Hackers are Equal Opportunity Businessmen: Everyone’s a Target
Criminals are Always Two Steps Ahead • 90% of all cybercrime costs are caused by web attacks, malicious code and malicious insiders. – Kaspersky • 60% of enterprises said they were unable to stop exploits because of outdated or insufficient threat intelligence. – Ponemon • 49% said it can take within a week to more than a month to identify a compromise. – Ponemon • 33% of malicious breaches are not being caught by any of the companies’ defenses— instead discovered when notified by a 3 rd party – Ponemon
Cybercrime as a Business • Organized • Well-funded • Operate like a business: o Use the cloud o Run campaigns o Growth oriented • Able to quickly set-up fake online store-front, attack and tear down without a trace
Malware As a Service • Crimeware kits available for purchase online include everything needed to launch an attack • Inexpensive and easy way for less sophisticated criminals to get into the cybercrime business • Different packages include malware, exploit, phishing and botnet kits • Specialization: botnets can be purchased or rented based on geography • All paid for with stolen credit cards
Use Case: Business Email Compromise • Easy way to commit fraud 1. Pick a target 2. Get a credit card (stolen or otherwise) and a throw away email account 3. Sign up for free, 30-day website domain name and associated email • Reported in all 50 states and 80 countries • Ubiquiti Networks suffered a whopping $46.7 million loss • The Scoular Co. lost $17.2 million
Use Case: Fast Flux • Hackers now using Dynamic DNS-- quickly changing domains • Domain Generation Algorithms (DGAs) for FastFlux o Designed to exfiltrate data through command and control hosts • Identifies valuable data (personal credentials, credit card #s, account #s, SSN’s etc.) and sends it “home”
Use Case: Cryptowall Host Threat Actor Infection Malware DGA Register DGA Domain DNS g92qr2h6f.net g92qr2h6f.net g92qr2h6s.net g92qr2h6s.net Establish … … Connection g92qr2Z6f.net g92qr2Z6f.net 103.202.31.22 g92qr2e6s.net g92qr2e6s.net Exfiltration C&C Infrastructure Ransomware Exploit
The Challenge Prevention is better than just detection Humans struggle to keep up with the threats Reporting on security incidents after the fact does not solve the problem Security policy needs to be tailored to the customer and use case Timely use of threat intelligence at the point of enforcement is challenging
Proactive Defense Blocks Malicious Traffic at Firewall, Router and DNS Server Protect Prevent Outbound : Inbound : • Blocks malicious • Stops data theft, malware, phishing, attacks: botnets, exploit kits spam, DDoS, phishing, scanners • Blocks communications with • Reduces network threat actors load
Overview • Protects every device on the network regardless of attack type • Prevents data exfiltration • Threat categories blocked include: – Malware – Ransomware – Phishing sites – Proxies / anonymous proxies – Scanners / brute force attackers • Leverage geo blocking to provide additional protection • Automated, near-real time security updates • Current data to combat current threats: impossible for a human to keep up • Self-improving, feedback-based system
Inbound Attack Inbound Attack Protected by Without ThreatSTOP ThreatSTOP Inbound Attack Attempt Deflected Policies down ThreatSTOP Inbound Attack Cloud Deposits Malware Logs up Reporting Infection Admin spreads to other machines
Outbound Threats Outbound Threats Protected by Without ThreatSTOP ThreatSTOP Outbound Communications with Command & Control Blocks Outbound Policies Communications with down Command & Control Logs up Reporting Admin
For more information on ThreatSTOP, please contact: sales@threatstop.com 760.542.1550
Recommend
More recommend