Sicherheit-als-SystemWie unterstützt uns die künstliche Intelligenz

vom Endpunkt bis zur zentralen Firewall?

Yannick EscuderoSnr. Sales Engineer - Sophos

Sophos im Überblick

EndpointMobileEncryptionServerWeb Wireless Email SophosCentral

Firewall

• 1985 in Oxford, UK gegründet

• $768 Millionen Umsatz in FY18

• 20% Wachstum/Jahr - vgl. IT-Security-Markt = 7%

• > 3.500 Mitarbeiter, davon ca. 500 in DACH

• 330.000+ Kunden

• 100+ Millionen User

• 39.000+ Channel Partner

• Gartner: Marktführer in den Bereichen Endpoint, Firewall & Verschlüsselung

Künstliche Intelligenz

Geheimdienste vs Cyberkriminelle

Faktencheck

The N.S.A. - the only part of government that actually listens

The Fiscal Year 2019 budget request included a request of $59.9 billion for the National Intelligence Program (NIP)* https://fas.org/irp/budget/

7

Weil Hacker die gesamte IT-Infrastruktur der Haustechnikerfirma Meier Tobler lahmlegten, konnte das Unternehmen vier Arbeitstage keine Waren ausliefern. Nun ist klar: Der Schaden geht in die Millionenhöhe.Der im Juli erfolgte Cyberangriff auf die Haustechnikerfirma Meier Tobler hat finanzielle Folgen für das börsenkotierte Unternehmen. Konkret rechnet Meier Tobler für das gesamte Geschäftsjahr 2019 mit einer Umsatzeinbusse von rund 5 Millionen Franken.

*https://www.bluewin.ch/de/digital/hacker-kosten-meier-tobler-millionen-289111.html

010001, 0kilobypt, 24H Ransomware, 4rw5w, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Allcry, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, Anatova, AnDROid, AngryDuck, Annabelle 2.1, Anubi, Anubis, AnubisCrypt, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, AresCrypt, Argus, Armage,

ArmaLocky, Arsium, ASN1 Encoder, Ataware, Atchbo, Aurora, AutoLocky, AutoWannaCryV2, AVCrypt, Avest, AxCrypter, aZaZeL, B2DR, BadBlock, BadEncript, BadRabbit, Bam!, BananaCrypt, BandarChor, Bart, Bart v2.0, BasilisqueLocker, BigBobRoss, Bisquilla, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer, Bitshifter, BitStak, BKRansomware, Black Feather, Black Shades, BlackHeart, Blackout, BlackRuby, Blind, Blind 2, Blocatto, BlockFile12, Blooper, Blue Blackmail, BoooamCrypt, Booyah, BrainCrypt, Brazilian Ransomware, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, BTCWare PayDay, Bubble, Bucbi, Bud, BugWare, BuyUnlockCode, Cancer, Cassetto, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, ChaCha, Chekyshka, Chimera, ChinaYunLong, ChineseRarypt, CHIP, ClicoCrypter, Clop, Clouded, CmdRansomware, CockBlocker, Coin Locker, CoinVault, Comrade

Circle, Conficker, CorruptCrypt, Cossy, Coverton, Cr1ptT0r Ransomware, CradleCore, CreamPie, Creeper, Cripton, Cry128, Cry36, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt0r, Crypt12, Crypt38, CryptConsole, CryptConsole3, CryptFuck, CryptGh0st, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3,

CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptoPokemon, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CSP Ransomware, CTB-Faker, CTB-Locker, CXK-NMSL, D00mEd, Dablio, Damage, DarkoderCryptor, DataKeeper, Dcrtr, DCry, DCry2.0, Deadly, DeathNote, DecryptIomega, DEDCryptor, Defender, Defray, Defray777, DeriaLock, Dharma (.cezar Family), Dharma (.dharma Family), Dharma (.onion Family), Dharma (.wallet Family), Digisom, DilmaLocker, DirtyDecrypt,

Dishwasher, District, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, DoggeWiper, Domino, Done, DoNotChange, Donut, DoubleLocker, DriedSister, DryCry, Dviide, DXXD, DynA-Crypt, eBayWall, eCh0raix / QNAPCrypt, ECLR Ransomware, EdgeLocker, EduCrypt, EggLocker, El Polocker, Enc1, EnCrypt, EncryptedBatch, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, EOEO, Erebus, Eris, Eternal, Everbe, Everbe

2.0, Everbe 3.0, Evil, Executioner, ExecutionerPlus, Exocrypt XTC, Exotic, Extortion Scam, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FCrypt, FenixLocker, FenixLocker 2.0, Fenrir, FilesLocker, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FreeMe, FrozrLock, FRSRansomware, FS0ciety, FTCode, FuckSociety, FunFact, Galacti-Crypter, GandCrab, GandCrab v4.0 / v5.0, GandCrab2, GarrantyDecrypt, GC47, Gerber, GermanWiper, GetCrypt,

GhostCrypt, GhostHammer, Gibon, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, Godra, GOG, Golden Axe, GoldenEye, Gomasom, Good, GoRansom, Gorgon, Gotcha, GPAA, GPCode, GPGQwerty, GusCrypter, GX40, HadesLocker, Halloware, HappyDayzz, hc6, hc7, HDDCryptor, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hermes 2.1, Hermes837, Heropoint, Hi Buddy!, HiddenTear, HildaCrypt, HKCrypt,

HollyCrypt, HolyCrypt, HPE iLO Ransomware, Hucky, HydraCrypt, IEncrypt, IFN643, Ims00ry, ImSorry, Incanto, InducVirus, InfiniteTear, InfinityLock, InsaneCrypt, iRansom, Iron, Ishtar, Israbye, JabaCrypter, Jack.Pot, Jaff, Jager, Jamper / Buran, JapanLocker, JeepersCrypt, Jemd, Jigsaw, JNEC.a, JobCrypter, JoeGo Ransomware, JosepCrypt, JSWorm, JSWorm 2.0, JSWorm 4.0, JuicyLemon, JungleSec, Kaenlupuf, Kali, Karma, Karmen, Karo, Kasiski, Katyusha, KawaiiLocker,

KCW, Kee Ransomware, KeRanger, Kerkoporta, KeyBTC, KEYHolder, KillerLocker, KillRabbit, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, Kraken Cryptor, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, Ladon, Lalabitch, LambdaLocker, LeChiffre, LightningCrypt, Lilocked, Lime, Litra, LittleFinger, LLTP, LMAOxUS, Lock2017, Lock93, LockBox, LockCrypt, LockCrypt 2.0, Locked-In, LockedByte, LockeR, LockerGoga, LockLock, LockMe, Lockout, Locky, LongTermMemoryLoss, LonleyCrypt, LooCipher, Lortok, Lost_Files, LoveServer, LowLevel04, Lucky, MadBit, MAFIA, MafiaWare, Magic, Magniber, Mailto Ransomware, Major, Maktub Locker, MalwareTech's CTF, Maoloa,

Marduk, Marlboro, MarsJoke, Matrix, MauriGo, MaxiCrypt, Maykolin, Maysomware, Maze Ransomware, MCrypt2018, MedusaLocker, MegaCortex, MegaLocker, Meteoritan, Mikoyan, MindSystem, Minotaur, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MongoLock, MoonCrypter, MorrisBatchCrypt, MOTD, MoWare, MRCR1, MrDec, Muhstik, Mystic, n1n1n1, NanoLocker, NCrypt, NegozI, Nemty, Nemucod, Nemucod-7z, Nemucod-AES,

NETCrypton, Netix, NewHT, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, Noblis, NonRansomware, NotAHero, Nozelesn, NSB Ransomware, Nuke, NullByte, NxRansomware, ODCODC, OhNo!, OmniSphere, OnyxLocker, OoPS, OopsLocker, OpenToYou, OpJerusalem, Ordinypt, Ouroboros v6, OzozaLocker, PadCrypt, Paradise, Paradise .NET, Paradise B29, PayPalGenerator2019, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, PewCrypt,

PGPSnippet, Philadelphia, Phobos, PhoneNumber, Pickles, Plague17, Planetary Ransomware, PoisonFang, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, Predator, PrincessLocker, PrincessLocker 2.0, PrincessLocker Evolution, Project34, Project57, Protected Ransomware, PshCrypt, PUBG Ransomware, PyCL, PyCL, PyL33T, PyLocky, qkG, QP Ransomware, QuakeWay, QwertyCrypt, Qweuirtksd, R980, RAA-SEP, RabbitFox, RackCrypt,

Radamant, Radamant v2.1, Radiation, Random6, RandomLocker, Ranion, RanRan, RanRans, Rans0mLocked, RansomCuck, Ransomnix, RansomPlus, Ransomwared, RansomWarrior, Rapid, Rapid 2.0 / 3.0, RaRansomware, RarVault, Razy, RedBoot, RedEye, REKTLocker, Rektware, Relock, RemindMe, RenLocker, RensenWare, RetMyData, REvil / Sodinokibi, Reyptson, RobbinHood, Roga, Rokku, Rontok, RoshaLock, RotorCrypt, Roza, RSA-NI, RSA2048Pro, RSAUtil,

Ruby, Russenger, Russian EDA2, Ryuk, SAD, SadComputer, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, Saturn, Scarab, ScareCrow, SD 1.1, Seon, Sepsis, SerbRansom, Serpent, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, ShivaGood, ShkolotaCrypt, Shrug, Shujin, Shutdown57, Sifreli, Sigma, Sigrun, SilentSpring, Simple_Encoder, SintaLocker, Skull Ransomware, SkyFile, SkyStars, Smrss32, SnakeLocker, Snatch, SNSLocker,

SoFucked, Solo Ransomware, Spartacus, Spectre, Spider, Spora, Sport, SQ_, Stampado, Stinger, STOP (Djvu), STOP / KEYPASS, StorageCrypter, Storm, Striked, Stroman, Stupid Ransomware, Styx, SunCrypt, SuperB, SuperCrypt, Surprise, SynAck, SyncCrypt, Syrk, SYSDOWN, SystemCrypter, SZFLocker, T1Happy, Team XRat, Telecrypt, TellYouThePass, Termite, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TeslaWare, TFlower, Thanatos,

TheDarkEncryptor, THT Ransomware, tk, Torchwood, TotalWipeOut, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, Tron, TrueCrypter, TrumpLocker, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unit09, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, Unlock92 Zipper, Useless Disk, UselessFiles, UserFilesLocker, USR0, Uyari, V8Locker, Vapor v1, VaultCrypt, vCrypt, VegaLocker, Velso, Vendetta,

VenisRansomware, VenusLocker, ViACrypt, VindowsLocker, VisionCrypt, VMola, Vortex, Vurten, VxLock, Waffle, WannaCash, WannaCry, WannaCry.NET, WannaCryFake, WannaCryOnClick, WannaDie, WannaPeace, WannaSmile, WannaSpam, Wesker, WhatAFuck, WhiteRose, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, Wulfric, X Locker 5.0, XCry, XCrypt, XData, XiaoBa, XiaoBa 2.0, Xorist, Xort, XRTN, XTP Locker 5.0,

XYZWare, Yatron, YouAreFucked, YourRansom, Yyto, ZariqaCrypt, zCrypt, Zekwacrypt, Zenis, ZeroCrypt, ZeroFucks, Zeropadypt, Zeropadypt NextGen / Ouroboros, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zipper, Zoldon, ZQ, Zyklon

775 verschiedene Ransomware Varianten (Stand 21. Oktober 2019)

• Meine Daten sind für Cyberkriminelle nicht interessant

• Wir betreiben ein zuverlässiges Backup (und Restore)

Faktencheck

Wertvolle Daten

Taiana SA - 25. September 2019 / Manno - TICyber ricatto: "Chiesti 300mila franchi, ma noi..."La ditta Taiana di Manno racconta l'attacco informatico orchestrato da un hacker

Brutta sorpresa per la ditta Taiana SA di Manno, che si è vista bloccare il sistema informatico da un hacker che ha successivamente ricattato l'azienda. Il co-titolare Claudio Taiana ha raccontato a TeleTicino cosa è successo: "Ci siamo accorti venerdì mattina che tutti i file avevano una desinenza Ryuk (ovvero, quello che normalmente finisce .doc o in .pdf). In pratica tutti i nostri file erano stati ribattezzati e criptati. Esplorando un po' dentro i file si trovava spesso una schermata con una scritta nera e un indirizzo mail".

"Abbiamo scritto dicendo a questa persona che avevamo trovato il suo indirizzo e i file criptati. In due ore ha risposto: 'You need to pay 31 bitcoin'. Un ricatto in piena regola: 31 bitcoin sono circa 300mila franchi. "È una cifra assurda per un'azienda come la nostra, poi magari vanno a finire in un buco nero".*https://www.ticinonews.ch/ticino/490166/cyber-ricatto-chiesti-300mila-franchi-ma-noi

(Emotet) Ryuk in der Schweiz

Benutzertraining

EndpointMobileEncryptionServerWeb Wireless EmailFirewall SophosCentral

Sophos Synchronized Security

Eindämmung von Bedrohungen mit

&

Security Heartbeat™

Automatische Netzwerkquarantäne mit XG Firewall

XG Firewall nimmt infizierten Client oder Server

in Netzwerkquarantäne

Vom Admin gesteuerte Isolation

Admin isoliertmöglicherweise

unsicheren Clientoder Server

Admin

Self Isolation

Infizierter Clientisoliert sich selbst

Lateral Movement Protection mit XG Firewall

XG Firewall verteilt Infos über infizierten Client/Server

Keine Kommunikationmit infiziertem Client/Server

Security Heartbeat™

Fragen?

yannick.escudero@sophos.com