and what we learned from them - RiskIQ€¦ · LET’S TALK INITIAL ATTACK VECTORS 5. 13/06/2019...

SAFELY ENABLING BUSINESS www.securelink.net

2 0 . 0 0 0 a t t a c k s b y p a s s i n g o u r d e f e n s e sa n d w h a t w e l e a r n e d f r o m t h e m

E w a r d D r i e h u i s • @ e 3 h u i s • w w w . s e c u r e l i n k . n e t

SAFELY ENABLING BUSINESS www.securelink.net

THIS STORY IS BASED ON TRUE DATA

• 700+ SecureLink’ers

• 2100 customers in 2018

• 5 Cyber Defense Centers

• Over 10 trillion signals

2019-06-132

RESEARCH

SAFELY ENABLING BUSINESS www.securelink.net32019-06-13

2006 - 2010

2013

2017

2019

SAFELY ENABLING BUSINESS www.securelink.net13/06/2019

A LOOK AT OUR NUMBERS

4

• Signal to incident process

• Layered detection: malware wins

• Many “strange events”

SAFELY ENABLING BUSINESS www.securelink.net13/06/2019

• Cybercriminals & spies using same methods: social engineering

• Automated scanning: software & versions, password stuffing

LET’S TALK INITIAL ATTACK VECTORS

5

Safely Enabling Business www.securelink.de13/06/2019

BIGGER IS MORE SECURE

6

ATTACK FACTORper 100/employees

9.1 1.5 1.3

SAFELY ENABLING BUSINESS www.securelink.net13/06/2019

• Ransomware is hard work• Cryptojacking super easy• Inverse correlation

HIGH BITCOIN PRICE, HIGH SECURITY?

7

0

5

10

15

20

25

jan feb mrt apr mei jun jul aug sep okt nov dec jan feb mrt apr

Qtr1 Qtr2 Qtr3 Qtr4 Qtr1 Qtr2

2018 2019

CryptocurrencyMinerRansomware

SAFELY ENABLING BUSINESS www.securelink.net8

SAFELY ENABLING BUSINESS www.securelink.net

OPPORTUNITY FOR

VETERANCRIMINALS

2019-06-139

Quietly enter network• Look for value• Steal or extort value

Plan B• Destroy online back-ups• Ransom network• Extort enterprise ransom

SAFELY ENABLING BUSINESS www.securelink.net

THE POWEROF BIG NUMBERS

10

BIG DATA

RETAIL FRAUD

CREDIT CARD THEFT

RANSOMWARE &

MINING

BESPOKE ATTACKS

RANSOM / EXTORTION

ESPIONAGE

SAFELY ENABLING BUSINESS www.securelink.net13/06/2019

GEOPOLITICSTHE AGE OF CYBER WARFARE

11

Showing destruction

Filling budget gaps

Gentlemanspies

SAFELY ENABLING BUSINESS www.securelink.net

ARE YOU INTERESTING?

OR ARE YOU LUCKY?

TARGET

VICTIM

COLLATERAL

LUCKY122019-06-13

SAFELY ENABLING BUSINESS www.securelink.net13/06/2019

We stillencounter

“Wannacry”Sometimes for

understandablereasons

WE NEED TO EVOLVE, BUT… WE DON’T.

DepressingCSIRT tales

Single factor + cloud

= guaranteed

pwnage

13

SAFELY ENABLING BUSINESS www.securelink.net

RISK IS NOT WHAT IS

USED TO BE

• CxOs manage more risks than cyber• Talk about likeliness & impact, be “realistic”• Draw two lines in the sand

prevent

detect & respond

accept / insure

SAFELY ENABLING BUSINESS www.securelink.net2019-06-1315

SAFELY ENABLING BUSINESS www.securelink.net2019-06-13

• We need toevolve as peopleto keep in pace with tech

WE TALK THE TALK…

• We lackfoundation

• We lack visibility• Specifically on

the 1%

16

SAFELY ENABLING BUSINESS www.securelink.net2019-06-1317

SAFELY ENABLING BUSINESS

HTTPS://SECURELINK.NET/SMA

Download our 2019 SMA at: