security heartbeat – teamplay vs best of breed · 2019-11-01 · sophos im Überblick web...
TRANSCRIPT
Sicherheit-als-SystemWie unterstützt uns die künstliche Intelligenz
vom Endpunkt bis zur zentralen Firewall?
Yannick EscuderoSnr. Sales Engineer - Sophos
Sophos im Überblick
EndpointMobileEncryptionServerWeb Wireless Email SophosCentral
Firewall
• 1985 in Oxford, UK gegründet
• $768 Millionen Umsatz in FY18
• 20% Wachstum/Jahr - vgl. IT-Security-Markt = 7%
• > 3.500 Mitarbeiter, davon ca. 500 in DACH
• 330.000+ Kunden
• 100+ Millionen User
• 39.000+ Channel Partner
• Gartner: Marktführer in den Bereichen Endpoint, Firewall & Verschlüsselung
Künstliche Intelligenz
Geheimdienste vs Cyberkriminelle
Faktencheck
The N.S.A. - the only part of government that actually listens
The Fiscal Year 2019 budget request included a request of $59.9 billion for the National Intelligence Program (NIP)* https://fas.org/irp/budget/
7
Weil Hacker die gesamte IT-Infrastruktur der Haustechnikerfirma Meier Tobler lahmlegten, konnte das Unternehmen vier Arbeitstage keine Waren ausliefern. Nun ist klar: Der Schaden geht in die Millionenhöhe.Der im Juli erfolgte Cyberangriff auf die Haustechnikerfirma Meier Tobler hat finanzielle Folgen für das börsenkotierte Unternehmen. Konkret rechnet Meier Tobler für das gesamte Geschäftsjahr 2019 mit einer Umsatzeinbusse von rund 5 Millionen Franken.
*https://www.bluewin.ch/de/digital/hacker-kosten-meier-tobler-millionen-289111.html
010001, 0kilobypt, 24H Ransomware, 4rw5w, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Allcry, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, Anatova, AnDROid, AngryDuck, Annabelle 2.1, Anubi, Anubis, AnubisCrypt, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, AresCrypt, Argus, Armage,
ArmaLocky, Arsium, ASN1 Encoder, Ataware, Atchbo, Aurora, AutoLocky, AutoWannaCryV2, AVCrypt, Avest, AxCrypter, aZaZeL, B2DR, BadBlock, BadEncript, BadRabbit, Bam!, BananaCrypt, BandarChor, Bart, Bart v2.0, BasilisqueLocker, BigBobRoss, Bisquilla, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer, Bitshifter, BitStak, BKRansomware, Black Feather, Black Shades, BlackHeart, Blackout, BlackRuby, Blind, Blind 2, Blocatto, BlockFile12, Blooper, Blue Blackmail, BoooamCrypt, Booyah, BrainCrypt, Brazilian Ransomware, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, BTCWare PayDay, Bubble, Bucbi, Bud, BugWare, BuyUnlockCode, Cancer, Cassetto, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, ChaCha, Chekyshka, Chimera, ChinaYunLong, ChineseRarypt, CHIP, ClicoCrypter, Clop, Clouded, CmdRansomware, CockBlocker, Coin Locker, CoinVault, Comrade
Circle, Conficker, CorruptCrypt, Cossy, Coverton, Cr1ptT0r Ransomware, CradleCore, CreamPie, Creeper, Cripton, Cry128, Cry36, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt0r, Crypt12, Crypt38, CryptConsole, CryptConsole3, CryptFuck, CryptGh0st, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3,
CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptoPokemon, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CSP Ransomware, CTB-Faker, CTB-Locker, CXK-NMSL, D00mEd, Dablio, Damage, DarkoderCryptor, DataKeeper, Dcrtr, DCry, DCry2.0, Deadly, DeathNote, DecryptIomega, DEDCryptor, Defender, Defray, Defray777, DeriaLock, Dharma (.cezar Family), Dharma (.dharma Family), Dharma (.onion Family), Dharma (.wallet Family), Digisom, DilmaLocker, DirtyDecrypt,
Dishwasher, District, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, DoggeWiper, Domino, Done, DoNotChange, Donut, DoubleLocker, DriedSister, DryCry, Dviide, DXXD, DynA-Crypt, eBayWall, eCh0raix / QNAPCrypt, ECLR Ransomware, EdgeLocker, EduCrypt, EggLocker, El Polocker, Enc1, EnCrypt, EncryptedBatch, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, EOEO, Erebus, Eris, Eternal, Everbe, Everbe
2.0, Everbe 3.0, Evil, Executioner, ExecutionerPlus, Exocrypt XTC, Exotic, Extortion Scam, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FCrypt, FenixLocker, FenixLocker 2.0, Fenrir, FilesLocker, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FreeMe, FrozrLock, FRSRansomware, FS0ciety, FTCode, FuckSociety, FunFact, Galacti-Crypter, GandCrab, GandCrab v4.0 / v5.0, GandCrab2, GarrantyDecrypt, GC47, Gerber, GermanWiper, GetCrypt,
GhostCrypt, GhostHammer, Gibon, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, Godra, GOG, Golden Axe, GoldenEye, Gomasom, Good, GoRansom, Gorgon, Gotcha, GPAA, GPCode, GPGQwerty, GusCrypter, GX40, HadesLocker, Halloware, HappyDayzz, hc6, hc7, HDDCryptor, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hermes 2.1, Hermes837, Heropoint, Hi Buddy!, HiddenTear, HildaCrypt, HKCrypt,
HollyCrypt, HolyCrypt, HPE iLO Ransomware, Hucky, HydraCrypt, IEncrypt, IFN643, Ims00ry, ImSorry, Incanto, InducVirus, InfiniteTear, InfinityLock, InsaneCrypt, iRansom, Iron, Ishtar, Israbye, JabaCrypter, Jack.Pot, Jaff, Jager, Jamper / Buran, JapanLocker, JeepersCrypt, Jemd, Jigsaw, JNEC.a, JobCrypter, JoeGo Ransomware, JosepCrypt, JSWorm, JSWorm 2.0, JSWorm 4.0, JuicyLemon, JungleSec, Kaenlupuf, Kali, Karma, Karmen, Karo, Kasiski, Katyusha, KawaiiLocker,
KCW, Kee Ransomware, KeRanger, Kerkoporta, KeyBTC, KEYHolder, KillerLocker, KillRabbit, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, Kraken Cryptor, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, Ladon, Lalabitch, LambdaLocker, LeChiffre, LightningCrypt, Lilocked, Lime, Litra, LittleFinger, LLTP, LMAOxUS, Lock2017, Lock93, LockBox, LockCrypt, LockCrypt 2.0, Locked-In, LockedByte, LockeR, LockerGoga, LockLock, LockMe, Lockout, Locky, LongTermMemoryLoss, LonleyCrypt, LooCipher, Lortok, Lost_Files, LoveServer, LowLevel04, Lucky, MadBit, MAFIA, MafiaWare, Magic, Magniber, Mailto Ransomware, Major, Maktub Locker, MalwareTech's CTF, Maoloa,
Marduk, Marlboro, MarsJoke, Matrix, MauriGo, MaxiCrypt, Maykolin, Maysomware, Maze Ransomware, MCrypt2018, MedusaLocker, MegaCortex, MegaLocker, Meteoritan, Mikoyan, MindSystem, Minotaur, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MongoLock, MoonCrypter, MorrisBatchCrypt, MOTD, MoWare, MRCR1, MrDec, Muhstik, Mystic, n1n1n1, NanoLocker, NCrypt, NegozI, Nemty, Nemucod, Nemucod-7z, Nemucod-AES,
NETCrypton, Netix, NewHT, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, Noblis, NonRansomware, NotAHero, Nozelesn, NSB Ransomware, Nuke, NullByte, NxRansomware, ODCODC, OhNo!, OmniSphere, OnyxLocker, OoPS, OopsLocker, OpenToYou, OpJerusalem, Ordinypt, Ouroboros v6, OzozaLocker, PadCrypt, Paradise, Paradise .NET, Paradise B29, PayPalGenerator2019, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, PewCrypt,
PGPSnippet, Philadelphia, Phobos, PhoneNumber, Pickles, Plague17, Planetary Ransomware, PoisonFang, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, Predator, PrincessLocker, PrincessLocker 2.0, PrincessLocker Evolution, Project34, Project57, Protected Ransomware, PshCrypt, PUBG Ransomware, PyCL, PyCL, PyL33T, PyLocky, qkG, QP Ransomware, QuakeWay, QwertyCrypt, Qweuirtksd, R980, RAA-SEP, RabbitFox, RackCrypt,
Radamant, Radamant v2.1, Radiation, Random6, RandomLocker, Ranion, RanRan, RanRans, Rans0mLocked, RansomCuck, Ransomnix, RansomPlus, Ransomwared, RansomWarrior, Rapid, Rapid 2.0 / 3.0, RaRansomware, RarVault, Razy, RedBoot, RedEye, REKTLocker, Rektware, Relock, RemindMe, RenLocker, RensenWare, RetMyData, REvil / Sodinokibi, Reyptson, RobbinHood, Roga, Rokku, Rontok, RoshaLock, RotorCrypt, Roza, RSA-NI, RSA2048Pro, RSAUtil,
Ruby, Russenger, Russian EDA2, Ryuk, SAD, SadComputer, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, Saturn, Scarab, ScareCrow, SD 1.1, Seon, Sepsis, SerbRansom, Serpent, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, ShivaGood, ShkolotaCrypt, Shrug, Shujin, Shutdown57, Sifreli, Sigma, Sigrun, SilentSpring, Simple_Encoder, SintaLocker, Skull Ransomware, SkyFile, SkyStars, Smrss32, SnakeLocker, Snatch, SNSLocker,
SoFucked, Solo Ransomware, Spartacus, Spectre, Spider, Spora, Sport, SQ_, Stampado, Stinger, STOP (Djvu), STOP / KEYPASS, StorageCrypter, Storm, Striked, Stroman, Stupid Ransomware, Styx, SunCrypt, SuperB, SuperCrypt, Surprise, SynAck, SyncCrypt, Syrk, SYSDOWN, SystemCrypter, SZFLocker, T1Happy, Team XRat, Telecrypt, TellYouThePass, Termite, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TeslaWare, TFlower, Thanatos,
TheDarkEncryptor, THT Ransomware, tk, Torchwood, TotalWipeOut, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, Tron, TrueCrypter, TrumpLocker, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unit09, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, Unlock92 Zipper, Useless Disk, UselessFiles, UserFilesLocker, USR0, Uyari, V8Locker, Vapor v1, VaultCrypt, vCrypt, VegaLocker, Velso, Vendetta,
VenisRansomware, VenusLocker, ViACrypt, VindowsLocker, VisionCrypt, VMola, Vortex, Vurten, VxLock, Waffle, WannaCash, WannaCry, WannaCry.NET, WannaCryFake, WannaCryOnClick, WannaDie, WannaPeace, WannaSmile, WannaSpam, Wesker, WhatAFuck, WhiteRose, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, Wulfric, X Locker 5.0, XCry, XCrypt, XData, XiaoBa, XiaoBa 2.0, Xorist, Xort, XRTN, XTP Locker 5.0,
XYZWare, Yatron, YouAreFucked, YourRansom, Yyto, ZariqaCrypt, zCrypt, Zekwacrypt, Zenis, ZeroCrypt, ZeroFucks, Zeropadypt, Zeropadypt NextGen / Ouroboros, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zipper, Zoldon, ZQ, Zyklon
775 verschiedene Ransomware Varianten (Stand 21. Oktober 2019)
• Meine Daten sind für Cyberkriminelle nicht interessant
• Wir betreiben ein zuverlässiges Backup (und Restore)
Faktencheck
Wertvolle Daten
Taiana SA - 25. September 2019 / Manno - TICyber ricatto: "Chiesti 300mila franchi, ma noi..."La ditta Taiana di Manno racconta l'attacco informatico orchestrato da un hacker
Brutta sorpresa per la ditta Taiana SA di Manno, che si è vista bloccare il sistema informatico da un hacker che ha successivamente ricattato l'azienda. Il co-titolare Claudio Taiana ha raccontato a TeleTicino cosa è successo: "Ci siamo accorti venerdì mattina che tutti i file avevano una desinenza Ryuk (ovvero, quello che normalmente finisce .doc o in .pdf). In pratica tutti i nostri file erano stati ribattezzati e criptati. Esplorando un po' dentro i file si trovava spesso una schermata con una scritta nera e un indirizzo mail".
"Abbiamo scritto dicendo a questa persona che avevamo trovato il suo indirizzo e i file criptati. In due ore ha risposto: 'You need to pay 31 bitcoin'. Un ricatto in piena regola: 31 bitcoin sono circa 300mila franchi. "È una cifra assurda per un'azienda come la nostra, poi magari vanno a finire in un buco nero".*https://www.ticinonews.ch/ticino/490166/cyber-ricatto-chiesti-300mila-franchi-ma-noi
(Emotet) Ryuk in der Schweiz
Benutzertraining
EndpointMobileEncryptionServerWeb Wireless EmailFirewall SophosCentral
Sophos Synchronized Security
Eindämmung von Bedrohungen mit
&
Security Heartbeat™
Automatische Netzwerkquarantäne mit XG Firewall
XG Firewall nimmt infizierten Client oder Server
in Netzwerkquarantäne
Vom Admin gesteuerte Isolation
Admin isoliertmöglicherweise
unsicheren Clientoder Server
Admin
Self Isolation
Infizierter Clientisoliert sich selbst
Lateral Movement Protection mit XG Firewall
XG Firewall verteilt Infos über infizierten Client/Server
Keine Kommunikationmit infiziertem Client/Server
Security Heartbeat™
Fragen?