Copyright Security-Assessment.com 2005 From The Trenches (Australia) What We Are Seeing Within Security Today by Peter Benson.

Slides:

Advertisements

Similar presentations

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.

Advertisements

Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

PHISHING AND ANTI-PHISHING TECHNIQUES Sumanth, Sanath and Anil CpSc 620.

7 Effective Habits when using the Internet Philip O’Kane 1.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Bernhard van der Feen Product Solution Manager Security Microsoft.

1 Telstra in Confidence Managing Security for our Mobile Technology.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Copyright Security-Assessment.com 2005 From The Trenches What we are seeing within security today by Nick von Dadelszen.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Copyright Security-Assessment.com 2005 Internet Security and Fraud Current Online Trends by Nick von Dadelszen.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

Lesson 1: Understanding Browsers. This unit is a set of investigations into how to protect against digital threats, and how to detect digital crimes.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Securing Information Systems

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Internet Security Threat Report Volume 9. 2 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI What the.

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 

Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Introduction to Computer Ethics

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.

Copyright Security-Assessment.com 2004 Vulnerability Management Explained By Peter Benson.

Security at NCAR David Mitchell February 20th, 2007.

INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.

Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Get Safe Online Expert advice for everyone In association with.

Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.

Hurdles in implementation of cyber security in India.

Information Security: Current Threats Marc Scarborough Information Security Officer

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

From viruses to theft Joakim von Braun Security Consultant von Braun Security Consultants Uppsala universitet

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

Securing Information Systems

Securing Information Systems

Common Methods Used to Commit Computer Crimes

ISYM 540 Current Topics in Information System Management

Threats to computers Andrew Cormack UKERNA.

Securing Information Systems

Teaching Computing to GCSE

Information Security Session October 24, 2005

Prepared By : Binay Tiwari

Information Security Awareness

WJEC GCSE Computer Science

DhakaCom Bangladesh Cyber Security Status Global Perspective Mohammad Fakrul Alam dhakaCom Limited fakrul [at] dhakacom [dot] com

IP Addresses & Ports IP Addresses – identify a device on a network

Defencebyte THE PERFECT SECURITY FOR YOUR COMPUTER.

Presentation transcript:

Copyright Security-Assessment.com 2005 From The Trenches (Australia) What We Are Seeing Within Security Today by Peter Benson

Copyright Security-Assessment.com 2005 Security-Assessment.com – Who We Are Australasia’s pure-play security firm Largest team of security professionals in NZ Offices in Sydney, Auckland, Wellington Specialisation in multiple security fields – Security assessment – Security management – Forensics / incident response – Research and development

Copyright Security-Assessment.com 2005 Continuing Security Trends Still seeing opportunity hacks “script-kiddie” style – Windows machine fresh installed will be hacked in approximately 20 minutes Virus levels continuing to increase Time-to-exploit once a vulnerability is known is continuing to go down The number of vulnerability advisories is increasing

Copyright Security-Assessment.com 2005

Zone-H.org Statistics 473.au sites mirrored in the last month – Those are only the ones zone-h.org hears about Of those sites: – 334.com.au, 22.net.au, and 2 is.gov.au Of all hacks on Zone-H.org: – 60% Linux, 30% Windows, 10% Other – (General web server statistics show 70% Linux, 20% Windows, 10% Other)

Copyright Security-Assessment.com 2005 Virus Statistics (from MessageLabs) Virus levels continuing to increase Virus ratio in – 2002 – 0.5% – 2003 – 3% – 2004 – 6% 2004 saw several large viruses including: – MyDoom – Netsky/Bagle war

Copyright Security-Assessment.com virus Levels

Copyright Security-Assessment.com 2005 Decreasing Time-to-exploit People patching sooner – 2003 – every 30 days the number of vulnerable systems reduces by 50% – 2004 – every 21 days the number of vulnerable systems reduces by 50% But time-to-exploit is decreasing as well – 80% of worms and automated exploits are targeting the first two half-life periods of critical vulnerabilities

Copyright Security-Assessment.com 2005 Vulnerability Half-Life

Copyright Security-Assessment.com 2005 Vulnerability Exploitation

Copyright Security-Assessment.com 2005 Secuna Statistics

Copyright Security-Assessment.com 2005 New Security Trends Organised crime on the rise Hacking for profit – CyberExtortion Infrastructure maturing – Application level attacks on the increase New Attack Methodologies – GHDB (johhny.ihackstuff.com) – Wikto (Google attack tool)

Copyright Security-Assessment.com 2005 Googler

Copyright Security-Assessment.com 2005 New Security Trends Targeting users as well as sites: – Key loggers – Trojans – Phishing – Browser-based attacks / spam / spyware

Copyright Security-Assessment.com 2005 Phishing Increases

Copyright Security-Assessment.com 2005 Phishing Trends Unique Phishing Attempts December 2003 – 113 Unique Phishing Attempts July 2004 – 1974 Unique Phishing Attempts February 2005 – 13,141 Now using different techniques, IM, pharming

Copyright Security-Assessment.com 2005 Organisations Targeted For Phishing Financial Institutions Auction Sites ISPs Online Retailers

Copyright Security-Assessment.com 2005 State of Security In Australia / NZ Patch process improving but… Majority of incidents investigated in the last year due to un-patched systems/mis- configurations Organisations still leaving security until late in the development cycle

Copyright Security-Assessment.com 2005 State of Security in Australia / NZ Web applications still slow to improve security – Infrastructure attacks due to single point of security failure – Increasing application level attacks – Exposure of IP / directorys – Cross Site Scripting – SQL Injection – Open source code / poor coding root causes

Copyright Security-Assessment.com 2005 State of Security in Australia / NZ Security awareness increasing Lack of incident response planning – Leads to increased response time Lack of business continuity planning – Leads to increased downtime Compliance requirements driving behaviours – Increased regulatory controls – ISO 17799, SOX, California Disclosure Law Anyone can be a target: – Aria Farms

Copyright Security-Assessment.com 2005 Some Recent Australasian Stories Online bankers blocked for spyware (Marketscore) (12/3/2005) – Union boss applauds NSW anti-surveillance bill (4/5/2005) – Phone hackers tap into hospital (31/3/2005) – How to protect your computer (2005) – 5Enbv%5E,00.html 5Enbv%5E,00.html Antipodean hacker activity on the rise, now ranked 4th (2004) – =d # =d #

Copyright Security-Assessment.com 2005 More Recent Australasian Stories Bookies hit with online extortion (21/7/2004) – 0.html 0.html Internet banking 'no longer safe' (9/3/2004) – Network to research protection (2005) – 0.html 0.html Lapse at Melbourne IT Enabled Panix.com Hijacking – m_hijacking.html m_hijacking.html NZ jails Aussie bank hacker (21/10/2004) – 306%2D15318,00.html 306%2D15318,00.html

Copyright Security-Assessment.com 2005 Questions?