Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Threat Intelligence to.

Similar presentations


Presentation on theme: "© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Threat Intelligence to."— Presentation transcript:

1 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Threat Intelligence to Defend Your Enterprise Phil Exel Federal Solutions Architect HP Enterprise Security January 29, 2013

2 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2012: Looking back at the Major hacks, leaks and data breaches Zack Whittaker for Zero Day | December 17, 2012 As posted on ZDNet

3 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review January: Symantec Norton source code theft In January, hackers breached a network belonging to the Indian intelligence service and acquired a vast amount of Symantec's Norton anti-virus source code. It was subsequently posted on Pastebin, often used by hackers to post leak data and source code anonymously.subsequently posted on Pastebin Symantec was quick to state that the source code does not reflect the firm's current work. By analyzing the anti-malware source code, malware writers would be able to find weaknesses in order to bypass the software and hijack machines for malicious purposes. It's understood that the Indian authorities intended to inspect the source code, which was stolen from an insecure network.intended to inspect the source code

4 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review January: 24 million affected by Zappos hack Online retail store Zappos suffered a significant data breach that exposed the accounts of about 24 million. Security experts thought it was the largest consumer data breach of 2012.the largest consumer data breach Amazon.com-owned Zappos said hackers attacked an internal corporate network through a Kentucky-based server, and swiped customer account information, including addresses, the last four- digits of credit card details, and cryptographically scrambled passwords.attacked an internal corporate network

5 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review March: Global Payments hacked; MasterCard, Visa customers affected MasterCard and Visa customers were warned after a massive data breach that affected more than 1.5 million credit and debit card owners. While a hacker initially claimed responsibility for the data breach, it was quickly debunked by a source within the banking industry speaking to ZDNet.a massive data breach that affected more than 1.5 million banking industry speaking to ZDNet Global Payments, the company that was hit by the data breach, explained that only credit card numbers -- not names, addresses, or Social Security numbers -- but would ultimately cost the card processing firm around $84 million to clean up. Responsibility for the data breach, it was quickly debunked by a source within the banking industry speaking to ZDNet. ultimately cost the card processing firm around $84 million Global Payments, the company that was hit by the data breach, explained that only credit card numbers -- not names, addresses, or Social Security numbers -- but would ultimately cost the card processing firm around $84 million to clean up

6 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review June: LinkedIn password breach affects 6.46 million users A Russian forum user claimed to have downloaded 6.46 million passwords belonging to LinkedIn users, though the stolen passwords were cryptographically hashed. However, many of those passwords weren't salted, meaning it was relatively easy to convert the simpler passwords into a readable format. cryptographically hashed LinkedIn shortly confirmed the data breach but did not explain how the passwords were accessed. Affected accounts were disabled and password reset s were sent out. The later cleanup effort cost the professional social networking company around $1 million, and another $2-3 million in forensic work and security upgrades.Affected accounts were disabledaround $1 million

7 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review Password breach hits 1.5 million eHarmony users Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.firm's security practices were not as strong

8 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review Last.fm next in line to suffer massive password breach Next in line to suffer a security breach in June was Last.fm, which after claims of a similar attack on the online music social network. (ZDNet and Last.fm are both owned by CBS). It became quickly apparent that the incidents were linked, but led to further widespread criticism of the password encryption standards and security features offered by Web services. In the aftermath, many Web sites and services bolstered their security to prevent such breaches occurring again.quickly apparent that the incidents were linked

9 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review July: Yahoo password breach exposes 450,000 user logins Yahoo, beleaguered by corporate failures and a revolving door of CEOs, came under fire once again after hackers were able to attack the firm's networks by exploiting a flaw and downloading 450,000 plain-text login credentials.downloading 450,000 plain-text login credentials While the breach was not as large as others, such as LinkedIn or Global Payments, but details of the breach were soon reported and it became quickly apparent how easy it was to acquire the vast cache of data. Using a union-based SQL injection attack, it showed just how insecure Yahoo's security was. Yahoo was subsequently sued for negligence shortly after the hack in a San Jose, California court. The hackers said in a blog post: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat." A week later, the former Web portal giant gave the all clear and resumed its operations.sued for negligence shortly after the hackgave the all clear and resumed its operations

10 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review September: Apple's UDID leaks linked to Florida data breach, not FBI With the rollout of iOS 6 imminent, a wave of unique iOS-powered device codes (UDIDs) were stolen by Anonymous, allegedly from the FBI, and were uploaded to the Web. UDID codes are used by developers for analytics, but could also be used to personally identify users. There was enough suspicion to suggest either Apple had passed on the device codes for FBI surveillance, or the iPhone and iPad maker was forced to. It blew up a privacy brouhaha for close to a fortnight.unique iOS-powered device codes (UDIDs) were stolen by Anonymous Apple said, in a rare public statement, that the data had not been requested by the FBI or provided it to any organization. Eventually, after both Apple and the FBI denied any knowledge or involvement, a small company in Florida admitted to a data breach, which led to the UDID codes leaking to the Web. Apple's iOS 6 mobile operating system was rolled out only a few weeks later, which removed UDIDs from iOS- powered devices. in a rare public statementsmall company in Florida admitted to a data breach

11 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review October: South Carolina suffers huge Social Security records theft The state of South Carolina suffered a massive data loss of more than 3.6 million Social Security records, after government servers were breached. With a population of 4.6 million, this breach represented about 78 percent of the state's population. 16,000 credit card details were also stolen without encryption.more than 3.6 million Social Security records The figure also included 670,000 businesses affected by the data breach. It took close to three weeks before the hack came to light after U.S. Secret Service first received information regarding an incident on October 10, 2012.also included 670,000 businesses

12 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In Review December: Nationwide Mutual hacked, 1.1 million Americans affected And last but not least, insurance giant Nationwide Mutual suffered a hack that affected 1.1 million Americans, according to North Carolina Attorney General. It's thought that the hackers may have been from overseas, and may not have been on U.S. soil. that affected 1.1 million Americans Customers' names, Social Security numbers, and driver's license details were all pilfered by the hackers, and the possibility of date of birth and marital status, gender and their employers name could not be ruled out. The extent of the hack may not be realized until the early part of The insurance company prepared a statement and said it was "very sorry," but was not aware of "any misuse of customers' information."

13 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13 Customers struggle to manage the security challenge Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) 1 ResearchInfiltrationDiscoveryCaptureExfiltration A new market adversary

14 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14 Attacks and attackers are becoming more sophisticated The Threat Landscape is Evolving Only 16% of Firms Have a Security Policy in Place to Protect Against Advanced, Targeted Threats. * Broad Attacks Advanced Targeted Threats Recreational Hackers Organized Crime & Nation States StuxnetDuquAurora * Source: Global State of Information Security Survey, PricewaterhouseCoopers, CIO magazine, CSO magazine, September 2011

15 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15 Cybercrime Environment

16 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16 Turn-key attack applications are rapidly evolving Exploit Toolkits

17 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17 Is your website for sale? Source: Imperva via cyberinsecure.com

18 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Enterprise Security – HP Confidential

19 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19 Customers struggle to manage the security challenge Nature & Motivation of Attacks (Fame fortune, market adversary) 1 Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) 1 Transformation of Enterprise IT (Delivery and consumption changes) 2 Traditional DC Private Cloud Managed Cloud Public Cloud NetworkStorageServers Virtual Desktops Notebook s Tablets Smart phones Consumption Delivery ResearchInfiltrationDiscoveryCaptureExfiltration A new market adversary

20 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20 Customers struggle to manage the security challenge Transformation of Enterprise IT (Delivery and consumption changes) 2 Primary Challenges Nature & Motivation of Attacks (Fame fortune, market adversary) 1 Transformation of Enterprise IT (Delivery and consumption changes) 2 Regulatory Pressures (Increasing cost and complexity) 3 Traditional DC Private Cloud Managed Cloud Public Cloud NetworkStorageServers Virtual Desktops Notebook s Tablets Smart phones Consumption Delivery Basel III DIACAP Policies and regulations NDAA Section 900 FISMA

21 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21 Typical Attack Scenario Stage 1Initial Breach Targeted Spear Phishing Stage 2Control of Asset Malicious Code Compromises Host Stage 3Reconnaissance Map Assets & Acquire Target Stage 4Data Exfiltration Loss of Critical Data

22 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22 Quality Research and Strong Threat Intelligence Protect against 1000s of Vulnerabilities Block Millions of Known Bad Hosts Bad IPs/ DNS names Granular App Control and Rate Limiting App Inspect and Protect Web Apps Custom Filter Tool with Import Capability Monitor the Global Threat Landscape

23 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Defenses Against a Targeted Attack 5:00 AM Finance person receives a spearphishing 8:31 AM RAT program downloaded utilizing Adobe Flash vulnerability NEXT DAY / 12:01AM NMAP scan to identify and classify network resources 8:30 AM Opens to see 2012 Recruitment plan with.xls file 11TH DAY / 12:05 AM Encrypt and ftp file to good.mincesur.com OVER THE NEXT 10 DAYS Collect data over a period of time 12TH DAY Attack hits the headlines 8:32 AM Poison Ivy RAT is initiated DAY Spearphishing Attack Detect mail traffic containing phishing attack techniques Reputation monitoring blocks mail traffic from known sources of phishing s Malicious Attachment Leverages content filters based on strong research and threat intelligence to prevent download of s with malicious attachments Exploit Application Over 100 filters to protect against Adobe exploit Content filters detect download of Poison Ivy RAT Reputation monitoring detects downloads from known sources of malware and spyware Reconnaissance and Mapping Detect the scan, quarantine the host, determine USER ID and alert end user and admin GEOLOCATION information from event shows attack shift from external to internal External Access to Host Detect and block Poison Ivy command and control TRAFFIC Reputation monitoring takes action on communication with known malicious hosts Data Leakage Reputation monitoring detects and blocks communications with known bad hosts, domains, and unapproved geographies Attack Blocked Combination of mitigations prevent attack from being from successful Scanning and Data Collection Real time monitoring identifies anomalous internal activities by analyzing and correlating every event, then dashboards, notifications or reports to the security administrator

24 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24 An era of advanced targeted attacks call for advanced defenses. The question that matters most is how prepared are you against an advanced targeted attack? I think this little guy knows…

25 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25

26 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you


Download ppt "© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Threat Intelligence to."

Similar presentations


Ads by Google