SlideShare ist ein Scribd-Unternehmen logo

Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense

Graeme Wood
Graeme Wood
TechnologieNews & Politik
1 von 27
Downloaden Sie, um offline zu lesen
CyberCrime, CyberSpy, CyberWar – Looking back in order to protect the future JD Sherry VP of Public Technology and Solutions @jdsherry
Discussion Outcomes I. How might organizations learn from elite hackers? II. Given the widespread use of APTs and the evolution of the cyber attack chain- how can advanced situational awareness be achieved? III. Predictions for 2013 and how can we counter measure?
Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013 INFORMATION HAS BECOME YOUR MOST STRATEGIC ASSET Identify trends Understand customer behavior Analyze opportunities Discover efficiencies
The New Reality • One new threat created every second 1 • A cyber intrusion happens every 5 minutes 2 • Over 90% of enterprises have malware 1 • Almost 75% have one or more bots 1 • Mobile malware outpacing PC malware – 350,000 Android pieces in 2012 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
2013 Cyber Attack Trends •DDOS-yes still… •Mobile Malware/Proximity attacks •Cross-Platform Attacks •Man-in-the-Browser Attacks •Watering Hole Attacks •MAC Attacks •Cloud Attacks/Island Hopping •SWATing
• Localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks. • The malware used in targeted attacks will have destructive capacity, either as its primary intent or as a clean-up mechanism to cover the attackers’ tracks. • Social, political and economic indicators must be used in conjunction with technical indicators to fully assess and analyze targeted attacks. Targeted Attack Trends
Offense Informs Defense: Stages of Attack 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. C&C 6. Lateral Movement 7. Exfiltration 8. Maintenance
8 6/5/2013
A Comparison of Eastern European and East Asian Blackhats
The Greatest Trick the Devil Ever Pulled was Convincing the World that He Didn’t Exist… • Kevin Spacey aka Verbal Kint-“The Usual Suspects”
Chinese Actors Gaining Headlines but… • Trend Micro has concluded that Eastern European hackers pose a greater threat than East Asian hackers • East Asian objectives: speed and cost-effectiveness. • Attacks are persistent, but use known vulnerabilities and malware and don’t hide their tracks as well. • Eastern European objectives: remain hidden throughout the operation and build online reputation. Attacks use custom malware and innovative techniques.
Eastern European Tactics • Malware is innovative: RATs have all capabilities hard- coded internally; encrypted traffic, dynamic drop zones, complex command & control • Infrastructure is internal to the operation, or bulletproof hosts are carefully selected • Professionals who build a reputation over time; they respect and do not attack the motherland • Generally control their own servers, develop DNS servers, and create sophisticated traffic systems for attacks. Hallmark is to maintain total control.
In the News… • Spanish police Ransomware-REVETON – $1M per year revenue stream – Victims tricked into paying attackers posing as law enforcement – Computers compromised as well – Trend Micro corroborates with Spanish police to bring down • South Korean media and banking attacks – Destructive Trojan/logic bombs that erased MBR • Sleep cycle set to cause mayhem on March 20 at 2PM. – Trend Micro provides intelligence prior to attack – All codes detected by APT hunter-Deep Discovery • Major Korean bank avoids major attack
The Children of Stuxnet-
ICS Attacks Become Mainstream
Go where the money is… • 93.6% of the world’s currency is digital • 6.4% cash and gold • 95% of bank heists have an electronic vector – (FINCEN)
Modern Day John Dillingers
Banking Malware: Customized and Quiet • Citadel – modularized malware that steals online-banking credentials • TinBa- Tiny Banker 56K large- memory injection • SpyEye- Automated Transfer Systems • Eurograbber – multistaged attacks that compromise desktops and mobile devices • Gozi-Prinimalka – spring attack to be aimed at 30 U.S. banking institutions • High Roller - uses automation to drain high-value bank accounts
Cybercrime or Cyber Warfare? -The Shadow Economy
IaaS DMZ Mission Critical Servers Endpoints Internet Firewall Anti-malware IDS / IPS Today’s Enterprise Challenges SaaS • Data in motion • Social Media • Virtualization and Cloud • Traditional defenses bypassed by low and slow attacks
How do you answer these questions? • Have you been targeted by an attack?  Unfortunately Yes!  Not sure? But would like to know! • How do you know?  Data breach, forensic analysis  Continuous Monitoring  Security audit  Incident response, alerts  Custom threat defense • Why are you being targeted? • What are they after?
Detection Begins with Network Indicators • Changing C&C protocols requires considerable effort • Network traffic can be correlated with other indicators to provide proactive detection • Unknown threats may be detected by extrapolating methods and characteristics from known threat communication behaviors
Mitigation Requires a Custom Defense
Data Center Physical Virtual Private Cloud Public Cloud Cloud and Data Center Security Anti-Malware Integrity Monitoring Encryption Log Inspection Firewall Intrusion Prevention Data Center Ops Security
Copyright 2013 Trend Micro Inc. Custom Defense Network-wide Detection Advanced Threat Analysis Threat Tools and Services Automated Security Updates Threat Intelligence Custom Sandboxes Network Admin Security
Risk Management 101 6/5/2013 Copyright 2013 Trend Micro Inc. 1. Has the cyber security posture of all third parties been audited? 2. Is access to all sensitive systems and computers governed by two factor authentication? 3. Does a log inspection program exist? How frequently are they reviewed? 4. Does file integrity monitoring exist? 5. Can vulnerabilities be virtually patched? 6. Is MDM and Mobile Application Reputation software utilized? 7. Do you utilize a DLP? 8. Can you migrate your layered security into the cloud? 9. Do you maintain multi-level rule-based event correlation? Is there custom sandbox analysis? 10. Do you have access to global threat intelligence? 11. Can you transfer your risk?
27Copyright © 2013 Trend Micro Incorporated.All rights reserved. Thank You! jd_sherry@trendmicro.com @jdsherry

Empfohlen

Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceTieu Luu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 

Empfohlen

Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceTieu Luu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attackisc2-hellenic
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpChinatu Uzuegbu
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Morakinyo Animasaun
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1Kabul Education University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 

Weitere ähnliche Inhalte

Was ist angesagt?

4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attackisc2-hellenic
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpChinatu Uzuegbu
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Morakinyo Animasaun
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 

Was ist angesagt? (18)

4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 

Ähnlich wie Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense

SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxBinod Rimal
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersCrawsec
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxRambilashTudu
 

Ähnlich wie Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense (20)

SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 

Mehr von Graeme Wood

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment Graeme Wood
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview Graeme Wood
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work? Graeme Wood
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service SegmentGraeme Wood
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewGraeme Wood
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Graeme Wood
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic ComputingGraeme Wood
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721Graeme Wood
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksGraeme Wood
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013Graeme Wood
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Graeme Wood
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marGraeme Wood
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 

Mehr von Graeme Wood (15)

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work?
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service Segment
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive Overview
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic Computing
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 mar
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 

Kürzlich hochgeladen

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense

  • 1. CyberCrime, CyberSpy, CyberWar – Looking back in order to protect the future JD Sherry VP of Public Technology and Solutions @jdsherry
  • 2. Discussion Outcomes I. How might organizations learn from elite hackers? II. Given the widespread use of APTs and the evolution of the cyber attack chain- how can advanced situational awareness be achieved? III. Predictions for 2013 and how can we counter measure?
  • 3. Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013 INFORMATION HAS BECOME YOUR MOST STRATEGIC ASSET Identify trends Understand customer behavior Analyze opportunities Discover efficiencies
  • 4. The New Reality • One new threat created every second 1 • A cyber intrusion happens every 5 minutes 2 • Over 90% of enterprises have malware 1 • Almost 75% have one or more bots 1 • Mobile malware outpacing PC malware – 350,000 Android pieces in 2012 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
  • 5. 2013 Cyber Attack Trends •DDOS-yes still… •Mobile Malware/Proximity attacks •Cross-Platform Attacks •Man-in-the-Browser Attacks •Watering Hole Attacks •MAC Attacks •Cloud Attacks/Island Hopping •SWATing
  • 6. • Localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks. • The malware used in targeted attacks will have destructive capacity, either as its primary intent or as a clean-up mechanism to cover the attackers’ tracks. • Social, political and economic indicators must be used in conjunction with technical indicators to fully assess and analyze targeted attacks. Targeted Attack Trends
  • 7. Offense Informs Defense: Stages of Attack 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. C&C 6. Lateral Movement 7. Exfiltration 8. Maintenance
  • 9. A Comparison of Eastern European and East Asian Blackhats
  • 10. The Greatest Trick the Devil Ever Pulled was Convincing the World that He Didn’t Exist… • Kevin Spacey aka Verbal Kint-“The Usual Suspects”
  • 11. Chinese Actors Gaining Headlines but… • Trend Micro has concluded that Eastern European hackers pose a greater threat than East Asian hackers • East Asian objectives: speed and cost-effectiveness. • Attacks are persistent, but use known vulnerabilities and malware and don’t hide their tracks as well. • Eastern European objectives: remain hidden throughout the operation and build online reputation. Attacks use custom malware and innovative techniques.
  • 12. Eastern European Tactics • Malware is innovative: RATs have all capabilities hard- coded internally; encrypted traffic, dynamic drop zones, complex command & control • Infrastructure is internal to the operation, or bulletproof hosts are carefully selected • Professionals who build a reputation over time; they respect and do not attack the motherland • Generally control their own servers, develop DNS servers, and create sophisticated traffic systems for attacks. Hallmark is to maintain total control.
  • 13. In the News… • Spanish police Ransomware-REVETON – $1M per year revenue stream – Victims tricked into paying attackers posing as law enforcement – Computers compromised as well – Trend Micro corroborates with Spanish police to bring down • South Korean media and banking attacks – Destructive Trojan/logic bombs that erased MBR • Sleep cycle set to cause mayhem on March 20 at 2PM. – Trend Micro provides intelligence prior to attack – All codes detected by APT hunter-Deep Discovery • Major Korean bank avoids major attack
  • 14. The Children of Stuxnet-
  • 15. ICS Attacks Become Mainstream
  • 16. Go where the money is… • 93.6% of the world’s currency is digital • 6.4% cash and gold • 95% of bank heists have an electronic vector – (FINCEN)
  • 17. Modern Day John Dillingers
  • 18. Banking Malware: Customized and Quiet • Citadel – modularized malware that steals online-banking credentials • TinBa- Tiny Banker 56K large- memory injection • SpyEye- Automated Transfer Systems • Eurograbber – multistaged attacks that compromise desktops and mobile devices • Gozi-Prinimalka – spring attack to be aimed at 30 U.S. banking institutions • High Roller - uses automation to drain high-value bank accounts
  • 19. Cybercrime or Cyber Warfare? -The Shadow Economy
  • 20. IaaS DMZ Mission Critical Servers Endpoints Internet Firewall Anti-malware IDS / IPS Today’s Enterprise Challenges SaaS • Data in motion • Social Media • Virtualization and Cloud • Traditional defenses bypassed by low and slow attacks
  • 21. How do you answer these questions? • Have you been targeted by an attack?  Unfortunately Yes!  Not sure? But would like to know! • How do you know?  Data breach, forensic analysis  Continuous Monitoring  Security audit  Incident response, alerts  Custom threat defense • Why are you being targeted? • What are they after?
  • 22. Detection Begins with Network Indicators • Changing C&C protocols requires considerable effort • Network traffic can be correlated with other indicators to provide proactive detection • Unknown threats may be detected by extrapolating methods and characteristics from known threat communication behaviors
  • 23. Mitigation Requires a Custom Defense
  • 24. Data Center Physical Virtual Private Cloud Public Cloud Cloud and Data Center Security Anti-Malware Integrity Monitoring Encryption Log Inspection Firewall Intrusion Prevention Data Center Ops Security
  • 25. Copyright 2013 Trend Micro Inc. Custom Defense Network-wide Detection Advanced Threat Analysis Threat Tools and Services Automated Security Updates Threat Intelligence Custom Sandboxes Network Admin Security
  • 26. Risk Management 101 6/5/2013 Copyright 2013 Trend Micro Inc. 1. Has the cyber security posture of all third parties been audited? 2. Is access to all sensitive systems and computers governed by two factor authentication? 3. Does a log inspection program exist? How frequently are they reviewed? 4. Does file integrity monitoring exist? 5. Can vulnerabilities be virtually patched? 6. Is MDM and Mobile Application Reputation software utilized? 7. Do you utilize a DLP? 8. Can you migrate your layered security into the cloud? 9. Do you maintain multi-level rule-based event correlation? Is there custom sandbox analysis? 10. Do you have access to global threat intelligence? 11. Can you transfer your risk?
  • 27. 27Copyright © 2013 Trend Micro Incorporated.All rights reserved. Thank You! jd_sherry@trendmicro.com @jdsherry