Symantec: The rise of hacktivism and insider threats
-
Upload
symantec-website-security-solutions -
Category
Technology
-
view
743 -
download
1
description
Transcript of Symantec: The rise of hacktivism and insider threats
The rise of hacktivism and insiders: new tactics, new motives
Andrew HorburySenior Product Marketing Manager
Data sources: ISTR, WSTR, Symantec Security Response
2hacktivism and insiders: new tactics, new motives
Agenda
hacktivism and insiders: new tactics, new motives 3
Why we are here today1
Hacktivism 101
How do they do it?
Web based attacks
Insiders 101
Mediation
Information sources
2
3
4
5
6
7
What is a Hacktivist ?
hacktivism and insiders: new tactics, new motives 4
• Def. haktɪvɪst/ (noun) - a person who gains unauthorised access to computer files or networks in order to further social or political ends.
• The term was coined in 1996 by Omega, a member of the popular group of hackers known as Cult of the Dead Cow
• Hacktivism includes cyber attacks performed to promote (or motivated by) political or social scopes
Source: http://hackmageddon.com/2013-cyber-attacks-timeline-master-index/
From activist to Hacktivist
hacktivism and insiders: new tactics, new motives 5
Anonymous hacks Vatican website
hacktivism and insiders: new tactics, new motives 6
http://www.zdnet.com/blog/security/anonymous-hacks-abortion-clinic-steals-10000-records/10675
So what happens?
• Criminals buy ready-made malware, such as the Sakura toolkit, which is then installed on someone else’s website. It scans visitors’ computers for known vulnerabilities and picks the most effective exploit to infect them.
hacktivism and insiders: new tactics, new motives 7
hacktivism and insiders: new tactics, new motives 8
Vulnerabilities and malware on the rise…..
8
Our Websites are Being Used Against Us
61%of web sites serving
malware are legitimate sites 25%
have critical vulnerabilities unpatched
53%of legitimate websites have unpatched vulnerabilities
9
Our Websites are Being Used Against Us
61%of web sites serving
malware are legitimate sites 25%
have critical vulnerabilities unpatched
53%of legitimate websites have unpatched vulnerabilities5291
vulnerabilities reported in 2012
hacktivism and insiders: new tactics, new motives
Web based attacks on the rise
The number of Web-based attacks increased by
almost a third in 2012. These attacks silently infect enterprise and
consumer users when they visit a compromised website. In
other words, you can be infected simply by visiting a legitimate
website. Typically, attackers infiltrate the website to install their
hacktivism and insiders: new tactics, new motives 10
attack toolkits and malware payloads, unbeknown to the siteowner or the potential victims.
Why are you telling me this? My company is not important – why would anyone attack me?
“C’mon no one will attack my company… will they?”
11
hacktivism and insiders: new tactics, new motives
Targeted Attacks by Company Size: 2012
Small businesses say……• 41% have been a victim of cybercrime in past 12 months.• 20% have had a virus infection in their business• 8% have suffered from a hacking incident• 20% have not taken any steps to protect themselves at all! In a
pool of 2000+ that’s at least 400 businesses that are probably at high risk
• Only 36% say they regularly apply security patches• 60% kept their antivirus software up to date
hacktivism and insiders: new tactics, new motives 13
hacktivism and insiders: new tactics, new motives 14
15
Transportation, Communications, Electric, Gas
Aerospace
Retail
Wholesale
Services – Professional
Energy/Utilities
Government
Services – Non-Traditional
Finance, Insurance & Real Estate
Manufacturing
0% 5% 10% 15% 20% 25% 30%
1%
2%
2%
2%
8%
10%
12%
17%
19%
24%Manufacturing
Finance, Insurance & Real Estate
Services – Non-Traditional
Government
Energy/Utilities
Services – Professional
Wholesale
Retail
Aerospace
Transportation, Communications, Electric, Gas
Targeted Attacks by Industry: 2012
0%
5%
10%
15%
20%
25%
30% R&D27%
Senior12%
C-Level17%
Sales24%
Shared Mailbox
13%
Recruitment4% Media
3% PA1%
• Attacks may start with the ultimate target but often look opportunistically for any entry into a company
16
Targeted Attacks by Job Function: 2012
hacktivism and insiders: new tactics, new motives
17
Are your employees putting your company’s data at risk?
• Insider theft makes up between 8-14% of confirmed data breaches, compared to the 88 or 92 percent attributed to external actors
• Insider account for 69 percent of all corporate security issues
• UK Information Commissioner’s Office fined & prosecuted more businesses because of insider incidents than they did outsider attacks in 2012
hacktivism and insiders: new tactics, new motives
18
Are your employees putting your company’s data at risk?
• More than 30 percent of insiders engaging in IT sabotage have a prior arrest history
• They may brag about the damage they could do to the organisation if they so desired.
• Bitterness about being passed over for promotion
• Considering starting up a competing business and using the organisation’s resources and IP for a new/side business
• The pattern or quantity of the information they retrieve might change drastically, potentially indicating data theft.
hacktivism and insiders: new tactics, new motives
19
Malicious Insiders could pose the greatest risk
Areas of Focus…..• Know your people• Focus on deterrence, not
detection• Identify information that is
most likely to be valuable• Monitor ingress and egress• Baseline normal activity
hacktivism and insiders: new tactics, new motives
What do they do and what are the threats?
20
Everyone is a target.
hacktivism and insiders: new tactics, new motives
21
hacktivism and insiders: new tactics, new motives
Anonymous has claimed responsibility for a broad range of actions: publication of bank managers’ details, DDoS attacks on government websites, taking child pornography websites offline, hacking of two MIT websites, publication of the VMware source code and attacks on Israeli websites
Cutting Sword of Justice
hacktivism and insiders: new tactics, new motives 22
Profile of Hacktivist threats
hacktivism and insiders: new tactics, new motives 23
• Hacktivists mainly target the information, public and service sectors.
• They primarily operate in Western Europe and North America.
• Their most common attack methods are SQL injection, using stolen credentials, brute force and DoS attacks, remote file inclusion and backdoors
• The main assets they target are web applications, databases and mail servers
• Their desired data is personal information, credentials and internal corporate data
Insider threats• Unauthorised access to or use of corporate information.• Viruses, worms or other malicious code.• Theft of intellectual property (IP).
The same research found that:
• Insiders often attempt to gain colleagues passwords or gain access through trickery or exploit a relationship
• >70 percent of intellectual property theft cases, insiders steal the information within 30 days of announcing their resignation
• More than half of insiders committing IT sabotage were former employees who regained access via backdoors or corporate accounts that were never properly disabled
hacktivism and insiders: new tactics, new motives 24
Policies Procedures and employee access• Temporary consultant at the Korea
Credit Bureau stole the customer details of up to 20 million South Koreans
• Can beaccidentalas well asdeliberate
hacktivism and insiders: new tactics, new motives 25
What can you do about it?
•Security - assume that you are a target
•Culture - majority of insider attacks are instigated by disgruntled employees
•Education - Educate staff about data protection and the threats posed by hacktivists, cybercriminals and insiders is essential.
hacktivism and insiders: new tactics, new motives 26
Stay informed
• Follow us on twitter @nortonsecured @threatintel @andyhorbury• www.symantec.com/threatreport • go.symantec.com/ssl • Blogs
www.symantec.com/connect/blogs/website-security-solutions
27
hacktivism and insiders: new tactics, new motives
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
hacktivism and insiders: new tactics, new motives 28
Andrew [email protected]@andyhorbury