IBM 2016 Cyber Security Intelligence Index

And you thought you could trust her/him

Definitions Security Event Security attack Security incident An event on a system or network detected by a security device or application. Security attack A security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security incident An attack or security event that has been reviewed by security analysts and deemed worthy of deeper investigation. IBM

Less Attacks more Incidents

Attacks by industry - Five of the eight largest healthcare security breaches since 2010 took place in 2015 - In 2015 over 100 million healthcare records were compromised

Nature of the incidents Shellshock, a 20 year old vulneravility was very popular

Cisco 2015 Security Annual Report

Users becoming the weakest link The Cisco 2016 Annual Security Report—which presents research, insights, and perspectives from Cisco Security Research—highlights the challenges that defenders face in detecting and blocking attackers who employ a rich and ever-changing arsenal of tools.

Major developments and discoveries The largest Angler exploit kit operation in the United States, and SSHPsychos, one of the largest distributed denial of service (DDoS) botnets were identified and weakened considerably. Thanks to the collaboration of the industry Cisco, Level 3 Threat Research Lab, Limestone Malicious browser extensions can be a major source of data leakage for businesses and are a widespread problem. We estimate that more than 85 percent of organizations studied are affected by malicious browser extensions. Well-known botnets like Bedep, Gamarue, and Miuref represented the majority of botnet command-and- control activity. Cisco’s analysis of malware validated as “known bad” found that the majority of that malware—91.3%—uses the Domain Name Service (DNS) to carry out attacks.

Major developments and discoveries HTTPS has reached a tipping point: it will soon become the dominant form of Internet traffic It protects costumers but makes the security community to track threads Many sites created with WordPress are compromised and used by bad actors Aging infrastructure is growing and leaves organizations increasingly vulnerable to compromise. Out 115,000 Cisco devices analyzed 92% were running software with known vulnaribilies 31% are “end of sale” 8% are “end of life” 59% of organizations said their security infraestructure was “very up to date” (64% in 2014) 48% of SMBs said they used web security (59% in 2014) 29% of SMBs said they used patching and configuration tools (39% in 2014)

Symantec Global Intelligence Network 63.8 million attack sensors Records thousands of events per second 157 countries Combination of Symantec products and services Deeplight, Intelligeneces, Managed Security Services, Norton consumer products, other third party data sources and decoy accounts 74,180 recorded vulnerabilties (over more than two decades

Zero Day Vulnerabilities A New Zero-Day Vulnerability was Discovered on Average Each Week in 2015 54 in 2015 23 in 2013 (more than double than 2012) 24 in 2014 The hunt for zero days is being professionalized. When The Hacking Team was exposed in 2015 as having at least six zero-days in its portfolio Four of the five most exploited zero-day vulnerabilities in 2015 were Adobe Flash They target popular software

Personal Information Stolen Over half a billion personal records in 2015 A lot of companies are not reporting the full extent of their data breaches 85% increase 429 million reported 23% increase Nine mega-breaches in 2015 Mega-breach → more than 10 million records In 2015 191 million were exposed in one mega- breach Companies choosing to hold back critical details is a disturbing trend Transparency is critical to security

Web sites Web administrators still struggle to stay current on patches Over one million web attacks against people each and every day in 2015 Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users because website administrators fail to secure their websites More than 75% of all legitimate websites have unpatched vulnerabilities. 15% of legitimate websites have vulnerabilities deemed ‘critical’ it takes trivial effort for cybercriminals to gain access and manipulate these sites for their own purposes

Spear-Phishing Attacks Targeting employees increased 55% in 2015 Steady increase in attacks targeting businesses with less than 250 employees 43% increase One company of 35 employees Was a victim. The attacker was a competitor which hid in the network for two years, straling customer and pricing information No business is without risk The Butterfly gang steals information to use in stock manipulation.

Ransomware 35% increase in 2015 It is evolving Locker-style → Crypto-style It moved from Pcs to smart phones MAC and Linux systems were also attacked Symantec demonstrated (proof-of-concept) Attacks to smart watches and TV sets

Fake technical Supprt Symantec Blocked 100 Million Fake Technical Support Scams in 2015 Discovered first in 2010 Has evolved from cold-calling unsuspecting victims to the attacker fooling victims into calling them directly Pop-ups that alert of a serious problem Stearing the victim to an 800 number Where a “technical support representative” is waiting Netflix expanded into new countries Accounts sold in the black market The accounts information was stolen via phishing or malware

Web based attacks

Geography of Web-based attacks

Geography of local threats

Vulnerable applications used in attacks Corporate Users

Vulnerable applications used in attacks Home Users

Type of attacked applications

Ransomware

Predictions No more APTs Ransomware continues Advanced Persistent Threat To reduce traces left to avoid detection Ransomware continues To other platforms (Linux, Mobile, OS X) how much would you be willing to pay to regain access to your TV programming? Your fridge?, Your car? Financial Crimes at the highest level POS, ATM ApplePay and AndroidPay

Predictions Attacks on Security Vendors IDA and Hiew OllyDbg and WinDbg Vmware and VirtualBox Github PGP