Zero day attacks anatomy & countermeasures. By Cade Zvavanjanja Cybersecurity Strategist

Transcription

1 Zero day attacks anatomy & countermeasures By Cade Zvavanjanja Cybersecurity Strategist

2 Question? How do you secure against something Your security system can t capture, your experts don t know, your vendors don t know and the tech community doesn t know? ~ Which is only known by the attacker(s)!

3 Outline: Key terms Anatomy of Zero days Attack methodology Zero day attack(s) Countermeasures Way forward Economics of cybersecurity Q & A References

4 Key term(s): Zero-day exploits are cyber-attacks against software/hardware vulnerabilities that are unknown and have no patch or fix.

5 Introduction: Traditional security tools rely on malware binary signatures or the reputation of outside URLs and servers. By definition, these defenses identify only known, confirmed threats. At the same time, operating system-level protections such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are becoming less effective

6 Intro Cont. An attacker can easily hijack a legitimate website to bypass a blacklist. Code morphing and obfuscation techniques generate new malware variants faster than traditional security firms can generate new signatures. And spam filters will not stop lowvolume, targeted spear-phishing attacks. ASLR bypassing methods to neutere once-effective safeguard.

7 Intro Cont. Zero day attacks are rising in prominence They tend to be behind the most devastating attacks these days Generally used by very high end criminals and nation states You usually don t know about the attack unless there are other indicators

8 Key term(s)

9 Lifespan of Zero-day: typical zero-day attack lasts an average of eight months and can last close to three years in some cases. That gives attacks ample time to steal organizations most valuable assets and leave before anyone knows what happened. Not surprisingly, zero-day exploits are heavily used in targeted attacks. These secret weapons give attackers a crucial advantage over their targets.

10

11 Zero Day Anatomy

12 Introduction

13 Threat landscape:

14 Countermeasures:

15

16

17 Way Forward

18 Economics of Cybersecurity

19 What is the ratio between events received and action taken? What is the efficacy level in the events & incidents you identify (i.e. the real cyber attack event to false positive ratio)? How many cycles do you iterate through to get from an event(s) to an action; is it timely and cost efficient? (Can you rank the processes/tools you leverage today in terms of man-hours and skills required to get to to action?)

20 Do you align, prioritize and qualify events against against business goals and impact (How many cycles does this take)? Make the assessment using the framework & success criteria below to evaluate the key time and cost multipliers in your event/incident security process, so you can validate the economic value that comes from the processes and tools you leverage today, to see which are effective and which are not?

21 Q& A: Thank You Cade Zvavanjanja Director - Zimbabwe Cybersecurity Center [email protected]

22 References Zero Day Malware Threat Prevention Ensuring Document Safety with Outside In Clean Content Oracle brief july 2015 The Best Defenses Against Zero-day Exploits for Various-sized Organizations SANS I September 21st 2014: David Hammarberg Attack Zombie-Zero.pdf Internet Security Threat ReportInternet Report Symatic, APRIL k-zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks A Review on Zero Day Attack Safety Using Different Scenarios 2015 Harshpal R Gosavi and Anant M Bagade Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks IJRITCC February 2015, Vincy Rose Chacko Regulating the zero-day vulnerability trade: a preliminary analysis 2014: mailyn fidler