 2012
More zero-day vulnerabilities discovered in 2013 than in any year since we started tracking More zero-days in 2013 than in past two years combined
7
Microsoft Windows OLE Package Manager Remote Code Execution Vulnerability (CVE-2014-4114)
Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352).
An Example - Exploiting Sandworm
8
• (CVE-2014-4114)
• (CVE-2014-6352)
• Dropper
• Backdoor/downloader
• RATS
• Web Attack: Microsoft OLE RCE CVE-2014-6352
• Bloodhound.Exploit.553
• Trojan.Mdropper
• Backdoor.Lancafdo, Backdoor.Lancafdo.A
• Trojan.Taidoor, Backdoor.Darkmoon
Improving Security - Zero Days Disarm
9
Targeted Attacks by Company Size
10
Risk of Being Targeted by Industry Size
11
Ratio of Organization Targeted by Industry Size Sent by Spear-Phishing Email Source: Symantec
High
Medium
Risk
2,500+
1,501-2,500
1,001-1,500
501-1,000
251-500
1-250
2.3
2.9
2.9
3.8
4.3
5.2
1 in
12
13
#1 Run More Than AV on Your Endpoints
14
An Example - Dragonfly
• Ongoing cyberespionage campaign
• Targeting the energy sector in Europe and US
• Stealing information
• Capable of sabotage
15
Dragonfly Attack Methods
Send an email to a person of interest
Spear Phishing
16
Dragonfly Attack Methods
Send an email to a person of interest
Spear Phishing
Infect a website and lie in wait for them
Watering Hole Attack
17
Watering Hole Attacks
Energy industry related sites Lightsout Exploit Kit
Backdoor.Oldrea or
Trojan.Karagany
18
Website Vulnerabilities
19
Scanned Websites With Vulnerabilities
53% 78% +25%
pts 2012 2013
1 IN 8 sites had critical unpatched vulnerabilities
Malicious Websites
With so many vulnerable websites, cybercriminals don’t need to set up own websites to host malware
New Unique Malicious Web Domains
56,158 74,001
55,000
-24% 2013
2012
2011
21
1.2 Billion Records Breached
7 month period 400,000 websites SQL Vulnerability
Dragonfly Attack Methods
Send an email to a person of interest
Spear Phishing
Infect a website and lie in wait for them
Watering Hole Attack
Infect software update victim downloads
Trojanized Update
23
24
25
#2 Protect Your Websites – Patch Vulnerabilities
26
1014 4562 1916 5432 1734 5690 2554 2344 1014 4562 1916 5432
An Example - POS System Attacks
Internet
POS Network
Payment Processor
1014 4562 1916 5432 1734 5690 2554 2344 1014 4562 1916 5432
Internet
Corporate Network
POS Network
Payment Processor
1014 4562 1916 5432 1734 5690 2554 2344 1014 4562 1916 5432
Internet
Corporate Network
POS Network
Payment Processor
1014 4562 1916 5432 1734 5690 2554 2344 1014 4562 1916 5432
Internet
Corporate Network
POS Network
Payment Processor
1014 4562 1916 5432 1734 5690 2554 2344 1014 4562 1916 5432
32
Internet
Payment Processor
1014 4562 1916 5432 1734 5690 2554 2344 1014 4562 1916 5432
#3 Demand That Your Partners Have Good Security
34
Security Intelligence
35
Security is Only Intelligent if its Unified