Copyright 2016, Symantec Corporation · PDF fileTitle: Title Slide with Name Author: The...
-
Upload
duongtuong -
Category
Documents
-
view
214 -
download
2
Transcript of Copyright 2016, Symantec Corporation · PDF fileTitle: Title Slide with Name Author: The...
Copyright 2016, Symantec Corporation
#1 IoT devices are less secure than a 2004 era XP machine
• 2004, XP, unpatched Today, Linux, unpatched
No update mechanism
Password is hardcoded, non-existent or well known
2
Copyright 2016, Symantec Corporation
An employee in Finance Receives an email requesting a WIRE TRANSFER
Dear Sonia, Please wire money to this account 34xx-xxxx-0xx. Your CEO
The Business Email Compromise (BEC) Scam
11
Copyright 2016, Symantec Corporation 15
#4 Your End-Users Are Calling This Number
@threatintel | www.symantec.com
#RANSOMWARE #TECHSUPPORTSCAM
Copyright 2016, Symantec Corporation 16
@threatintel | www.symantec.com
#RANSOMWARE #TECHSUPPORTSCAM
16 Million
100 MILLION BLOCKED in 2015
Copyright 2016, Symantec Corporation 17
o Credit Cards with CVV2:
o Credit Cards with Full Detail:
o Physical Credit Card including PIN:
o IDs with SSN, DOB, and Name:
$1.00 to $20.00
$30.00 to $40.00
$63.50 to $250.00
$0.10 to $2.00
THE BLACK MARKET
Copyright 2016, Symantec Corporation
#5 You May Not Know What the Value of Your Data Is, But Attackers Do
18
Copyright 2016, Symantec Corporation 19
o Netflix Account
o Airline Frequent Flyer >10k
o Hotel Loyalty Rewards
o Uber Account
$0.25
$26
$ 20
$0.05 to $1.00
THE BLACK MARKET
Copyright 2016, Symantec Corporation
How are they getting in?
21
Vectors
• Other malware • Brute-force attacks • Server-side vulnerabilities • Worm techniques • SMS messages and app
stores (Android)
Copyright 2016, Symantec Corporation
2006
14
2007 2008 2009 2010 2011 2012 0
2
4
6
8
10
12
14
16
13
15
9
12
14
8
Zero-Day Vulnerabilities
2013 2014
24 23
2015
54
2016 Internet Security Threat Report Volume 21 23
Copyright 2016, Symantec Corporation
Zero-Day Vulnerability Lifecycle
24
Zero-Day Public – No Patch Patch Available
About 365 days Avg. 1 day Maybe Never
Copyright 2016, Symantec Corporation
Adobe Releases Out-of-Band Patch For Flash Vulnerability
• On June 23, Adobe released an out-of-band patch for a critical zero day vulnerability, designated CVE-2015-3113
25
Zero-Day Public – No Patch Patch Available
Exploit Kit
Magnitude
Angler
Nuclear
RIG
Neutrino
1 2 3 4 5 6 7 8…...
Copyright 2016, Symantec Corporation
Top 5 most Frequently Exploited Zero-Day Vulnerabilities in 2015
26
Rank Name 2015 Percentage
1 Adobe Flash Player CVE-2015-0313 81%
2 Adobe Flash Player CVE-2015-5119 14%
3 Adobe Flash Player CVE-2015-5122 5%
4 Heap-Based Buffer Overflow aka ‘Ghost’ CVE-2015-0235
<1%
5 Adobe Flash Player CVE-2015-3113 <1%
Copyright 2016, Symantec Corporation
#8 Do Your Fellow Man a Favor and Patch Your Website
28
Exploit Kit Popular Website
Downloader
15% of Legitimate Websites
Have Critical Vulnerabilities Unpatched
#8.5 Patch Browser & Browser Plug-in Vulnerabilities
Copyright 2016, Symantec Corporation
How are they getting in?
30
Vectors
• Other malware • Brute-force attacks • Server-side vulnerabilities • Worm techniques • SMS messages and app
stores (Android)
Copyright 2016, Symantec Corporation
#10 Don’t Let Defenses Down at Mail Server
31
1 in 152 emails is
Malicious Symantec ISTR August 2016
Copyright 2016, Symantec Corporation
#11 If You Can Only Train Your End-Users on One Thing…
32
Symantec sees up to
10M of these a week
Copyright 2016, Symantec Corporation
#11.5 If You Can Only Train Your –Self on One Thing…
• Block these file extensions at the Mail Gateway – .js
– .jse
– .vbs
– .vbe
– .iso
– .hta
– .wsf
• End-Users and Desktop Security is the last line of defense from these threats.
• See: http://www.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan
34
Copyright 2016, Symantec Corporation
Ransomware Growth Factors
• High Profitability
• Effective Infection Vectors
• Easy Access to Encryption
• Low Barrier to Entry
35
Copyright 2016, Symantec Corporation 36
Ransomware Families
100 new families identified in 2015 compared to 77 in 2014
Copyright 2016, Symantec Corporation
#13 Most Ransomware Does Not Care Who it Infects
39
Consumers 57%
Organizations 43%
Copyright 2016, Symantec Corporation
How is Ransomware Getting in?
40
Vectors
• Other malware • Brute-force attacks • Server-side vulnerabilities • Worm techniques • SMS messages and app
stores (Android)
#14 There is nothing special about how ransomware gets on machines
Copyright 2016, Symantec Corporation
Ransomware Attack Chain
41
1. Malware Delivery
2. Malware installed 3. Call C&C Server
4. Encryption
Copyright 2016, Symantec Corporation
Ransomware Attack Chain - Variations
• Different ransom amounts
• Delete or infect backup
• Target specific user files or all user files
• Download additional threats
• Propagate onto servers, USBs, cloud
42
Copyright © 2015 Symantec Corporation
1. Malware Delivery
2. Malware installed 3. Call C&C Server
4. Encryption
Copyright 2016, Symantec Corporation
#15 If There Is An Attack Chain There Is A Kill Chain
43
1. Malware Delivery
2. Malware installed 3. Call C&C Server
4. Encryption
Gateway Mail server
AVE, IPS, Download Insight
IPS
SONAR, ADC
Copyright 2016, Symantec Corporation
Protection Against Ransomware
• Install, configure and maintain an endpoint security solution
• User Education
• Employ content scanning and filtering on your mail servers
• Maintain a current patch level for any operating systems and applications that have known vulnerabilities
• Limit end user access to mapped drives – make read only and password protect
• Deploy and maintain a comprehensive backup solution
– Make sure backup is not writeable by network workstations or servers
44
Copyright 2016, Symantec Corporation
If You Get Infected
• Isolate the infected computer before the ransomware can attack network drives to which it has access
• Clean the machine
• Restore damaged files from a known good backup
• And…
45
Copyright 2016, Symantec Corporation
#17 Willingness To Pay Is Driving Up The Cost Of The Ransom
47
$294.14
$679.65
$0.00
$100.00
$200.00
$300.00
$400.00
$500.00
$600.00
$700.00
$800.00
2014 2015
Copyright 2016, Symantec Corporation
Ransomware Attack Chain
49
1. Malware Delivery
2. Malware installed 3. Call C&C Server
4. Encryption