TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

7 Effective Habits when using the Internet Philip O’Kane 1.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Norman Endpoint Protection Advanced security made easy.

Website Hardening HUIT IT Security | Sep

Norman SecureSurf Protect your users when surfing the Internet.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Internet safety By Lydia Snowden.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

AtomPark Software is founded in The head office is located in Saint-Petersburg, Russia. Company is officially registered in the United States. AtomPark.

Staying Safe Online Keep your Information Secure.

Computer & Network Security

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

What is Spam? d min.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.

E-Commerce & Bank Security By: Mark Reed COSC 480.

Managing End Point Security Starts at the Perimeter DIR ISF April 14&15, 2016 Randy Guin, CISSP, CGEIT.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

October 28, 2015 Cyber Security Awareness Update.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

Cybersecurity - What’s Next? June 2017

Configuring Windows Firewall with Advanced Security

Secure Software Confidentiality Integrity Data Security Authentication

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.

Forensics Week 11.

Jon Peppler, Menlo Security Channels

Cybersecurity Awareness

Stealing Credentials.

Check Point Connectra NGX R60

David J. Carter, CISO Commonwealth Office of Technology

Implementing Client Security on Windows 2000 and Windows XP Level 150

Anatomy of a Large Scale Attack

Security in mobile technologies

Presentation transcript:

TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion

Xantrion Founded in 2000 by Anne Bisagno and Tom Snyder Wanted to bring big company IT to small and midsized organizations Among the top 50 worldwide MSPs (1) 45 person technical team 70 core clients 3000 end users supported 600 servers managed (1) MSP Mentor worldwide survey results.survey results

Agenda The current SMB security paradigm Why we need to evolve our thinking Targeted attack methods The new SMB security paradigm

INTRO TO CYBERSECURITY

What Is Cybersecurity Measures taken to protect a computer or computer system against unauthorized access or attack. (“Cybersecurity,” n.d.).

Terms SMB – Small and midsize businesses. With less than 1000 users. (“Small and Midsize,” n.d.). Malware – Malicious software used by attackers to disrupt computer systems.

CURRENT SECURITY PARADIGM

Protect against Opportunistic Attacks Attacker Your Company

Security mindset “Be more secure than the other guy” “I’m too small to be a target”

Typical security layers Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter Policies, and Awareness User

WHY CHANGE?

Targeted Attack Attacker Your Company

(Symantec, 2013) Targeted attacks in 2012

More targeted attacks on SMB Attackers have more and better resources SMBs are typically less secure SMBs make good launch points

TARGETED ATTACK METHODS

Spear Phishing 1 Attacker collects data about victim perhaps “friends” them on social networking sites 2 Attacker looks for possible themes to leverage against victim 3 Attacker crafts highly custom message with malware laced attachment and sends to victim 4 Victim opens highly realistic and launches attachment

Water Hole Attack 1 Attacker collects data about victim and the kind of websites they visit 2 Attacker looks for vulnerabilities in these websites 3 Attacker injects JavaScript or HTML which redirect to a separate site hosting exploit code 4 Compromised site is waiting for unsuspecting victims

Process of A Typical Attack Attacker delivers custom malware to victim Victim opens the attachment, custom malware is installed Malware phones home and pulls down additional malware Attacker establishes multiple re-entry points Attacker continues to attempt privilege escalation and reconnaissance Attacker achieves goal and exits

Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter User Spear Phishing, Waterholing, etc.

Ransomware (Symantec, 2013) Now extorts $5 Million per year

NEW SMB SECURITY PARADIGM

Protect against Targeted Attacks Attacker Your Company

Security mindset “I have important data and assets to protect” Assume you are a target

Typical SMB security layers Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter Policies, and Awareness User

Add more layers Educate employees Review hiring and firing policies Aggressive patching of OS and Apps Acrobat, Flash, QuickTime, Java Get off End of Life software Windows XP Office 2003 End of Support - April, 2014

Hardware Firewall Antivirus / Antimalware OS Security Patches User Rights Assignment Filter Web Filter Additional security layers HR and Security Policies App Security Patches User User Awareness and Training

Identify your valuable assets Customer Data Customer Relationships Intellectual Property Bank Account Info

Identify your special risks Internal threats Liability Unmanaged mobile devices Physical security

Plan your response

Practice secure banking Use Two-Factor authentication Require “Dual-Control” or separation of duties Require one control be completed on a dedicated PC Require out-of-band confirmation from your bank for large transactions

Protect mobile devices Be aware of the increase in mobile malware Stream data to mobile devices instead of storing it there Separate personal and work data Track devices Have remote-wipe capability Enforce password policies

Regularly re-evaluate your security Use the Top 20 security controls as a framework for frequent security policy updates. Remind users of proper security best practices

QUESTIONS

References cybersecurity. (n.d.). In Merriam-Webster’s online dictionary. Retrieved from webster.com/dictionary/cybersecurity Small and midsize businesses. (n.d.). In Gartner IT Glossary. Retrieved from glossary/smbs-small-and-midsize-businesses/ Symantec Inc. (2013, April). Internet Security Threat Report. Retrieved from Verizon. (2012). Data Breach Investigations Report. Retrieved from SMB_Z_ZZ_ZZ_Z_TV_N_Z041 Mandiant. (2013) M-Trends 2013: Attack the Security Gap. Retrieved from

Top 10 Threat Actions 1.Keylogger / Form-Grabber / Spyware 2.Exploitation of default or guessable passwords 3.Use of stolen login credentials 4.Send data to external site/entity 5.Brute force and dictionary attacks 6.Backdoor (Allows remote access / control) 7.Exploitation of Backdoor or CnC Channel 8.Disable or interfere with security controls 9.Tampering 10.Exploitation of insufficient authentication (no login required)

Advanced Persistent Threats Long-term attacks Focused on large organizations Organized Crime or State Sponsored