Presentation is loading. Please wait.

Presentation is loading. Please wait.

https://youtu.be/_IjCUT4UsbM

Published bySherman Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "https://youtu.be/_IjCUT4UsbM"— Presentation transcript:

1

2 https://youtu.be/_IjCUT4UsbM

3 All Rights Reserved Secure64 – CONFIDENTIAL
Ransomware Definition: Ransomware is a type of malicious software from cryptovirology* that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. *Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.

4 The Very Malicious World in 2017
Malware Ransomware (CryptoWall, Locky) Malvertising Trojans (Zeus malware family) Worms (Conficker) Mobile (Hiddad) Phishing Spearphishing W-2 phishing Botnets Mirai (IoT) Kelihos (spam) Many more… Source GData, April, 2017 All Rights Reserved Secure64 – CONFIDENTIAL

5 All Rights Reserved Secure64 – CONFIDENTIAL
Origins of Ransomware Idea of using public key cryptography for data kidnapping introduced in 1996 by Adam L. Young and Moti Yung Extortionate ransomware became prominent in 2005 Development of Bitcoin led to resurgence of ransomware in 2013 – CryptoLocker CryptoLocker.F, TorrentLocker, and CryptoWall delivered through ransomware Trojans, although a variant of CryptoWall used malvertising

6 All Rights Reserved Secure64 – CONFIDENTIAL
Impact of Ransomware

7 All Rights Reserved Secure64 – CONFIDENTIAL
Impact of Ransomware In 2015, US companies paid out $24 million in ransom. In 2016, the FBI reported that $209 million was extorted from US businesses in the first three months – putting ransomware on track to become a $1 billion crime in 2016. Actual damage in 2017 is forecast to exceed $5 billion for destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.ⁱ

8 All Rights Reserved Secure64 – CONFIDENTIAL
Impact of Ransomware

9 All Rights Reserved Secure64 – CONFIDENTIAL
How Ransomware Works

10 Ransomware Goes Global in 2017
All Rights Reserved Secure64 – CONFIDENTIAL Ransomware Goes Global in 2017 From Aug 2016-March 2017 ransomware declined, but exploded after March - currently on track to set new records for the number of infections. Wanna Cry outbreak: Attack unprecedented in scale, which infected more than 230,000 computers in over 150 countries. The attack affected large companies including Telefonica, Fedex, Honda, Renault, the Russian Interior Ministry and more. Petya/NotPetya: Malware aimed to encrypt the master boot record. Modified version of Petya used for global cyberattack targeting Ukraine

11 WannaCry Permeates the Globe
All Rights Reserved Secure64 – CONFIDENTIAL WannaCry Permeates the Globe

12

13 Firewall

14 Firewall Intrusion Prevention When you have inbound Internet traffic, at some point you will have to open a hole through your firewall. An Intrusion Detection and Prevention System evaluates a suspected intrusion once it has taken place, signals and alarm and makes attempts to stop it.

15 Firewall Intrusion Detection
Intrusion Prevention IDS- is a device or software application that monitors a network or systems for malicious activity or policy violation

16 1. Intrusion Prevention Firewall 2. Intrusion Detection
Other Applications 2. Intrusion Detection 1. Intrusion Prevention Custom APPS IDS- is a device or software application that monitors a network or systems for malicious activity or policy violation

17 3. SEIM- Security Information Event Management
SEIM- combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms 3. SEIM- Security Information Event Management Firewall Other Applications 2. Intrusion Detection 1. Intrusion Prevention Custom APPS IDS- is a device or software application that monitors a network or systems for malicious activity or policy violation

18 3. SEIM- Security Information Event Management
Cloud Encryption 4. Cloud Encryption 3. SEIM- Security Information Event Management Firewall Other Applications 2. Intrusion Detection 1. Intrusion Prevention Custom APPS

19 3. SEIM- Security Information Event Management
Cloud Encryption Cloud Encryption 3. SEIM- Security Information Event Management Firewall Other Applications 2. Intrusion Detection 1. Intrusion Prevention 5. DNS Network Security Custom APPS

20 Solarwinds TRIPWIRE SecureScan for hidden devices FREE TOOLS
Alien Vault’s ThreatFinder Powered by OTX - Open Threat Exchange Solarwinds TRIPWIRE SecureScan for hidden devices

21

22

23

24 LastPass Enterprise 1. Manage Password from Cloud 2. Multi Factor Authentication 3. Secure passwords with 1 buttom

25 ERASER Hard Drive Disposal

26 The Solution: Use the DNS as Defense
All Rights Reserved Secure64 – CONFIDENTIAL The Solution: Use the DNS as Defense Users on the network can be prevented from visiting sites with malware Phishing and other malware links are identified Links are disabled & users do not get infected Infected users can be prevented from infecting the network Malware uses the DNS to contact C& C centers DNS hangs up the phone – and users are neutralized The DNS is now the ideal security policy enforcement point to block bot communications and user access to malicious sites

27 BYOD & IoT Protect ALL devices on the network….
All Rights Reserved Secure64 – CONFIDENTIAL BYOD & IoT Protect ALL devices on the network…. ………………..without installing or requiring users any software or requiring users to install software….. ………across all geographic locations

28 All Rights Reserved Secure64 – CONFIDENTIAL
Introducing DNS Guard DNS Guard is a suite of Secure64 services that protect devices, the network, users and the corporate brand from malicious traffic. MalwareGuard Malicious software download sites Botnet command and control sites FraudGuard Phishing sites Spamvertising sites Counterfeit goods sites Other illegal sites Provides real-time security information to stop malicious activity on your network All Rights Reserved Secure64 – CONFIDENTIAL

29 All Rights Reserved Secure64 – CONFIDENTIAL
How DNS Guard Works All Rights Reserved Secure64 – CONFIDENTIAL

30 DNS Guard makes business sense
Protect corporate IP Reduce user support costs Reduce potential liability Protect your brand Increase user productivity All Rights Reserved Secure64 – CONFIDENTIAL

31 Next Step – Threat Assessment
BOTNET / MALWARE DNS ANOMALIES DDoS ATTACK DNS TUNNEL Send us a pcap file of your traffic. We will analyze and report on malicious behavior. DETECTED Not Detected Not Detected Not Detected IP addresses that access domain names known to be botnet command and control enters or malware sites are detailed in Section 3. This report also indicates whether an IP address accesses seemingly random domain names to find a botnet center. Other DNS anomalies such as domain names that cause excessive recursion to authoritative nameservers are detailed in section 5. Denial of service attacks such as amplified floods, distributed attacks from many IP addresses using pseudo-random subdomain names, and other unusual burst activity are detailed in Section 2. IP addresses that are abusing your DNS system with DNS Tunnels such as IODINE and MAGIC TUNNEL are detailed in Section 4. All Rights Reserved Secure64 – CONFIDENTIAL

Download ppt "https://youtu.be/_IjCUT4UsbM"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.

PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.
Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.

Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.
Topic 5: Basic Security.

Topic 5: Basic Security.
Module 2.2 1. 2  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Similar presentations

Ads by Google