surviving the ever changing threat landscape the ever – changing threat landscape kevin jordan...
TRANSCRIPT
SecureWorks
Surviving the Ever – Changing Threat Landscape
Kevin Jordan
Cyber Security Specialist
Dell SecureWorks
• Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
The Internet is “where the bad guys will go because that’s where our lives are, and our money,
our secrets and our intellectual property,”
James Comey, FBI Director
Percentage of U.S. adults who named online banking as their preferred banking method in 2011
GLBA FFIEC NCUA
PCI HIPAA
NERC CIP FISMA
700+ Federal and state security-related
laws
50 U.S. states with
varying data breach laws
2014 1.4 billion
records stolen
3
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
• Why not? Community banks have
assets, customers and PII too
• Larger banks are fortifying their defenses
• Smaller IT teams
• Defenses are down
• Path of least resistance
• Tunnel to ultimate target
• Less than 3% of overall IT budget is spent on cyber security
Target is the same; Methods are evolving
3
Community Banks are more likely to be targeted by cyber-attacks because hackers believe these smaller organizations have their guard down.
4
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Cyber attacks edging out terrorism as No. 1 threat to U.S.
“I am convinced there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
“No company is immune, from the Fortune 500 corporation to the neighborhood ‘mom and pop’ business.”
“In the not too distant future, we anticipate that the cyberthreat will pose the No. 1 threat to our country.”
Source: FBI Director Robert Mueller
Speaking at 2012 RSA Conference
5
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
“In many cases, the skills of the adversaries are so substantial that they just leap right over the fence and you don’t even hear an alarm go off.”
Companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking – or the costs they may have already suffered.
He doesn’t believe there is a single secure, unclassified computer network in the U.S.
FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed.
In cases handled by one computer security firm where intrusions were traced back to China, 94% of the targeted companies didn’t realize they had been breached until someone else told them.
Companies need to do more than just react to intrusions
According to top cyber security experts
Source: “U.S. Outgunned in Hacker War”
The Wall Street Journal, March 28, 2012
6
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Incidents by Source – August 2015
Source: OSF DataLossDB
62% of incidents originate outside
your 4 walls
7
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
The Impact of Cyber Crime
#1 - Hacker’s Inc.
• Would be the largest company in the world
• Translate costs into “hacker revenue”
• Global costs of cyber crime is $500B
* - Center for Strategic and
International Studies (CSIS)2013
500
8
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Motivations behind cyber crime
• Gain financial advantage
• Intelligence gathering
• Gain competitive advantage
• Damage organizations’ brand, reputation and systems
• Obtain indirect access to a targeted business partner
• Prepare the field of battle for cyber warfare
9
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
113% increase
in ransomware attacks in 2014*
5.8 million average cost of breach to midsize companies
•
$3,200,000 •in lost business
costs
31% of breaches
result of human factor
~$417,000
post breach clean up costs
25% of customers
leave post breach
10
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
The evolving threat landscape
Endpoints, including POS, still largely
unprotected
Mature black market for digital records
Recent breaches point to breakdowns
in ‘people and process’
Employees as a threat vector of
choice Evasive Threats
Ransomware
High impact, systemic threats
such as Heartbleed and Shellshock
Opportunistic Threats
Risk from partners, affiliates and
suppliers
Security is no longer an IT issue. It’s a business issue.
11
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Visu
aliz
atio
n: In
form
atio
nisB
eau
tiful.n
et
Recent Breaches Failure in People/Process
World’s Biggest Data Breaches (30K+ records)
Observed commonalities:
• Targeted strategies
• Employees as a threat vector
• Third parties as threat vectors
• Lack of expertise and/or process to interpret or act on threat alerting
12
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Mature Black Market for Digital Records A robust marketplace
13
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Great deals and customer service!
Products Cost
Identity $100 - $250
Passports $200 - $500
Fake SSNs $250 - $400
Fake drivers licenses $100 - $200
Premium Credit Cards $13 ea. for 10; $10 each for 1000
Fake SSN#s $250 - $400
Training Tutorials $1 - $30
Hacker for Hire $1 - $600
Malware
Remote Access Trojan $20 - $50
Exploit Kit Lease Rates $600 - $1800
Crypters $50 - $120
14
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Who’s out there?
APT
Organized Cyber Criminals
Targeted
Broad
Advanced Commodity
Script Kiddies
Targeted
Broad
Advanced Commodity
Hacktivists
Organized Cyber Criminals
Nation State
16
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Ransomware. It’s easier to steal funds via ransom than from a bank • Hijacks a user's computer by taking control of its monitor or screen,
locking the system and then displaying a ransom message
• Adversaries can create spoofs your website and email templates.
• Send emails to your bank customers (information stolen) asking for “payment of unpaid fees” usually by credit card or files will be locked
• You might not know about this until a customer calls you
18
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Camoflaged Attacks – DDoS Smokescreen
• Highest number of attacks in financial industry
• Adversary paralyzes website by redirecting web traffic
• Customers, employees, vendors can’t access site for undetermined time
• 62% of DDoS attacks last longer than 24 hours
• Mostly utilized by organized groups
• Growing in number
• Toolkits are available for purchase, Dirt Jumper or Drive
• Adversaries launch DDoS to jam system resources
• IT staff must mitigation surprise attack
• Adversaries exfiltrate funds, intellectual property, trade secrets, customer and employee PII and credit cards
• Sony August 2014 DDoS attacks a suspected smokescreen. No data was exfiltrated.
19
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Adjacency Attack Cyberheist + Smokescreen
Next day accountant can’t
access browser to check account
online
Adversary hacks into construction company network
overnite
Adversary launches DDoS attack to
distract bank officials
Adversary takes control of company network
Adversary steals 900K from victim’s
bank
FBI called in to investigate
Bank reclaims 50% of funds
Cyberheist + DDoS smokescreen approach is common with cyber gangs using Gameover Trojan, a Zeus variant.
21
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
In Internet of Things (IoT)ternet of Things (IoT)
The Internet of Things (IoT), is the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to collect and exchange data.
22 Services Confidential
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
Going it alone is most risky - DIY
• Information about what is happening
around your perimeter is critical and most businesses don’t have access to it.
23 Services Confidential
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
Two in one – MSSP as Responder
• Security data is paramount – Helps solve the “how and why”
of a breach
• MSSP is also incident responder – Security data at their fingertips
• Immediate access to data helps
responders control the breach faster.
• Offers better threat protection than DIY
• Intelligence gained feeds protection
• Around the clock monitoring
• Cybercriminals constantly changing Tools, Techniques, and Tactics
24
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Risk-based approach
Confidential 24 10/5/2015
Direct loss risk Risk to reputation
Liability risk Compliance risk
Lost revenue, data
Litigation, civil damages
Lose market share
Fines, penalties
25
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
First, connect security to the business (Your to do list)
• Security is not just a IT problem
• Collateral damage is at an all time high
• Keep lines of communication open on both ends
• Manage risk
• Create a security aware culture
• Invest early
– Investment in security is far less than cost of mitigation, eradication and remediation
• Incident response plan
– Collaboration is paramount
– Documented and tested (table top exercises)
– Include communications plan
• Who is watching the fort 24/7/365?!
26
Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
SecureWorks
Good Guys vs Bad Guys
26
VS