why all why all why all social why all social ocial media
play

Why ALL Why ALL Why ALL Social Why ALL Social ocial Media ocial - PowerPoint PPT Presentation

Why ALL Why ALL Why ALL Social Why ALL Social ocial Media ocial Media edia Are edia Are Are Security Are Security ecurity Nightmares ecurity Nightmares ightmares! ightmares! Myspace is linked to your Facebook and its Twitterific!


  1. Why ALL Why ALL Why ALL Social Why ALL Social ocial Media ocial Media edia Are edia Are Are Security Are Security ecurity Nightmares ecurity Nightmares ightmares! ightmares! Myspace is linked to your Facebook and its Twitterific! David Jacoby Senior Security Researcher

  2. About Da About Da out David Jacob out David Jacob vid Jacoby vid Jacoby  Senior Security Researcher  Global Research and Analysis Team  Vulnerability and Threat Management  Spokesperson   Web Application Security Web Application Security  Alternative Operating Systems  Read about security!  Write about security!  Talk about security!  Work with security! Sep 22, 2011 The Kaspersky Security Symposium, Munich

  3. What What We What What We We Kno We Kno now now  What we already know about social media and security  Koobface  Phishing attacks  Clickjacking  Malicious applications  Malvertising  Used for C&C servers  Used for C&C servers  Malicious links  Extreme information exposure  Client vulnerabilities Sep 22, 2011 The Kaspersky Security Symposium, Munich

  4. KoobF KoobF oobFace oobFace ce ce  KoobF oobFace ce  Facebook  MySpace MySpace  Twitter Friendster   and others...  Multi-platform  Microsoft Windows  Mac OS X  Linux  Two social engineering attacks  Tricked users to visit a link Tricked users to update Adobe Flash  Sep 22, 2011 The Kaspersky Security Symposium, Munich

  5. Link LinkedIn Phishing A Link LinkedIn Phishing A edIn Phishing Attempt edIn Phishing Attempt  Collects username / passwords  Looks VERY authentic Sep 22, 2011 The Kaspersky Security Symposium, Munich

  6. Twitt Twitt itter Bo itter Bo Botne Botne tnet tnet  Twitter used as C&C Server  Encrypted (HTTPS) Sep 22, 2011 The Kaspersky Security Symposium, Munich

  7. Social Social Social Media Social Media Media Are Media Are re Here re Here Here to Here to to Sta to Sta Stay Stay  Total Facebook users  About 50% of the population in the United States and United Kingdom p p g source: SocialBakers Sep 22, 2011 The Kaspersky Security Symposium, Munich

  8. Social Social Social Media Social Media Media Are Media Are re Here re Here ere to ere to to Sta to Sta Stay Stay  Total Facebook users in Europe  211 512 380 users - 26.6% of the population p p source: SocialBakers Sep 22, 2011 The Kaspersky Security Symposium, Munich

  9. Social Social Social Media Social Media Media Are Media Are re Here re Here ere to ere to to Sta to Sta Stay Stay  Facebook vs. LinkedIn source: SocialBakers source: SocialBakers source: SocialBakers source: SocialBakers Sep 22, 2011 The Kaspersky Security Symposium, Munich

  10. What What Can What Can What Can We Expect Can We Expect xpect fr xpect fr from from om Vendors om Vendors ndors? ndors?  Who is responsible for „security“?  People don‘t really understand that WE are responsible p y p  What type of „security“ can we expect?  Vendors handle security for their property Sep 22, 2011 The Kaspersky Security Symposium, Munich

  11. The Ne The New The Ne The New w Era w Era ra of Social ra of Social of Social Media of Social Media Media Media Sep 22, 2011 The Kaspersky Security Symposium, Munich

  12. What What What Are What Are Are the Are the the Real the Real eal Threats eal Threats hreats? hreats?  Attacks exploit trust  This makes social engineering attacks very powerful! g g y p Sep 22, 2011 The Kaspersky Security Symposium, Munich

  13. What What Are What What Are Are the Are the the Real the Real eal Threats eal Threats hreats? hreats?  Attacks exploit ignorance  We are willing to take risks just to get connected even we know its a g j g risk! Sep 22, 2011 The Kaspersky Security Symposium, Munich

  14. What What Are What What Are re the re the the Real the Real eal Threats eal Threats hreats? hreats?  „ Leapfrog attacks“  We re-use information (accounts, passwords), which can lead to other ( p ) systems Sep 22, 2011 The Kaspersky Security Symposium, Munich

  15. What What Are What What Are Are the Are the the Real the Real eal Threats eal Threats hreats? hreats? You can You can u can pr u can pr protect protect ect yo ect yo yourself against yourself against against technical vulnerabilities against technical vulnerabilities chnical vulnerabilities chnical vulnerabilities, but ho but how do y w do you secure a mindse u secure a mindset? t? Sep 22, 2011 The Kaspersky Security Symposium, Munich

  16.  D  David Jacoby id J b david.jacoby@kaspersky.com +46-707-359001 46 707 359001 http://www.securelist.com

  17. Summar Summar Summary Summary  We already know a lot about social network platforms  Social media are a part of our life; therefore very hard to Social media are a part of our life; therefore, very hard to limit  We can protect ourselves against technical We can protect ourselves against technical vulnerabilities, but not social vulnerabilities  Social media are exploiting ignorance and trust Social media are exploiting ignorance and trust  We expect more attacks for social media platforms  Attackers need only a very low attack rate to succeed  Att k d l l tt k t t d  We are now facing „user-generated attacks“ Sep 22, 2011 The Kaspersky Security Symposium, Munich

Recommend


More recommend