Symantec Security Awareness October 2012
-
Upload
symantec -
Category
Technology
-
view
2.377 -
download
0
description
Transcript of Symantec Security Awareness October 2012
Security Awareness Training
Would You Get Duped by Attackers?
Kevin HaleyDirector, Symantec Security Technology And Response
@kphaley
Symantec’s Security Awareness Quiz
2
How well will you do?
Which Website is More Dangerous?
3
A B
Most Harmful Websites by Categories
• Websites with poor security become easy targets for malware authors
• Any website you visit could potentially be infected with malware4
Can Macs Get Infected by Malware?
5
Yes. Even Macs Get Infected.
6
• Malware can figure out what type of computer you use • Then it infects you with the appropriate malware
In 2012, 500,000 Macs were infected by 1 threat. Flashback
Which is More Likely to Get Attacked?
7
Small or Medium Organization
Large Organization
A B
Which is More Likely to Get Attacked?
8
Small or Medium Organization
Large Organization
All sizes of organizations get attacked
Who is Most Likely to be Targeted in an Attack?
9
Typical Employee CEO
A B
Only 25% of targeted attacks directed at C-Level executives10
Who is Most Likely to be Targeted in an Attack?
Both
Are You at Risk From This Website?
11
Do You See it Now?
12
Would You be Fooled by This?
13
twitter.dsdsdds.com/main/sessions-login/
How About by This?
If something seems wrong take a closer look
Attackers can’t fool all the people all the time
From:To:Cc:Subject:
UPSKevin Haley
Unable to Deliver Package
Dan,
I have been a Weyerhaeuser shareholder since late 2008 and recently had the opportunity to attend your Annual Shareholders’ Meeting at your headquarters. I spoke to you briefly after your address and it was pleasure to hear from you about all of Weyerhaeuser’s innovations. I also never realized that Clint Eastwood was once an employee of the company – now it makes sense why I like him so much!
I posted this picture from your address, I hope you like it.
Sent: Mon 6/4/2012 4:08 PM
Double Click to Edit Following Text Areas; Window Title, From, To, Subject, Date, BodyAre You Expecting a Package?
14
Double Click to Edit Following Text Areas; Window Title, From, To, Subject, Date, Body
From:To:Cc:Subject:
FacebookKevin Haley
Login Problem
Dan,
I have been a Weyerhaeuser shareholder since late 2008 and recently had the opportunity to attend your Annual Shareholders’ Meeting at your headquarters. I spoke to you briefly after your address and it was pleasure to hear from you about all of Weyerhaeuser’s innovations. I also never realized that Clint Eastwood was once an employee of the company – now it makes sense why I like him so much!
I posted this picture from your address, I hope you like it.
Sent: Mon 6/4/2012 4:08 PM
Did You Have Trouble Logging Into Facebook?
15
Double Click to Edit Following Text Areas; Window Title, From, To, Subject, Date, BodyWould Your Bank Really Want You to Click Here?
From:To:Cc:Subject:
YourBankKevin Haley
Account Issue
Dan,
I have been a Weyerhaeuser shareholder since late 2008 and recently had the opportunity to attend your Annual Shareholders’ Meeting at your headquarters. I spoke to you briefly after your address and it was pleasure to hear from you about all of Weyerhaeuser’s innovations. I also never realized that Clint Eastwood was once an employee of the company – now it makes sense why I like him so much!
I posted this picture from your address, I hope you like it.
Sent: Mon 6/4/2012 4:08 PM
Your Bank You can ensure your bank account is okay
16
Then Don’t Click!
17
How Likely is it That Someone Posted Your Pic Online?
18
19
But it’s very likely that malware isat the end of that link
Not Very
How Likely is it That Someone Posted Your Pic Online?
This is All Social Engineering
20
That’s a fancy way of saying you’re being fooled
Which of These is a Real Person?
21
A B C
Which of These is a Real Person?
22
James Stavridis is the commander of NATO
He created his own Facebook page after he found someone on Facebook pretending to be him
People may not be who they say they are on the Internet
A
23
Which of These is Most Likely to be a Facebook Scam?
OMG! Videos
ProfileViewers
DislikeButtons
A B C
24
Which of These is Most Likely to be a Facebook Scam?
OMG! Videos
ProfileViewers
DislikeButtons
All of Them
25
Which of These is Most Likely to be a Facebook Scam?
OMG! Videos
OMG! Videos Get People to Click
Bad Guys Want to Get Us to Click to:
• Infect us with malware
• Make us take bogus surveys to:
• Gain information or • Sign us up for premium SMS services
• Send spam to us and our friends
26
Which of These is Most Likely to be a Facebook Scam?
ProfileViewers
Bad guys know that people want to know who viewed their Facebook page
27
Which of These is Most Likely to be a Facebook Scam?
DislikeButtons
Bad guys know that people want a dislike button
28
Which of These is Most Likely to be a Facebook Scam?
OMG! Videos
ProfileViewers
DislikeButtons
They can’t give us these things, but they can fool us into thinking they can
What Are Your Chances of Getting Your Lost Phone Back?
29
What Are Your Chances of Getting Your Lost Phone Back?
30
Source: Symantec’s “Project HoneyStick” research
http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=symantec-smartphone-honey-stick-project
50%
What are the Chances of Your Work and Personal Information Being Looked at?
31
What are the Chances of Your Work and Personal Information Being Looked at?
32
If it’s not password protected
Source: Symantec’s “Project HoneyStick” research
http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=symantec-smartphone-honey-stick-project
100%Almost
How Many New Pieces of Malware are Created Each Day?
33
A
B
C
1,000
100,000
1,000,000
How Many New Pieces of Malware are Created Each Day?
34
C 1,000,000
• 1 million+ new pieces of malware are created every day• In 2011 we saw 403 million new pieces of malware
Why?
• Bad guys have tools to easily create and distribute new threats• Some of these tool kits can create malware-on-demand
35
Does it Seem Pretty Bad Out There?
• Symantec and Norton have good tips on protecting yourself and your business
• But … if you need it simplified, remember these 3 things …
36
37
You don’t have to give up using the Internet…
There are ways to protect yourself.
38
What your mother told you is still true…
If something doesn’t seem right, it probably isn’t.
39
Get help from experts…
We hope it’s from Symantec and Norton.
Additional Resources
Internet Security Threat Report
Symantec Security Response Website
Advanced Persistent Threat Website
Malicious Insider White Paper
Twitter.com/threatintel
40
If You Are More Technical If You Are Less Technical
Norton Security Center
Norton Family Resources
Thank you!Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Kevin Haley @kphaley
41