Surviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa



Similar documents
N J C C I C NJ CYBERSECURITY AND COMMUNICATIONS INTEGRATION CELL

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Fighting Advanced Threats

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

2015 TRUSTWAVE GLOBAL SECURITY REPORT

Unknown threats in Sweden. Study publication August 27, 2014

Common Cyber Threats. Common cyber threats include:

Perspectives on Cybersecurity in Healthcare June 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Protecting Your Organisation from Targeted Cyber Intrusion

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Defending Against Cyber Attacks with SessionLevel Network Security

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

SPEAR PHISHING UNDERSTANDING THE THREAT

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Information Security Threat Trends

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Basic Security Considerations for and Web Browsing

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Why The Security You Bought Yesterday, Won t Save You Today


Malicious Network Traffic Analysis

Secure Your Mobile Workplace

Cyber Crime: You Are the Target

Don t Fall Victim to Cybercrime:

Understanding the Advanced Threat Landscape an MSPs Guide. IT Security: Enabled

Cyber liability threats, trends and pointers for the future

Description: Course Details:

Be Prepared for Java Zero-day Attacks

Digital Evidence and Threat Intelligence

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Securing Your Business s Bank Account

Marble & MobileIron Mobile App Risk Mitigation

Five Tips to Reduce Risk From Modern Web Threats

NATIONAL CYBER SECURITY AWARENESS MONTH

Cybersecurity Awareness. Part 1

Getting real about cyber threats: where are you headed?

MALWARE REPORT HALF-YEAR-REPORT JANUARY JUNE 2015 G DATA SECURITYLABS

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

CSUF Tech Day Security Awareness Overview Dale Coddington, Information Security Office

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

The need to protect against file-based attacks

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

Advanced Endpoint Protection

Protect Your Business and Customers from Online Fraud

Managing Web Security in an Increasingly Challenging Threat Landscape

Security Intelligence Services. Cybersecurity training.

Anti-exploit tools: The next wave of enterprise security

Practical Steps To Securing Process Control Networks

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Proactive security IT body armor against business attacks WHITE PAPER

Security A to Z the most important terms

Breaking the Cyber Attack Lifecycle

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

IBM Security Strategy

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Security Challenges and Solutions for Higher Education. May 2011

SECURITY THREATS: A GUIDE FOR SMALL AND MEDIUM BUSINESSES

Security Best Practices for Mobile Devices

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Invincea Advanced Endpoint Protection

Beyond Aurora s Veil: A Vulnerable Tale

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Malware & Botnets. Botnets

Presentation Objectives

Countermeasures against Bots

SentinelOne Labs. Advanced Threat Intelligence Report Predictions

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Open an attachment and bring down your network?

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Protecting your business from fraud

Exploring the Black Hole Exploit Kit

Spear Phishing Attacks Why They are Successful and How to Stop Them

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cybersecurity: A View from the Boardroom

Research Topics in the National Cyber Security Research Agenda

Almost 400 million people 1 fall victim to cybercrime every year.

Networks and Security Lab. Network Forensics

Web Application Worms & Browser Insecurity

CYBER SECURITY THREAT REPORT Q1

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Targeted attacks begin with spearphishing

Top five strategies for combating modern threats Is anti-virus dead?

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Secure and Web Browsing. Sébastien Dellabella Computer Security Team

Deep Security Vulnerability Protection Summary

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

ICS-CERT Incident Response Summary Report

white paper Malware Security and the Bottom Line

Defending Against Data Beaches: Internal Controls for Cybersecurity

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Defending Against. Phishing Attacks

Agenda , Palo Alto Networks. Confidential and Proprietary.

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Transcription:

Surviving and operating services despite highly skilled and well-funded organised crime groups Romain Wartel, CERN CHEP 2015, Okinawa 1

Operation Windigo (2011 - now) 30,000+ unique servers compromised in the last two years kernel.org, Linux Foundation, CPanel, many universities and research lab, public and private sector organisations A full ecosystem of advanced malware Ebury: SSH backdoor. Controls servers + steals credentials (signed RPM installed in the past. Infects libkeyutils.so) LinuxCdorked: stealth, file-less, multi-platform HTTP backdoor Perl/Calfbot: manages the payload, 35 million spams/day Linux/Onimiki: supporting Linux DNS malware Win32/Boaxxe.G: Click fraud malware Win32/Glupteba.M: Generic proxy/downloader malware Not just software: large-scale malicious infrastructure Fully distributed, complex infrastructure, using multi-tiered proxies, lots of obfuscation and encryption International gang, highly profitable activity - still ongoing 2

What are bad actors up to? No major evolution of the threat landscape Same infection techniques, same rootkits No major evolution of the Linux & Windows malware But most large attacks now target both platforms! Web (and Flash in particular) play prevalent role Significant uptake of Android malware ios malware still very rare But growing evidence of effective government-sponsored attacks Strong consolidation of the underground market/economy Severe competition between a handful of exploit kits (EK) Angler, Magnitude, Sweet Orange, Fiesta, RedKit, Nuclear, etc. Huge progress on time-to-market for exploits Only hours/days before vulnerabilities available in EK CVE-2015-0311 discovered as a Flash 0-day in Angler EK 3

Malware-as-a-service 4

Malware-as-a-service Malvertisement Purchased trafic Compromised website Source: Trustwave 5

Malware-as-a-service Source: Trustwave 6

Malware-as-a-service Source: Trustwave 7

Getting the victims to click Web: Gigantic attack surface Vulnerabilities (browser, PDF, Flash, etc.) Malvertisement Compromised (legitimate) websites Social network applications or plugins Malicious browser plugins, extensions Email: leading source of compromise 90%+ of breaches caused by spear phishing Extremely effective: 10 emails = 1 click guaranteed Targeted phishing: ~70% success rate 8

Learn & adapt Defend your organisation or (Linux) data center Must start defending Windows/Web/mobile realms too Ultimately, must defend people International collaboration is our main asset Main intrusion detection system at CERN in the last 5 years International community: sharing and trusting Strong knowledge on attack methods and tools Report about actual compromises or data leaks in our community Invaluable intelligence Engage & participate! Work on connections with industry and law enforcement Attackers arrested on a regular basis for attacking HEP organisations 9

Protect your people: Learn & adapt Raise awareness Organise training events (tools, methods) Write and advertise clear policies Do not overlook personal use and devices Protect your organisation Understand your adversaries Invest resources to have sufficient in-house capabilities Contribute to global efforts against cybercrime (botnet takedown ) Build your network of contacts in the security community Invest in threat intelligence and technical means to use it Treat security incidents as part of normal operations 10

Raising the bar Government security agency Targeted criminal organisation Untargeted criminal organisation Script kiddy Adversary sophistication } } } } Unfavorable battleground - Outcome unlikely positive Focus on protecting your people as best as possible Engage with community and dedicated experts Hire external (forensics, intel) consulting if needed Threat intelligence, international collaboration Advanced monitoring + traceability (SoC) Common sense and sysadmin good practice 11

Getting 80% protected Mail, or instant messaging Absolutely never click on links from emails Preferably go directly to the homepage of the website If not easily possible, copy/paste and carefully verify the link Malware comes via links or attachements (PDF, DOC, PPT) Unexpected email? Unknown sender? Unusual language? Factual mistakes and typos? Unusual request or practices? Web: Stop. Think. Click. Prefer Chrome, or at least Firefox, over Internet Explorer Use a different Web browser for personal & professional use Never click on popup windows or on update links for Flash or other plugins If possible, disable or at least configure click-to-play for Flash Do not install plugins or extensions. Absolutely never install drivers, video codecs, video players, add-ons bars 12

Computers Keep up-to-date with security patches. Enable automatic patching Run a good anti-virus Install or update from trusted sources only (your lab, Apple App Store, directly from the official vendor website). Never CNET/ download.com, etc. Phones Getting 80% protected Android is the primary target for malware Many Android phones very difficult to patch and very quickly unsupported Think before installing (check permissions required, user reviews, number of downloads, etc.) 13

Conclusions Criminal groups equally target Linux and other platforms Target victims Operate their services Expect large-scale and sophisticated attacks Protecting services is no longer sufficient Must defend people Across all their devices, both professional and personal Improve their online hygiene Web and mobile platforms are primary targets International collaboration is the a key aspect of defence 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information