Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ransomware, Phishing and APTs

Published byEric Francis Modified over 7 years ago

Similar presentations

Presentation on theme: "Ransomware, Phishing and APTs"— Presentation transcript:

1 Ransomware, Phishing and APTs
Avoid Falling Victim to These Cyber Threats A webinar on: Cyber threats that can have crippling effects on the enterprise How to protect yourself against an attack What We’ll Cover: Cyber attacks are indiscriminate! What's in the news? Why you should care! The different types of attack and their anatomy Phishing Spear Phishing and Social Engineering Ransomware & CryptoLockers Hoaxes and Scams Why Traditional methods are no longer effective Defending yourself against the multiple attack vectors

2 It’s in the news... security is no longer just about preventing excessive spam and viruses – the attacks are real, they are sophisticated, and they are costly. Nearly every day there is a new story about malware – and a lot of it is ransomware, which can cost you dearly.

3 Ransomware Discoveries
LockDroid KeRanger CryptoApp PayCrypt Encryptor RaaS XRTN Job Cryptor Troldesh VaultCrypt Hi Buddy Coinvault Tox Radamant Vipasana Zerolocker Cryptvault Unix.Ransomcrypt Hydracrypt Cryptowall TorrentLocker BandarChor CryptInfinite Umbrecrypt Gpcoder Reveton Urausy Nymaim Onion TeslaCrypt LowLevel404 Locky 2005 - 2012 2013 2014 2015 2016 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Kovter Browlock Linkup Slocker Cryptolocker2015 Dumb Ransom32 73v3n CTB-Locker/Citron Simplocker Maboua OSX POC CryptoJocker Synclocker Pacman Power Worm Nanolocker Virlock Pclock DMA-Locker LeChiffre Threat Finder Gomasom Magic Hidden Tear Chimera Locker Ginx ORX-Locker

4 Indiscriminate Anyone’s money will do just fine!
Web based attacks are wide ranging From individuals being targeted all the way up to more strategic targets… Use multiple attack vectors

5 Its high impact! It’s not just your money that’s at stake!
Lost revenues? It could also damage your company’s reputation… And workers jobs could be on the line if the demands are high enough. Hard earned money lost Revenues lost whilst down Reputation – look at Home depot – am I happy with them holding my credit card and profile information any longer? If there is enough of an impact due to ransom fees, will it cause people to loose jobs in a smaller company?

6 What will the next morph bring?
Does your payment really mean you are free and clear? How long before we see Ransomware payments as temporary? Will one payment unlock you forever? When will ransomware morph into “Protection ware?”

7 Security Threats are Common
During the past year 34% of organizations had an phishing attack successfully infiltrate their network 30% of organizations had one or more endpoints infected with ransomware 29% of organizations had malware infiltrate through an unknown source 17% of organizations had sensitive/confidential info leaked through 14% of organizations had an spearphishing attack successfully infect one or more senior executives’ computers 12% of organizations were successfully infiltrated by a drive-by attack from employee Web surfing 11% of organizations were victims of a CEO Fraud/Business Compromise Attack Only 27% of organizations did not experience a security attack during the past 12 months ©2016 Osterman Research, Inc.

8 Ransomware, Malware and Hacking are Common
One in nine organizations surveyed has been infiltrated by ransomware, malware or hacking because an employee has clicked on a phishing link or attachment. ©2016 Osterman Research, Inc.

9 What are Decision Makers Most Concerned About?
Decision makers are most concerned about malware infiltration, phishing and ransomware. ©2016 Osterman Research, Inc.

10 Many Tools are Not Solving the Problem
61% of organizations report that Web-based threats blocked by their security infrastructure are staying the same or getting worse 53% of organizations report that ransomware blocked by their security infrastructure is staying the same or getting worse 51% of organizations report that the percentage of malware blocked by their security infrastructure is staying the same or getting worse ©2016 Osterman Research, Inc.

11 With attacks increasing in sophistication...
What happens when an attack includes multiple threat vectors and threats across all deployment surfaces?

12 Multi-vector attacks Start with automatic reconnaissance
Gain access to credentials Use credentials for back door entry Launch spear-phishing campaign Install APT/Ransomware Damage/Deface/Steal Data Demand Ransom

13 Multi Vector Attacks - Reconnaissance + Credentials
Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… Identity Credentials Data… CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

14 Multi Vector Attacks – Credentials -> Access -> Installation of APT
Reconnaissance Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… UN: abcd PW: #sdf45 APT Deface Websites Exfiltrate sensitive data CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

15 Multi Vector Attacks – Spear Phishing
Reconnaissance Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… @ Earnings Call! CEO CEO AP Credentials ! AP Sally, Please urgently send $50,000 to ‘Big Corp’ ACME Bank Corp Routing# AC# Tommy (CEO) + CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

16 Multi Vector Attacks – Remote Users - Ransomware
Mobile Users $ Coffee shops / Airports Reconnaissance Access to Credentials / Data Use Credentials for Backdoor Access APT installation Damage, Deface… Spear Phishing Remote Users & Ransom… $$ CRM Web App Exchange In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

17 Multi Vector Attacks – Migration to Cloud
SaaS Office365 CRM Cloud Security Public Cloud Web App Cloud Firewall Cloud WAF CRM Web App Exchange Cloud providers are responsible for cloud security. Customers are responsible for security in the cloud! In the next few slides we build up a scenario. This is not a simple one shot attack, but rather it’s purpose is to illustrate the development of a campaign. It illustrates the need for a comprehensive approach to security, where the sum of the products is greater than the capabilities of the individual components. Not we are not saying that this is typical, but whether they happen at the same time or over a period of time with individual attacks, the security measures put in place are just as important to achieve comprehensive security.

18 What we just learned 1 Threat Vectors 2 Threats 3 Platform Surfaces
Any User 1 Threat Vectors Any App Any Platform Any Cloud 2 Threats From Any Where 3 Platform Surfaces

19 End-to-end Security and Data Protection From Barracuda Networks

20 End-to-end Security and Data Protection
Detect Prevent Recover

21 Detect: The Barracuda Email Threat Scanner
Cloud service that scans O365 mailboxes Find advanced sleeping threats Identifies owners of said threats Provides detailed reports and recommendations Free Survey: Scanned 1000s of O365 mailboxes Found threats in all O365 accounts Found 10s or 100s of threats per account You are already very likely harboring a threat!

22 Detect: Barracuda Vulnerability Manager
Scan for web application vulnerabilities across entire website Detailed vulnerability scan reports Integration with Barracuda Web Application Firewall Free BVM Vulnerability Scan WAF Configuration & Profiles The BVM is tightly integrated with the WAF so that the BVM can scan applications for vulnerabilities and then automatically configure the WAF security policies to remediate those vulnerabilities. Web Users Applications

23 Prevent Spyware: Barracuda Web Security Gateway
Spyware could be picked up by mobile / remote workers and transferred to the corporate network The Web Security Gateway will detect and prevent all outbound activity until remediation Block All Outbound Communication

24 Prevent Malware: Advanced Threat Detection
Full system emulation sandbox Safely open files to identify risks Remote detonation of malicious payload Without compromising security at the expense of user experience Signatures Virus Protection Malware protection IP reputation Heuristics (static analysis) Sandboxing (dynamic analysis) Block File or Allow File or

25 Prevent Malware: ATD in Action
Ransomware Outbreak March 2016 saw 8 variants of Locky hitting the internet in various mutations ATD was able to Detect and Prevent 7 of the 8 variants through the static analysis layers in < 1sec That day an 8th version hit ATD … which was blocked by Dynamic Analysis Layer in ~5minutes After the 8th version hit – dynamic analysis took care of the morph and classified it as Malicious in ~ 5 minutes. Afther that it was processed by the Static layers – so back to ~1 second The point here is that nothing gets through ATD! And the way ATD is architected makes it very efficient at filtering out 100% of threats. This makes for an exceptional user experience.

26 Prevent Malware: ATD in Action
Open Source Virus False Positive – Opportunistic Hackers – Caught August a public domain antivirus vendor releases signature, blocks all word docs of type .doc OLE –result security systems block all .doc files!! Meanwhile hackers watch public domain and see this. Security vendors then scramble to whitelist the .doc files. Attackers see opportunity - send bulk malicious .doc files that will evade defenses

27 Prevent Malware: ATD in Action
Despite the attack, ATD was able to detect and prevent any malicious .doc files making it through

28 Prevent Hacks: Barracuda Web Application Firewall
Inbound inspection for Layer 7 attacks Outbound inspection to protect against data theft via blocking or data masking Security for both inbound and outbound traffic Barracuda Web Application Firewall Based on reverse proxy technology Has bi-directional content inspection and security As a reverse proxy, it can load balance and accelerate application delivery

29 Prevent Phishing: Link Protection
Continuously protects against malicious and typo-squatted links embedded in

30 Recover Lost Data Comprehensive, cloud-integrated Backup solution
Simple to deploy and easy to manage “Time Machine” type Backup Replaces multi-vendor piecemeal backup solutions Contains damage to time between backups

31 Barracuda Focus Solutions
On-Premises Azure, AWS Public Cloud SaaS Barracuda Essentials Security Next-Gen Firewall Security Next-Gen Firewall Web Application Firewall Archiving Security Archiving Backup Archiving PST Mgt. Backup PST Mgt. Web Security

32 Data protection to the rescue
Issue Infected by ransomware Unable to access data Resolution Didn’t even consider paying ransom Reverted to a point in time pre-infection via Barracuda Backup Industrial Engineering 500 Employees

33 Barracuda Security Secure all threat vectors and data At all locations
Any User Secure all threat vectors and data At all locations Against all threats Across all attack surfaces Any App Any Platform Any Cloud From Any Where

34

Download ppt "Ransomware, Phishing and APTs"

Similar presentations

LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Hacker Zombie Computer Reflectors Target.

Hacker Zombie Computer Reflectors Target.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Email Security Version 6.1 | August 2014. Need for Complete Email Security Stop email threats at the perimeter High volume spam, phishing, viruses and.

Security Version 6.1 | August Need for Complete Security Stop threats at the perimeter High volume spam, phishing, viruses and.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
© 2015 IBM Corporation John Guidone Account Executive IBM Security 267-238-3407 IBM MaaS360.

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda
Barracuda Essentials for Office 365 Barracuda Essentials combines three proven cloud-based solutions enhance Office 365 deployments, making it easy to.

Barracuda Essentials for Office 365 Barracuda Essentials combines three proven cloud-based solutions enhance Office 365 deployments, making it easy to.
Www.spiceworks.com. www.gntsolutions.com R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING EMAIL CAMPAIGNS,

R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.

KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Are you the Next Cybercrime Headline?

Are you the Next Cybercrime Headline?

Similar presentations

Ads by Google