everyone s a target criminals are always two steps ahead
play

Everyones a Target Criminals are Always Two Steps Ahead 90% of all - PowerPoint PPT Presentation

Hackers are Equal Opportunity Businessmen: Everyones a Target Criminals are Always Two Steps Ahead 90% of all cybercrime costs are caused by web attacks, malicious code and malicious insiders. Kaspersky 60% of enterprises said


  1. Hackers are Equal Opportunity Businessmen: Everyone’s a Target

  2. Criminals are Always Two Steps Ahead • 90% of all cybercrime costs are caused by web attacks, malicious code and malicious insiders. – Kaspersky • 60% of enterprises said they were unable to stop exploits because of outdated or insufficient threat intelligence. – Ponemon • 49% said it can take within a week to more than a month to identify a compromise. – Ponemon • 33% of malicious breaches are not being caught by any of the companies’ defenses— instead discovered when notified by a 3 rd party – Ponemon

  3. Cybercrime as a Business • Organized • Well-funded • Operate like a business: o Use the cloud o Run campaigns o Growth oriented • Able to quickly set-up fake online store-front, attack and tear down without a trace

  4. Malware As a Service • Crimeware kits available for purchase online include everything needed to launch an attack • Inexpensive and easy way for less sophisticated criminals to get into the cybercrime business • Different packages include malware, exploit, phishing and botnet kits • Specialization: botnets can be purchased or rented based on geography • All paid for with stolen credit cards

  5. Use Case: Business Email Compromise • Easy way to commit fraud 1. Pick a target 2. Get a credit card (stolen or otherwise) and a throw away email account 3. Sign up for free, 30-day website domain name and associated email • Reported in all 50 states and 80 countries • Ubiquiti Networks suffered a whopping $46.7 million loss • The Scoular Co. lost $17.2 million

  6. Use Case: Fast Flux • Hackers now using Dynamic DNS-- quickly changing domains • Domain Generation Algorithms (DGAs) for FastFlux o Designed to exfiltrate data through command and control hosts • Identifies valuable data (personal credentials, credit card #s, account #s, SSN’s etc.) and sends it “home”

  7. Use Case: Cryptowall Host Threat Actor Infection Malware DGA Register DGA Domain DNS g92qr2h6f.net g92qr2h6f.net g92qr2h6s.net g92qr2h6s.net Establish … … Connection g92qr2Z6f.net g92qr2Z6f.net 103.202.31.22 g92qr2e6s.net g92qr2e6s.net Exfiltration C&C Infrastructure Ransomware Exploit

  8. The Challenge Prevention is better than just detection Humans struggle to keep up with the threats Reporting on security incidents after the fact does not solve the problem Security policy needs to be tailored to the customer and use case Timely use of threat intelligence at the point of enforcement is challenging

  9. Proactive Defense Blocks Malicious Traffic at Firewall, Router and DNS Server Protect Prevent Outbound : Inbound : • Blocks malicious • Stops data theft, malware, phishing, attacks: botnets, exploit kits spam, DDoS, phishing, scanners • Blocks communications with • Reduces network threat actors load

  10. Overview • Protects every device on the network regardless of attack type • Prevents data exfiltration • Threat categories blocked include: – Malware – Ransomware – Phishing sites – Proxies / anonymous proxies – Scanners / brute force attackers • Leverage geo blocking to provide additional protection • Automated, near-real time security updates • Current data to combat current threats: impossible for a human to keep up • Self-improving, feedback-based system

  11. Inbound Attack Inbound Attack Protected by Without ThreatSTOP ThreatSTOP Inbound Attack Attempt Deflected Policies down ThreatSTOP Inbound Attack Cloud Deposits Malware Logs up Reporting Infection Admin spreads to other machines

  12. Outbound Threats Outbound Threats Protected by Without ThreatSTOP ThreatSTOP Outbound Communications with Command & Control Blocks Outbound Policies Communications with down Command & Control Logs up Reporting Admin

  13. For more information on ThreatSTOP, please contact: sales@threatstop.com 760.542.1550

More recommend