guillaume lovet. kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
DESCRIPTION
Kokį pavojų kibernetiniai nusikaltimai kelia verslui? Kaip užkirsti jiems kelią? Pranešimo autorius – Guillaume Lovet, įmonės „Fortinet“ grėsmių tyrimų centro vadovas, garsus kibernetinių nusikaltimų ekspertas ir tyrėjas (Prancūzija) Pranešimas skaitytas konferencijoje – INFORMACINIŲ SISTEMŲ SAUGUMAS, vykusioje 2013 m. balandžio 11d., skirtoje valstybės institucijų ir valstybinės reikšmės organizacijoms.TRANSCRIPT
Fortinet Confidential
Cyber Threats Targetting Enterprises & Organizations
Guillaume Lovet
3 Times BlackHat Speaker
Pwnie Award Nominee
M.S. Georgia Tech
Sr. Manager FortiGuard
Agenda
Attack consequencesfor the enterprise
Attack consequencesfor the enterprise
Forms of attacksForms of attacks
DefenseDefense
Agenda
Attack consequencesfor the enterprise
Attack consequencesfor the enterprise
Forms of attacksForms of attacks
DefenseDefense
CONFIDENTIAL
Risks: What you don't want to happen
•Denial of Service (DoS) attack
•Data Theft
•Destruction
•Loss of Reputation
CONFIDENTIAL
• Denial of Service (DoS) attackFrom outside, by a Botnet / Zombie network (Example?)
From inside, on purpose or not (eg: Conficker Worm)
• Data Theft
• Destruction
• Loss of Reputation
Risks: What you don't want to happen
CONFIDENTIAL
• Denial of Service (DoS) attack
• Data TheftCustomer data (Example?)
Intellectual Property
Corporate Info (incl. banking credentials)
• Destruction
• Loss of Reputation
Risks: What you don't want to happen
CONFIDENTIAL
• Denial of Service (DoS) attack
• Data Theft
• DestructionData
Computer systems
Physical/Industrial systems (Example?)
• Loss of Reputation
Risks: What you don't want to happen
CONFIDENTIAL
• Denial of Service (DoS) attack
• Data Theft
• Destruction
• Loss of ReputationOften a consequence of the above
Top risk identified by UK companies (Aon Ltd, 2005)
Adds up to the rest. Example: $318/rec in 2010 (Ponemon)
Risks: What you don't want to happen
CONFIDENTIAL
Loss of Reputation: Heartland Breach
CONFIDENTIAL
•FinancialPay or I DdoS you! (eBay, Amazon...)
Selling stolen data (Heartland, Sony PSN?)
•CompetitiveIndustrial Spying (“Israeli Trojan”)
•Political / HacktivismEspionnage (Ghostnet, Quai D'Orsay, Operation Aurora)
Retaliation (Paypal, Master Card, Visa, Sony PSN?)
•MilitaryDDoS (Russia / Georgia)
Seek & Destroy Worm (Stuxnet)
The other side of the Mirror: Attackers’ Motivation
Agenda
Attack consequencesfor the enterprise
Attack consequencesfor the enterprise
Forms of attacksForms of attacks
DefenseDefense
CONFIDENTIAL
• Via stolen credentials (Phishing / Social Engineering / Insider)
• Via Exploitation of flaws
• Via Infection: Trojan Horses / Bots / Worms
Information System Penetration
CONFIDENTIAL
•E-Mail & IM
•Web Sites
•Social Networks
•Physical Infection Vectors
Multiple Infection Vectors
CONFIDENTIAL
• E-Mail & IMAttachments: executable, archives AND documentsLinks
• Web Sites
• Social Networks
• Physical Infection Vectors
Multiple Infection Vectors
Targeted attacks against Tibetan communities: Email infection
CONFIDENTIAL
• E-Mail & IM
• Web Sites 60% of bot infections: “Drive-By Install” (Enisa)
“Packs” available for purchase on the underground market
• Social Networks
• Physical Infection Vectors
Multiple Infection Vectors
CONFIDENTIAL
CONFIDENTIAL
• E-Mail & IM
• Web Sites
• Social NetworksIntelligence source for targeted attacksWorms (eg: Koobface)
• Physical Infection Vectors
Multiple Infection Vectors
CONFIDENTIAL
CONFIDENTIAL
CONFIDENTIAL
CONFIDENTIAL
• E-Mail & IM
• Web Sites
• Social Networks
• Physical Infection VectorsLaptopsUSB KeysCDs
Multiple Infection Vectors
Agenda
DefenseDefense
Attack consequencesfor the enterprise
Attack consequencesfor the enterprise
Forms of attacksForms of attacks
CONFIDENTIAL
You need AV, IPS, AS, WCF
Above all, you need them altogether
And most importantly, you need them working altogether
Goal: when facing a threat, be able to tackle it from different angles
=> Intelligent Redundancy
Key Elements to Modern Defense
CONFIDENTIAL
Phishing• Phish Letter blocked by AS• If not, blocked by AV• If not, Phish Site blocked by WCF
Backdoor / Bot• Binary blocked by AV• If not, access to C & C blocked by IPS• If not, by WCF=> The bot cannot “phone home”
Two Examples of Enhanced Security by Intelligent Redundancy