Presentation is loading. Please wait.

Presentation is loading. Please wait.

TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion.

Published byFay Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion."— Presentation transcript:

1 TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion

2 Xantrion Founded in 2000 by Anne Bisagno and Tom Snyder Wanted to bring big company IT to small and midsized organizations Among the top 50 worldwide MSPs (1) 45 person technical team 70 core clients 3000 end users supported 600 servers managed (1) MSP Mentor worldwide survey results.survey results

3 Agenda The current SMB security paradigm Why we need to evolve our thinking Targeted attack methods The new SMB security paradigm

4 INTRO TO CYBERSECURITY

5 What Is Cybersecurity Measures taken to protect a computer or computer system against unauthorized access or attack. (“Cybersecurity,” n.d.).

6 Terms SMB – Small and midsize businesses. With less than 1000 users. (“Small and Midsize,” n.d.). Malware – Malicious software used by attackers to disrupt computer systems.

7 CURRENT SECURITY PARADIGM

8 Protect against Opportunistic Attacks Attacker Your Company

9 Security mindset “Be more secure than the other guy” “I’m too small to be a target”

10 Typical security layers Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Email Filter Web Filter Policies, and Awareness User

11 WHY CHANGE?

12 Targeted Attack Attacker Your Company

13 (Symantec, 2013) Targeted attacks in 2012

14 More targeted attacks on SMB Attackers have more and better resources SMBs are typically less secure SMBs make good launch points

15 TARGETED ATTACK METHODS

16 Spear Phishing 1 Attacker collects data about victim perhaps “friends” them on social networking sites 2 Attacker looks for possible themes to leverage against victim 3 Attacker crafts highly custom email message with malware laced attachment and sends to victim 4 Victim opens highly realistic email and launches attachment

17 Water Hole Attack 1 Attacker collects data about victim and the kind of websites they visit 2 Attacker looks for vulnerabilities in these websites 3 Attacker injects JavaScript or HTML which redirect to a separate site hosting exploit code 4 Compromised site is waiting for unsuspecting victims

18 Process of A Typical Attack Attacker delivers custom malware to victim Victim opens the attachment, custom malware is installed Malware phones home and pulls down additional malware Attacker establishes multiple re-entry points Attacker continues to attempt privilege escalation and reconnaissance Attacker achieves goal and exits 1 2 3 456

19 Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Email Filter Web Filter User Spear Phishing, Waterholing, etc.

20 Ransomware (Symantec, 2013) Now extorts $5 Million per year

21 NEW SMB SECURITY PARADIGM

22 Protect against Targeted Attacks Attacker Your Company

23 Security mindset “I have important data and assets to protect” Assume you are a target

24 Typical SMB security layers Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Email Filter Web Filter Policies, and Awareness User

25 Add more layers Educate employees Review hiring and firing policies Aggressive patching of OS and Apps Acrobat, Flash, QuickTime, Java Get off End of Life software Windows XP Office 2003 End of Support - April, 2014

26 Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Email Filter Web Filter Additional security layers HR and Security Policies App Security Patches User User Awareness and Training

27 Identify your valuable assets Customer Data Customer Relationships Intellectual Property Bank Account Info

28 Identify your special risks Internal threats Liability Unmanaged mobile devices Physical security

29 Plan your response

30 Practice secure banking Use Two-Factor authentication Require “Dual-Control” or separation of duties Require one control be completed on a dedicated PC Require out-of-band confirmation from your bank for large transactions

31 Protect mobile devices Be aware of the increase in mobile malware Stream data to mobile devices instead of storing it there Separate personal and work data Track devices Have remote-wipe capability Enforce password policies

32 Regularly re-evaluate your security Use the Top 20 security controls as a framework for frequent security policy updates. www.sans.org Remind users of proper security best practices

33 QUESTIONS

34 References cybersecurity. (n.d.). In Merriam-Webster’s online dictionary. Retrieved from http://www.Merriam- webster.com/dictionary/cybersecurity Small and midsize businesses. (n.d.). In Gartner IT Glossary. Retrieved from http://www.gartner.com/it- glossary/smbs-small-and-midsize-businesses/ Symantec Inc. (2013, April). Internet Security Threat Report. Retrieved from http://www.symantec.com/security_response/publications/threatreport.jsp http://www.symantec.com/security_response/publications/threatreport.jsp Verizon. (2012). Data Breach Investigations Report. Retrieved from http://www.verizonenterprise.com/products/security/dbir/?CMP=DMC- SMB_Z_ZZ_ZZ_Z_TV_N_Z041 Mandiant. (2013) M-Trends 2013: Attack the Security Gap. Retrieved from https://www.mandiant.com/resources/m-trends/ https://www.mandiant.com/resources/m-trends/

35

36

37 Top 10 Threat Actions 1.Keylogger / Form-Grabber / Spyware 2.Exploitation of default or guessable passwords 3.Use of stolen login credentials 4.Send data to external site/entity 5.Brute force and dictionary attacks 6.Backdoor (Allows remote access / control) 7.Exploitation of Backdoor or CnC Channel 8.Disable or interfere with security controls 9.Tampering 10.Exploitation of insufficient authentication (no login required)

38 Advanced Persistent Threats Long-term attacks Focused on large organizations Organized Crime or State Sponsored

Download ppt "TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” emails to counterfeit sites Users “give up” personal financial.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Similar presentations

Ads by Google