Former NSA Chief Reveals Ransomware Threats
•
4 likes•2,762 views
An in-depth look at Ransomware. Learn what it is, and how to protect yourself.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Former NSA Chief Reveals Ransomware Threats
Similar to Former NSA Chief Reveals Ransomware Threats (20)
More from Armor
More from Armor (20)
Recently uploaded
Recently uploaded (20)
Former NSA Chief Reveals Ransomware Threats
- 2. Chase Cunningham Threat Intelligence Lead • Former Chief Cryptologist for the National Security Agency • US Navy (Ret.) RANSOMWARE Today’s Speaker
- 3. • The Threat Landscape • Ransomware: Definition & Reality • Demo: How It Works • Mistakes & Vulnerabilities • Protect Yourself • What No One is Talking About • Questions & Answers RANSOMWARE Agenda
- 4. Hackers • Highly Skilled • Well-funded • Sophisticated • Getting Stronger
- 5. The Threat Landscape 12 / 13 110 million customers’ credit card and personal data stolen 01 / 14 04 / 14 05 / 14 06 / 14 07 / 14 09 / 14 Exposed Names, addresses, emails & payment card details 145 million users’ passwords affected 1.1 million customers’ credit and debit card data stolen 3 million customers’ credit and debit card data stolen 56 Million Customers Credit Card Data Stolen 180 Southern California Stores hit 08 / 14 Nude Photos of Actresses Revealed to the Public 09 / 14 08 / 14 Social Security #s & Personal Data of 4.5 Million People 09 / 14 4.93 Million Gmail User Names and Passwords Published Who’s Next? ? Customer Data Theft from 33 Locations
- 6. Ransomware Defined • Malware locks out system owners & demands ransom • Creates “zombie computer” operated remotely • Individuals & businesses targeted • On the rise past 3 years • CryptoLocker procured estimated US $3 million
- 7. Ransomware Reality: Code Spaces • Hosted by a major cloud provider • Pirates held site for $millions • Unable to pay; pirates deleted files • Company filed for bankruptcy • Cloud provider had no liability I always call it the Wal-Mart/Target competition… to see who can get to the lowest price and still provide good service. Security is what gets lost. “ “ - Jeff Schilling FireHost CSO, SearchSecurity.com
- 8. DEMO
- 9. “ The Results “ You Owe What We Say You Owe
- 10. MISTAKE: Taking an ostrich approach: “It won't happen to me” VULNERABI L I TY EVERYONE can be successfully breached RANSOMWARE
- 11. RANSOMWARE MISTAKE: Wasting resources on the wrong areas VULNERABI L I TY High-risk areas vulnerable to easy attack
- 12. RANSOMWARE MISTAKE: Using an insecure provider VULNERABI L I TY Your business & customers
- 13. Protecting Yourself • Security is a 24/7 job • Get a secure provider • Multi-layered security • Security operations
- 14. RANSOMWARE
- 15. PROTECT DETECT RESPOND RECOVER RANSOMWARE
- 16. What No One is Talking About:
- 17. Questions & Answers RANSOMWARE
- 18. Thank You Please visit us at FireHost.com Email sales@firehost.com Phone +1 877 262 3473 RANSOMWARE
Editor's Notes
- .
- Hackers are as skilled as security experts They operate in well-funded organizations They have access to sophisticated tools Their abilities to evade capture are growing, such as using Tor anonymizing networks to cover their tracks Most companies lack the in-house expertise and technology to protect themselves They lack the budget and even if they had it, finding real IT security experts is difficult – there’s a shortage Need: Information Security analyst or director - understand regulation and create a framework to guide security environment Security Operations (SecOps): Implement and monitor framework from InfoSec Threat Intelligence: Develop and implement threat intelligence framework Incident Response & Forensics: Identify and mitigate threats Many cloud providers are also insecure: Many clouds were constructed before the industry realized the full importance of safeguarding data. Those clouds were built with cost savings and performance in mind - security controls were added as an afterthought. Rather than improve their security posture, they distract customers by emphasizing performance, speed to deployment, cost, scalability and other features. So their customers assume they are protected – but they aren’t.
- Opportunity to illustrate that threats are ongoing, gaining in severity and that brands, regardless of size, are being impacted.
- Malware locks out owners from their own systems and demands ransom. Often they enter system through a downloaded file or vulnerability, then begin encrypting files. Sometimes they will just demand money – other times they’ll impersonate a law enforcement pretending that your system has been used for illegal activities/content, or they’ll pretend Windows installation needs reactivation, that a license expired. Either way, your system is now a zombie, obeying the commands of a remote criminal network. CryptoLocker is ransomware worm that surfaced in late 2013 It managed to collect an estimated US$3 million before it was taken down by authorities.[5] http://www.bbc.com/news/technology-28661463 Both individuals and businesses are targeted. Chase's mom had her accounts held for ransom. They wanted $300 – but Chase rode in and straightened it out. Most people can't do that and they just pay because they're scared and no one will help them. Obviously this can become a form of corporate warfare. Can hire criminals to take down competitor. This started 10 years ago, but more in the last 3 years. Vectors and methods are growing.
- Code Spaces was a code-hosting and software collaboration platform hosted by a major cloud provider. Pirates kidnapped their site and demanded several million in ransom. They got into their control panel and demanded money – Code Spaces was unable to pay it. Code Spaces changed its passwords and attempted to regain control of the system, the hackers started deleting all the company's data, backups, machine configurations and off-site backups from the panel, leaving the company’s website unable to operate. The company declared bankruptcy. Their cloud provider, Amazon, had no liability. Security was not part of their obligation.
- Chase can connect dots, but what if the fake FBI page said you owe $1 million instead of $200? Companies like Code Spaces may not be able to afford it and will go out of business.
- So the question we get the most on this topic is – how can I avoid this happening to me? Here are the mistakes and vulnerabilities we see. A lot of people take the Ostrich approach: "it won't happen to me." It happened to Chase's mom! It happened to Evernote earlier this year – they paid the ransom. Lots of people pay it. Another is wasting resources on areas that don’t need to be protected. Not every part of your environment deserves the same amount of protection – it’s smarter to figure out where your risk is and amp up on those areas. But the #1 mistake we see is businesses using an insecure provider who doesn’t have the right capabilities. A lot of them will give you servers and get you up and running, but they have NO interest in keeping you secure
- e.g. code spaces
- A lot of businesses will ask what technologies can help them prevent this. First thing, understand security is a 24/7 job. Get a secure provider who can protect you. Ask provider the right questions – what is their strategy, what is their security expertise? Do they have security experts on staff that can help protect you? Most don’t and don’t call that out. It’s on you to ask the questions rather than the provider to answer. Ask if they have 2FA by default, web application firewalls, a security management protocol in place. Do they do threat intelligence management? Is security a priority for them or is it something they do when it’s a problem? Practice multi-layered security and multiple technologies. No single technology is going to protect you. Real-time monitoring is important, so is threat intelligence, macro data, malware analysis.
- FireHost was built from the ground up to focus on Security. It is the first cloud provider to ascertain specific indicators from corporate and customer environments to see if they are threat – we do this ahead of time, like minority report. And if they are, we analyze the indicators so we can preemptively stop the threat before it happens AND recognize other threats. Trying to be proactive, not reactive. We leverage algorithms and scientific models instead of just stuffing in data and trying to figure it out Using data points and intelligence, we can predictively say we don’t need to lock down this area, it’s not going to hit there. We avoid spending 100s of man hours when it’s not a possibility. It’s about optimizing your mitigation strategy – making smart, efficient choices. This is about leveraging data points and using that knowledge intuitively instead of shotgun reactions - waiting for problems and then fixing them. We’re moving away from the boy with the finger in the dam methodology to something more long term and effective. We have a dedicated team that is wholly dedicated to vulnerability management and threat intelligence. The vendors you choose to host or store data is part of everyone’s accountability. Focus has always been on bad guys and their tactics as well as the fallout for the victims. But we need to stress the need to consider who you collaborate with, because even if they are nice and mean well, they may not be as safe as needed. You would be in jeopardy as a result. Jeff can talk about FireHost and the principle that not all clouds and cloud providers are created equal when it comes to security and compliance. This gives us subtle yet clear positioning without over-marketing