Ransomware, Phishing and APTs Avoid Falling Victim to These Cyber Threats A webinar on: Cyber threats that can have crippling effects on the enterprise How to protect yourself against an attack What We’ll Cover: Cyber attacks are indiscriminate! What's in the news? Why you should care! The different types of attack and their anatomy Phishing Spear Phishing and Social Engineering Ransomware & CryptoLockers Hoaxes and Scams Why Traditional methods are no longer effective Defending yourself against the multiple attack vectors

It’s in the news... Email security is no longer just about preventing excessive spam and viruses – the attacks are real, they are sophisticated, and they are costly. Nearly every day there is a new story about malware – and a lot of it is ransomware, which can cost you dearly.

Ransomware Discoveries LockDroid KeRanger CryptoApp PayCrypt Encryptor RaaS XRTN Job Cryptor Troldesh VaultCrypt Hi Buddy Coinvault Tox Radamant Vipasana Zerolocker Cryptvault Unix.Ransomcrypt Hydracrypt Cryptowall TorrentLocker BandarChor CryptInfinite Umbrecrypt Gpcoder Reveton Urausy Nymaim Onion TeslaCrypt LowLevel404 Locky 2005 - 2012 2013 2014 2015 2016 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Kovter Browlock Linkup Slocker Cryptolocker2015 Dumb Ransom32 73v3n CTB-Locker/Citron Simplocker Maboua OSX POC CryptoJocker Synclocker Pacman Power Worm Nanolocker Virlock Pclock DMA-Locker LeChiffre Threat Finder Gomasom Magic Hidden Tear Chimera Locker Ginx ORX-Locker

Indiscriminate Anyone’s money will do just fine! Web based attacks are wide ranging From individuals being targeted all the way up to more strategic targets… Use multiple attack vectors

Its high impact! It’s not just your money that’s at stake! Lost revenues? It could also damage your company’s reputation… And workers jobs could be on the line if the demands are high enough. Hard earned money lost Revenues lost whilst down Reputation – look at Home depot – am I happy with them holding my credit card and profile information any longer? If there is enough of an impact due to ransom fees, will it cause people to loose jobs in a smaller company?

What will the next morph bring? Does your payment really mean you are free and clear? How long before we see Ransomware payments as temporary? Will one payment unlock you forever? When will ransomware morph into “Protection ware?”

Security Threats are Common During the past year 34% of organizations had an email phishing attack successfully infiltrate their network 30% of organizations had one or more endpoints infected with ransomware 29% of organizations had malware infiltrate through an unknown source 17% of organizations had sensitive/confidential info leaked through email 14% of organizations had an email spearphishing attack successfully infect one or more senior executives’ computers 12% of organizations were successfully infiltrated by a drive-by attack from employee Web surfing 11% of organizations were victims of a CEO Fraud/Business Email Compromise Attack Only 27% of organizations did not experience a security attack during the past 12 months ©2016 Osterman Research, Inc.

Ransomware, Malware and Hacking are Common One in nine organizations surveyed has been infiltrated by ransomware, malware or hacking because an employee has clicked on a phishing link or attachment. ©2016 Osterman Research, Inc.

What are Decision Makers Most Concerned About? Decision makers are most concerned about malware infiltration, phishing and ransomware. ©2016 Osterman Research, Inc.

Many Tools are Not Solving the Problem 61% of organizations report that Web-based threats blocked by their security infrastructure are staying the same or getting worse 53% of organizations report that ransomware blocked by their security infrastructure is staying the same or getting worse 51% of organizations report that the percentage of malware blocked by their security infrastructure is staying the same or getting worse ©2016 Osterman Research, Inc.

With attacks increasing in sophistication... What happens when an attack includes multiple threat vectors and threats across all deployment surfaces?

Multi-vector attacks Start with automatic reconnaissance Gain access to credentials Use credentials for back door entry Launch spear-phishing campaign Install APT/Ransomware Damage/Deface/Steal Data Demand Ransom

Multi Vector Attacks - Reconnaissance + Credentials Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… Identity Credentials Data… CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

Multi Vector Attacks – Credentials -> Access -> Installation of APT Reconnaissance Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… UN: abcd PW: #sdf45 APT Deface Websites Exfiltrate sensitive data CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

Multi Vector Attacks – Spear Phishing Reconnaissance Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… @ Earnings Call! CEO CEO AP Credentials ! AP Sally, Please urgently send $50,000 to ‘Big Corp’ ACME Bank Corp Routing# 3445886846999 AC# 5487 8798 8765 0966 Tommy (CEO) + CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

Multi Vector Attacks – Remote Users - Ransomware Mobile Users $ Coffee shops / Airports Reconnaissance Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… $$ CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

Multi Vector Attacks – Migration to Cloud SaaS Office365 CRM Cloud Security Public Cloud Web App Cloud Firewall Cloud WAF CRM Web App Exchange Cloud providers are responsible for cloud security. Customers are responsible for security in the cloud! In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

What we just learned 1 Threat Vectors 2 Threats 3 Platform Surfaces Any User 1 Threat Vectors Any App Any Platform Any Cloud 2 Threats From Any Where 3 Platform Surfaces

End-to-end Security and Data Protection From Barracuda Networks

End-to-end Security and Data Protection Detect Prevent Recover

Detect: The Barracuda Email Threat Scanner Cloud service that scans O365 mailboxes Find advanced sleeping threats Identifies owners of said threats Provides detailed reports and recommendations Free Survey: Scanned 1000s of O365 mailboxes Found threats in all O365 accounts Found 10s or 100s of threats per account You are already very likely harboring a threat!

Detect: Barracuda Vulnerability Manager Scan for web application vulnerabilities across entire website Detailed vulnerability scan reports Integration with Barracuda Web Application Firewall Free BVM Vulnerability Scan WAF Configuration & Profiles The BVM is tightly integrated with the WAF so that the BVM can scan applications for vulnerabilities and then automatically configure the WAF security policies to remediate those vulnerabilities. Web Users Applications

Prevent Spyware: Barracuda Web Security Gateway Spyware could be picked up by mobile / remote workers and transferred to the corporate network The Web Security Gateway will detect and prevent all outbound activity until remediation Block All Outbound Communication

Prevent Malware: Advanced Threat Detection Full system emulation sandbox Safely open files to identify risks Remote detonation of malicious payload Without compromising security at the expense of user experience Signatures Virus Protection Malware protection IP reputation Heuristics (static analysis) Sandboxing (dynamic analysis) Block File or Email Allow File or Email

Prevent Malware: ATD in Action Ransomware Outbreak March 2016 saw 8 variants of Locky hitting the internet in various mutations ATD was able to Detect and Prevent 7 of the 8 variants through the static analysis layers in < 1sec That day an 8th version hit ATD … which was blocked by Dynamic Analysis Layer in ~5minutes After the 8th version hit – dynamic analysis took care of the morph and classified it as Malicious in ~ 5 minutes. Afther that it was processed by the Static layers – so back to ~1 second The point here is that nothing gets through ATD! And the way ATD is architected makes it very efficient at filtering out 100% of threats. This makes for an exceptional user experience.

Prevent Malware: ATD in Action Open Source Virus False Positive – Opportunistic Hackers – Caught August 2016 - a public domain antivirus vendor releases signature, blocks all word docs of type .doc OLE –result security systems block all .doc files!! Meanwhile hackers watch public domain and see this. Security vendors then scramble to whitelist the .doc files. Attackers see opportunity - send bulk malicious .doc files that will evade defenses

Prevent Malware: ATD in Action Despite the attack, ATD was able to detect and prevent any malicious .doc files making it through

Prevent Hacks: Barracuda Web Application Firewall Inbound inspection for Layer 7 attacks Outbound inspection to protect against data theft via blocking or data masking Security for both inbound and outbound traffic Barracuda Web Application Firewall Based on reverse proxy technology Has bi-directional content inspection and security As a reverse proxy, it can load balance and accelerate application delivery

Prevent Phishing: Link Protection Continuously protects against malicious and typo-squatted links embedded in email

Recover Lost Data Comprehensive, cloud-integrated Backup solution Simple to deploy and easy to manage “Time Machine” type Backup Replaces multi-vendor piecemeal backup solutions Contains damage to time between backups

Barracuda Focus Solutions On-Premises Azure, AWS Public Cloud SaaS Barracuda Essentials Email Security Next-Gen Firewall Email Security Next-Gen Firewall Web Application Firewall Archiving Email Security Archiving Backup Archiving PST Mgt. Backup PST Mgt. Web Security

Data protection to the rescue Issue Infected by ransomware Unable to access data Resolution Didn’t even consider paying ransom Reverted to a point in time pre-infection via Barracuda Backup Industrial Engineering 500 Employees

Barracuda Security Secure all threat vectors and data At all locations Any User Secure all threat vectors and data At all locations Against all threats Across all attack surfaces Any App Any Platform Any Cloud From Any Where