Whilst not every organisation may be a target of an APT or targeted attack, it’s important that all companies large or small understand these attacks as a way to help build stronger defences against the constantly changing threat landscape. · Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. · In 2012 the number of Web based attacks increased by 1/3 with approximately 247,350 Web-based attacks were blocked each day. · 5291 New Vulnerabilities were discovered in 2012 · Spam accounts for 69% of all email and one in 414 emails are from phishers All security and IT professional need to understand the new reality classic textbook protections may well not be enough.

1. Is your website the soft underbelly of your organisation? 1
Is your website the soft underbelly of
your organisation?
Andrew Horbury
Senior Product Marketing Manager - Symantec

2. Today’s Agenda
Is your website the soft underbelly of your organisation? 2
What is an APT and targeted attacks1
Spear Phishing
Targeted attacks by co. size and vertical
Cybercrime and targeted attacks
Watering hole attacks
Vulnerabilities
Next steps
2
3
4
5
6
7

3. What is an APT?
• A type of targeted attack
– Using a variety of techniques
• Drive by downloads
• SQL Injection
• Phishing
• Spam
• Spyware
• And more…..
• An APT is always a targeted attack but a
targeted attack is not necessarily an APT.
• APTs differ for targeted attacks:
– Customized
– Low and Slow
– Higher Aspirations
– Specific Attacks
Is your website the soft underbelly of your organisation? 3

4. GhostNet
• GhostNet is perhaps a
stand out classic example
of a long-term, persistent,
targeted attack
• Starting in May 2007 it
continued for nearly two
years, infecting some
computers for as long as
660 days
Is your website the soft underbelly of your organisation? 4

5. What is a targeted attack
• Targeted attacks
– Aimed at one person or a specific group
– Driven by financial motives cybercriminals targeted attacks are replacing
global widespread virus outbreaks.
Is your website the soft underbelly of your organisation? 5

6. 6

7. 7

8. Spear Phishing
Is your website the soft underbelly of your organisation? 8
• Research shows that
calling ahead adds
credibility to a
targeted attack

9. Using the Phone to back up a Phishing Attack
• What can attackers do to improve success rate of phishing
email?
• On 11 April 2013, an employee in an “Organisation A” in
France received a phone call
• French speaking caller, urges her to download an invoice
from a link she will receive through email
• Link doesn’t go to an invoice but instead
installs a version of W32.Shadesrat,
a well-known Remote Access Trojan.
9Is your website the soft underbelly of your organisation?

10. 10
Targeted Attacks by Company Size
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Employees
2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500
501 to 1,000
251 to 500
1 to 250
18%
in 2011
9%
2%
3%
5%
31%
Is your website the soft underbelly of your organisation?

11. 11
Targeted Attacks by Company Size
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Employees
2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500
501 to 1,000
251 to 500
1 to 250
18%
in 2011
9%
2%
3%
5%
31%
87% of SMBs suffered a
cyberattack last year, only
44% see security as a
priority
Is your website the soft underbelly of your organisation?

12. 12
1%
2%
2%
2%
8%
10%
12%
17%
19%
24%
0% 5% 10% 15% 20% 25% 30%
tion, Communications, Electric, Gas
Aerospace
Retail
Wholesale
Services – Professional
Energy/Utilities
Government
Services – Non-Traditional
Finance, Insurance & Real Estate
ManufacturingManufacturing
Finance, Insurance & Real Estate
Services – Non-Traditional
Government
Energy/Utilities
Services – Professional
Wholesale
Retail
Aerospace
Transportation, Communications,
Electric, Gas
Targeted Attacks by Industry: 2012
Is your website the soft underbelly of your organisation?

13. 13
1%
2%
2%
2%
8%
10%
12%
17%
19%
24%
0% 5% 10% 15% 20% 25% 30%
tion, Communications, Electric, Gas
Aerospace
Retail
Wholesale
Services – Professional
Energy/Utilities
Government
Services – Non-Traditional
Finance, Insurance & Real Estate
ManufacturingManufacturing
Finance, Insurance & Real Estate
Services – Non-Traditional
Government
Energy/Utilities
Services – Professional
Wholesale
Retail
Aerospace
Transportation, Communications,
Electric, Gas
Targeted Attacks by Industry: 2012
Is your website the soft underbelly of your organisation?

14. R&D
27%
Senior
12%
C-Level
17%
Sales
24%
Shared
Mailbox
13%
Recruitment
4%
Media
3% PA
1%
0%
5%
10%
15%
20%
25%
30%
• Attacks may start with the ultimate target but often look opportunistically
for any entry into a company
14
Targeted Attacks by Job Function: 2012
Is your website the soft underbelly of your organisation?

15. Why is a targeted attack different from
‘vanilla’ cyber crime?
15Is your website the soft underbelly of your organisation?

16. cyber crime Targeted attack
“Advanced Persistent Threats (APT)”
Aurora, Nitro, NightDragon,
ShadyRAT, Taidoor, LuckyCAT
16Is your website the soft underbelly of your organisation?

17. What does CyberCrime mean?
17
Online banking credentials
P.I.I / Credit Card numbers
Fake AV
Purchasing scams / Fraud
Botnet &
Pay Per Install
Is your website the soft underbelly of your organisation?

18. Cyber crime Targeted attack
“Advanced Persistent Threats (APT)”
Aurora, Nitro, NightDragon,
ShadyRAT, Taidoor, LuckyCAT
18Is your website the soft underbelly of your organisation?

19. Cost of a data breach
• In 2012, the average per capita cost of a UK data breach caused
by a malicious or criminal attack was $157.*
• The most and least expensive breaches.
– German and US co’s had the most costly data breaches ($199 and $188
per record
– These countries also experienced the highest total cost (US at $5.4 million
and Germany at $4.8 million). The least costly breaches occurred in Brazil
and India ($58 and $42, respectively). In Brazil total cost was $1.3 million
and in India it was $1.1 million.
*Source:
http://www.symantec.com/content/en/us/about/media/pdfs/b-
cost-of-a-data-breach-global-report-2013.en-
us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_li
nkedin_2013Jun_worldwide_CostofaDataBreach
Is your website the soft underbelly of your organisation? 19

20. It’s not just about direct attacks
or e-mail
20Is your website the soft underbelly of your organisation?

21. 21
Targeted Attacks predominantly start as spear phishing attacks
In 2012, Watering Hole Attacks emerged
Send an email to a person
of interest
Spear Phishing
Infect a website and lie
in wait for them
Watering Hole Attack
Is your website the soft underbelly of your organisation?

22. 22
Effectiveness of Watering Hole Attacks
Watering Hole attacks are targeted at specific groups
Can capture a large number of victims in a very short time
http://bit.ly/Elderwood
Infected 500
Companies
Watering Hole
Attack in 2012
All Within
24 Hours
Is your website the soft underbelly of your organisation?

23. Watering Hole Targeted iOS Developers
23
In 2013 this type of attack will become widely used
Several high profile companies fell victim to just such an attack
Is your website the soft underbelly of your organisation?

24. Recent Examples of Water Hole Attack
• In 2013 we
predict this type
of attack will
become more
widely used
• In February this
year several
high profile
companies fell
victim to this
type of attack
24Is your website the soft underbelly of your organisation?

25. Zero-Day Vulnerabilities
13
15
9
12
14
8
14
2006 2007 2008 2009 2010 2011 2012
Total Volume
Total Volume
25Is your website the soft underbelly of your organisation?

26. Zero-Day Vulnerabilities
4
2
3 4
13
15
9
12
14
8
14
0
5
10
15
20
25
2006 2007 2008 2009 2010 2011 2012
Total Volume
Elderwood
Stuxnet
One group can significantly affect yearly numbers
The Elderwood gang drove the rise in zero day vulnerabilities
26Is your website the soft underbelly of your organisation?

27. All vulnerabilities
All vulnerabilities
5291
0
1000
2000
3000
4000
5000
6000
7000
2006 2007 2008 2009 2010 2011 2012
All vulnerabilities
• No significant rise or fall in discovery of new vulnerabilities in last six years
27Is your website the soft underbelly of your organisation?

28. 74,000
55,000
43,000
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
2010 2011 2012
New unique malicious web domains
Decrease
In new malicious domains
28Is your website the soft underbelly of your organisation?

29. 29
30% increase
in web attacks blocked…
190,370
2011 2012
247,350
Is your website the soft underbelly of your organisation?

30. 30
Our Websites are Being Used Against Us
61%
of web sites serving
malware are legitimate sites
25%
have critical vulnerabilities
unpatched
53%
of legitimate websites have
unpatched vulnerabilities
Is your website the soft underbelly of your organisation?

31. Warning…..your site is infected and you might never
recover
Is your website the soft underbelly of your organisation? 31

32. What do I need to do now?
• Employees: your first line of defence
– 38 percent of employees say their manager views data protection as a
business priority
• Security awareness and the respecting the value of company
data needs to be ingrained throughout the company culture
Is your website the soft underbelly of your organisation? 32

33. What happens when the first line fails
• Use spyware to log keystrokes, switch on microphones and cameras
and record with them, and listen in on VOIP calls and IM
• Use your servers and websites to launch additional malware attacks
• Infiltrate your email system to distribute spam or, more, likely further
targeted attacks
• Look for further vulnerabilities in your network to exploit
• Monitor your network and website traffic
• Infect your websites to target visitors with malicious code
• Search for encryption keys in your servers
• Export customer data, intellectual property and financial information
• Take control over automated systems
• Send messages from and display messages on individual devices.
Is your website the soft underbelly of your organisation? 33

34. Knowledge and technology: your second line of
defence
Is your website the soft underbelly of your organisation? 34
Assessment type What we look for
Malicious Activity Uncover and analyse malicious activities in your
environment, such as suspicious network activity
Targeted Attacks Look for evidence of infection specific to your
organisation
Data Loss Find data spills that could be targets for hackers
Vulnerability Analyse web applications, databases, servers, and
network devices for vulnerabilities.

35. Protection through policy: your final line of defence
Ponemon 2013 Cost of Data Breach Study* found:
• A strong security posture, reduced the per capita cost by $20
• An incident response plan, reduced the per capita cost by $20
• The appointment of a Chief Information Security Officer (CISO)
who has centralised responsibility for data protection, which
reduced the per capita cost by $14
* Pomenon 2013 Cost of Data Breach Study
http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-
2013
Is your website the soft underbelly of your organisation? 35

36. How Symantec can help (Print Screen)
Symantec technology What it does How it can help
Symantec Extended Validation
SSL Certificates
Encrypts confidential information, such as credit card data,
between the browser and your servers. Also confirms the
identity of the website in the browser address bar.
• Powerful encryption
• Visible security
• Authenticates the website
• Greater customer trust
• Increased conversions.
Web Site Malware Scanning Scans websites for malware infections. Reduces the risk of warnings and blocking by
search engines and the risk of reputation
damage when a site infects its visitors.
Symantec Managed PKI for SSL Lets website managers keep track of all their SSL
certificates from a web-hosted management console.
Reduce the risk of accidental certificate
expiry and credibility-damaging certificate
warnings.
Always-on SSL with Symantec
Secure Site Pro SSL Certificates
Always-on SSL is used by sites such as Google, Facebook
and LinkedIn to protect all the user’s interactions with the
site.
Build trust and encourage user interaction by
making sure that it is all encrypted and
secure.
The Norton™ Secured Seal Shows customers that you value their trust and that your
site is secure because it has been scanned weekly for
malware and vulnerabilities.
The Norton™ Secured Seal is the most
recognised trust mark on the Internet
Symantec Seal-in-Search™ Displays the widely-recognised Norton Secured Seal trust
mark in web search results.
Increase search traffic
Increase customer trust and confidence.
36Is your website the soft underbelly of your organisation?

37. Stay informed
• Follow us on twitter @nortonsecured @threatintel
• www.symantec.com/threatreport
• go.symantec.com/ssl
• Blogs www.symantec.com/connect/blogs/website-
security-solutions
37Is your website the soft underbelly of your organisation?

38. Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or
implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Is your website the soft underbelly of your organisation? 38
Andrew Horbury
andy_horbury@symantec.com
+44 207 4485 623