Embed Size (px)
Citation preview
© 2016 Avecto Ltdavecto.com
Containing the outbreakThe healthcare security pandemicJames MaudeSenior Security Engineer
2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
Introducing James Maude
James MaudeSenior Security Engineer
› Broad remit in endpoint security research, conducting in-depth analysis of malware and penetration testing to identify attack vectors and trends in the evolving security landscape.
› Active involvement in the security research community
› Background in Digital Forensics & Research
© 2016 Avecto Ltdavecto.com
What is happeningRansomware strains
Attack vectorsExplore solutions
Agenda
2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
Ransomware’s impact on the healthcare market has been headline news.
© 2016 Avecto Ltdavecto.com
Ransomware has exploded over the past 12 months
© 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
› Same group as successful Dridex banking trojan campaigns› Phishing Word document contains dropper macro› Encrypts data on local drives and network shares› Attempts to erase local backup copies of files
Locky Analysis
2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
› Evolves quickly, usually undetected ( VirusTotal )› Multiple strains tested in Avecto labs – all stopped proactively
2016 Avecto Ltdavecto.com
Locky Analysis
© 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com
Example of a free ransomware kit on the dark web
© 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com
Makes generating ransomware payloads easy
© 2016 Avecto Ltdavecto.com
› Low barrier to entry› Increasingly looking for high value targets› Network shares and mounted devices› Decrypting not an option› Constantly evolving to bypass defences
Ransomware Evolution
2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
› A lot of shared time critical data = high value› Aging and vulnerable systems› Admin rights required for legacy apps› Security not top of agenda
Why is healthcare a target?
2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
› 35% of NHS trusts run XP› 14% have no transition date set› Melbourne Health and QBot
The aging population
2016 Avecto Ltdavecto.com
blog.avecto.com
© 2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
CSOChief Security Officer
› Advanced network appliance› Patched and updated› Award winning AV software› SIEM and SOC› User opens a word doc..
How good security can be undermined by ransomware
© 2016 Avecto Ltdavecto.com
How to prevent the infection?
2016 Avecto Ltdavecto.com
© 2016 Avecto Ltdavecto.com
› Right medicine in the right dose› Least Privilege
› Screen and establish a baseline› Whitelist
› Isolate the vulnerable› Sandbox applications that
introduce infections
Immunisation
2016 Avecto Ltdavecto.com
As recommended by:
© 2016 Avecto Ltdavecto.com
• Isolates browser, downloaded content and email attachments• Mitigates ransomware / web threats• Protect data and contain unknown threats
• #1 Defense strategy• Easy to achieve whitelisting• Regain control of unknown applications
• Mitigates 85% Critical Windows vulnerabilities• Protect user and system• Privileges when you need them
© 2016 Avecto Ltdavecto.com
Preventing ransomware in healthcare is possible!
1.
Get proactive, reduce the
attack surface2.
Foundational security
starts with the endpoint
3.
Prevention is possible
Visit www.avecto.com for more details.
