webroot threat brief 2016 · » attackers can license ransomware from third parties -...
TRANSCRIPT
1Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Webroot Threat Brief 2016
George Anderson
Tuesday, May10th 2016
2Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Business needs, threats and mitigation strategies
» SMB’s and Cybersecurity
» Threat Brief 2016
» 100% ‘most of the time’
» Avoid being a victim
» Q&A
3Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
How are SMB’s managing cybersecurity today?
Source: Webroot – 2015 SMB Threat Report, December 2015
» 24% - specialist staff
» 32% - generalist staff
» 27% - mix in-house/outsource
» 9% - outsource
» 5% - non-IT staff
» 3% - no IT security
4Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
How prepared are their cybersecurity defences?
63% not completely confident in their readiness to counter attacks
Source: Webroot – 2015 SMB Threat Report, December 2015
MITIGATION
PREPAREDNESS
RESPONSE
RECOVERY
5Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
How confident at addressing an attack?
84% say they are confident they could fully address an attack!
Source: Webroot – 2015 SMB Threat Report, December 2015
6Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
How do they view outsourcing – help or hindrance?
81% see outsourcing as positive
Source: Webroot – 2015 SMB Threat Report, December 2015
28%
7Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Annual IT Security Budget for 2016?
81% increasing their budget by an average of 22% in 2016
Source: Webroot – 2015 SMB Threat Report, December 2015
8Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
SMB’s and cybersecurity - conclusions
» Under prepared and informed to handle cyberattacks
» Need better overall threat protection
» Outsourcing is their opportunity to improve overall
security and business situation
» Have upped budgets to fund better cybersecurity
» A major market opportunity
» SpiceHeads ideally placed to serve needs
9Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Hands-up feedback
» Is lack of SMB expertise main driver of sales?
» Are you seeing better security budgets in 2016?
» Is endpoint security the primary IT Security driver (or back-
up/business continuity now more important)?
10Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Threat Brief 2016
Webroot Threat Intelligence Platform
11Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Data feeding the Webroot Threat Brief
Millions of customer &
partner nodes act as real-
time Global Internet sensor
network
1. Input
Infinitely scalable & geo-
redundant Advanced cloud
architecture
2. Cloud
Automated machine
learning & ‘00’sTB
of constantly added threat
data
3. Big Data
Powered by Webroot Threat
Intelligence & BrightCloud
service portfolio coverage
4. Services
Real-time feedback loop
Collective Intelligence
Prediction grows more
effective
5. Feedback Loop
12Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Webroot Threat Intelligence Platform – the numbers
Continuously classify and score 95% of the Internet by monitoring entire
IPv4 space and in-use IPv6 addresses
27+Billion URLs
9+Billion File Behavior Records
600+Million Domains
20+Million Mobile Apps
4+Billion IP Address
10+Million Connected Sensors
Source: Webroot – 2016 Threat Brief, February 2016
13Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Daily detection of previously unknown threats
25kNew malicious URLs
11kNew phishing sites
100kNew malicious IPs
New malware
& PUA
101k1m+New file
encountersSource: Webroot – 2016 Threat Brief, February 2016
14Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Polymorphic malware on the rise
PUA’s = Potentially Unwanted Applications
Source: Webroot – 2016 Threat Brief, February 2016
15Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Polymorphic malware the norm!
Source: Webroot – 2016 Threat Brief, February 2016
16Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Evolution of ransomware
» Attackers increasing adoption of IP
anonymizing services
» Attackers can license ransomware from
third parties - ransomware-as-a-service
» Varieties getting harder to detect
through thread injection, process
hollowing, and other exploit methods
– e.g. CTB-Locker uses a position-
independent payload wrapper
» Expanding past Windows to Mac OS X
Source: Webroot – 2016 Threat Brief, February 2016
17Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
More IP addresses to launch attacks
» 32M new malicious IP
addresses were
discovered
» Russia and China saw
big drops in malicious
IP’s compared to 2014
» Japan saw biggest
increase in 2015
Source: Webroot – 2016 Threat Brief, February 2016
18Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Malicious IP address attacks by threat type (ex-Spam)
Source: Webroot – 2016 Threat Brief, February 2016
19Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
‘Good’ websites are often very risky
» Attackers in
high-risk
countries
host malicious sites
in more trustworthy
countries
» The USA and China host
most malicious URLs
Source: Webroot – 2016 Threat Brief, February 2016
20Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
The risk from ‘Good’ websites
Source: Webroot – 2016 Threat Brief, February 2016
21Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Shifts in phishing targets
Phishing Sites By Target (% of Category) Phishing Sites By Target (% companies within each Category)
Source: Webroot – 2016 Threat Brief, February 2016
22Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Shifts in phishing targets
Source: Webroot – 2016 Threat Brief, February 2016
23Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Mobile apps riskier than ever…
Source: Webroot – 2016 Threat Brief, February 2016
Number of Android
apps categorized
in 2015 doubled
from 10M -2014 to
20M+ - 2015!
24Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Mobile Apps riskier than ever
Source: Webroot – 2016 Threat Brief, February 2016
25Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Mobile Apps are Riskier Than Ever
Source: Webroot – 2016 Threat Brief, February 2016
26Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Threat thoughts
» Polymorphic threats are the ‘standard’
» Any defense needs per-endpoint awareness of
the application space to be effective
» Ransomware attacks will continue to increase
» Ransom demands will be dynamic to the data
that is encrypted
» Data security, backup and continuity solutions
are now a must
» Continuous user education is needed to help
disrupt social engineering effectiveness
27Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Hands-up feedback
» How many have seen infections rise in past year?
» How many have suffered a crypto-ransomware attack?
» How many of you have paid-up?
» How many of you have business continuity?
28Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
What does 100% ‘most of the time’
mean to us today?
29Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
100% ‘most of the time’
» Detection and efficacy have never been 100% all of the time
» When the impact was a few endpoints - marginally acceptable
» When the impact closes down a Business, Hospital, University or a
Government office– it’s not!
» Today the difference is the table stakes – their high
» The issue is - ‘what to do about it’?
30Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Avoid being a victim
1. Use reputable and proven endpoint security
2. Back up your data
3. Show hidden file extensions
4. Filter EXEs in email
5. Disable files running from AppData/
LocalAppData folders
31Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Avoid being a victim (continued)
6. Disable RDP
7. Patch and keep software up to date
8. User education
9. Limit end user access to mapped drives
10. Use pop-up blockers
11. Disable macros
32Friday, May 06, 2016 | Webroot Inc. | Proprietary & Confidential Information
Q&A
George Anderson - [email protected]
– Get the full reports at our Stand, or –
www.webroot.com