https://youtu.be/_IjCUT4UsbM

All Rights Reserved Secure64 – CONFIDENTIAL Ransomware Definition: Ransomware is a type of malicious software from cryptovirology* that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. *Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.

The Very Malicious World in 2017 Malware Ransomware (CryptoWall, Locky) Malvertising Trojans (Zeus malware family) Worms (Conficker) Mobile (Hiddad) Phishing Spearphishing W-2 phishing Botnets Mirai (IoT) Kelihos (spam) Many more… Source GData, April, 2017 All Rights Reserved Secure64 – CONFIDENTIAL

All Rights Reserved Secure64 – CONFIDENTIAL Origins of Ransomware Idea of using public key cryptography for data kidnapping introduced in 1996 by Adam L. Young and Moti Yung Extortionate ransomware became prominent in 2005 Development of Bitcoin led to resurgence of ransomware in 2013 – CryptoLocker CryptoLocker.F, TorrentLocker, and CryptoWall delivered through ransomware Trojans, although a variant of CryptoWall used malvertising

All Rights Reserved Secure64 – CONFIDENTIAL Impact of Ransomware

All Rights Reserved Secure64 – CONFIDENTIAL Impact of Ransomware In 2015, US companies paid out $24 million in ransom. In 2016, the FBI reported that $209 million was extorted from US businesses in the first three months – putting ransomware on track to become a $1 billion crime in 2016. Actual damage in 2017 is forecast to exceed $5 billion for destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.ⁱ ⁱhttps://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/

All Rights Reserved Secure64 – CONFIDENTIAL Impact of Ransomware

All Rights Reserved Secure64 – CONFIDENTIAL How Ransomware Works

Ransomware Goes Global in 2017 All Rights Reserved Secure64 – CONFIDENTIAL Ransomware Goes Global in 2017 From Aug 2016-March 2017 ransomware declined, but exploded after March - currently on track to set new records for the number of infections. Wanna Cry outbreak: Attack unprecedented in scale, which infected more than 230,000 computers in over 150 countries. The attack affected large companies including Telefonica, Fedex, Honda, Renault, the Russian Interior Ministry and more. Petya/NotPetya: Malware aimed to encrypt the master boot record. Modified version of Petya used for global cyberattack targeting Ukraine

WannaCry Permeates the Globe All Rights Reserved Secure64 – CONFIDENTIAL WannaCry Permeates the Globe

Firewall

Firewall Intrusion Prevention When you have inbound Internet traffic, at some point you will have to open a hole through your firewall. An Intrusion Detection and Prevention System evaluates a suspected intrusion once it has taken place, signals and alarm and makes attempts to stop it.

Firewall Intrusion Detection Intrusion Prevention IDS- is a device or software application that monitors a network or systems for malicious activity or policy violation

1. Intrusion Prevention Firewall 2. Intrusion Detection Other Applications 2. Intrusion Detection 1. Intrusion Prevention Custom APPS IDS- is a device or software application that monitors a network or systems for malicious activity or policy violation

3. SEIM- Security Information Event Management SEIM- combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms 3. SEIM- Security Information Event Management Firewall Other Applications 2. Intrusion Detection 1. Intrusion Prevention Custom APPS IDS- is a device or software application that monitors a network or systems for malicious activity or policy violation

3. SEIM- Security Information Event Management Cloud Encryption 4. Cloud Encryption 3. SEIM- Security Information Event Management Firewall Other Applications 2. Intrusion Detection 1. Intrusion Prevention Custom APPS

3. SEIM- Security Information Event Management Cloud Encryption Cloud Encryption 3. SEIM- Security Information Event Management Firewall Other Applications 2. Intrusion Detection 1. Intrusion Prevention 5. DNS Network Security Custom APPS

Solarwinds TRIPWIRE SecureScan for hidden devices FREE TOOLS Alien Vault’s ThreatFinder Powered by OTX - Open Threat Exchange Solarwinds TRIPWIRE SecureScan for hidden devices

LastPass Enterprise 1. Manage Password from Cloud 2. Multi Factor Authentication 3. Secure passwords with 1 buttom

ERASER Hard Drive Disposal

The Solution: Use the DNS as Defense All Rights Reserved Secure64 – CONFIDENTIAL The Solution: Use the DNS as Defense Users on the network can be prevented from visiting sites with malware Phishing and other malware links are identified Links are disabled & users do not get infected Infected users can be prevented from infecting the network Malware uses the DNS to contact C& C centers DNS hangs up the phone – and users are neutralized The DNS is now the ideal security policy enforcement point to block bot communications and user access to malicious sites

BYOD & IoT Protect ALL devices on the network…. All Rights Reserved Secure64 – CONFIDENTIAL BYOD & IoT Protect ALL devices on the network…. ………………..without installing or requiring users any software or requiring users to install software….. ………across all geographic locations

All Rights Reserved Secure64 – CONFIDENTIAL Introducing DNS Guard DNS Guard is a suite of Secure64 services that protect devices, the network, users and the corporate brand from malicious traffic. MalwareGuard Malicious software download sites Botnet command and control sites FraudGuard Phishing sites Spamvertising sites Counterfeit goods sites Other illegal sites Provides real-time security information to stop malicious activity on your network All Rights Reserved Secure64 – CONFIDENTIAL

All Rights Reserved Secure64 – CONFIDENTIAL How DNS Guard Works All Rights Reserved Secure64 – CONFIDENTIAL

DNS Guard makes business sense Protect corporate IP Reduce user support costs Reduce potential liability Protect your brand Increase user productivity All Rights Reserved Secure64 – CONFIDENTIAL

Next Step – Threat Assessment BOTNET / MALWARE DNS ANOMALIES DDoS ATTACK DNS TUNNEL Send us a pcap file of your traffic. We will analyze and report on malicious behavior. DETECTED Not Detected Not Detected Not Detected IP addresses that access domain names known to be botnet command and control enters or malware sites are detailed in Section 3. This report also indicates whether an IP address accesses seemingly random domain names to find a botnet center. Other DNS anomalies such as domain names that cause excessive recursion to authoritative nameservers are detailed in section 5. Denial of service attacks such as amplified floods, distributed attacks from many IP addresses using pseudo-random subdomain names, and other unusual burst activity are detailed in Section 2. IP addresses that are abusing your DNS system with DNS Tunnels such as IODINE and MAGIC TUNNEL are detailed in Section 4. All Rights Reserved Secure64 – CONFIDENTIAL