surviving the ever changing threat landscape the ever – changing threat landscape kevin jordan...

SecureWorks

Surviving the Ever – Changing Threat Landscape

Kevin Jordan

Cyber Security Specialist

Dell SecureWorks

• Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

The Internet is “where the bad guys will go because that’s where our lives are, and our money,

our secrets and our intellectual property,”

James Comey, FBI Director

Percentage of U.S. adults who named online banking as their preferred banking method in 2011

GLBA FFIEC NCUA

PCI HIPAA

NERC CIP FISMA

700+ Federal and state security-related

laws

50 U.S. states with

varying data breach laws

2014 1.4 billion

records stolen

3

Classification: //Dell SecureWorks/Confidential - Limited External Distribution:

SecureWorks

• Why not? Community banks have

assets, customers and PII too

• Larger banks are fortifying their defenses

• Smaller IT teams

• Defenses are down

• Path of least resistance

• Tunnel to ultimate target

• Less than 3% of overall IT budget is spent on cyber security

Target is the same; Methods are evolving

3

Community Banks are more likely to be targeted by cyber-attacks because hackers believe these smaller organizations have their guard down.

4


SecureWorks

Cyber attacks edging out terrorism as No. 1 threat to U.S.

“I am convinced there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”

“No company is immune, from the Fortune 500 corporation to the neighborhood ‘mom and pop’ business.”

“In the not too distant future, we anticipate that the cyberthreat will pose the No. 1 threat to our country.”

Source: FBI Director Robert Mueller

Speaking at 2012 RSA Conference

5


SecureWorks

“In many cases, the skills of the adversaries are so substantial that they just leap right over the fence and you don’t even hear an alarm go off.”

Companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking – or the costs they may have already suffered.

He doesn’t believe there is a single secure, unclassified computer network in the U.S.

FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed.

In cases handled by one computer security firm where intrusions were traced back to China, 94% of the targeted companies didn’t realize they had been breached until someone else told them.

Companies need to do more than just react to intrusions

According to top cyber security experts

Source: “U.S. Outgunned in Hacker War”

The Wall Street Journal, March 28, 2012

6


SecureWorks

Incidents by Source – August 2015

Source: OSF DataLossDB

62% of incidents originate outside

your 4 walls

7


SecureWorks

The Impact of Cyber Crime

#1 - Hacker’s Inc.

• Would be the largest company in the world

• Translate costs into “hacker revenue”

• Global costs of cyber crime is $500B

* - Center for Strategic and

International Studies (CSIS)2013

500

8


SecureWorks

Motivations behind cyber crime

• Gain financial advantage

• Intelligence gathering

• Gain competitive advantage

• Damage organizations’ brand, reputation and systems

• Obtain indirect access to a targeted business partner

• Prepare the field of battle for cyber warfare

9


SecureWorks

113% increase

in ransomware attacks in 2014*

5.8 million average cost of breach to midsize companies

•

$3,200,000 •in lost business

costs

31% of breaches

result of human factor

~$417,000

post breach clean up costs

25% of customers

leave post breach

10


SecureWorks

The evolving threat landscape

Endpoints, including POS, still largely

unprotected

Mature black market for digital records

Recent breaches point to breakdowns

in ‘people and process’

Employees as a threat vector of

choice Evasive Threats

Ransomware

High impact, systemic threats

such as Heartbleed and Shellshock

Opportunistic Threats

Risk from partners, affiliates and

suppliers

Security is no longer an IT issue. It’s a business issue.

11


SecureWorks

Visu

aliz

atio

n: In

form

atio

nisB

eau

tiful.n

et

Recent Breaches Failure in People/Process

World’s Biggest Data Breaches (30K+ records)

Observed commonalities:

• Targeted strategies

• Employees as a threat vector

• Third parties as threat vectors

• Lack of expertise and/or process to interpret or act on threat alerting

12


SecureWorks

Mature Black Market for Digital Records A robust marketplace

13


SecureWorks

Great deals and customer service!

Products Cost

Identity $100 - $250

Passports $200 - $500

Fake SSNs $250 - $400

Fake drivers licenses $100 - $200

Premium Credit Cards $13 ea. for 10; $10 each for 1000

Fake SSN#s $250 - $400

Training Tutorials $1 - $30

Hacker for Hire $1 - $600

Malware

Remote Access Trojan $20 - $50

Exploit Kit Lease Rates $600 - $1800

Crypters $50 - $120

14


SecureWorks

Who’s out there?

APT

Organized Cyber Criminals

Targeted

Broad

Advanced Commodity

Script Kiddies

Targeted

Broad

Advanced Commodity

Hacktivists

Organized Cyber Criminals

Nation State

SecureWorks

What unpaid bank fees? Ransomware

16


SecureWorks

Ransomware. It’s easier to steal funds via ransom than from a bank • Hijacks a user's computer by taking control of its monitor or screen,

locking the system and then displaying a ransom message

• Adversaries can create spoofs your website and email templates.

• Send emails to your bank customers (information stolen) asking for “payment of unpaid fees” usually by credit card or files will be locked

• You might not know about this until a customer calls you

SecureWorks

You won’t look for me. You’re too busy. DDoS Smokescreens

18


SecureWorks

Camoflaged Attacks – DDoS Smokescreen

• Highest number of attacks in financial industry

• Adversary paralyzes website by redirecting web traffic

• Customers, employees, vendors can’t access site for undetermined time

• 62% of DDoS attacks last longer than 24 hours

• Mostly utilized by organized groups

• Growing in number

• Toolkits are available for purchase, Dirt Jumper or Drive

• Adversaries launch DDoS to jam system resources

• IT staff must mitigation surprise attack

• Adversaries exfiltrate funds, intellectual property, trade secrets, customer and employee PII and credit cards

• Sony August 2014 DDoS attacks a suspected smokescreen. No data was exfiltrated.

19


SecureWorks

Adjacency Attack Cyberheist + Smokescreen

Next day accountant can’t

access browser to check account

online

Adversary hacks into construction company network

overnite

Adversary launches DDoS attack to

distract bank officials

Adversary takes control of company network

Adversary steals 900K from victim’s

bank

FBI called in to investigate

Bank reclaims 50% of funds

Cyberheist + DDoS smokescreen approach is common with cyber gangs using Gameover Trojan, a Zeus variant.

Mitigating Information Security Risk

21


SecureWorks

In Internet of Things (IoT)ternet of Things (IoT)

The Internet of Things (IoT), is the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to collect and exchange data.

22 Services Confidential


Going it alone is most risky - DIY

• Information about what is happening

around your perimeter is critical and most businesses don’t have access to it.

23 Services Confidential


Two in one – MSSP as Responder

• Security data is paramount – Helps solve the “how and why”

of a breach

• MSSP is also incident responder – Security data at their fingertips

• Immediate access to data helps

responders control the breach faster.

• Offers better threat protection than DIY

• Intelligence gained feeds protection

• Around the clock monitoring

• Cybercriminals constantly changing Tools, Techniques, and Tactics

24


SecureWorks

Risk-based approach

Confidential 24 10/5/2015

Direct loss risk Risk to reputation

Liability risk Compliance risk

Lost revenue, data

Litigation, civil damages

Lose market share

Fines, penalties

25


SecureWorks

First, connect security to the business (Your to do list)

• Security is not just a IT problem

• Collateral damage is at an all time high

• Keep lines of communication open on both ends

• Manage risk

• Create a security aware culture

• Invest early

– Investment in security is far less than cost of mitigation, eradication and remediation

• Incident response plan

– Collaboration is paramount

– Documented and tested (table top exercises)

– Include communications plan

• Who is watching the fort 24/7/365?!

26


SecureWorks

Good Guys vs Bad Guys

26

VS

SecureWorks

Thank you.

Kevin Jordan

Cyber Security Specialist Dell SecureWorks

surviving the ever changing threat landscape the ever – changing threat landscape kevin jordan...

Documents