Targeted attacks

download Targeted attacks

of 40

  • date post

    15-Jan-2015
  • Category

    Technology

  • view

    188
  • download

    0

Embed Size (px)

description

Imperva webinar 7/16/2013, Updated 11/7/2013 Covers insider threats and the compromised/malicious insider problem.

Transcript of Targeted attacks

  • 1. Targeted AttacksBarry Shteiman Director of Security Strategy1 2013 Imperva, Inc. All rights reserved.Confidential

2. Agenda Compromised Insider Incident Analysis Anatomy of an Attack Current Controls Reclaiming Security2 2013 Imperva, Inc. All rights reserved.Confidential 3. Todays Speaker - Barry Shteiman Director of Security Strategy Security Researcher working with the CTO office Author of several application security tools, including HULK Open source security projects code contributor CISSP Twitter @bshteiman3 2013 Imperva, Inc. All rights reserved.Confidential 4. Compromised Insider Defining the Threat Landscape4 2013 Imperva, Inc. All rights reserved.Confidential 5. There are two types of companies: companies that have been breached and companies that dont know theyve been breached. Shawn Henry, Former FBI Executive Assistant Director NY Times, April 20125 2013 Imperva, Inc. All rights reserved.Confidential 6. Insider Threat DefinedRisk that the access rights of a trusted person will be used to view, take or modify data or intellectual property. Possible causes: Accident Malicious intent Compromised device6 2013 Imperva, Inc. All rights reserved.Confidential 7. Compromised Insider DefinedA person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials.7 2013 Imperva, Inc. All rights reserved.Confidential 8. Malicious vs Compromised Potential1% < 100%Source: http://edocumentsciences.com/defend-against-compromised-insiders 8 2013 Imperva, Inc. All rights reserved.Confidential 9. Look who made the headlinesHackers steal sensitive data related to a planned 2.4B acquisition.Hacker stole 4-million Social Security numbers and bank account information from state tax payers and businesses9 2013 Imperva, Inc. All rights reserved.Confidential 10. Evaluating MagnitudeCalifornia 2012 Data Breach Report: More than half of the breaches were the result of intentional intrusions by outsiders or by unauthorized insiders. Source: State of California Department of Justice, July 2013Source: Verizon Data Breach Report, 2013 10 2013 Imperva, Inc. All rights reserved.Confidential 11. Know your Attacker Governments Stealing Intellectual Property (IP) and raw data, Espionage Motivated by: Policy, Politics and NationalismIndustrialized hackers Stealing IP and data Motivated by: ProfitHacktivists 11 2013 Imperva, Inc. All rights reserved.Exposing IP and data, and compromising the infrastructure Motivated by: Political causes, ideology, personal agendasConfidential 12. What Attackers Are AfterSource: Verizon Data Breach Report, 201312 2013 Imperva, Inc. All rights reserved.Confidential 13. Two Paths, One Goal Online ApplicationUser with access rights (or his/her device)Malware (40%) Social Engineering (29%)Users (devices) 71% People 29%Hacking (various) used in 52% of breachesServers 54%Data & IPSource: Verizon Data Breach Report, 201313 2013 Imperva, Inc. All rights reserved.Confidential 14. Incident Analysis The South Carolina Data Breach14 2013 Imperva, Inc. All rights reserved.Confidential 15. What Happened?4M Individual Records Stolen in a Population of 5M80%. 15 2013 Imperva, Inc. All rights reserved.Confidential 16. A Targeted Database AttackAttacker steals login credentials via phishing email & malware 13-Aug-1216Attacker logs in remotely and accesses the database 27-Aug-12 2013 Imperva, Inc. All rights reserved.Additional reconnaissance, more credentials stolen 29-Aug-12 11-Sept-12ConfidentialAttacker steals the entire database12-Sept-12 14-Sept-12 17. The Anatomy of an Attack How does it work17 2013 Imperva, Inc. All rights reserved.Confidential 18. Anatomy of an AttackSpear Phishing18 2013 Imperva, Inc. All rights reserved.Confidential 19. Anatomy of an AttackSpear Phishing19C&C Comm 2013 Imperva, Inc. All rights reserved.Confidential 20. Anatomy of an AttackSpear Phishing20C&C Comm 2013 Imperva, Inc. All rights reserved.Data Dump & AnalysisConfidential 21. Anatomy of an AttackSpear Phishing21C&C Comm 2013 Imperva, Inc. All rights reserved.Data Dump & AnalysisBroaden InfectionConfidential 22. Anatomy of an AttackSpear Phishing22C&C Comm 2013 Imperva, Inc. All rights reserved.Data Dump & AnalysisBroaden InfectionConfidentialMain Data Dump 23. Anatomy of an AttackSpear Phishing23C&C Comm 2013 Imperva, Inc. All rights reserved.Data Dump & AnalysisBroaden InfectionConfidentialMain Data DumpWipe Evidence 24. Searching on Social Networks24 2013 Imperva, Inc. All rights reserved.Confidential 25. The Results25 2013 Imperva, Inc. All rights reserved.Confidential 26. Next: Phishing and Malware Specialized Frameworks and Hacking tools, such as BlackHole 2.0, allow easy setup for Host Hijacking and Phishing.How easy is it? A three-month BlackHole license, with Support included, is US$70026 2013 Imperva, Inc. All rights reserved.Confidential 27. Drive-by Downloads Are Another Route September 2012 iPhone 5 Images Leak was caused by a Trojan Download Drive-By27 2013 Imperva, Inc. All rights reserved.Confidential 28. Cross Site Scripting Is Yet Another Path Persistent XSS Vulnerable Sites provide the Infection Platform GMAIL, June 2012TUMBLR, July 201228 2013 Imperva, Inc. All rights reserved.Confidential 29. The Human Behavior FactorSource: Google Research Paper Alice in Warningland, July 2013 29 2013 Imperva, Inc. All rights reserved.Confidential 30. Current Controls Wont the NGFW/IPS/AV Stop It?30 2013 Imperva, Inc. All rights reserved.Confidential 31. What Are the Experts Saying?Flame was a failure for the antivirus industry. We really should have been able to do better. But we didnt. We were out of our league, in our own game. Mikko Hypponen, F-Secure, Chief Research Officer Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/31 2013 Imperva, Inc. All rights reserved.Confidential 32. Security Threats Have Evolved20012013AntiVirus Firewall IPSAntiVirus Firewall IPSSources: Gartner, Imperva analysis 32 2013 Imperva, Inc. All rights reserved.Confidential 33. Security Redefined Forward Thinking33 2013 Imperva, Inc. All rights reserved.Confidential 34. The DISA AngleIn the past, weve all been about protecting our networksfirewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. Weve got to remove those and go to protecting the data Lt. Gen. Ronnie Hawkins JR DISA. AFCEA, July 201234 2013 Imperva, Inc. All rights reserved.Confidential 35. Rebalance Your Security Portfolio35 2013 Imperva, Inc. All rights reserved.Confidential 36. Assume You Can Be Breached36 2013 Imperva, Inc. All rights reserved.Confidential 37. Incident Response Phases for Targeted AttacksReduce Risk Size Up the Target Prevent Compromise Compromise A User Detection Initial ExplorationContainment Solidify Presence Impersonate Privileged UserInsulate sensitive data Password RemediationSteal Confidential Data Device Remediation Cover TracksPost-incident Analysis 37 2013 Imperva, Inc. All rights reserved.Confidential 38. Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, forPost-Webinar DiscussionsWebinar Recording Link38Answers to Attendee QuestionsJoin Group 2013 Imperva, Inc. All rights reserved.Confidential 39. Questions? www.imperva.com39 2013 Imperva, Inc. All rights reserved.Confidential 40. Thank You!40 2013 Imperva, Inc. All rights reserved.Confidential