Download - Follow the Money, Follow the Crime

© 2012 IBM Corporation

IBM Security Systems

1© 2013 IBM Corporation

Follow the Money, Follow the Crime

19th March 2014



Agenda

IBM X-Force Threat Intelligence Quarterly 1Q 2014– Michael Hamelin, Lead X-Force Security Architect

CTO Office, IBM Security Systems

Protecting Enterprise Endpoints against Advanced Malware with Trusteer Apex– Dana Tamir, Director of Enterprise Security

Trusteer, an IBM Company

Connect with IBM Security

Questions?




IBM X-Force Threat Intelligence Quarterly1Q 2014

Michael HamelinLead X-Force Security ArchitectCTO Office, IBM Security Systems



X-Force is the foundation for advanced security and threat research across the IBM Security Framework



At IBM, the world is our security lab

v13-016,000+IBM researchers, developers, and subject matter experts focused on security

3,000+IBM securitypatents

Security Operations Centers

Security Research and Development Labs

Institute for Advanced Security Branches



6

Collaborative IBM teams monitor and analyze the changing threat landscape

Coverage

20,000+ devices under contract

3,700+ managed clients worldwide

15B+ events managed per day

133 monitored countries (MSS)

1,000+ security related patents

Depth

17B analyzed web pages & images

40M spam & phishing attacks

76K documented vulnerabilities

Billions of intrusion attempts daily

Millions of unique malware samples



7

Attackers optimize and refine target selection



8

more than

half a billion recordsof personally identifiable information (PII) were leaked in 2013



9



10

What is the impact of a data breach

and

Where are customer’s most affected?



11

Weaponized content focused on end user apps



12

Attackers use exploit kits to deliver payloads

Blackhole Exploit KitMost popular in 2013Creator arrested in

October

Styx Exploit KitRising in popularitySuccessful in exploiting IE

and Firefox on Windows



13

Effectively targeting end users

MalvertisingWatering Hole Attacker injects malware

on special interest website Vulnerable niche users

exploited

Attacker injects malwareon ad network

Malicious ad embedded on legitimate websites

Vulnerable users exploited



14

Production Applications

Developed in house Acquired Off-the-shelf commercial

apps

In-house development Outsourced development

Applications in Development

Web app vulnerabilities: the dominant threat



15

Vulnerabilities designed to gain additional or unauthorized access

ExploitationGain accessXSS typically attacks web apps



16

Declines in key reporting – Web App Vulns

Could indicate…Better job at writing secure web applications

CMS systems & plugins maturing as older vulns are patched

Attacks continue…XSS, SQLi exploitation still observed in high numbers



17

Declines in key reporting – True Exploits

Two Categories trackedProof-of-concept codeFully functional programs capable of attacks are true exploits

Continue to decreaseLowest levels we’ve seen in past 5 years




Protecting Enterprise Endpoints against Advanced Malwarewith Trusteer Apex

Dana TamirDirector of Enterprise Security

Trusteer, an IBM Company



19

About Trusteer



20

APTs and Targeted AttacksThe Tool of Choice: Exploits and Advanced Malware

The Entry Point:

–Vulnerable User Endpoints

The Means:

–Exploits, Drive-by Download–Advanced Malware–Compromised Credentials



21

Vulnerability disclosures leveled out in 2013, but attackers have

plenty of older, unpatched systems to exploit.

60% of the exploits target vulnerabilities that have been publicly known for over 12 months!!!



22

Do you patch applications?

22

Source: Ponemon



23

The Threat Lifecycle

Exploit Chain Data Exfiltration

Data Exfiltration Prevention

Exploit Chain Disruption



24

Controlling Strategic Chokepoints To break the threat lifecycle

# of

Typ

es

Attack Progression

Weaponized Content: Endless

(IPS, Sandbox)

Unpatched and zero-day vulnerabilities:

Many (Patching)

Ways to deliver and

infect:Hundreds

Malicious Files: Endless

(AV, Whitelisting)

Ways to establish communication

channels:Hundreds

Destinations:

Endless(C&C traffic detection)

Strategic Chokepoint

Strategic Chokepoint

Malicious Behavior:

Many(HIPs)

Data exfiltrationExploit Chain



25

Trusteer Apex: 3 Security Layers



26

A few words about Java

A powerful yet dangerous application:

Did you know that…

Java is installed on ~85% of the desktop computers.

Google Analytics



27

… combined with a presence in every enterprise makes Java the

top target for exploits.

explosive growth of Java vulnerabilities…



28

Most successful Java exploits are applicative, exploiting

vulnerabilities related to the Java security manager and bypassing native OS-level protections.

Applicative exploits Difficult to defend Gain unrestricted privileges Bypass native OS-level protections

Native exploits Buffer Overflow Illegal memory use Use-after-free



29

Java Execution Should be Monitored and Controlled

Prevent Exploitation of both Native and Applicative Vulnerabilities

Execution of Java code on the endpoint must be restricted–Fine grained control is needed

Oracle’s solution: Allow execution of signed JARs –Not good enough



30

Connect with IBM Security

Follow us at @ibmsecurity and @ibmxforce

X-Force Security Insights blog at www.SecurityIntelligence.com/x-force

Download IBM X-Force Threat Intelligence Reports http://www.ibm.com/security/xforce/

Trusteer Apex https://www.trusteer.com/products/trusteer-apex

http://www.twitter.com/ibmsecurity

http://www.twitter.com/ibmxforce

http://www.securityintelligence.com/x-force

http://www.ibm.com/security/xforce/

https://www.trusteer.com/products/trusteer-apex

http://www.twitter.com/

http://www.twitter.com/

http://blogs.iss.net/

http://blogs.iss.net/



31

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

http://www.ibm.com/security

http://www.ibm.com/security

Download - Follow the Money, Follow the Crime

Top Related