2. Agenda
A 10 minute tribute on how things go
wrong ...and possibly get you to
think twice
(10mins for the next 13 slides. Keep focused :] )
eBusinessWorld & Social Media World 2
3. 7 Years ago …
Clicking on an email or
attachment link was dangerous
3eBusinessWorld & Social Media World
4. Today …
eBusinessWorld & Social Media World 4
Visiting your
favorite website
is dangerous.
1 in 532 websites
infected.
5. browse
Legitimate
Web site
Most common: DriveBy Download infections
Browser is analysed
312 Plug-in vulnerabilities (2012)
891 Browser vulnerabilities (2012)
Malicious Script
• hacked website
• Misconfigured server
• Weak password
• Banner Ads
• …
No user
interaction
required
eBusinessWorld & Social Media World 5
6. eBusinessWorld & Social Media World 6
Your password
could be hacked by
Social engineering or
if a website was
hacked.
7 years ago …
7. Today : Data Breaches - again and again
• Twitter - 250‘000 user records stolen in 2013
• Scribd - 500‘000 user records stolen in 2013
• Evernote resets 50 Mio accounts after data breach in 2013
• LinkedIn - 6.5 Mio user records stolen in 2012
• Who‘s next ?
• Many of them happen due to SQL injection on the website
– Very old attack, could be protected by following the best practice
7
Are you sure that your data is well protected?
eBusinessWorld & Social Media World
8. Today …
eBusinessWorld & Social Media World 8
Oversharing allows the
attacker to gain access to your
online resources by simply
putting the pieces together
9. A lot of information in social networks
• „Luca2013“ could be my password
• Service to reset lost passwords
• Also for spammers
• or for Phishing
9
Hey, here you get
cheap rabbit food
Security Question
Name of your pet: LUCA
Hey, is that your bunny
in that picture?
Fake Facebook <login>
eBusinessWorld & Social Media World
10. ~5 years ago …
It was almost
impossible to get your
smartphone infected.
eBusinessWorld & Social Media World 10
12. Today’s Android Malware
• Making money with premium SMS
– Profit with SMS between $1.6K-9K / day
• Mobile BotNets exist already
• DriveBy Downloads possible
• Privacy is also an issue
• Mobile vulnerabilities
– 416 (2012) / 315 (2011)
Heavy use of
social engineering
Fake app markets
Unique (bad) APK
every time
Sends Premium
SMSs
12eBusinessWorld & Social Media World
14. Hacktivism
Different Motivation – Different Attacks
14
Money
Targeted Attacks
Sabotage Espionage
DDoS
Defacement
Banking Trojan
Extortion
Scam
eBusinessWorld & Social Media World
15. Tips of advice …
• Think “What is the impact to my customers?”
• Assess and Control your risks.
• Implement best practices for building your eBusiness platform
– OWASP Top 10
– Find your own holes before others find them first
– Lookout for past and new platform vulnerabilities. Fix them as soon as
they are announced and fix is available
• Share responsibly.
– If you think you have nothing to hide, tweet a picture while in the WC
• Watch what you click ?
• Protect your assets based on the threats and risks you identify.
eBusinessWorld & Social Media World 15