Date post: | 19-Mar-2018 |
Category: |
Documents |
Upload: | trannguyet |
View: | 223 times |
Download: | 6 times |
1
Anatomy of a Data Breach
Tim Matthews Director, Product Marketing
Anatomy of a Data Breach
Relevant Modes of Data Loss
Well Meaning Insider
• Lost Laptop
• Data Spills
• Posting to P2P Networks
Malicious Insider
• Stolen USB Drive
• Anonymizing Proxies
External Adversaries
• Nationalists
• Crime Rings
• Hactivists
Anatomy of a Data Breach 2
Adversary Profile: Nationalists
3 Anatomy of a Data Breach
• Extensive research on target
• Adversary Objective
• Exfiltration or disruption of operations
Means of Attack
• Hydraq (Aurora)
• Stuxnet
• GhostNet
• TitanRain
• Moonlight Maze
Examples
Adversary Profile: Crime Rings
• Targeted attack, Banking trojans, Phishing
• Adversary Objective
• Incursion and exfiltration leading to mass fraud and brand damage
Means of Attack
• Epsilon breach
• Zeus, Clampi
• Storm Botnet, Mariposa, McColo Examples
4 Anatomy of a Data Breach
Adversary Profile: Malicious Insiders
5
• IP theft via email/webmail, USB, laptop
• Adversary Objective
• Financial gain, revenge
Means of Attack
• Many financial organizations
• GM design document theft
• NASA espionage bust
• CD/DVD, P2P, TOR
Examples
Anatomy of a Data Breach
Adversary Profile: Hacktivists
6
• Abuse of insider access, social-engineering and/or quasi-legal technical tools
• Adversary Objective
• Political activism and revenge
Means of Attack
• U.S. Army
• U.S. Department of State
• Major financial institutions Examples
Anatomy of a Data Breach
Overview of Data Breach Trends
Anatomy of a Data Breach 7
Trends in Causes of Data Breaches
Anatomy of a Data Breach 8
(Trends in Causes of Data Breaches, 2005–2010, courtesy Verizon Business RISK Team)
Data Breaches by Sector
Anatomy of a Data Breach 9
Avg. # of Identities Exposed per Data Breach by Sector
Volume of Data Breaches by Sector
Threat Landscape Trends
Anatomy of a Data Breach 10
Social Networking + social engineering = compromise
Attack Kits
get a caffeine boost
Targeted Attacks continued to evolve
Hide and Seek (zero-day vulnerabilities and rootkits)
Mobile Threats increase
Four Phases of an Attack
Anatomy of a Data Breach 11
Textbook Controls are Failing to Protect Data
Anatomy of a Data Breach
Access Controls and Compartmentalization should act as filters for confidential information, but are not sufficient protection for most companies
Compartmentalization Access Controls
Confidential Information
Laptops Servers Network Shares
Data is then lost via:
Data Spills
Network Communications
Laptops Removable Media
12
Data Breach Scenarios
Anatomy of a Data Breach 13
Disgruntled Employee
• Setup – Utility did Data Loss Prevention (DLP) risk assessment with Symantec
– Configured to detect large downloads of confidential data
– DLP detected an employee doing mass downloads to a thumb drive
– Investigations revealed employee was planning defection to competition
• Implications – Damaging leak of enterprise IP was detected and controlled before loss
– This profile (technically simple malicious activity) fits most cases of theft
– Large scale rollout of these protections now underway
vs. Malicious Insider Large American Utility
Protecting Your Information in the Age of WikiLeaks 14
Hacker
• Setup
– March 2010: Shell reports breach of personal details of over 170k employees
– Details leaked to political adversaries of Shell: GreenPeace, Friends of Earth
– Investigation is now ongoing but suspicions are “Hacktivists” stole the data
• Implications
– Data has been purposefully leaked on to the open Internet
– Personal details (ph #s, home addresses) exposed to the outside world
– Security risk to Shell employees
Anatomy of a Data Breach
External Adversary
15
Hackers vs. Royal Dutch Shell
Donor Database Inadvertently Leaked
• Setup – Well meaning insider mistakenly posted donor details
– No process in place to monitor or detect such exposures
• Implications – Identities of campaign contributors on display
– WikiLeaks activists discovered the breach and distributed it
– Embarrassing breach disclosure process ensued
Anatomy of a Data Breach
and Well Meaning Insider Campaign Office for U.S.
Senate Run
16
Summary of Relevant Defensive Techniques
17 Anatomy of a Data Breach
Recommended Countermeasures
• Deploy device control
• Encrypt laptops
• Update access control policies
• Employ security awareness training
• Conduct regular data loss risk assessments
• Monitor traffic to anonymizing proxies
• Monitor P2P traffic
Anatomy of a Data Breach 18
Basic Protections
Recommended Countermeasures
Anatomy of a Data Breach
19
Advised Controls for “At Risk” Organizations
• Identify critical information assets
• Develop content-aware policies to drive remediation
• Detect high risk data exposure and data flow
• Prevent large scale exfiltration
• Encrypt exposed confidential data
• Blacklist onion routing applications
19
Summary of Crucial Defensive Technologies
• Advanced Reputation Security
• Security Incident and Event Management
• Host Intrusion Prevention
• Strong Authentication
• Data Loss Prevention
• Encryption
• Network Threat/Vulnerability Monitoring
Anatomy of a Data Breach 20
Recommended Actions
• Begin formulating your data protection policy
• Assess your risk
• Identify key cross functional stakeholders
• Start investigating technology solutions
• Drive a cross functional team to address risk
Anatomy of a Data Breach 21
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
22 Anatomy of a Data Breach
Tim Matthews
Director, Product Marketing