Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk.

Published byMiles Carson Modified over 9 years ago

Similar presentations

Presentation on theme: "©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk."— Presentation transcript:

1 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk Sanderlin

2 2 2©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Monkey See, Monkey Do

3 3 3©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Monkey see, Monkey do, Monkey sell Black hole exploit kit

4 4 4©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Case Study – the EuroGrabber EuroGrabber

5 5 5©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Mission Objectives: Infect PC with Zeus Trojan Infect Mobile with Zeus Trojan Bypass two-factor authentication Goal: Steal money from banks

6 6 6©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | User Visit an infected website Infected with a Zeus variant Infect PC with Zeus Trojan

7 7 7©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Zeus in action

8 8 8©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Zeus in action cont. C&C Trojan sends Phone Number to C&C C&C sends the victim an SMS with a link to the mobile Zeus

9 9 9©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Mission Objectives: Infect PC with Zeus Trojan Infect Mobile with Zeus Trojan Bypass two-factor authentication Goal: Steal money from banks

10 10 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Bypassing Two-Factor Authentication C&C Trojan initiate a transaction behind the scene Mobile Trojan intercept the TAN Send TAN to C&C Bank sends a TAN to the mobile C&C sends TAN back to the PC Trojan Trojan complete the transaction using the TAN

11 11 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Mission Objectives: Infect PC with Zeus Trojan Infect Mobile with Zeus Trojan Bypass two-factor authentication Goal: Steal money from banks

12 12 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Constantly changing environment Just as water retains no constant shape, so in warfare there are no constant conditions - Sun Tzu, The Art of War “ ”

13 13 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | There is a lot going on in 2012

14 14 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Looking back and forward Main security threats & risks Security architecture Recommendations 2012 2013 and beyond

15 15 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Multiple sources of data SensorNet 3D Reports Threat Cloud

16 16 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | A comprehensive survey 888companies 1,494gateways 120,000Monitoring hours 112,000,000security events

17 17 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | A comprehensive survey % of companies Americas EMEA APAC Industrial Finance Government Telco Consulting Other By geographyBy sector

18 18 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The Check Point Security Report 2013 About the research Key findings Security strategy Summary

19 19 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We will talk about 3 issues Threats to the organization Risky enterprise applications Data loss incidents in the network

20 20 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Another day, another major hack HACKED

21 21 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | 2012: the year of hacktivism Arab Spring Political freedom Foxcon Working conditions Justice Department Anti-corruption Vatican Unhealthy transmitters UN ITU Internet deep packet inspection

22 22 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | This does not affect me, right?

23 23 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The majority of companies are infected 63% 100% = 888 companies of the organizations in the research were infected with bots

24 24 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Once in … always on Communicating with command & control every 21 minutes

25 25 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Top 2012 Bots

26 26 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Exploit kits are easy to buy Rental costs One day – 50$ Up to 1 month – 500$ 3 month – 700$ Rental costs One day – 50$ Up to 1 month – 500$ 3 month – 700$ Available online

27 27 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | But there is more than Bots, right? Malware INSIDE How does malware get to my network?

28 28 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Going to the wrong places…

29 29 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Downloading malware all the time 53% of organizations saw malware downloads

30 30 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Most attacks originate in the US Top malware locations, % US 71% Canada 8% Czech Rep 2% Slovakia 2% France 2% UK 2% Germany 2% Israel 3% Turkey 3% China 3%

31 31 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Anatomy of an attack Recon Exploit Toolkit Backdoor Damage 4 3 2 1 BOT Virus RAT

32 32 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Two major trends BOT Virus Damage Profit drivenA Ideological driven B 4 RAT

33 33 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We will talk about 3 issues Threats to the organization Risky enterprise applications Data loss incidents in the network

34 34 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | No longer a game

35 35 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | What are risky applications? Bypassing security or hiding identity Do harm without the user knowing it P2P file sharing Anonymizers File sharing / storage Social networks

36 36 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Risky applications Anonymizers

37 37 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | What is an anonymizer? UserProxySite

38 38 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring

39 39 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The risk of anonymizers Bypasses security infrastructure Used by botnets to communicate Hide criminal, illegal activity

40 40 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Anonymizers inside the corporation 47% of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 100% = 888 companies

41 41 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Risky applications P2P file sharing

42 42 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The Risk of P2P Applications Downloading the latest “Walking Dead” episode right now Pirated content liability Malware downloads “Back door” network access

43 43 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | P2P inside the corporation 61% of organizations had a P2P file sharing app in use 100% = 888 companies

44 44 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Case example: P2P 3,800 personal details shared on P2P 95,000 personal details shared on P2P Fines for information disclosers

45 45 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Main takeaways… 61% 47% of organizations had users of anonymizers

46 46 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We will talk about 3 issues Threats to the organization Risky enterprise applications Data loss incidents in the network

47 47 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | How common is it? 54% of organizations experienced data loss

48 48 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Many types of data leaked 24% Source Code 7% Email marked as confidential 14% Password protected file 29% Credit card information 13% Salary compensation information 7% Bank accounts numbers 6% Business data record 21% Other

49 49 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | PCI compliance can be improved36% Of financial organizations sent credit card data outside the organization

50 50 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Case examples: oops, wrong address 11 emails for a lawyer to the wrong address Worker fired for sending sensitive information to the wrong people GPAs of all students leaked to hundreds of unintended recipients Accidentally leaked 4,000 student social security numbers Oct 2012 Oct 2012 Apr 2012 Apr 2012

51 51 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We have all had this problem Error 552: sorry, that message exceeds my maximum message size limit Dropbox? YouSendIt? Windows Live?

52 52 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Storing and Sharing applications 80% of organizations use file storage and sharing applications 100% = 888 companies

53 53 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Top sharing and storage apps % of organizations But sharing is not always caring…

54 54 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The Security Report 2013 About the research Key findings Security strategy Summary

55 55 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We talked about three issues Threats to the organization Risky enterprise applications Data loss incidents in the network

56 56 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Anatomy of an attack Recon Exploit Toolkit Backdoor Damage 4 3 2 1 BOT Virus RAT

57 57 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Addressing external threats FW AV IPS Anti Bot URLF Emulation

58 58 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Enabling secure application use URLF Antivirus Application Control Endpoint

59 59 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Preventing data loss Doc Sec DLP Data End Point Application Control User check

60 60 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Seeing attacks and protections SmartEvent SmartLog SmartDashboard

61 61 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | infected with bots Remember……. Threats to the organization Risky enterprise applications Data loss incidents in the network used Anonymizers had a data loss event 63%47%54%

62 62 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Thank You!

Download ppt "©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk.

©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals What’s Hiding on Your Network? Kevin Jones.

©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals What’s Hiding on Your Network? Kevin Jones.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
1 1©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |

1 1©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals |
E - Safety What is it?. When do we need to be e-safe?

E - Safety What is it?. When do we need to be e-safe?

Similar presentations

Ads by Google