Risk Management e Attacchi Mirati alle Infrastrutture IT · Risk Management e Attacchi Mirati alle...
Transcript of Risk Management e Attacchi Mirati alle Infrastrutture IT · Risk Management e Attacchi Mirati alle...
Risk Management e Attacchi Miratialle Infrastrutture IT
Gastone NenciniItaly Country ManagerSenior Technical Manager South Europe
1
CRIMEWARE
Dam
age
caus
ed b
y C
yber
crim
e
The Threat Landscape Evolution
2001 2003 2004 2005 2007 2010
Vulnerabi l i t iesW orm
Outbreaks
SpamMass Mailers
Spyware
Intel l igentBotnets
W ebThreats
Evolution to Cybercrime
2011+
TargetedAttacks
MobileAttacks
South Korea – Hacktivism, Cyber Sabotage, or Cyberterrorism?
Penetration with phishing email
Attacker Social engineering emails with
malicious attachments
Malicious C&Cwebsites
Ahnlab's Update Servers
wipe out files
Destroy MBR
Destroy MBR
wipe out files
Unix/Linux Server Farm
Windowsendpoints
Victimized Business
Evade detection with customized malware
Attacker
Malicious C&Cwebsites
Ahnlab's Update Servers
wipe out files
Destroy MBR
Destroy MBR
wipe out files
Unix/Linux Server Farm
Windowsendpoints
Victimized Business
A total of 76 tailor-made malwarewere used, in which 9 were destructive, while the other 67were used for penetration and monitoring.
Advanced Persistent Threats?
Targeted Attackor
APT
Research –Target a victim
Social Engineering –
get them to click
Own one machine inside
perimeter
Probe internal network
Compromise key servers Steal your data
Probing Compromising Stealing
How to get your prey
Trustwave 2013 Global Security Report:
Average time from initial breach to detection was 210 days, more than 35 days longer than in 2011.
The attacker knows what he’s looking for!
Spear Phishing
Hacking
• In a small city in US with 8000 citizens• It has to look like a real system• And by “accident” the system has a link to
the Internet
Let’s simulate a Water Pressure Control station
Attacks from
US; 9
LAOS; 6
UK; 4
CHINA; 17
NETHERLANDS; 1
JAPAN; 1
BRAZIL; 2POLAND; 1
VIETNAM; 1
RUSSIA; 3PALESTINE, 1
CHILE; 1 CROATIA; 1 NORTH KOREA; 1
If someone wants to get in, he get’s in!
Outside-in Model of Perimeter DefenseLayer protection from outside in Keeps threats as far away as possible!
Outside-In Security
Data Protection
Data
Inside-out Security
Inside-Out Security
Endpoints Datacenters
Th
rea
t D
ete
ctio
n M
ech
an
ism
Th
rea
t D
ete
ctio
n M
ech
an
ism
Change Control
Process
Sandbox
Analysis
InfoSec
Investigation
Mitigation &
Incident Response
Threat
Intelligence
Detect Analyze Adapt Respond
External / Internal
Security Warning
Suspicious files
Correlations
SIEM / Arcsight
Normal security
incidents
Local threat intelligence shared across your protection layers
Escalation
Improvement Plan
SOC Tier2 OP
Botnets Detection
Advance Threat
Detection
Server/
Endpoint detection
FW/IDS/IPS
Cyber Threat &
Potential Risks
New Drops / C&C
SOC Tier1 OP
Custom Blacklist
& Signatures
2020.trendmicro.com
Thank You