Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
•Als PPTX, PDF herunterladen•
0 gefällt mir•738 views
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (19)
Ähnlich wie Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Ähnlich wie Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015 (20)
Mehr von Ingram Micro Cloud
Mehr von Ingram Micro Cloud (19)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
- 1. Nightingale Floors: Mitigating Cyber Attacks in 2015 Tom Kellermann, CISM Chief Cybersecurity Officer, Trend Micro Inc.
- 2. History Repeats Itself Copyright 2015 Trend Micro Inc.
- 3. Advanced Malware Targeted Attacks Advanced Malware Targeted Attacks Employee Data Leaks Traditional Malware Vulnerability Exploits 300K new malware programs daily!
- 4. Arms Bazaar of Attack Code
- 5. Thriving Market Malware offered for $249 with a service level agreement (SLA) and replacement warranty if the creation is detected by any antivirus within 9 months Copyright 2014 Trend Micro Inc.
- 6. Malware checking Botnet Framework Bulletproof hosting Exploit Kit DDOS Attack for 24 hours Dropper file and crypt Modules $30 $125 monthly onetime $50 $40 $0$52 $38 $120 $0 $20 $205$70 $80$8 Total: $238 $600 Menu for Full Service Hacking
- 7. Stratagems of Elite Hackers
- 9. Destroy the Forensics Copyright 2015 Trend Micro Inc.
- 11. Watering Hole Attacks: 28% in the USA Source: Trend Micro Q3’14 Treat Roundup Report
- 12. Island Hopping and Secondary Infections
- 13. The Evolution of Mobile Attacks
- 15. Geopolitics as Harbingers for Attack
- 16. Operation Pawn Storm Copyright 2015 Trend Micro Inc.
- 17. What are the Impacts of Targeted Attacks? Strategic Costs CareerRisks
- 18. Offense Must Inform Defense: Spin the Chess Board
- 19. Trends of Attack 2015 • IOS will become the bull's-eye of malware. • Zero Day’s for Web applications explode. • Cloud App Attacks. • Secondary infections are leveraged to facilitate long-term campaigns against the fortune 100. • Ransomware • The use of destructive payloads as part of counter incident response. 3/19/2015
- 21. Advanced Malware Detection Attacker Activity Detection Threat Impact Assessment Contextual Threat Analysis
- 22. Detect malware, C&C, and attacker activity invisible to standard defenses Analyze the risk, context, timeline and full extent of the attack Respond with automatic security updates & the insight to shut down the attack Custom Defense is the Foundation Custom Defense Advanced Malware Detection Contextual Threat Analysis Automated Security Updates Command & Control Detection Attacker Activity Detection Threat Impact Assessment
- 23. Risk Management 1. Conduct Pen test of all third parties. 2. Use Two-factor authentication. 3. Utilize a host based intrusion prevention system. 4. Deploy file integrity monitoring. 5. Implement virtual shielding for zero day exploits. 6. Deploy both an MDM and Mobile Application Reputation software. 7. Sandbox your cloud apps. 8. Implement whitelisting. 9. Manage the crypto keys for your cloud data. 10. Web Application Security (OWASP). 11. Deploy context aware Threat Intelligence. 12. Utilize a Breach Detection System.
- 24. Securing your journey to the cloud
Hinweis der Redaktion
- The intent of this slide is to provide the customer with an initial glide path to understand the reasons why targeted attacked can out maneuver their existing defenses. Here are the key points to make: Attacks have evolved in complexity from being opportunistic to targeted. Malware is being designed and customized to serve a definitive purpose of breaching a specific organization. As such, security defenses which were designed with detecting and stopping ‘mass attacks’ are no longer capable of identifying unknown attacks or evolving attack methods. As such… although they remain of value and a vital part of a layered defense… they need to be enhanced. Employee Data Leaks ?? Traditional Malware – typically widely distributed and used on for opportunistic attacks. These are a form of ‘virus” with generic functions such as stealing passwords or data. These types of threats are typically dealt with using signatures for purposes of detection and blocking in technologies such as firewalls, intrusion prevention and intrusion detection systems Vulnerability Exploits – attackers take advantage of buffer overflows, memory dumps and other ‘software and/or security bugs” to encroach on and extract data from a desktop, server or other device. These types of threats are typically address by vulnerability patching, IPS and IDS products. Advanced Malware – attackers establish a foothold on a trusted device and use it as a launching pad to access other areas of your network and exflitrate information. In addition, this form of malware tends to contain subroutines and processes to create the perception of legitimate access and purpose. The malware can automate the selection of IP addresses, communication protocols and other techniques. Detecting this form of malware requires analysis of network traffic, heuristics, algorithms and malware analysis capabilities. Targeted Attacks - Similar to a bank heist, attackers research their target and identify the security, processes, and location of what they want to steal. After completing advance reconnaissance they devise a detailed plan of attack, custom design and build their attack code, test their plan of attack and then execute. The key design criteria is to evade detection, enable freedom of movement within your network and access to the assets they wish to target. In so doing attackers will take whatever means are at their disposal. If it is clear that you have a hardened means to monitor web traffic , they will use another protocol. They will determine how your firewall is configured and what ports might yield safe passage. They will attempt to erase their footprints and ensure they can move within your network and improve their intelligence on your environment through every stage of the attack. By the time you are aware they have what they want, have likely already turned it into cash and are either long gone, or have come back for more.
- Island Hopping and Secondary Infections: The targeted attacks against the “virtual supply chain” of financial insitutions abound. In addition to this new dynamic of counterparty risk, there is widespread utilization of previously installed backdoors within trusted systems to leverage a secondary infection. Backdoors—applications that open computers to remote access—play a crucial role in targeted attacks. Often initially used in the second (point of entry) or third (command-and-control [C&C]) stage of the targeted attack process, backdoors enable threat actors to gain command and control of their target network.
- Unexpected Impacts Unexpected Strategic Impacts Loss of brand equity & revenue (The Interview) Loss of intellectual property Deterioration / loss of intangible assets: technology, market, customer, operational practices etc Erosion of market value (ex: Target) Unexpected Costs: internal investigation & post attack clean up regulatory filings and external investigation. EMC/RSA breach being estimated at $66 million. Target is claiming over $1 billion Unexpected Risks: Litigation by shareholders, customers, employees, or suppliers Your network being used as a beachhead to launch attacks Third party access and island hoping Unexpected Career Impacts: Scapegoat effect Resignation of Target CEO and CIO despite being “PCI compliant” Board of Director’s and Executives face risk to their reputation and personal market value …. they need advise and direction
- "control-unit" prisons, or units within prisons, which represent the most secure levels of custody in the prison systems of certain countries. The objective is to provide long term, segregated housing for inmates classified as the highest security risks in the prison system—the "worst of the worst" criminals, and those who pose a threat to national and international security. Although APTs are extremely difficult to detect, the following is a list of common telltale signs that your organization may have been compromised by an APT. ; Finding system exploit code embedded in email attachments or delivered via Web pages. ; Increase in elevated logons late at night. ; Outbound connections to known CnC servers. ; Finding widespread backdoor Trojans on endpoints and/or network file shares. ; Large, unexpected flows of data from within the net- work — from server to server, server to client, client to server, or network to network. ; Discovering large (I’m talking gigabytes, not mega- bytes) chunks of data appearing in places where that data should not exist. Be especially wary if you find compressed data in formats not normally used by your organization. ; ; A major reason why organizations fail to identify APT attacks is because their security devices are only (or mainly) config- ured to examine inbound traffic at the perimeter. Acquiring and/or configuring security solutions to inspect outbound traffic significantly improve your chances of detecting APTs and other cyber attacks.
- APTrap is an environment in which analysts can study APT actors’ tools, tactics, and procedures (TTPs). The basic idea behind APTrap is to create a realistic yet isolated environment that APT actors are allowed to breach, move , exploit, and exfiltrate data while all of their actions are captured in non-obvious ways. Analysts can then do a detailed analysis on the data captured to (1) understand the mindset of the attackers, (2) gain insight into what tools they use and how they use them, and (3) learn more about the goals behind the actual intrusion by examining what data they may be searching for and how they exfiltrate it.