Website Security Threats - January 2014 Update
-
Upload
norton-secured -
Category
Technology
-
view
3.829 -
download
1
description
Transcript of Website Security Threats - January 2014 Update
Andrew Horbury Product Marketing Manager
Andrew ShepherdEMEA Marketing Manager
WEBSITE SECURITY THREATS:JANUARY 2014 UPDATE
Thursday 9th January 2014
Agenda
Website Security Threats: January 2014 Update
1
2
3
4
5
6
Month in Numbers
Creepware
Emerging and new types of malware
Gartner – why Interest in IT Risk is growing
Everyone is a target
Stranger than fiction
7 Good news
The month in Numbers• US$50,000
– Cybercrime boss Paunch earned US$50,000 a month• 40 million
– Target targeted: Cybercriminals may have spent the Christmas shopping season feasting on the proceeds of 40m stolen payment cards
• 00000000
– For nearly 20 years, the launch code for US nuclear missiles was 00000000• 61%
– Bots account for 61% of all website traffic up 21% yoy• 93% and 87%
– 93 percent of large organisations suffered a security breach last year, while 87 percent of small businesses also experienced
Website Security Threats: January 2014 Update
The month in Numbers• 18BN GBP
– Mobile influenced £18bn of retail sales in 2013• 54 million
– Turkish press reports that records of 54 million Turkish citizens have been stolen by attackers
• The 2 million Pony
– 1,580,000 website login credentials stolen
– 320,000 email account credentials stolen
– 41,000 FTP account credentials stolen
– 3,000 Remote Desktop credentials stolen
– 3,000 Secure Shell account credentials stolen
Website Security Threats: January 2014 Update
Creepware• Remote Access Trojans (RATs)
– Differs from tools due to malicious intent
– Allows someone to control a computer from a remote location
• How?– Drive-by downloads
– Malicious links
– Exploit kits
– Peer-to-peer file sharing/torrents
• Why?– Voyeurism, information/file stealing,
blackmail/sextortion, trolling, using computer for DDoS attacks
Website Security Threats: January 2014 Update
New and emerging types of Malware• Malicious Firefox add in
– The ‘Advanced Power’ botnet, active since May 2013 has infected more than 12,500 computers.
– The bot uses compromised Windows systems to scan for vulnerable websites to conduct SQL injection attacks
• Malware posing as Microsoft IIS to steal user data– New malware found that disguises itself as a module for
Microsoft’s IIS Web server in order to evade detection.
– The malware has been observed targeting credit card data on ecommerce websites.
– While the malware is not widespread yet, it could also be used to steal login details or any other sensitive data that’s sent to a compromised IIS instance.
Website Security Threats: January 2014 Update
Gartner – why Interest in IT Risk is growing
1. Lack of understanding
2. Increasing pressure to disclose technology risk
3. Lack of visibility into key business relationships with third-parties
4. Growing interconnection between technology and business risks
Website Security Threats: January 2014 Update
Everyone is a target……• Snapchat hack impacts 4.6 million users
– Hackers have published the usernames and phone numbers of more than 4.6 million Snapchat users in order to “raise public awareness on how reckless many internet companies are with user information”.
• 9 out of 10 large firms suffered a breach, says survey– Around 93 percent of large companies and 87
percent of small businesses suffered a security breach in 2013
Website Security Threats: January 2014 Update
Stranger than fiction
Website Security Threats: January 2014 Update
G20 Leaders are not immune to the charms of Carla Bruni
Harvard student uses Tor to send bomb threat to skip exam- FBI unamused
US agency destroys $170k of equipment to get rid of virus- Only 6 machines infected
Good News• Global ATM heist – eight arrested (two of
the suspects posted this image)• Not so secret launch codes
– Guide tours of silos
– Soldiers given checklist containing the launch code
• Glitter nail varnish could protect your laptop….
• Have you been breached? Theres an app for that!
Website Security Threats: January 2014 Update
Link Glossary (Press Print screen now)• Paunch
– http://www.group-ib.com/index.php/7-novosti/790-group-ib-assists-to-suppress-the-activities-of-a-blackhole-exploit-kit-author-paunch-is-arrestedq%22
• Target– http://www.reuters.com/article/2013/12/19/us-target-breach-idUSBRE9BH1GX20
131219• Nuclear Code
– http://www.huffingtonpost.com/2013/12/05/nuclear-missile-code-00000000-cold-war_n_4386784.html
• Bots account for 61% of web traffic– http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013
• 9 out of 10 large firms suffered a breach– http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013
• Mobile influenced £18bn of retail sales in 2013– http://
econsultancy.com/blog/10717-mobile-will-influence-15bn-of-in-store-sales-in-2012
• Turkish Hack• http://www.hurriyetdailynews.com/russian-hackers-stole-54-million-turkish-citiz
ens-id-data-claim.aspx?pageID=238&nID=59644&NewsCatID=338Website Security Threats: January 2014 Update
Link Glossary 2• Creepware – Symantec Blog
– https://www-secure.symantec.com/connect/blogs/creepware-who-s-watching-you
• Gartner 4 Reasons Behind the Growing Interest in IT Risk– http://blogs.gartner.com/john-wheeler/4-reasons-driving-growing-interest-
in-it-risks/
• 2013 Information Security Breaches Survey– http://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf
• Nail Varnish– http://
www.wired.co.uk/news/archive/2014-01/02/data-security-nail-polish
• Have I been Pwned– https://haveibeenpwned.com/Website Security Threats: January 2014 Update
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Andrew [email protected] / +44 7912 552 896Andrew [email protected] / +44 7703 468 966
Website Security Threats: January 2014 Update
Next webinar: Thursday 13th February 2014 9.30am UK / 10.30am CET