Key Security Insights: Examining 2014 to predict emerging threats

MT 41 Key Security Insights: Examining the past to predict future threats

Dell Security threat intelligence

Global Response Intelligent Defense (GRID) Network

• Threat research team

• Active participant in leading research organizations

• World-wide monitoring

• Advanced tracking and detection (i.e. Honeypots and Sandboxing)

• Continuous real-time counter-threat intelligence

• Industry leading responsiveness

4.7 billion | intrusions blocked daily by Dell firewalls

58% | Increase in intrusion attempts in 2014

4.2 billion | Malware attacks blocked by Dell firewalls in 2014

2X | Growth in unique malware attacks in 2014

Top Malware

Spin-offs of Cryptolocker for both Windows and Android platforms1

Wirelurker malware targeting iOS2

Point-of-sale malware used for targeted attacks against big retail chains3

Global Marketing

The top malware delivery methods are not surprising

Website download

Text message (SMS)

Phishing

Portable device (USB)

14% | increase in web applications used in 2014

What did we find last year?

Q1 2014 Q2 2014 Q3 2014 Q4 2014 Q1 2015 Q2 2015 Q3 2015

TARGET

MICHAELS

NEIMANMARCUS

AARON BROTHERS

SALLY BEAUTY

PF CHANGS

ALBERTSONS

UPS

STAPLES

HOME DEPOT

GOODWILL

KMART

DAIRY QUEEN

SONY

ANTHEM

OFFICE OF PERSONNEL

MANAGEMENT

ASHLEY MADISON

BLUE CROSS

HARVARD UNIVERSITY

3X more POS malware

countermeasures deployed

in 2014

Punkey(April 2015)

NewPosThings.C(April 2015)

PoSeidon(March 2015)

POS.UCC: a new multi-component POS malware

(February 2015)

What does this new POS malware do?

•Searches system registry for VNC passwords

•Scraping the memory of current processes for credit card information periodically

•Transfer credit card data in Base64 format to the command and control (C&C) server

2015 has been busy

Are you inspecting HTTPS traffic today?

Yes

No

Not sure

1

Many of your users’ web sessions are encrypted with HTTPS

Encrypted web traffic growth

315%

66%

470%

Source: http://bit.ly/1MHk70k

SSL comprises 1/3 of typical enterprise traffic

SSL traffic is growing 20% per year

50% of all attacks are predicted to use SSL by 2017

Google represents over half of all encrypted web traffic

December 2014

SSL web connections increased 109% in 2014

60%

40%

2

By Jeremy Kirk, IDG News Service, Jul 27, 2015

You can’t protect what you can’t see — attacks unseen by most firewalls

“…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”

Global Marketing

Supervisory Control and Data Acquisition (SCADA) Systems

Global Marketing

SCADA presents some significant security challenges

Large-scale

Easy to use

Open design

Insecure

Attacks doubled on SCADA systems

SCADA Hits Monthly

3

Top SCADA attack methods

Source: ICS-CERT and National Vulnerability Database

More highly targeted smartphone malware emerges

ATTACKS

OF 2014

AndroidLockerSimpleLocker

AndroRATDendroid

WindseekerWirelurker

4

0

Android Titanium malware hides all its malicious code in a library file

(April 2015)

http://bit.ly/1Phq4lg

What the background services do?

Captures sensitive user information such as Phone number, OS and MAC address

Collects SMS related data on the device and sends it to the server

Collects call related information on the device and sends it to the server

Monitors and sends status of the device screen while its active or in standby

Two Bitcoin exchanges forced to close due to losses from 2014 attacks:

1. Mt. Gox 2. Flexcoin

Poloniex was hacked

for 12.3% of its

reserve

Digital currencies including Bitcoin will continue to be targets of mining attacks

By the end of 2015:

• Bitcoin wallets estimated to reach 12 million

• Number of vendors accepting Bitcoin is expected to be more than 140,000

5

Source: State of Bitcoin 2015: Ecosystem Grows Despite Price Decline,”

CoinDesk, January 7, 2015,

Key Takeaways

• Choose a security framework to establish security baselines

• Conduct annual security training for everyone

• Establish multiple layers of network security including wireless

• Keep security services active and up-to-date

• Make your endpoints secured as they can be

Protect Comply Enable

Better security for better business.

User – Identity and Access Management

Endpoint

(Datacenter – Edge)

Network

(Perimeter and beyond)

Data and Application

(On-premises – Cloud)

Managed Security Services Security Intelligence and Response

Strategically connect solutions to enable better outcomes

Download the2015 Dell Security

Annual Threat Report

https://marketing.sonicwall.com/whitepaper/dell-network-security-threat-report-2014874708/

Thank You!