Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Analysis of Recent Cyber Attacks WADE WILLIAMSON.

Published byJustice Burrell Modified over 10 years ago

Similar presentations

Presentation on theme: "An Analysis of Recent Cyber Attacks WADE WILLIAMSON."— Presentation transcript:

1 An Analysis of Recent Cyber Attacks WADE WILLIAMSON

2 Introducing Vectra Networks Investors Jim Messina CEO, The Messina Group Board Hitesh Sheth President & CEO, Vectra Eric Wolford GP, Accel Ventures Charles Giancarlo Advisor, Silver Lake Leadership Customers Brad Gillespie GP, IA Ventures Alain Mayer VP Product Mgmt Jason Kehl VP Engineering Mike Banic VP Marketing Rick Geehan VP Sales, N. Amer. Oliver Tavakoli CTO Hitesh Sheth President & CEO Mission Automatically detect any phase of an ongoing cyber attack © 2014 Vectra Networks | www.vectranetworks.com

3 Cyber Attacks Follow the Same Blueprint © 2014 Vectra Networks | www.vectranetworks.com 2000 Breaches are relatively simple (SQL Injection) Security: Focus on preventing exploits 2007 TJX Breach - systemic breach with massive financial impact Security: More prevention, clean-up, and forensics 2013 Breaches become a regular occurrence Security: Evolving to a proactive daily effort to find active breaches

4 The Cyber Attacker Blueprint © 2014 Vectra Networks | www.vectranetworks.com Gain privileged access to the network Employees and partners Phishing Social engineering Extend compromise across the network Steal or destroy key assets Spread malware Elevate access Establish control Find key assets Aggregate data Tunnel out of the network 123

5 The Blueprint Applied to Target © 2014 Vectra Networks | www.vectranetworks.com Gain privileged access to the network Compromised an HVAC vendor with login credentials to a Target portal Extend compromise across the network Steal or destroy key assets Pivoted from the portal to the internal Target network, and delivered malware to PoS terminals at stores Payment card data aggregated from stores, and exfiltrated out of the Target network

6 The Blueprint Applied to Sony* © 2014 Vectra Networks | www.vectranetworks.com Gain privileged access to the network Social engineering to gain access to building, and stole admin credentials Extend compromise across the network Steal or destroy key assets Used admin access to spread malware across the network Stole content, private correspondence, and deployed wiper malware to destroy assets *Investigation into the Sony attack is ongoing

7 The Blueprint Applied to eBay © 2014 Vectra Networks | www.vectranetworks.com Gain privileged access to the network Multiple employee credentials exposed Extend compromise across the network Steal or destroy key assets Gained internal access to server with user account info and encrypted passwords Copied database and stole 145 million customer records

8 © 2014 Vectra | www.vectranetworks.com 8 Internal Recon Lateral Movement Acquire Data Botnet Monetization Standard C&C Exfiltrate Data Custom C&C & RAT Opportunistic Targeted A Closer Look at a Modern Attack Initial Infection Custom C&C

9 How Security Effort Aligns to Life of an Attack 9 Perimeter security looks for known C&C or malicious domains. SIEM analysis and incident response reconstructs the active phase after the breach. Security Investment & Effort High Effort Low Effort Prevention PhaseActive PhaseClean-up Phase C&C and RAT Internal Recon Lateral Movement Acquire Data Botnet Monetization Exfiltrate Data Exfiltrated Data Initial Exploit Perimeter security looks for exploits and malware: Firewalls IPS Malware Sandboxes

10 How Security Effort Aligns to Life of an Attack 10 SIEM analysis and incident response reconstructs the active phase after the breach. Security Investment & Effort High Effort Low Effort Prevention PhaseActive PhaseClean-up Phase C&C and RAT Internal Recon Lateral Movement Acquire Data Botnet Monetization Exfiltrate Data Exfiltrated Data Initial Exploit Perimeter security looks for exploits and malware: Firewalls IPS Malware Sandboxes Maginot Line Problem

11 11 Maginot Line

12 Prevention Phase – Nearly Impossible to Be Perfect © 2014 Vectra | www.vectranetworks.com Each with many interactions Malicious links Custom payloads Social engineering With many devices Servers Laptops Mobile devices Many privileged users Employees Partners Contractors Attackers only need to win once, and have near-infinite chances to win

13 Targeted Attackers Don’t Reuse C&C Servers…typically. 13 The JP Morgan breach was detected when the attackers made a critical mistake Attackers momentarily reused a C&C server that had been used to attack a charity site.

14 Many Ways to Command and Control 14 Recently observed malware using Gmail as an automated C&C Used Microsoft COM to send Python commands directly through Internet Explorer Drafts automatically synced to cloud, so C&C without mail ever being sent.

15 © 2014 Vectra | www.vectranetworks.com 15 Internal Recon Lateral Movement Acquire Data Botnet Monetization Standard C&C Exfiltrate Data Custom C&C Opportunistic Targeted The Active Attack Phase – What Perimeter Security Sees Custom C&C Initial Infection

16 Proposing a Methodology for Real-Time Detection of Cyber Attacks

17 © 2014 Vectra | www.vectranetworks.com 17 Requirements for Defending Against an Active Attack 1.Establish internal visibility Direct, deep analysis of traffic and host behaviors 2.Detect all phases of the attack Must detect all techniques attackers use to spy, spread and steal 3.Real-time Real-time visibility, correlation, and context to take action before data is lost Prevention Active Cleanup

18 Network-Based Breach Detection 18 Continuous Monitoring Real-time Detection Automated and Intuitive Prioritized Results w/ Full Context All packets N-S, E-W traffic Any OS, app, device No signatures No rules No configuration Machine learning Behavioral analysis Correlated over time Prioritized by risk Correlated by host Insight into attack

19 Learn to see how an attacker spreads 19

20 20

21 21

22 Learn to see C&C and RATs without signatures 22

23 23

24 24

25 25

26 Focus on your data and key assets 26

27 27

28 © 2014 Vectra | www.vectranetworks.com28 Engineering Community Finance Community

29 Summary Establish Full Visibility All traffic, all devices Internal and edge (N-S, E-W) Detect All Phases of Attack Detect without need for signatures Detect in real time Context for fast decisions Automatically correlate events See threats in relation to assets Prevention PhaseActive PhaseClean-up Phase

30 30

Download ppt "An Analysis of Recent Cyber Attacks WADE WILLIAMSON."

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.

Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Security Guidelines and Management

Security Guidelines and Management
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.

Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Similar presentations

Ads by Google