Embed Size (px)
Citation preview
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
LEARNING EXPERIENCES FROM VERIZON BREACH INVESTIGATIONS
Kenneth Hee Director, APAC Identity Management & Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
2014 Verizon Data Breach Investigations Report
50 CONTRIBUTING GLOBAL ORGANIZATIONS
1,367 CONFIRMED DATA BREACHES
63,437 SECURITY INCIDENTS
95 COUNTRIES REPRESENTED
95 THE UNIVERSE OF THREATS
MAY SEEM LIMITLESS,
BUT 92% OF THE 100,000
INCIDENTS VERIZON
ANALYZED FROM THE LAST 10
YEARS CAN BE DESCRIBED BY
JUST NINE BASIC PATERNS.
%
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
50 Contributors from Around the World
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
HOURS
DAYS
WEEKS
The Threat Landscape is Changing
Cyber attacks happen faster and more often than ever—and they're harder to discover.
FREQUENCY
Multiple attacks
happen per second.
COMPROMISE
87% of point-of-sale attacks
compromised systems in
minutes or less.
DISCOVERY
62% of cyber-espionage
breaches took months
to discover.
SECONDS MINUTES MONTHS
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
All Industries are affected
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Motive
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 9
Organized Crime
55%
Espionage
24% Hacktivists
2%
Source: Verizon Data Breach Investigations Report, 2013
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 10
Hacktivists
Industry: Target: Source: Methods:
Information, public, other services Personal information, credentials, organizational data Western Europe and North America SQL injections and stolen credentials
Source: Verizon Data Breach Investigations Report, 2013
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 11
Espionage
Industry: Target: Source: Methods:
Manufacturing, professional, and transport Credentials, internal data, trade secrets Worldwide Malware, social, command and control
Source: Verizon Data Breach Investigations Report, 2013
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 12
Organized Crime
Industry: Target: Source: Methods:
Finance and Retail Payment cards, credentials, and bank accounts Eastern Europe and North America Brute force hacking and malware
Source: Verizon Data Breach Investigations Report, 2013
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Merchant
Issuing Bank (Consumer Bank)
Card Holder (Consumer)
Payment Card Processors
TranUnion Equifax Experian Korea Credit Bureau
7-Eleven Woolworths
Lotte
Credit Bureaus
Commonwealth Citibank Agricultural Bank of China
PNC BluePay PayPal Merchant One
BC Card, Korea Samsung Card NAB, Australia Citibank, Singapore
Collection Agency
SquareTwo Euler Hermes Atradius
Payment Card Industry Acquiring Bank
(Merchant Bank)
13
Follow The Money
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Attacker phishes third party contractor
Malware sends credit card data to internal server; sends custom ping to notify
Malware scrapes RAM for clear text credit card stripe data
Finds and infects internal Windows file server
Attacker uses stolen credentials to access contractor portal
Stolen data exfiltrated to FTP Servers
Finds & infects point of sale systems with malware
PERIMETER
Anatomy of a Breach Millions of consumers effected
14
5 Years of Threat Actions
5 Years of Threat Actions: Phishing leading to Stolen Credential
5 Years of Threat Actions: RAM Scrapers
5 Years of Threat Actions: RAM Scrapers and Keyloggers
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 19
Stolen Credentials
1. Attacker phishes privileged employee or contractor
2. Steals privileged user credentials
3. Uses credentials to access sensitive data, hiding under radar
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 20
SQL Injection Attack
statement = "SELECT * FROM users
WHERE name ='" + userName + "';"
1. Attacker inserts bad SQL into web application field
2. SQL takes advantage of application code vulnerability
3. Injection communicates through to database and reads/writes to data
Name: Address: Phone:
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 21
Data breaches detected by anti-virus programs or intrusion detection systems
0%
Source: Verizon 2013 Data Breach Investigations Report
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 22
THE RISKS ARE INSIDE SIMPLE GOVERNANCE CAN REDUCE THE RISK EXPOSURE
80%
TARGET WEAK PASSWORDS
85%
ATTACKS TAKE 5 MINUTES OR
LESS
76%
OF ORGANIZATIONS TAKE 6 MONTHS+
TO PATCH DB’s
50%
MALWARE PROPOGATE BY
MISCONFIGURATION
VDIR 2014 VDIR 2014 IOUG 2013 VDBIR 2014
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 23
Discover
Classify
Risk
Analysis
Audit
Controls
Risk
Mitigation
Quality of
Service approach
that aligns with business
requirements and
automates controls.
Establishes ongoing
TAKE A SYSTEMATIC VIEW
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 24
INSIDE OUT
SECURITY DEFENSE IN-DEPTH
SECURE WHAT’S STRATEGIC
