fiaaz walji sr. director websense canada. shift in attacks = shift in defense 2 2012 began with a...
TRANSCRIPT
![Page 1: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/1.jpg)
Fiaaz WaljiSr. DirectorWebsense Canada
![Page 2: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/2.jpg)
“Shift in attacks = shift in Defense”
2
• 2012 began with a report from IDC stating “Signature-based
tools (anti-virus, firewalls and intrusion prevention) are only
effective against 30% – 50% of current security threats
• Much of this can be attributed to how attacks have evolved to
specifically counter those defenses
• Websense® Security Labs™ team produced report on the key
threats and trends
![Page 3: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/3.jpg)
Behind the 2013 Threat Report
3
Data Collection
Threat Analysis
Expert Interpretation
![Page 4: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/4.jpg)
4
ThreatSeeker Network
Largest Security Intelligence NetworkUp to 5 billion requests per day
900 million global end points
400+ million sites per day
1 billion pieces of content per day
10+ million emails per hour2.5 billion URLs per day
![Page 5: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/5.jpg)
# Viruses undetected by Top 5 AV Engines
5
![Page 6: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/6.jpg)
Areas Covered in this Report
6
![Page 7: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/7.jpg)
7
Victims are Everywhere
![Page 8: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/8.jpg)
Victims are Everywhere
8
![Page 9: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/9.jpg)
9
![Page 10: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/10.jpg)
10
Social Media
Mobile
Attack Vectors
Web
Victims are funneled to the Web
Redirects
Malware
Recon
XSS
Dropper Files
CnCExploit
Kits
Phishing
![Page 11: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/11.jpg)
© 2012 Websense, Inc. Proprietary and Confidential
Lure Redirect ExploitKit
DropperFile
CallHome
DataTheft
Victims are funneled to the Web
Recon
CYBER KILL CHAIN
![Page 12: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/12.jpg)
Web Threats
12
![Page 13: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/13.jpg)
13
Web traffic To FI’s
SOURCE: COMSCORE
![Page 14: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/14.jpg)
Top 5 most popular types of sites compromised
14
![Page 15: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/15.jpg)
Key Take Away
15
The web is both an attack vector AND
support for other attack vectors.
![Page 16: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/16.jpg)
16
![Page 17: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/17.jpg)
Social Media Adoption in Canada
17
Source: Comscore
![Page 18: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/18.jpg)
18
Social Media Threats
Presidents Family Emails, Photos Apparently Hacked ow.ly/hxY2a
of malicious links in social media used
shortened web links32%
8. CANADA
![Page 19: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/19.jpg)
KEY TAKE AWAY
19
As social media use increased in the
workplace, so did the exposureof sensitive information
![Page 20: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/20.jpg)
20
![Page 21: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/21.jpg)
Mobile Phone Penetration by country
21
RANK COUNTRY # MOBILE PHONES % OF POPULATIONWORLD Over 5.6 billion 80%
1 CHINA 1,020,000,000 75%
2 INDIA 919,170,000 76%
3 USA 327,577,529 103%
4 BRAZIL 250,800,000 130%
5 INDONESIA 250,100,000 105%
6 RUSSIA 224,260,000 154%
35 CANADA 25,543,862 74%
![Page 22: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/22.jpg)
2222
Source: Comscore ; Dec 2011
British Columbia ranks #1 in Canada in smartphone/capita
43% of
Canadian
smartphone
subscrib
ers own a
connected
device
![Page 23: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/23.jpg)
23232323
of Canadians with Smartphones would
consider using them like credit cards.
CIBC poll by Harris/Decima Jul 2012
47%
![Page 24: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/24.jpg)
24
More Canadians are
accessing online
banking through their smartphones
SOURCE: COMSCORE
![Page 25: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/25.jpg)
25
Method of Access
SOURCE: COMSCORE
![Page 26: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/26.jpg)
26
26
1 Billion Apps were
downloaded in the last week of
2012
Source: Flurry
![Page 27: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/27.jpg)
27
• Social Media:#2 use of Smartphones
• Lost Device
• Malicious URLs
• Exploitable technologies
• App Stores
Mobile Threats
![Page 28: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/28.jpg)
28
• SMS abused by 82 percent of malicious apps– SEND_SMS
– RECEIVE_SMS
– READ_SMS
– WRITE_SMS
• 1 in 8: RECEIVE_WAP_PUSH
• 1 in 10: INSTALL_PACKAGES
Mobile Apps
Malicious "Top 20" Android Permission Type
Legitimate "Top 20"
1 INTERNET 12 READ_PHONE_STATE 33 SEND_SMS X4 WRITE_EXTERNAL_STORAGE 45 ACCESS_NETWORK_STATE 26 RECEIVE_SMS X7 READ_SMS X8 RECEIVE_BOOT_COMPLETED 119 CALL_PHONE 17
10 WAKE_LOCK 911 ACCESS_COARSE_LOCATION 612 VIBRATE 813 RECEIVE_WAP_PUSH X14 ACCESS_FINE_LOCATION 715 WRITE_SMS X16 ACCESS_WIFI_STATE 517 GET_TASKS 1018 SET_WALLPAPER 1419 READ_CONTACTS 1520 INSTALL_PACKAGES X
Malicious "Top 20" Android Permission Type
Legitimate "Top 20"
1 INTERNET 12 READ_PHONE_STATE 33 SEND_SMS X4 WRITE_EXTERNAL_STORAGE 45 ACCESS_NETWORK_STATE 26 RECEIVE_SMS X7 READ_SMS X8 RECEIVE_BOOT_COMPLETED 119 CALL_PHONE 17
10 WAKE_LOCK 911 ACCESS_COARSE_LOCATION 612 VIBRATE 813 RECEIVE_WAP_PUSH X14 ACCESS_FINE_LOCATION 715 WRITE_SMS X16 ACCESS_WIFI_STATE 517 GET_TASKS 1018 SET_WALLPAPER 1419 READ_CONTACTS 1520 INSTALL_PACKAGES X
![Page 29: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/29.jpg)
KEY TAKE AWAY
29
Data stored on and accessed through a mobile device are at
risk
minimal control of web, email and social media traffic and
access.
Lost devices are also a risk.
![Page 30: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/30.jpg)
30
![Page 31: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/31.jpg)
31
• Only 1 in 5 emails weresafe and legitimate
Email Threats
Email Breakdown by Content & URLsEmail Breakdown by Content Only
![Page 32: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/32.jpg)
32
• 92% of Spam emails contain URLs
• Spam distribution rate: 250,000 per hour
Spam
Top 5 Malicious Web Links in Spam Email1 Potentially Damaging Content Suspicious sites with little or no useful content.2 Web and Email Spam Sites used in unsolicited commercial email.3 Malicious Websites Sites containing malicious code.4 Phishing and Other Frauds Sites that counterfeit legitimate sites to elicit information.5 Malicious Embedded iFrame Sites infected with a malicious iframe.
![Page 33: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/33.jpg)
• Increasingly focused on Commercial & Govt
• 69% sent on Mondays & Fridays
• More Targeted
– Regionalized
– Spear phishingon the rise
Phishing
33
Top 5 Countries Hosting Phishing
![Page 34: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/34.jpg)
KEY TAKE AWAYS
34
Email-based threats evolved significantly to circumvent keyword, reputation and
other traditional defenses.
Increased spear-phishing.
Cybercriminals added a “time-delay” to some targeted attacks,
>50% of users accessed email from outside the corporate network.
![Page 35: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/35.jpg)
35
![Page 36: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/36.jpg)
36
Top 10 Countries Hosting Malware
United StatesRussian Federation
GermanyChina
MoldovaCzech RepublicUnited Kingdom
FranceNetherlands
Canada
Organizations can no longer dismiss malware threats as solely an English-language or American phenomenon.
![Page 37: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/37.jpg)
• More aggressive
– 15% connected in first 60 sec.
– 90% requested information
– 50% accessed dropper files
37
Malware
![Page 38: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/38.jpg)
38
Top 10 Countries Hosting CnC Servers
![Page 39: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/39.jpg)
KEY TAKE AWAY
39
Today’s malware is more dynamic and agile, adapting to an infected system
within minutes.
Half of web-connected malwaredownloaded additional executables in
the first 60s
The remainder proceeded more cautiously—often a calculated response to bypass short-term sandbox defenses
![Page 40: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/40.jpg)
40
![Page 41: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/41.jpg)
41
Data Theft
Planned data theft attacks through cyberspace grew last year, targeting high value intellectual property (IP) and using all available vectors
PII value/target remained flat
![Page 42: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/42.jpg)
KEY TAKE AWAY
42
Remove temptation ;
mitigate accidental loss through
security improvements
address growing SSL/TLS usage,
provide an integrated approach
to monitoring and controlling
both inbound and outbound
content
![Page 43: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/43.jpg)
© 2012 Websense, Inc. Proprietary and Confidential
Lure Redirect ExploitKit
DropperFile
CallHome
DataTheft
Real World Example: Boston Tragedy
Recon
Shocking news
lures in email &
SEO leading to the web
redirect.
Video page of
the drama with a hidden
malicious iFrame
Redkit exploit kit leverages
CVE-2013-0422, an
Oracle Java 7 known
vulnerability.
Two known bot infection
files allowing remote
control of infected system.
Two known botnet
families registers
newly infected systems
&opens to commands
Cyber criminals
now control infected systems
and targeted
data
topical or event-based campaigns, attempts to
propagate as widely as possible,
rather than being directed
at specific individuals or
organizations.
![Page 44: Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,](https://reader037.vdocuments.us/reader037/viewer/2022103111/5518c1d1550346a61f8b55df/html5/thumbnails/44.jpg)
44
Conclusion• Primary attack foundation was the Web
– Threats increased across all vectors
– Attacks grew more: Aggressive ; Dynamic ; Multi-staged ; Multi-vector
• Defenses must adapt:
– Real-time point-of-click ; Inbound & outbound ; Content & Context inspection
• MDM capabilities must be augmented
– defenses to control mobile access ; perform real-time analysis of potentially malicious content across all vectors.
• Email security requires real-time threat analysis
– Must be coordinated with web, mobile and other defenses.
• Malware defenses need to monitor both inbound and outbound
– HTTP and HTTPS traffic to prevent infection and detect CnC communications