Date post: | 02-Nov-2014 |
Category: |
Technology |
Upload: | symantec-apj |
View: | 19 times |
Download: | 3 times |
Symantec Internet Security Threat Report (ISTR), Volume 16 1
Internet Security Threat Report (ISTR) Vol. 16Highlights and Recommended Defenses
Agenda
Symantec Internet Security Threat Report (ISTR), Volume 16 2
Threat Landscape: Key Trends1
ISTR 16: Key Findings2
Best Practices for Protection3
Symantec Internet Security Threat Report (ISTR), Volume 16 3
Threat Landscape: Key Trends
Symantec Internet Security Threat Report (ISTR), Volume 16 4
Threat Landscape2010 Trends
Symantec Internet Security Threat Report (ISTR), Volume 16 5
Social Networking
+ social engineering = compromise
Attack Kits get a caffeine boost
Targeted Attacks continued to evolve
Hide and Seek
(zero-day vulnerabilities and rootkits)
Mobile Threats increase
Threat Landscape Targeted Attacks continue to evolve
Symantec Internet Security Threat Report (ISTR), Volume 16 6
• High profile attacks in 2010 raised awareness of impact of APTs
• Stuxnet was incredibly sophisticated– Four zero-day vulnerabilities
– Stolen digital signatures
– Ability to “leap” the air gap with USB key
– Potential damage to infrastructureDetailed review in the:W32.Stuxnet Dossier& W32.Stuxnet
More Info:
Threat Landscape Targeted Attacks continue to evolve
Symantec Internet Security Threat Report (ISTR), Volume 16 7
• Less sophisticated attacks also cause significant damage
• Average cost of U.S. data breach in 2010: $7.2 million
Average # of Identities Exposed per Data Breach by Cause
Threat Landscape Social Networking + Social Engineering = Compromise
Symantec Internet Security Threat Report (ISTR), Volume 16 8
• Hackers have adopted social networking – Use profile information to create targeted social engineering
– Impersonate friends to launch attacks
– Leverage news feeds to spread spam, scams and massive attacks
Detailed review of Social Media threats available in The Risks of Social Networking
More Info:
Threat Landscape Social networking + Social Engineering = Compromise
Symantec Internet Security Threat Report (ISTR), Volume 16 9
• Shortened URLs can hide malicious links, increasinginfections
• 73% of shortened URLS (malicious) were clicked 11+ times
Threat Landscape Hide and Seek (Zero-day Vulnerabilities and Rootkits)
• Zero-day trend is up• Being used more
aggressively by hackers
• Attack toolkits help spread zero-day exploits more quickly
Symantec Internet Security Threat Report (ISTR), Volume 16 10
Number of documented ‘zero-day’ vulnerabilities
Threat Landscape Hide and Seek (Zero-day Vulnerabilities and Rootkits)
• Rootkits taking more aggressive hold – Tidserv, Mebratix, and Mebroot are current front-runners
– U.S. is main source of Tidserv bot-infected computers
– Modify the master boot record (MBR) on Windows computers to gain control of the computer (see below)
Symantec Internet Security Threat Report (ISTR), Volume 16 11
More Info:
Security Response Threat Writeups:
Tidserv + Mebroot
Threat Landscape Attack Kits Get a Caffeine Boost
Symantec Internet Security Threat Report (ISTR), Volume 16 12
• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared
More Info:
Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
Threat Landscape Mobile Threats• Most malware for mobiles are Trojans posing as legitimate apps
• Mobiles will be targeted more when used for financial transactions
Symantec Internet Security Threat Report (ISTR), Volume 16 13
163 vulnerabilities
2010
115 vulnerabilities
2009
42% increase
Symantec Internet Security Threat Report (ISTR), Volume 16 14
ISTR 16: Key Findings
Symantec™ Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors• 200+ countries
Malware Intelligence• 133M client, server,
gateways monitored• Global coverage
Vulnerabilities• 40,000+ vulnerabilities• 14,000 vendors• 105,000 technologies
Spam/Phishing• 5M decoy accounts• 8B+ email messages/day• 1B+ web requests/day
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
15
Symantec Internet Security Threat Report (ISTR), Volume 16
Key Facts and FiguresReport Appendix Structure
Symantec Internet Security Threat Report (ISTR), Volume 16 16
❶❷Malicious code takes advantage of vulnerabilities in OS, programs, applications, etc.
❸ This can lead to your computer, laptop or mobile phone being infected with threats like viruses, worms or Trojans
❹ It may also lead to ID theft and other forms of fraud
Threat Activity TrendsMalicious Activity by Country
Symantec Internet Security Threat Report (ISTR), Volume 16 17
Threat Activity TrendsData Breaches by Sector• Average cost to resolve a data breach in
U.S. was $7.2 million
• 85% of identities exposed were customers
Symantec Internet Security Threat Report (ISTR), Volume 16 18
Average Number of Identities Exposed per Data Breach by Sector
Average Number of Identities Exposed per Data Breach by Cause
Threat Activity TrendsWeb-based Attacks• 93% increase in Web-based attacks from 2009 to 2010 • Spikes related to specific activities (new attack kits, current
events, etc.)
Symantec Internet Security Threat Report (ISTR), Volume 16 19
Vulnerability TrendsWeb Browser Plug-In Vulnerabilities
Symantec Internet Security Threat Report (ISTR), Volume 16 20
• Number of Flash and Reader vulnerabilities continued to grow
Malicious Code TrendsTop Malicious Code Families
Symantec Internet Security Threat Report (ISTR), Volume 16 21
Fraud Activity TrendsPhishing Categories• 56% of phishing attacks spoofed banks • Email-based fraud attempts continue to leverage current events
Symantec Internet Security Threat Report (ISTR), Volume 16 22
Fraud Activity TrendsUnderground Economy Servers• Credit card information & bank account credentials still on top• Big range in bulk prices for credit cards
Symantec Internet Security Threat Report (ISTR), Volume 16 23
Symantec Internet Security Threat Report (ISTR), Volume 16 24
Symantec Internet Security Threat Report (ISTR), Volume 16 25
Best Practices for Protection
Defenses Against Targeted AttacksAdvanced Reputation Security• Detect and block new and unknown threats based on reputation and ranking
Host Intrusion Prevention• Implement host lock-down as a means of hardening against malware infiltration
Removable Media Device Control• Restrict removable devices and functions to prevent malware infection
Email & Web Gateway Filtering• Scan and monitor inbound/outbound email and web traffic and block accordingly
Data Loss Prevention• Discover data spills of confidential information that are targeted by attackers
Encryption• Create and enforce security policy so all confidential information is encrypted
Network Threat and Vulnerability Monitoring• Monitor for network intrusions, propagation attempts and other suspicious traffic patterns
Symantec Internet Security Threat Report (ISTR), Volume 16 26
Defenses Against Hide and Seek (Zero-Days & Rootkits)
Advanced Reputation Security
• Detect and block new and unknown threats based on reputation and ranking
Security Incident and Event Management
• Detect and correlate suspicious patterns of behavior
Network Threat and Vulnerability Monitoring
• Leverage external services to monitor and correlate security events
Vulnerability Assessment
• Ensure network devices, OS, databases and web applications systems are properly configured• Determine whether or not a vulnerability is truly exploitable
Host Intrusion Prevention
• Implement host lock-down as a means of hardening against malware infiltration
Symantec Internet Security Threat Report (ISTR), Volume 16 27
Defenses Against Social Engineering
Symantec Internet Security Threat Report (ISTR), Volume 16 28
• Scans all potentially malicious downloads regardless of how the download is initiated• Prevent users from being redirected to malicious Websites
Web Gateway Security
• Discover concentrations of confidential information downloaded to an employee’s PC
Data Loss Prevention
• Monitor and protect critical systems from exploitation• Protect against misleading applications like fake antivirus• Prevent drive-by download web attacks
Network and Host Based Intrusion Prevention
• Two-factor authentication to protect against socially engineered password theft
Strong Authentication
• Ensure employees become the first line of defense
Security Awareness Training
Defenses Against Mobile Threats
• Remotely wipe devices in case of theft or loss• Update devices with applications as needed without physical access• Get visibility and control of devices, users and applications
Device Management
• Guard mobile device against malware and spam• Prevent the device from becoming a vulnerability
Device Security
• Identify confidential data on mobile devices• Encrypt mobile devices to prevent lost devices from turning into lost confidential data
Content Security
• Strong authentication and authorization for access to enterprise applications and resources• Allow access to right resources from right devices with right postures
Identity and Access
Symantec Internet Security Threat Report (ISTR), Volume 16 29
Determine Your Level of Security• Symantec offers security assessments to reveal gaps in protection
Symantec Internet Security Threat Report (ISTR), Volume 16
Data Loss Risk Assessment
Vulnerability Assessment
Malicious Activity Assessment
Targeted Attack Assessment
Security Advisory Services • Assessment Services• PCI Assessments• Security Program Assessments
30
Stay Informed: Additional Resources
Symantec Internet Security Threat Report (ISTR), Volume 16 31
Build Your Own ISTRgo.symantec.com/istr
Daily measure of global cybercrime risksnortoncybercrimeindex.com
Stay Abreast of Latest ThreatsTwitter.com/threatintel
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
Symantec Internet Security Threat Report (ISTR), Volume 16 32
For more information, download:Internet Security Threat Report (ISTR) Vol. 16
Reputation-based Security Whitepaper