Copyright Security-Assessment.com 2005 From The Trenches What we are seeing within security today by Nick von Dadelszen.

Slides:



Advertisements
Similar presentations
Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
Advertisements

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Security for Internet Every Day Use Standard Security Practices and New Threats.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Copyright Security-Assessment.com 2005 From The Trenches (Australia) What We Are Seeing Within Security Today by Peter Benson.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Copyright Security-Assessment.com 2005 Internet Security and Fraud Current Online Trends by Nick von Dadelszen.
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Quiz Review.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Securing Information Systems
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Internet Security Threat Report Volume 9. 2 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI What the.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Viruses.
Unit 2 - Hardware Computer Security.
Matthew Hardaway CSCI101 Thursday 3:30pm.  Fishing (Encyclopedia Britannica): ◦ Sport of catching fish—freshwater or saltwater— typically with rod, line,
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 
Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.
Staying Safe Online Keep your Information Secure.
IT security By Tilly Gerlack.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
Time lag between discovering issue and resolving Difficult to find solutions and patches that can help resolve issue Service outages expensive and.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Information Security MGMT Summer 2012 Night #4, Lecture Part 2.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.
Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
SURVEILLANCE The Fears of the Digital Age. Privacy –Identity –Anonymity Logging –Tracking Hacking Censorship State Security/Anti Terror Online The Discussion.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Local Threat Report Vikram Kumar – Chief Executive, InternetNZ 22/08/2012.
Hurdles in implementation of cyber security in India.
CS 4001Mary Jean Harrold1 Class 25 ŸComputer crime ŸAssign ŸTerm paper—due 11/20.
What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.
Information Security: Current Threats Marc Scarborough Information Security Officer
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
From viruses to theft Joakim von Braun Security Consultant von Braun Security Consultants Uppsala universitet
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Securing Information Systems
Seminar On Ethical Hacking Submitted To: Submitted By:
ISYM 540 Current Topics in Information System Management
Securing Information Systems
Stealing Credentials.
Information Technology Services Education and Awareness Team
Information Technology Services Education and Awareness Team
Defencebyte THE PERFECT SECURITY FOR YOUR COMPUTER.
Presentation transcript:

Copyright Security-Assessment.com 2005 From The Trenches What we are seeing within security today by Nick von Dadelszen

Copyright Security-Assessment.com 2005 Security-Assessment.com – Who We Are NZ’s only pure-play security firm Largest team of security professionals in NZ Offices in Auckland, Wellington and Sydney Specialisation in multiple security fields – Security assessment – Security management – Forensics / incident response – Research and development

Copyright Security-Assessment.com 2005 Continuing Security Trends Still seeing opportunity hacks “script-kiddie” style – Windows machine fresh installed will be hacked in approximately 20 minutes Virus levels continuing to increase Time-to-exploit once a vulnerability is known is continuing to go down The number of vulnerability advisories is increasing

Copyright Security-Assessment.com 2005

Zone-H.org Statistics 119.nz sites mirrored in the last month – Those are only the ones zone-h.org hears about Of those sites: – 98.co.nz, 12 are.org.nz, 7.net.nz, and 1 is.govt.nz Of all hacks on Zone-H.org: – 60% Linux, 30% Windows, 10% Other – (General web server statistics show 70% Linux, 20% Windows, 10% Other)

Copyright Security-Assessment.com 2005 Virus Statistics (from MessageLabs) Virus levels continuing to increase Virus ratio in – 2002 – 0.5% – 2003 – 3% – 2004 – 6% 2004 saw several large viruses including: – MyDoom – Netsky/Bagle war

Copyright Security-Assessment.com virus Levels

Copyright Security-Assessment.com 2005 Decreasing Time-to-exploit People patching sooner – 2003 – every 30 days the number of vulnerable systems reduces by 50% – 2004 – every 21 days the number of vulnerable systems reduces by 50% But time-to-exploit is decreasing as well – 80% of worms and automated exploits are targeting the first two half-life periods of critical vulnerabilities

Copyright Security-Assessment.com 2005 Vulnerability Half-Life

Copyright Security-Assessment.com 2005 Vulnerability Exploitation

Copyright Security-Assessment.com 2005 Secuna Statistics

Copyright Security-Assessment.com 2005 New Security Trends Organised crime on the rise Hacking for profit – CyberExtortion Targeting users as well as sites: – Key loggers – Trojans – Phishing – Browser-based attacks / spam / spyware

Copyright Security-Assessment.com 2005 Phishing Increases

Copyright Security-Assessment.com 2005 Phishing Trends Unique Phishing Attempts December 2003 – 113 Unique Phishing Attempts July 2004 – 1974 Unique Phishing Attempts February 2005 – 13,141 Now using different techniques, IM, pharming

Copyright Security-Assessment.com 2005 Organisations Targeted For Phishing Financial Institutions Auction Sites ISPs Online Retailers

Copyright Security-Assessment.com 2005 State of Security In New Zealand Patch process improving but… Majority of incidents investigated in the last year due to un-patched systems/mis- configurations Web applications still slow to improve security Organisations still leaving security until late in the development cycle

Copyright Security-Assessment.com 2005 State of Security in New Zealand Security awareness increasing Lack of incident response planning – Leads to increased response time Lack of business continuity planning – Leads to increased downtime Anyone can be a target: – Aria Farms

Copyright Security-Assessment.com 2005 Some Recent NZ Stories Online bankers blocked for spyware (12/3/2005) – TAB outage costs $320,000 (17/2/2005) – 002EC454?OpenDocument&pub=Computerworld Paradise tracks hackers (3/2/2005) – Hospital computer failure could be hackers (28/10/2004) – Ministry man cracks computer to steal $2m (30/9/2004) –

Copyright Security-Assessment.com 2005 More Recent NZ Stories Hacker breaks into firms’ phones (28/9/2004) – Aria Farms hacked - spurious recall notices sent (9/9/2004) – D?opendocument Bookies hit with online extortion (21/7/2004) – 5Enbv%5E,00.html Online credit-card fraudster jailed (31/5/2004) – Police called after National party website hacked (15/3/2004) –

Copyright Security-Assessment.com 2005 Questions?