Risk Management e Attacchi Miratialle Infrastrutture IT

Gastone NenciniItaly Country ManagerSenior Technical Manager South Europe

1

CRIMEWARE

Dam

age

caus

ed b

y C

yber

crim

e

The Threat Landscape Evolution

2001 2003 2004 2005 2007 2010

Vulnerabi l i t iesW orm

Outbreaks

SpamMass Mailers

Spyware

Intel l igentBotnets

W ebThreats

Evolution to Cybercrime

2011+

TargetedAttacks

MobileAttacks

South Korea – Hacktivism, Cyber Sabotage, or Cyberterrorism?

Penetration with phishing email

Attacker Social engineering emails with

malicious attachments

Malicious C&Cwebsites

Ahnlab's Update Servers

wipe out files

Destroy MBR

Destroy MBR

wipe out files

Unix/Linux Server Farm

Windowsendpoints

Victimized Business

Evade detection with customized malware

Attacker

Malicious C&Cwebsites

Ahnlab's Update Servers

wipe out files

Destroy MBR

Destroy MBR

wipe out files

Unix/Linux Server Farm

Windowsendpoints

Victimized Business

A total of 76 tailor-made malwarewere used, in which 9 were destructive, while the other 67were used for penetration and monitoring.

Advanced Persistent Threats?

Targeted Attackor

APT

Research –Target a victim

Social Engineering –

get them to click

Own one machine inside

perimeter

Probe internal network

Compromise key servers Steal your data

Probing Compromising Stealing

How to get your prey

Trustwave 2013 Global Security Report:

Average time from initial breach to detection was 210 days, more than 35 days longer than in 2011.

The attacker knows what he’s looking for!

Spear Phishing

Hacking

• In a small city in US with 8000 citizens• It has to look like a real system• And by “accident” the system has a link to

the Internet

Let’s simulate a Water Pressure Control station

Attacks from

US; 9

LAOS; 6

UK; 4

CHINA; 17

NETHERLANDS; 1

JAPAN; 1

BRAZIL; 2POLAND; 1

VIETNAM; 1

RUSSIA; 3PALESTINE, 1

CHILE; 1 CROATIA; 1 NORTH KOREA; 1

If someone wants to get in, he get’s in!

Outside-in Model of Perimeter DefenseLayer protection from outside in Keeps threats as far away as possible!

Outside-In Security

Data Protection

Data

Inside-out Security

Inside-Out Security

Endpoints Datacenters

Th

rea

t D

ete

ctio

n M

ech

an

ism

Th

rea

t D

ete

ctio

n M

ech

an

ism

Change Control

Process

Sandbox

Analysis

InfoSec

Investigation

Mitigation &

Incident Response

Threat

Intelligence

Detect Analyze Adapt Respond

External / Internal

Security Warning

Suspicious files

Correlations

SIEM / Arcsight

Normal security

incidents

Local threat intelligence shared across your protection layers

Escalation

Improvement Plan

SOC Tier2 OP

Botnets Detection

Advance Threat

Detection

Server/

Endpoint detection

FW/IDS/IPS

Cyber Threat &

Potential Risks

New Drops / C&C

SOC Tier1 OP

Custom Blacklist

& Signatures

2020.trendmicro.com

Thank You