Presentation on theme: "Fiaaz Walji Sr. Director Websense Canada. Shift in attacks = shift in Defense 2 2012 began with a report from IDC stating Signature-based tools (anti-virus,"— Presentation transcript:
Fiaaz Walji Sr. Director Websense Canada
Shift in attacks = shift in Defense began with a report from IDC stating Signature-based tools (anti-virus, firewalls and intrusion prevention) are only effective against 30% – 50% of current security threats Much of this can be attributed to how attacks have evolved to specifically counter those defenses Websense® Security Labs team produced report on the key threats and trends
Behind the 2013 Threat Report 3 Data Collection Threat Analysis Expert Interpretation
4 ThreatSeeker Network Largest Security Intelligence Network Up to 5 billion requests per day 900 million global end points Largest Security Intelligence Network Up to 5 billion requests per day 900 million global end points 400+ million sites per day 1 billion pieces of content per day 10+ million s per hour 2.5 billion URLs per day
# Viruses undetected by Top 5 AV Engines 5
Areas Covered in this Report 6
Victims are Everywhere 7
10 Social Media Mobile Attack Vectors Web Victims are funneled to the Web Redirects Malware Recon XSS Dropper Files CnCCnC Exploit Kits Phishing
KEY TAKE AWAY 29 Data stored on and accessed through a mobile device are at risk minimal control of web, and social media traffic and access. Lost devices are also a risk.
Only 1 in 5 s were safe and legitimate 31 Threats Breakdown by Content & URLs Breakdown by Content Only
92% of Spam s contain URLs Spam distribution rate: 250,000 per hour 32 Spam Top 5 Malicious Web Links in Spam 1Potentially Damaging ContentSuspicious sites with little or no useful content. 2Web and Spam Sites used in unsolicited commercial . 3Malicious WebsitesSites containing malicious code. 4Phishing and Other FraudsSites that counterfeit legitimate sites to elicit information. 5Malicious Embedded iFrameSites infected with a malicious iframe.
Increasingly focused on Commercial & Govt 69% sent on Mondays & Fridays More Targeted –Regionalized –Spear phishing on the rise Phishing 33 Top 5 Countries Hosting Phishing
KEY TAKE AWAYS 34 -based threats evolved significantly to circumvent keyword, reputation and other traditional defenses. Increased spear-phishing. Cybercriminals added a time-delay to some targeted attacks, >50% of users accessed from outside the corporate network.
Top 10 Countries Hosting Malware 36 United States Russian Federation Germany China Moldova Czech Republic United Kingdom France Netherlands Canada Organizations can no longer dismiss malware threats as solely an English-language or American phenomenon.
More aggressive –15% connected in first 60 sec. –90% requested information –50% accessed dropper files 37 Malware
38 Top 10 Countries Hosting CnC Servers
KEY TAKE AWAY 39 Todays malware is more dynamic and agile, adapting to an infected system within minutes. Half of web-connected malware downloaded additional executables in the first 60s The remainder proceeded more cautiously often a calculated response to bypass short- term sandbox defenses
Data Theft 41 Planned data theft attacks through cyberspace grew last year, targeting high value intellectual property (IP) and using all available vectors PII value/target remained flat
KEY TAKE AWAY 42 Remove temptation ; mitigate accidental loss through security improvements address growing SSL/TLS usage, provide an integrated approach to monitoring and controlling both inbound and outbound content
Conclusion 44 Primary attack foundation was the Web –Threats increased across all vectors –Attacks grew more: Aggressive ; Dynamic ; Multi-staged ; Multi-vector Defenses must adapt : –Real-time point-of-click ; Inbound & outbound ; Content & Context inspection MDM capabilities must be augmented –defenses to control mobile access ; perform real-time analysis of potentially malicious content across all vectors. security requires real-time threat analysis –Must be coordinated with web, mobile and other defenses. Malware defenses need to monitor both inbound and outbound –HTTP and HTTPS traffic to prevent infection and detect CnC communications