The Global Rise of Cybercrime James Manson – Senior Solutions Engineer 1
Targets and Motives 2
Everyone is online Half the world’s population is online – 3.2Bn people Source: Tech Crunch 3
Australian online Statistics » 17 million Australians are active Facebook users out of a total population of 24.4 Million » 5 million Aussies using Instagram » 4 million signed up to LinkedIn » 4 million using Snap Chat » 3 million on Twitter » 15 million unique Australian visitors to YouTube Source: roi.com.au 4
Everything is connected In 2018 328m new devices go online each month By 2020 there will be 50Bn+ devices online 5
We live in cyberspace More than 75% of us 72% of Australians bank online shop online 6
Security events by the seconds Every 40 Every 10 In 2017, the seconds, a seconds, a estimated cost of company gets hit consumer gets ransomware is in with hit with the region of ransomware. ransomware $5bn Source: staysmartonline.gov.au 7
It’s now very lucrative OVER $1B WAS PAID TO RANSOMWARE CRIMINALS IN 2016 Source: CNN 8
Ransomware Trends 9
Exponential Growth of New Unknown Threats Threats Found Daily 100k 1.2M+ 320k+ 46k 25k New File New Phishing New Malicious New Malware New Malicious Encounters Sites IPs and PUAs URLs This includes Ransomware & Cryptoware Source: Webroot Threat Report 2017 10 10
How are they getting in? 11 11
The Need for Multi-Vector Protection 94% 90% Phishing was behind 90% † of 94%* of all malware is unique to a security incidents and breaches single endpoint, meaning most in 2017 malware is unknown Sources: † Verizon 2017 Data Breach Investigations Report.” Data Breach Report * Webroot Threat Report 2018 12 12
What’s happening with modern day threats? » 2017 – 120+ million types of malware » 320,000+ new malware variants/day » 90% of businesses reported a security incident » Since 2012, 71% of breaches have been against companies <100 employees » Continuous and complex attacks – APTs carefully crafted and executed – Micro-variants – Polymorphic – Social engineering + Ransomware » Volume & Complexity 13 13
Phishing is Prolific new zero-day phishing average new phishing yearly cost of phishing scams sites created per month 1 sites created per day 1 for US businesses 2 1 Webroot. Quarterly Threat Trends, Sept 2017. (Sept 2017) 2 FBI. FBI Warns of Dramatic Increase in Business E-Mail Scams. (April 2016) 14 14
So easy to let in but quite tricky to catch 15 15
So easy to let in but quite tricky to catch 16 16
So easy to let in but quite tricky to catch 17 17
Define and research Targets Design and Cover tracks and Acquire tools for remain infiltration undetected Intrusion and Obtain private Connection information Initiated 18 18
High-risk URLs 2016 19 19
High-risk URLs 2017 20 20
Guest WiFi Sources: https://latesthackingnews.com/2017/12/05/connecting-airport-wifi-safe-right-wrong; https://www.bleepingcomputer.com/news/security/cryptojackers- found-on-starbucks-wifi-network-github-pirate-streaming-sites/; https://www.zdnet.com/article/hackers-are-using-hotel-wi-fi-to-spy-on-guests-steal-data/ 21 21
Ransomware as a Service 22 22
The Emergence of CryptoJacking 23 23
Emerging threat vectors IoT 24 24
Notifiable Data Breach Scheme Allen Kim – Channel Manager James Manson – Senior Solutions Engineer 25 25
26 26
27 27
28 28
29 29
Best Practices for Security 30 30
Web Threats are Increasing www.legitimatesite.com of malicious links are hosted on 85%+ legitimate sites 31 31
RDP Prevalence RDP used by admins Gives hackers to control servers admin access to your remotely whole network The default port is Accounts can easy to scan for by usually be cracked an attacker with brute force 32 32
Macros Macros is a feature in MS Office that is exploited Macros & Visual Basic Script can be abused to when infecting a victim. Modern Office has this create “weaponised” Word documents feature switched off but users can be fooled into switching off their own security 33 33
Email A popular way of infecting devices for a long time Email filtering removes bad executables well but infected documents, script files and bad URLs have replaced them Gmail will soon block JavaScript files by default 34 34
Updates Windows UPDATE Adobe EVERYTHING Java (yes we know it’s a pain) MS Office Browsers Citrix Oracle AV Your TV Your Toaster… 35 35
Passwords Complexity 2 factor authentication Recovery options Expiry date 36 36
Backups 37 37
User Error is a Big Issue 95% of all successful cyber attacks is caused by human error 72% of all cyber attacks are targeted at SMBs \\ 35% SMBs would 50% would remain profitable 1 in 5 SMBs close for become after a data business as a result unprofitable in <1 breach month Source: IBM Cyber Security Intelligence Index 38 38
Cybersecurity Best Practice Continuous Security Awareness Training is key to any adequate defense-in-depth strategy. Data PEOPLE PROCESS Application Host Internal Network Security Perimeter Awareness TECHNOLOGY Training Physical Security Cybersecurity = People, Process (Procedures) and Technology The Three Pillars of Cybersecurity 39 39
Real or Fake? 40 40
Real or Fake? 4 May 31, 2018 41 41
Real or Fake? 4 May 31, 2018 42 42
Real Or Fake? 4 May 31, 2018 43 43
Cybersecurity Best Practice Continuous Security Awareness Training is key to any adequate defense-in-depth strategy. Data PEOPLE PROCESS Application Host Internal Network Security Perimeter Awareness TECHNOLOGY Training Physical Security Cybersecurity = People, Process (Procedures) and Technology The Three Pillars of Cybersecurity 44 44
Thank you Allen Kim – Channel Manager James Manson – Senior Solutions Engineer 45 45
Recommend
More recommend