how to reduce avenues of attack: using intel to plan for cyber threats in 2017
TRANSCRIPT
Today’s Speakers
2
Adam MeyerChief Security StrategistSurfWatch Labs
Aaron BayChief Intelligence AnalystSurfWatch Labs
Top Cybercrime Targets from
2016
3
SurfWatch Labs collected data on more
than 6,000 targets associated with
cybercrime in 2016 - from open and dark
web sources
Prime Healthcare Services Inc
21st Century Oncology Holdings, Inc.
Top Cybercrime Targets from
2016
4
SurfWatch Labs collected data on more
than 6,000 targets associated with
cybercrime in 2016 - from open and dark
web sources
Interconnectivity Creates Many Avenues of Attack
5
Cybercriminals shift their tactics to find openings via side doors:• Expanding number of
vulnerable IoT devices
• Supply chains are increasingly being targeted
• Default, easy-to-guess, and/or re-used credentials are used in additional attacks
Driving Better Security Outcomes with Practical Threat Intelligence
6
• It is important to understand cybercriminals’ capability, intent and opportunity…
BUT
• You can really only control their level of opportunity by minimizing your vulnerable “level of presence”
THREATCAPABILI
TY INTENT
OPPORTUNITY
Exploring the Threat Triangle in the Context of Your Business
7
YOU
THREATCAPABILI
TY
OPPORTUNITY
INTENT
BRAND
LOYALTY
LEVEL OF PRESENCEOPE
N SOURCE
INFRASTRUCTURE
DARK WEB
CONTROLSREGULA
TORY
RISK
INTERNALTR
USTREPUTATION
Cybercrime Trend #1: Rise of the IoT Botnets
8
“Smart” devices provide convenience, but also create a wider attack surface• Proliferation of devices
• DDoS attacks
• Ease of weaponization – ala Mirai, which weaponizes vulnerable IoT devices
Distribution of Mirai Botnet in October attack
IoT Botnets Driving a Surge in Service Interruption
9
The percent of negative CyberFacts related to “service interruption” surged in the fourth quarter of 2016 due to attacks and concern around Mirai and other IoT-powered botnets.
Cyber Forecast: Expect Increasingly Creative IoT Attacks in 2017
10
• More devices being developed + more consumer and commercial use = More devices to target
• Cybercriminals are always looking for new opportunities
• As-a-service attack capabilities for sale on the Dark Web right now
Practical Risk Mitigation Steps You Can Take
11
1. Treat “smart” devices as an IT asset. Anything that is connected to the internet - i.e. a smart light bulb - should be treated as network device.
2. Focus on the basics. Segment your IoT devices on the network in their own zone (similar to BYOD segmentation).
3. Stay current and aware of relevant cyber threats within this technology area. Even better, ensure you have visibility of risks within your digital supply chain and your business.
Cybercrime Trend #2: Supply Chains Are a Weak Link
12
• Target was the first big “supply chain” breach that made headlines, but the problem has only grown larger over the years
• Percentage of targets publicly associated with 3rd party cybercrime nearly doubled over the last year
• NOTE – many breach announcements do not disclose the root cause
• Healthcare sector hit hard
More Cybercrime Tied to 3rd Parties
Supply Chain Threats Impact Many Industries
13
• Malvertising through online ad networks
• Data breaches via 3rd party PoS providers
• Financial thefts via ATM vulnerabilities
• Patient info stolen via 3rd party organizations being hacked/poorly secured
While many industries impacted, the effects varied:
Cyber Forecast: Your Level of Presence Will Continue to Grow – As Will Your Risk
14
• Supply chain accounts for a large part of your digital footprint
• Greater risk of fraud, extortion, ransom, compromised accounts, exploited assets, DDoS attacks
YouAre
Here
Or Here
Or Here
Practical Risk Mitigation Steps You Can Take
15
1. Ensure vendors are properly managing data and access credentials. Poor security practices and errors among 3rd parties regularly lead to unauthorized access and sensitive information being exposed.
2. Gain visibility of who is connected to your organization. Know who you’re working with, continue to evaluate their cyber risks and understand how they are digitally connected to you.
3. Look at threat activity outside your organization – as well as obviously from within. Threat intelligence provides insights as to where to focus your resources most effectively. The best approach leverages both internal and external intel – so you have a complete picture of risk.
Cybercrime Trend #3: Expanding Sea of Compromised Info
16
Password Reuse Makes Old Breaches New Again• More than 500 million accounts
breached in 2016
• Many users often reuse passwords across multiple sites
• Automation of credential stuffing
Stolen/Leaked Credentials Remain a Big Problem
17
Three of the largest data breach announcement ever in terms of compromised accounts was the reason for the dramatic spike in stolen/leaked credentials in 2016.
Cyber Forecast: Compromised Credentials Will Spawn New Breaches
18
What is Similar About These Companies?• Github
• Citrix
• Carbonite
• TeamViewer
• LogMein, Inc.
All were high-profile victims of password reuse attacks
Practical Risk Mitigation Steps You Can Take
19
1. Combat the ongoing and pervasive issue of password reuse. Educate employees. Implement policies around unique passwords. Require multi-factor authentication.
2. Be cautious of the amount of information freely provided. Public information is often used in social engineering attacks. One piece of info can be used to gain another piece, until the attackers have enough of the puzzle figured out.
3. Monitor dark web markets and sites such as Pastebin. These are examples of sites where bad actors publish or sell data dumps. Knowing if your company is associated with any of these can help you mitigate risk.
20
Completing YourCyber Risk Picture
Goals
Strategy
Tactics
Techniques
Procedures
Tools
Host & Network Artifacts
Atomic Indicators
What they want
(INTENT)
How they will get it CAPABILITY
Evidence of Presence
Design
Implementation
Technical Flaws
User Interaction
Vulnerabilities Present Due to:
21
Completing YourCyber Risk Picture
Goals
Strategy
Tactics
Techniques
Procedures
Tools
Host & Network Artifacts
Atomic Indicators
What they want
(INTENT)
How they will get it CAPABILITY
Evidence of Presence
Design
Implementation
Technical Flaws
User Interaction
Vulnerabilities Present Due to:
What You DO Control
What You DO NOT Control
Q&A and Additional SurfWatch Labs Resources
23
SurfWatch Cyber Advisor:www.surfwatchlabs.com/cyber-advisor
Dark Web Intelligence: www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demonstration:info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence