Presentation is loading. Please wait.

Presentation is loading. Please wait.

TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion.

Similar presentations


Presentation on theme: "TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion."— Presentation transcript:

1 TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion

2 Xantrion Founded in 2000 by Anne Bisagno and Tom Snyder Wanted to bring big company IT to small and midsized organizations Among the top 50 worldwide MSPs (1) 45 person technical team 70 core clients 3000 end users supported 600 servers managed (1) MSP Mentor worldwide survey results.survey results

3 Agenda The current SMB security paradigm Why we need to evolve our thinking Targeted attack methods The new SMB security paradigm

4 INTRO TO CYBERSECURITY

5 What Is Cybersecurity Measures taken to protect a computer or computer system against unauthorized access or attack. (“Cybersecurity,” n.d.).

6 Terms SMB – Small and midsize businesses. With less than 1000 users. (“Small and Midsize,” n.d.). Malware – Malicious software used by attackers to disrupt computer systems.

7 CURRENT SECURITY PARADIGM

8 Protect against Opportunistic Attacks Attacker Your Company

9 Security mindset “Be more secure than the other guy” “I’m too small to be a target”

10 Typical security layers Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter Policies, and Awareness User

11 WHY CHANGE?

12 Targeted Attack Attacker Your Company

13 (Symantec, 2013) Targeted attacks in 2012

14 More targeted attacks on SMB Attackers have more and better resources SMBs are typically less secure SMBs make good launch points

15 TARGETED ATTACK METHODS

16 Spear Phishing 1 Attacker collects data about victim perhaps “friends” them on social networking sites 2 Attacker looks for possible themes to leverage against victim 3 Attacker crafts highly custom message with malware laced attachment and sends to victim 4 Victim opens highly realistic and launches attachment

17 Water Hole Attack 1 Attacker collects data about victim and the kind of websites they visit 2 Attacker looks for vulnerabilities in these websites 3 Attacker injects JavaScript or HTML which redirect to a separate site hosting exploit code 4 Compromised site is waiting for unsuspecting victims

18 Process of A Typical Attack Attacker delivers custom malware to victim Victim opens the attachment, custom malware is installed Malware phones home and pulls down additional malware Attacker establishes multiple re-entry points Attacker continues to attempt privilege escalation and reconnaissance Attacker achieves goal and exits

19 Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter User Spear Phishing, Waterholing, etc.

20 Ransomware (Symantec, 2013) Now extorts $5 Million per year

21 NEW SMB SECURITY PARADIGM

22 Protect against Targeted Attacks Attacker Your Company

23 Security mindset “I have important data and assets to protect” Assume you are a target

24 Typical SMB security layers Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter Policies, and Awareness User

25 Add more layers Educate employees Review hiring and firing policies Aggressive patching of OS and Apps Acrobat, Flash, QuickTime, Java Get off End of Life software Windows XP Office 2003 End of Support - April, 2014

26 Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter Additional security layers HR and Security Policies App Security Patches User User Awareness and Training

27 Identify your valuable assets Customer Data Customer Relationships Intellectual Property Bank Account Info

28 Identify your special risks Internal threats Liability Unmanaged mobile devices Physical security

29 Plan your response

30 Practice secure banking Use Two-Factor authentication Require “Dual-Control” or separation of duties Require one control be completed on a dedicated PC Require out-of-band confirmation from your bank for large transactions

31 Protect mobile devices Be aware of the increase in mobile malware Stream data to mobile devices instead of storing it there Separate personal and work data Track devices Have remote-wipe capability Enforce password policies

32 Regularly re-evaluate your security Use the Top 20 security controls as a framework for frequent security policy updates. Remind users of proper security best practices

33 QUESTIONS

34 References cybersecurity. (n.d.). In Merriam-Webster’s online dictionary. Retrieved from webster.com/dictionary/cybersecurity Small and midsize businesses. (n.d.). In Gartner IT Glossary. Retrieved from glossary/smbs-small-and-midsize-businesses/ Symantec Inc. (2013, April). Internet Security Threat Report. Retrieved from Verizon. (2012). Data Breach Investigations Report. Retrieved from SMB_Z_ZZ_ZZ_Z_TV_N_Z041 Mandiant. (2013) M-Trends 2013: Attack the Security Gap. Retrieved from https://www.mandiant.com/resources/m-trends/ https://www.mandiant.com/resources/m-trends/

35

36

37 Top 10 Threat Actions 1.Keylogger / Form-Grabber / Spyware 2.Exploitation of default or guessable passwords 3.Use of stolen login credentials 4.Send data to external site/entity 5.Brute force and dictionary attacks 6.Backdoor (Allows remote access / control) 7.Exploitation of Backdoor or CnC Channel 8.Disable or interfere with security controls 9.Tampering 10.Exploitation of insufficient authentication (no login required)

38 Advanced Persistent Threats Long-term attacks Focused on large organizations Organized Crime or State Sponsored


Download ppt "TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion."

Similar presentations


Ads by Google