Download - CSO PK DBIR Sharing.pdf
![Page 1: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/1.jpg)
![Page 2: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/2.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
LEARNING EXPERIENCES FROM VERIZON BREACH INVESTIGATIONS
Kenneth Hee Director, APAC Identity Management & Security
![Page 3: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/3.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
![Page 4: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/4.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
2014 Verizon Data Breach Investigations Report
50 CONTRIBUTING GLOBAL ORGANIZATIONS
1,367 CONFIRMED DATA BREACHES
63,437 SECURITY INCIDENTS
95 COUNTRIES REPRESENTED
95 THE UNIVERSE OF THREATS
MAY SEEM LIMITLESS,
BUT 92% OF THE 100,000
INCIDENTS VERIZON
ANALYZED FROM THE LAST 10
YEARS CAN BE DESCRIBED BY
JUST NINE BASIC PATERNS.
%
![Page 5: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/5.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
50 Contributors from Around the World
![Page 6: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/6.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
HOURS
DAYS
WEEKS
The Threat Landscape is Changing
Cyber attacks happen faster and more often than ever—and they're harder to discover.
FREQUENCY
Multiple attacks
happen per second.
COMPROMISE
87% of point-of-sale attacks
compromised systems in
minutes or less.
DISCOVERY
62% of cyber-espionage
breaches took months
to discover.
SECONDS MINUTES MONTHS
![Page 7: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/7.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
All Industries are affected
![Page 8: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/8.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Motive
![Page 9: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/9.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 9
Organized Crime
55%
Espionage
24% Hacktivists
2%
Source: Verizon Data Breach Investigations Report, 2013
![Page 10: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/10.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 10
Hacktivists
Industry: Target: Source: Methods:
Information, public, other services Personal information, credentials, organizational data Western Europe and North America SQL injections and stolen credentials
Source: Verizon Data Breach Investigations Report, 2013
![Page 11: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/11.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 11
Espionage
Industry: Target: Source: Methods:
Manufacturing, professional, and transport Credentials, internal data, trade secrets Worldwide Malware, social, command and control
Source: Verizon Data Breach Investigations Report, 2013
![Page 12: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/12.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 12
Organized Crime
Industry: Target: Source: Methods:
Finance and Retail Payment cards, credentials, and bank accounts Eastern Europe and North America Brute force hacking and malware
Source: Verizon Data Breach Investigations Report, 2013
![Page 13: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/13.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Merchant
Issuing Bank (Consumer Bank)
Card Holder (Consumer)
Payment Card Processors
TranUnion Equifax Experian Korea Credit Bureau
7-Eleven Woolworths
Lotte
Credit Bureaus
Commonwealth Citibank Agricultural Bank of China
PNC BluePay PayPal Merchant One
BC Card, Korea Samsung Card NAB, Australia Citibank, Singapore
Collection Agency
SquareTwo Euler Hermes Atradius
Payment Card Industry Acquiring Bank
(Merchant Bank)
13
Follow The Money
![Page 14: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/14.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Attacker phishes third party contractor
Malware sends credit card data to internal server; sends custom ping to notify
Malware scrapes RAM for clear text credit card stripe data
Finds and infects internal Windows file server
Attacker uses stolen credentials to access contractor portal
Stolen data exfiltrated to FTP Servers
Finds & infects point of sale systems with malware
PERIMETER
Anatomy of a Breach Millions of consumers effected
14
![Page 15: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/15.jpg)
5 Years of Threat Actions
![Page 16: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/16.jpg)
5 Years of Threat Actions: Phishing leading to Stolen Credential
![Page 17: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/17.jpg)
5 Years of Threat Actions: RAM Scrapers
![Page 18: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/18.jpg)
5 Years of Threat Actions: RAM Scrapers and Keyloggers
![Page 19: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/19.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 19
Stolen Credentials
1. Attacker phishes privileged employee or contractor
2. Steals privileged user credentials
3. Uses credentials to access sensitive data, hiding under radar
![Page 20: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/20.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 20
SQL Injection Attack
statement = "SELECT * FROM users
WHERE name ='" + userName + "';"
1. Attacker inserts bad SQL into web application field
2. SQL takes advantage of application code vulnerability
3. Injection communicates through to database and reads/writes to data
Name: Address: Phone:
![Page 21: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/21.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 21
Data breaches detected by anti-virus programs or intrusion detection systems
0%
Source: Verizon 2013 Data Breach Investigations Report
![Page 22: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/22.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 22
THE RISKS ARE INSIDE SIMPLE GOVERNANCE CAN REDUCE THE RISK EXPOSURE
80%
TARGET WEAK PASSWORDS
85%
ATTACKS TAKE 5 MINUTES OR
LESS
76%
OF ORGANIZATIONS TAKE 6 MONTHS+
TO PATCH DB’s
50%
MALWARE PROPOGATE BY
MISCONFIGURATION
VDIR 2014 VDIR 2014 IOUG 2013 VDBIR 2014
![Page 23: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/23.jpg)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 23
Discover
Classify
Risk
Analysis
Audit
Controls
Risk
Mitigation
Quality of
Service approach
that aligns with business
requirements and
automates controls.
Establishes ongoing
TAKE A SYSTEMATIC VIEW
![Page 24: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/24.jpg)
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 24
INSIDE OUT
SECURITY DEFENSE IN-DEPTH
SECURE WHAT’S STRATEGIC
![Page 25: CSO PK DBIR Sharing.pdf](https://reader034.vdocuments.us/reader034/viewer/2022051517/5695d1331a28ab9b029590d3/html5/thumbnails/25.jpg)