IBM X-Force Threat Intelligence Index 2017Jie Liau, June 2017

http://w3-01.ibm.com/sales/ssi/cgi-bin/ssialias?htmlfid=WGL03140USEN

Who am I

Defining Year of Security

● More than 4 billion records were leaked in 2016– More than the combined total from the 2 past years

– But...

– 12% decrease in attacks in 2016 compared to 2015

– 48% decrease in security incidents in 2016 compared to 2015

Huge Impact on Real World

● Panama Paper– Prime Minister of Iceland stepped down

● Hillary Clinton email controversy– President Trump

● Ukraine's power outage– Took place during an ongoing Russian-Ukrainian war

– BlackEnergy3 is used by Sandworm team

● First bank ATMs cashed out– Thailand and Europe

● Phishing– First step to attack

● Malware– Ransomware

● SQL Injection (SQLi)– Yahoo / Linkedin / Dropbox leak

● Distributed Denial of Service (DDoS)– Not long ago, 100Gbps attacks were unprecedented

– But...

– DNS provider, Dyn was attacked by Mirai botnet

– France-based hosting provider OVH was hit by 1Tbps DDoS attack, Dec 2016

– 650Gbps DDoS attach from Leet botnet

– China Great Cannon

● Undisclosed– Exploits that do not yet have defined signature or cannot be remediated by a software patch

● Among malicious attachment to spam, ransomware accounted for the vast majority – 85%

● Hollywood hospital pays 40 bitcons to unlock encrypted files

Record Numbers of Vulnerability disclosures

● Web application vulnerability disclosures made up 22% of the total in 2016

Top Attack Types

● Inject unexpected items– SQLi, OS CMDi

● Manipulate data structures– Buffer overflow

● Indicator– Either an attempted or a successful attack

● Employ probabilistic techiques– Brute-force password attack

● Engage in deceptive interaction– Phishing

● Top-Targeted Industries

● Where are the “BAD GUYS” ?

High-Level Trend

● Slow and steady wins the race● Cyber gangs sharpen the focus on business

accounts● Commercial malware making the rounds● Venturing into additional cybercrime realms

Extra Bonus ...

OWASP

● Open Web Application Security Project● Free and open software security community● OWASPBWA

– Broken Web Applications produces a virtual machine running a variety of applications with known vulnerabilities

– https://sourceforge.net/projects/owaspbwa/files/

China Great Cannon

GreatFire: https://github.com/greatfireCN-NY Times: https://github.com/cn-nytimes/

TOR Network● A group of volunteer-operated servers that allows

people to improve their privacy and security on the internet

wannacry

WannaCrypt0r: https://drive.google.com/xxxx/x/xxxxxxxxxxxxxxxxxxxxxxxxxxx/view?usp=sharing

Reverse: https://anhkgg.github.io/wannacry-analyze-report/

https://www.facebook.com/jie.liau

https://www.linkedin.com/in/jieliau/

https://github.com/jieliau

https://twitter.com/JieLiau

https://www.facebook.com/ibmsecurity/

https://www.linkedin.com/showcase/164263/

https://twitter.com/IBMSecurity

https://www.ibm.com/security/