1 / 28

The Threat Landscape

The Threat Landscape. Robert Hodge Technical Director, Northern Europe. And its all publicly available FREE information! www.enterprisesecurity.symantec.com Released every 6 months. The report is only as good as the data behind it!. >6,200 Managed Security Devices.

robertal
Télécharger la présentation

The Threat Landscape

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Threat Landscape Robert Hodge Technical Director, Northern Europe

  2. And its all publicly available FREE information! www.enterprisesecurity.symantec.com Released every 6 months

  3. The report is only as good as the data behind it!. >6,200 Managed Security Devices + 120 Million Systems Worldwide use Symantec AV + 30% of World’s email Traffic protected from SPAM >380 million LiveUpdates each day Honeypot Network……….2 million mailboxes Dublin, Ireland Calgary, Canada Tokyo, Japan San Francisco, CA Redwood City, CA Twyford, England Santa Monica, CA Munich, Germany Pune, India Alexandria, VA Taipei, Taiwan 74 Symantec Monitored Countries 40,000+ Registered Sensors in 180+ Countries 8 Symantec Security Response Centers 4 Symantec SOCs + + + Sydney, Australia

  4. The main theme over the last12 months!

  5. It is a world of stealth! • Hacking is now a stealth game • Low level malware / spyware (disables firewall/IDS) infects the PC and downloads the nastier modular code later on! • No more showing off! • Fewer Sev. 3 and 4 worms now! • “For fortune not fame” • ‘Undercover ops’ not ‘terrorism / notoriety’’ • Stealthy ‘Root kits’ Your security effectiveness is NOT based on howwell your machines function!

  6. The New Cybercrime ‘Business Model’! • Facilitator / herder • eg.bot nets. Uses IRC. • Modular. We saw 57,000 online bot-net machines/day • Serious & Organised Crime • Sponsoring employees, the easy route! • Author • Modular code focus,80% • Less cat. 3&4 • More cat. 1&2 Criminal • Vulnerability finder • 2249 new vulnerabilities discovered this period. • 69% were www applications User / hacker • Mule • A fence handling stolen data • Identity theft is the main one! • Offshore the main route

  7. Mule Mail

  8. ‘Bot Nets’ – roBotNetwork • The efficient way to take data! • Home users are the focus! • 86% of botnet attacks focus there! Top targeted sectors by proportion of targeted attacks Source: Symantec Corporation

  9. How big is the problem? • Average daily total of 57,717 active bot network computers • Total of 4,696,903 active bot network computers controlledby 6,337 Command and Control Servers • China had the highest percentage of known bot networks worldwide (20%) Anti virus, firewall, anti-SPAM/Spyware, patchingand a security policy/user education – no golden bullet!

  10. SPAM • Online advertising • How long does a SPAM message remain effective? • Did you know SPAM can alsocontain malware? • Growth in image SPAM • BotNets are the transmission method...again! • Spammers earn $50,000+ per week • Rely on a very low click rate to be profitable Have security policy/user education for staff using the internet!And have good Anti SPAM software!

  11. A growing trend – image SPAM

  12. Some SPAM statistics! • SPAM accounts for over half of all email (54%), up 4% from the last period • ‘Health‘ topics make up 26% of all spam targets, followed by ‘Adult’ with 22%. • Did you know 1 in 122 SPAM messages contain malware! • It’s increasingly URL linked to avoid AntiSPAM/Antivirus detection Don’t click anything within a SPAM message! Delete it!

  13. Phishing • The BIG One because its personal ! • Phishing attacks use both social engineering andtechnical subterfuge to steal consumers' personalidentity data and financial account credentials. No legitimate organisation will ask foryour userid / password! NEVER, NEVER, NEVER, NEVER give your userid/password details away, no matter how authentic it seems!!

  14. Phishing – The theft of your confidential data! • Phishing, we saw and blocked 1.3 billion attempts, an 11% DECREASE • We saw 865 unique messages per day (157,400 during period) used • 84% were targeting our home bank/financial information By John PenycateBBC TV's Money Programme ‘Identity theft is Britain's fastest-growing white-collarcrime, increasing at nearly 500% a year’

  15. A Phishing Result…. • Users lured to Pay pal and e-bay account web pages • Submit credit card details • Session data shows us that the “actual” site was a Tree trimming company in Idaho USA. • 48hrs later they had left (i.e. the hacker) Mostly a consumer issue! What does your family do at home? What do your customers do?

  16. How do you advise your customers when they get ‘Read More’ links in messages?. If you do click on the link you will be told the web site is busy, understandable!….in the meantime an attempted install of a botnet zombie would take place!!

  17. Taking Advantage of Katrina… 400 + Katrina domains registered in days.15% were legitimate!

  18. http://www.spyware.co.uk Security Risks – a word about Spyware! • Adware and Spyware…what’s the difference? • Primary methods of infection are downloading ‘free’ software…the kinds of things our kids do all the time…on our work PC’s? Spyware programs are stand-alone programs that can unobtrusively monitor system activity and either relay the information back to another computer or hold it for subsequent retrieval WITHOUT YOUR PERMISSION! Again, its all about user education! Regularly run anti-spyware and AntiVirus software Don’t download freeware and certainly not on the same PC you hold personal/ company data on!

  19. Attacks – email is the primary route! • 98% of propagating malware uses SMTP as its mechanism • P2P is growing rapidly (eg. IM through MSN) • Mass Mailers make up 60% of malware code The same old safeguards apply!... Anti Virus and don’t forget good email usage rules!

  20. Patching – for Enterprise vendors • Average vulnerability exploit time ??? • Average time for ANY vendor to release a patch is…??? = 3 days = 31 days Exposure could be 28 days!! Is Patching the No.1 concern along with backups ?

  21. How about server ‘hardening’? • Default sp4 server operating system in a web server role • (Win 2000 Server, Service Pack 4 + IIS,DotNetNuke and MSDE SQL) • We hung this out the window on the www! • Remember - 80% of breaches/compromises where vulnerability driven • How long did it take a www facing system to be compromised ? • 1.5 hours? 1 day? 2.5 days? 1 week? 1hr 32 mins

  22. The importance of hardening a desktop! • Desktop systems were NOT placed behind a firewall!. 1hr 14 mins

  23. Instant Messaging

  24. Something that’s growing - Instant Messaging? Please take it seriously!!! You are as secure as your weakest link! • Becoming essential part of business :- quick, easy, below the radar • Do you/should you allow IM ?...are you sure people comply? • Treated like email and abide by same regulatory rules as emails • Real exposure is still very small compared to email…but growing! A few statistics.. • 3.2 Billion IM’s per day are transferred from 900 million users globally • Security risks grown 1700% year on year! • ID Theft • Faster threat vector than email • Confidential information leakage • Focused/Targeted attacks

  25. Some Suggestions! • Good security is about 3 things - PEOPLE, PROCESS, TECHNOLOGY …use all! • Invest in staff security skills • Perform risk analysis • BCP/DR. Planning – Test regularly - Update it – Plan again • Learn from past history and build it into future plans • ‘Tick Box’ security is not enough!...it must be treated seriously! • Firewall and Intrusion detection on desktops/laptops • Don’t use a tickbox firewall (stateful/application inspection) • Use ANTI SPAM and ANTI Spyware • Harden Systems - Turn off and remove unneeded services • Reduce the opportunities for infection!...remember SLAMMERIsolate infected systems quickly • Patch, patch, patch!!! , especially on internet facing computers that host web services. • If someone else manages your systems…find out from them what their security/data protection processes are and what their customer SLA is!

  26. Some More Suggestions! • Keep your AntiVirus software up to date (daily as a rule!) • Enforce a password policy as a minimum (8 ch. Alphanumeric + special chars. AND change passwords regularly) • Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. • Set IT usage rules and ensure they are followed • Email, Instant Messaging, SKYPE, downloading s/w, phishing etc • Ensure backups are working and test restores • My only advertising – use BuE-SR (hot backup and recovery!) on critical servers www.sans.org (search for small business) www.issa.org www.enterprisesecurity.symantec.com www.securityfocus.com

  27. Thank you robert_hodge@symantec.com

More Related