Targeted Defense for Malware & Targeted Attacks

download Targeted Defense for Malware & Targeted Attacks

of 36

  • date post

    15-Jan-2015
  • Category

    Technology

  • view

    2.265
  • download

    1

Embed Size (px)

description

Sophisticated attacks leverage social engineering techniques and malware to compromise those individuals already on the inside of your enterprise, and then steal your data. By targeting your trusted employees, attackers can circumvent conventional defenses like firewalls and IPS solutions to penetrate your network and compromise your data center. This presentation will examine why attackers looking to steal sensitive data targeted your data center; explain how targeted attacks, often using spear phishing and malware, consistently defy perimeter and endpoint defenses; and present an eight step incident response model to help prevent, detect, and respond to targeted attacks.

Transcript of Targeted Defense for Malware & Targeted Attacks

  • 1. 2013 Imperva, Inc. All rights reserved. Targeted Defense for Malware and Targeted Attacks Confidential1 Barry Shteiman Senior Security Strategist

2. 2013 Imperva, Inc. All rights reserved. Contents Confidential2 Compromised Insider Incident Analysis Anatomy of an Attack Current Controls Reclaiming Security 3. 2013 Imperva, Inc. All rights reserved. Compromised Insider Confidential3 Defining the Threat Landscape 4. 2013 Imperva, Inc. All rights reserved. Confidential4 There are two types of companies: companies that have been breached and companies that dont know theyve been breached. Shawn Henry, Former FBI Executive Assistant Director NY Times, April 2012 5. 2013 Imperva, Inc. All rights reserved. Insider Threat Defined Confidential5 Risk that the access rights of a trusted person will be used to view, take or modify data or intellectual property. Possible causes: Accident Malicious intent Compromised device 6. 2013 Imperva, Inc. All rights reserved. A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. 6 Compromised Insider Defined Confidential 7. 2013 Imperva, Inc. All rights reserved. Malicious Vs. Compromised Potential Confidential7 1% < 100% Source: http://edocumentsciences.com/defend-against-compromised-insiders 8. 2013 Imperva, Inc. All rights reserved. Look Who Made the Headlines Confidential8 Hackers steal sensitive data related to a planned 2.4B acquisition. Hacker stole 4-million Social Security numbers and bank account information from state tax payers and businesses 9. 2013 Imperva, Inc. All rights reserved. Know Your Attacker Confidential9 Governments Stealing Intellectual Property (IP) and raw data, Espionage Motivated by: Policy, Politics and Nationalism Industrialized hackers Stealing IP and data Motivated by: Profit Hacktivists Exposing IP and data, and compromising the infrastructure Motivated by: Political causes, ideology, personal agendas 10. 2013 Imperva, Inc. All rights reserved. What Attackers Are After Confidential10 Source: Verizon Data Breach Report, 2013 11. 2013 Imperva, Inc. All rights reserved. Data & IP 11 Two Paths, One Goal User with access rights (or his/her device) Hacking (various) used in 52% of breaches Online Application Malware (40%) Social Engineering (29%) Servers 54% Confidential Users (devices) 71% People 29% Source: Verizon Data Breach Report, 2013 12. 2013 Imperva, Inc. All rights reserved. Incident Analysis Confidential12 The South Carolina Data Breach 13. 2013 Imperva, Inc. All rights reserved. What Happened? Confidential13 4M Individual Records Stolen in a Population of 5M 80%. 14. 2013 Imperva, Inc. All rights reserved. A Targeted Database Attack Confidential14 12-Sept-12 - 14-Sept-12 Attacker steals the entire database 27-Aug-12 Attacker logs in remotely and accesses the database 13-Aug-12 Attacker steals login credentials via phishing email & malware 29-Aug-12 - 11-Sept-12 Additional reconnaissance, more credentials stolen 15. 2013 Imperva, Inc. All rights reserved. The Anatomy of an Attack How Does It Work 15 Confidential 16. 2013 Imperva, Inc. All rights reserved. Anatomy of an Attack Confidential16 Spear Phishing 17. 2013 Imperva, Inc. All rights reserved. Anatomy of an Attack Confidential17 Spear Phishing C&C Comm 18. 2013 Imperva, Inc. All rights reserved. Anatomy of an Attack Confidential18 Spear Phishing C&C Comm Data Dump & Analysis 19. 2013 Imperva, Inc. All rights reserved. Anatomy of an Attack Confidential19 Spear Phishing C&C Comm Data Dump & Analysis Broaden Infection 20. 2013 Imperva, Inc. All rights reserved. Anatomy of an Attack Confidential20 Spear Phishing C&C Comm Data Dump & Analysis Broaden Infection Main Data Dump 21. 2013 Imperva, Inc. All rights reserved. Wipe Evidence Anatomy of an Attack Confidential21 Spear Phishing C&C Comm Data Dump & Analysis Broaden Infection Main Data Dump 22. 2013 Imperva, Inc. All rights reserved. Searching on Social Networks Confidential22 23. 2013 Imperva, Inc. All rights reserved. The Results Confidential23 24. 2013 Imperva, Inc. All rights reserved. Next: Phishing and Malware Confidential24 How easy is it? A three-month BlackHole license, with Support included, is US$700 Specialized Frameworks and Hacking tools, such as BlackHole 2.0, allow easy setup for Host Hijacking and Phishing. 25. 2013 Imperva, Inc. All rights reserved. Drive-by Downloads Are Another Route Confidential25 September 2012 iPhone 5 Images Leak was caused by a Trojan Download Drive-By 26. 2013 Imperva, Inc. All rights reserved. Cross Site Scripting Is Yet Another Path Confidential26 Persistent XSS Vulnerable Sites provide the Infection Platform GMAIL, June 2012 TUMBLR, July 2012 27. 2013 Imperva, Inc. All rights reserved. The Human Behavior Factor Confidential27 Source: Google Research Paper Alice in Warningland, July 2013 28. 2013 Imperva, Inc. All rights reserved. Current Controls Confidential28 Wont the NGFW/IPS/AV Stop It? 29. 2013 Imperva, Inc. All rights reserved. What Are the Experts Saying? Confidential29 Flame was a failure for the antivirus industry. We really should have been able to do better. But we didnt. We were out of our league, in our own game. Mikko Hypponen, F-Secure, Chief Research Officer Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/ 30. 2013 Imperva, Inc. All rights reserved. Security Threats Have Evolved Confidential30 20132001 AntiVirus Firewall IPS AntiVirus Firewall IPS Sources: Gartner, Imperva analysis 31. 2013 Imperva, Inc. All rights reserved. Security Redefined Confidential31 Forward Thinking 32. 2013 Imperva, Inc. All rights reserved. The DISA Angle Confidential32 In the past, weve all been about protecting our networksfirewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. Weve got to remove those and go to protecting the data Lt. Gen. Ronnie Hawkins JR DISA. AFCEA, July 2012 33. 2013 Imperva, Inc. All rights reserved. Rebalance Your Security Portfolio Confidential33 34. 2013 Imperva, Inc. All rights reserved. Assume You Can Be Breached Confidential34 35. 2013 Imperva, Inc. All rights reserved. Incident Response Phases for Targeted Attacks Confidential35 Reduce Risk Prevent Compromise Detection Containment Insulate sensitive data Password Remediation Device Remediation Post-incident Analysis Size Up the Target Compromise A User Initial Exploration Solidify Presence Impersonate Privileged User Steal Confidential Data Cover Tracks 36. 2013 Imperva, Inc. All rights reserved. www.imperva.com 36 Confidential