Nightingale Floors: Mitigating Cyber Attacks in 2015

Tom Kellermann, CISMChief Cybersecurity Officer, Trend Micro Inc.

History Repeats Itself

Copyright 2015 Trend Micro Inc.

Advanced Malware Targeted Attacks

Advanced Malware

Targeted Attacks

Employee Data Leaks

Traditional Malware

Vulnerability Exploits

300K new malware programs daily!

Arms Bazaar of Attack Code

Thriving Underground Market

Malware offered for $249 with a service level agreement (SLA) and replacement warranty if the creation is detected by any antivirus within 9 months

Copyright 2014 Trend Micro Inc.

Malware checking

Botnet Framework

Bulletproof hosting

Exploit Kit

DDOS Attack for 24 hours

Dropper file and crypt

Modules

$30

$125

monthly onetime

$50

$40

$0$52

$38 $120

$0 $20

$205$70

$80$8

Total:$238 $600

Menu for Full Service Hacking

Stratagems of Elite Hackers

Stages-of-Attack.pptx

Destroy the ForensicsCopyright 2015 Trend Micro Inc.

Noteworthy Attack Vectors

Watering Hole Attacks: 28% in the USA

Source: Trend Micro Q3’14 Treat Roundup Report

Island Hopping and Secondary Infections

The Evolution of Mobile Attacks

Proximity Attacks Realized

Geopolitics as Harbingers for Attack

Operation Pawn Storm

Copyright 2015 Trend Micro Inc.

What are the Impacts of Targeted Attacks?

Strategic Costs Career Risks

Offense Must Inform Defense: Spin the Chess Board

Trends of Attack 2015

• IOS will become the bull's-eye of malware.

• Zero Day’s for Web applications explode.

• Cloud App Attacks.

• Secondary infections are leveraged to facilitate long-term campaigns against the fortune 100.  

• Ransomware

• The use of destructive payloads as part of counter incident response.

04/15/2023

Advanced Persistent Response

Advanced Malware

Detection

Attacker Activity Detection

Threat Impact Assessment

Contextual Threat Analysis

Detect malware, C&C, and attacker activity invisible to standard defenses

Analyze the risk, context, timeline and full extent of the attack

Respond with automatic security updates & the insight to shut down the attack

Custom Defense is the Foundation

Custom Defense

Advanced MalwareDetection

ContextualThreat Analysis

AutomatedSecurity Updates

Command & ControlDetection

AttackerActivity Detection

Threat Impact Assessment

Risk Management 1. Conduct Pen test of all third parties.2. Use Two-factor authentication.3. Utilize a host based intrusion prevention system.4. Deploy file integrity monitoring.5. Implement virtual shielding for zero day exploits.6. Deploy both an MDM and Mobile Application Reputation

software.7. Sandbox your cloud apps.8. Implement whitelisting.9. Manage the crypto keys for your cloud data.10. Web Application Security (OWASP).11. Deploy context aware Threat Intelligence.12. Utilize a Breach Detection System.

Securing your journey to the cloud