Upload
inuit-ab
View
68
Download
6
Tags:
Embed Size (px)
Citation preview
1 Victim Demographics
2 Data and Systems Targeted
3 Intrusion Methods
4 Indicators of Compromise
5 Detection Statistics
6 Understanding Widespread Malware
7 Actions and Recommendations
2014 GSR: AGENDA
Welcome…
1 Victim Demographics
2 Data and Systems Targeted
3 Intrusion Methods
4 Indicators of Compromise
5 Detection Statistics
6 Understanding Widespread Malware
7 Actions and Recommendations
2014 GSR: AGENDA
2014 GSR: SUMMARY OF FINDINGS
1. More victims, more breaches
2. Shift in data types
3. Similar targets and methods as past years
4. Self detection = early detection
5. Response is key
ATTACK SOURCE
IP ADDRESSES
LOCATION OF
VICTIMS
19% United States 4% Germany
18% China 4% United Kingdom
16% Nigeria 4% Japan
5% Russia 3% France
5% Korea 3% Taiwan
19% Other Countries
19% United States 1% Mauritus
14% United Kingdom 1% New Zealand
11% Australia 1% Ireland
2% Hong Kong 1% Belgium
2% India 1% Canada
7% Other Countries
35% 18%
11%
RET
AIL
FOO
D &
BEV
ERA
GE
HO
SP
ITA
LIT
Y
35% RETAIL
18% FOOD & BEVERAGE
11% HOSPITALITY
9% FINANCE
8% PROFESSIONAL SERVICES
6% TECHNOLOGY
4% ENTERTAINMENT
3% TRANSPORTATION
2% HEALTH CARE
4% OTHER
33% INCREASE IN
NON-CARD DATA
TARGETED
POS payment
card data
(track data)
45%
36%
19%
Non-payment
card data
E-commerce
payment card data
Businesses often…
1. Don’t centralize logging
2. Log but don’t monitor
3. Log the wrong things
important because…
ANOMALOUS ACCOUNT ACTIVITY
UNEXPLAINED OR SUSPICIOUS OUTBOUND DATA
NEW AND/OR SUSPICIOUS FILES DROPPED
GEOGRAPHIC ANOMALIES IN LOGINS
UNEXPLAINED OR SUSPICIOUS CHANGES TO THE WINDOWS REGISTRY
EVIDENCE OF LOG TAMPERING
EVIDENCE OF TAMPERING WITH ANTI-VIRUS SERVICES
ANOMALOUS SERVICE ACTIVITY (SERVICES ADDED, STOPPED OR PAUSED)
INTERRUPTION IN THE PAYMENT PROCESS FLOW (E-COMMERCE)
UNEXPLAINED ACCESS TO ADMINSTRATION CONSOLES OR WEB ADMIN (E-COMMERCE)
MALWARE STRAINS:
PASSWORD STEALERS
BANKING TROJANS
DDOS BOTS
RANSOMWARE
FAKE UPDATES OR ANTI-VIRUS
CRYPTO-CURRENCY MINER
POINT-OF-SALE MALWARE
SPAMBOTS
85% OF EXPLOITS
DETECTED WERE OF
THIRD-PARTY PLUG-INS
INCLUDING JAVA AND
ADOBE FLASH, ACROBAT
AND READER
TO DO LIST:
1. Educate employees on best
security practices through
security awareness training.
2. Invest in gateway security
technologies to protect
networks and users against
zero-day exploits, targeted
malware and blended
threats.
TO DO LIST:
1. Implement and enforce
strong password policies for
employees.
2. Change default and “admin”
passwords immediately.
3. Consider two-factor
authentication solutions.
TO DO LIST:
1. Know your data - discover all
types of sensitive data
across your environment.
2. Combine ongoing scanning
and testing across all assets
- endpoint, network,
application and database -
so you can identify and fix
flaws before an attacker
finds them.
TO DO LIST:
1. Pit a security expert against
your network hosts,
applications and databases
for a real-world threat
perspective.
2. Test resilience of your
systems with regular
penetration testing.
TO DO LIST:
1. Develop, institute, and
rehearse an incident
response plan.
2. Ensure ongoing security
training and education of
your IT staff.
3. Consider a MSSP for expert
help, including ongoing
tuning of your technologies
and continuous threat
monitoring.
IN CLOSING, SECURITY IS:
1. A continuous process
2. Compliance != Security
3. Is bigger than the IT dept
4. Is an effective combination:
• of People
• pf Process
• of Technology; AND
• of expert partners