SlideShare uma empresa Scribd logo

CyberCrime in the Cloud and How to defend Yourself

Transferir como PPT, PDF
Alert Logic
Alert Logic
Internet
1 de 36
Cybercrime in the Cloud and how to defend yourself Stephen Coty Chief Security Evangelist
Threats in the Cloud are Increasing With Adoption • Increase in attack frequency • Traditional on-premises threats are moving to the cloud • Majority of cloud incidents were related to web application attacks, brute force attacks, and vulnerability scans • Brute force attacks and vulnerability scans are now occurring at near-equivalent rates in both cloud and on-premises environments • Malware/Botnet is increasing year over year
Cloud Attacks With the Biggest Change • Cloud environments saw significant increases with brute force attacks climbing from 30% to 44% of customers, and vulnerability scans increasing from 27% to 44% • Malware/botnet attacks, historically the most common attacks in the on- premises datacenter, are on the rise in CHP environments
Why Honeypots Honeypots give us a unique data set Simulates vulnerable systems without the risk of real data loss Gives the ability to collect intelligence from malicious attackers Allows for collection of various different attacks based on system Helps identify what industry specific targets are out there
Honeypot Designs • The honeypot data cited was gathered using - Low-interaction – Simulates high level services - Medium Interaction – Delivers form pages and collects Keystrokes - SCADA – Simulates a (Supervisory Control And Data Acquisition) system - Web application software that emulates a vulnerable OS and application • Fictitious business domains have been created to redirect traffic to what would be considered a legitimate business • These particular honeypots monitored connections to common ports and gathered statistics on IP, country, and malware, if submitted
Global Analysis
The Technology
Firewall/ACL Intrusion Detection Deep Packet Forensics Network DDOS Netflow Analysis Backup Patch MgmtVulnerabilities Server/App Log Mgmt SDLC Anti-Virus Encryption GPG/PGP Host Anti Malware FIM NAC Scanner Mail/Web Filter Scanner IAM Central Storage http://aws.amazon.com/security/security-resources/ Security Architecture
Data Correlation is the Key
SIEM Operations 8.2 Million Per Day 40,000 Per Month
The People
Enterprise Cyber Security Teams Monitor and Maintain non-managed hardware deployment uptime Operational Implementation of all security infrastructure Incident Response Team Collect and Maintain content for all non-managed devices Cyber Security Awareness Program Network and Application Penetration Testing and Audit Team
24x7 Security Operations Center and Intelligence Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
Monitoring the Social Media Accounts
Following IRC and Forums
Tracking and Predicting the Next Move • He is a guy from a European country/ (Russia) • His handle or nick is madd3 • Using ICQ 416417 as a tool of communication (illegal transaction) • A simple /whois command to the nick provided us with good information • 85.17.139.13 (Leaseweb) • ircname : John Smith • channels : #chatroom • server : irc.private-life.biz [Life Server] • Check this out user has another room. #attackroom4 • We can confirm that Athena version 2.3.5 is being use to attack other sites. • 2,300 infected Users • Cracked Software is available in forums • As of today 1 BTC to $618.00 or £361.66
Forums to Follow – darkode.com & exploit.in- Russian Forums to Follow – darkode.com & exploit.in- Russian
Cloud Security Best Practices
Cloud Environments 101
Eight Best Practices of Cloud Security 1. Secure your code 2. Create access management policies 3. Adopt a patch management approach 4. Review logs regularly 5. Build a security toolkit 6. Stay informed of the latest vulnerabilities that may affect you 7. Understand your cloud service providers security model 8. Understand the shared security responsibility
1. Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • Stay informed
2. Create Access Management Policies • Identify data infrastructure that requires access • Define roles and responsibilities • Simplify access controls (KISS) • Continually audit access • Start with a least privilege access model
3. Adopt a Patch Management Approach • Inventory all production systems • Devise a plan for standardization, if possible • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
4. Importance of Log Management and Review • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected • Data types (Windows, Syslog) • Review process • Live monitoring • Correlation logic
5. Build a Security Toolkit • Recommended Security Solutions - Antivirus - IP tables - Intrusion Detection System - Malware Detection - Web Application Firewalls - Anomaly behavior via netflow - Future Deep Packet Forensics
6. Stay Informed of the Latest Vulnerabilities • Websites to follow - http://www.securityfocus.com - http://www.exploit-db.com - http://seclists.org/fulldisclosure/ - http://www.securitybloggersnetwork.com/
7. Understand Your Cloud Service Providers Security Model • Review of Service Provider Responsibilities • Hypervisor Example • Questions to use when evaluating cloud service providers
8. Service Provider & Customer Responsibility Summary Cloud Service Provider Responsibility Foundation Services Hosts • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis Apps • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Network threat detection • Security monitoring Networks Customer Responsibility Compute Storage DB Network
Examples of Shared Responsibilities
Cloud Server Architecture • VM Servers are designed so that the hypervisor (or monitor, or Virtual Machine Manager) is the only fully privileged entity in the system, and has an extremely small footprint. • It controls only the most basic resources of the system, including CPU and memory usage, privilege checks, and hardware interrupts
How the Hypervisor functions • In this model the processor provides 4 levels, also known as rings, which are arranged in a hierarchical fashion from Ring 0 to Ring 3. Only 0, 1 and 3 have privilege, some kernel designs demote curtain privileged components to ring 2 • The operating system runs in ring 0 with the operating system kernel controlling access to the underlying hardware • To assist virtualization, VT and Pacifica insert a new privilege level beneath Ring 0. Both add nine new machine code instructions that only work at "Ring -1," intended to be used by the hypervisor
Application Exploitation – Without Secure Coding WordPress: 162,000 legitimate sites used for DDos attack •Exploited the XML-RPC Protocol •Pingback enabled sites were exploited - Trackback - Pingbacks - Remote Access via mobile devices •Generated over 24 million hits at a rate of 3,000 hits per second •Random query of “?4137049=643182” bypasses cache and forces full page reloads •Check logs for POST requests to the XML-RPC file
Application Exploitation – Without Secure Coding • This June 0Day allows an attacker to remotely remove and modify files stored on the server without authentication • TimThumb ,written by Ben Gilbanks, is a simple, flexible, PHP script that resizes images. You give it a bunch of parameters, and it spits out a thumbnail image that you can display on your site. • Looking at the type of vulnerabilities that hackers were trying to exploit, we saw a clear preference for Remote File Inclusion vulnerabilities, which accounted for 96% of all vulnerability types • Patch was released in Q3
6. Stay Informed of the Latest Vulnerabilities • Websites to follow - http://www.securityfocus.com - http://www.exploit-db.com - http://seclists.org/fulldisclosure/ - http://www.securitybloggersnetwork.com/
Thank you.

Recomendados

Cloud computing
Cloud computingCloud computing
Cloud computing
Rohith Shankar
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
commandersaini
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
commandersaini
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
George Delikouras
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?
Savvius, Inc
 

Recomendados

Cloud computing
Cloud computingCloud computing
Cloud computing
Rohith Shankar
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
commandersaini
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
commandersaini
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
George Delikouras
 
G0314043
G0314043G0314043
G0314043
iosrjournals
 
Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?Your Applications Are Distributed, How About Your Network Analysis Solution?
Your Applications Are Distributed, How About Your Network Analysis Solution?
Savvius, Inc
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
Reza Pahlava
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Antonio Sanz Alcober
 
Containers the next era of computing
Containers the next era of computingContainers the next era of computing
Containers the next era of computing
Bangladesh Network Operators Group
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Nithin Raj
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
Anne Starr
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD Environment
Iben Rodriguez
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
Tzar Umang
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
Cisco Canada
 
S series presentation
S series presentationS series presentation
S series presentation
Sergey Marunich
 
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_PresentationRyan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan Holt
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technology
Deep Ranjan Deb
 
VMworld 2013: VMware NSX: A Customer’s Perspective
VMworld 2013: VMware NSX: A Customer’s Perspective VMworld 2013: VMware NSX: A Customer’s Perspective
VMworld 2013: VMware NSX: A Customer’s Perspective
VMworld
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
MarketingArrowECS_CZ
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
Iben Rodriguez
 
CS III.1 T. Jorgensen
CS III.1 T. JorgensenCS III.1 T. Jorgensen
CS III.1 T. Jorgensen
IAU_Past_Conferences
 
Security Problem With Cloud Computing
Security Problem With Cloud ComputingSecurity Problem With Cloud Computing
Security Problem With Cloud Computing
Martin Bioh
 

Mais conteúdo relacionado

Mais procurados

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
Ajay Rathi
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
Anne Starr
 
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_PresentationRyan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan Holt
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
Iben Rodriguez
 

Mais procurados (20)

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Containers the next era of computing
Containers the next era of computingContainers the next era of computing
Containers the next era of computing
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD Environment
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
S series presentation
S series presentationS series presentation
S series presentation
 
Ryan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_PresentationRyan_Holt_MS_Thesis_Project_Presentation
Ryan_Holt_MS_Thesis_Project_Presentation
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technology
 
VMworld 2013: VMware NSX: A Customer’s Perspective
VMworld 2013: VMware NSX: A Customer’s Perspective VMworld 2013: VMware NSX: A Customer’s Perspective
VMworld 2013: VMware NSX: A Customer’s Perspective
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 

Destaque

Assignment of trademarks
Assignment of trademarksAssignment of trademarks
Assignment of trademarks
Altacit Global
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentation
Priyanka Sharma
 

Destaque (20)

CS III.1 T. Jorgensen
CS III.1 T. JorgensenCS III.1 T. Jorgensen
CS III.1 T. Jorgensen
 
Security Problem With Cloud Computing
Security Problem With Cloud ComputingSecurity Problem With Cloud Computing
Security Problem With Cloud Computing
 
data storage security technique for cloud computing
data storage security technique for cloud computingdata storage security technique for cloud computing
data storage security technique for cloud computing
 
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Ensuring data storage security in cloud computing
Ensuring data storage security in cloud computingEnsuring data storage security in cloud computing
Ensuring data storage security in cloud computing
 
Are you using mail policies effectively to secure your mail
Are you using mail policies effectively to secure your mail Are you using mail policies effectively to secure your mail
Are you using mail policies effectively to secure your mail
 
Telenor
TelenorTelenor
Telenor
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
 
From byod to cyod
From byod to cyodFrom byod to cyod
From byod to cyod
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assets4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assets
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your business
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Data storage security in cloud computing
Data storage security in cloud computingData storage security in cloud computing
Data storage security in cloud computing
 
Cloud computing(ppt)
Cloud computing(ppt)Cloud computing(ppt)
Cloud computing(ppt)
 
Assignment of trademarks
Assignment of trademarksAssignment of trademarks
Assignment of trademarks
 
Lect15 cloud
Lect15 cloudLect15 cloud
Lect15 cloud
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentation
 
cloudcomputing ppt
cloudcomputing pptcloudcomputing ppt
cloudcomputing ppt
 

Semelhante a CyberCrime in the Cloud and How to defend Yourself

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
 

Semelhante a CyberCrime in the Cloud and How to defend Yourself (20)

Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
 
VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environment
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
 
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIOCISCO SECURITY INTELLIGENCE OPERATIONS SIO
CISCO SECURITY INTELLIGENCE OPERATIONS SIO
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Network security
Network securityNetwork security
Network security
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 

Mais de Alert Logic

Mais de Alert Logic (20)

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 

Último

Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 

Último (20)

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 

CyberCrime in the Cloud and How to defend Yourself

  • 1. Cybercrime in the Cloud and how to defend yourself Stephen Coty Chief Security Evangelist
  • 2. Threats in the Cloud are Increasing With Adoption • Increase in attack frequency • Traditional on-premises threats are moving to the cloud • Majority of cloud incidents were related to web application attacks, brute force attacks, and vulnerability scans • Brute force attacks and vulnerability scans are now occurring at near-equivalent rates in both cloud and on-premises environments • Malware/Botnet is increasing year over year
  • 3. Cloud Attacks With the Biggest Change • Cloud environments saw significant increases with brute force attacks climbing from 30% to 44% of customers, and vulnerability scans increasing from 27% to 44% • Malware/botnet attacks, historically the most common attacks in the on- premises datacenter, are on the rise in CHP environments
  • 4. Why Honeypots Honeypots give us a unique data set Simulates vulnerable systems without the risk of real data loss Gives the ability to collect intelligence from malicious attackers Allows for collection of various different attacks based on system Helps identify what industry specific targets are out there
  • 5. Honeypot Designs • The honeypot data cited was gathered using - Low-interaction – Simulates high level services - Medium Interaction – Delivers form pages and collects Keystrokes - SCADA – Simulates a (Supervisory Control And Data Acquisition) system - Web application software that emulates a vulnerable OS and application • Fictitious business domains have been created to redirect traffic to what would be considered a legitimate business • These particular honeypots monitored connections to common ports and gathered statistics on IP, country, and malware, if submitted
  • 8. Firewall/ACL Intrusion Detection Deep Packet Forensics Network DDOS Netflow Analysis Backup Patch MgmtVulnerabilities Server/App Log Mgmt SDLC Anti-Virus Encryption GPG/PGP Host Anti Malware FIM NAC Scanner Mail/Web Filter Scanner IAM Central Storage http://aws.amazon.com/security/security-resources/ Security Architecture
  • 12. Enterprise Cyber Security Teams Monitor and Maintain non-managed hardware deployment uptime Operational Implementation of all security infrastructure Incident Response Team Collect and Maintain content for all non-managed devices Cyber Security Awareness Program Network and Application Penetration Testing and Audit Team
  • 13. 24x7 Security Operations Center and Intelligence Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
  • 14. Monitoring the Social Media Accounts
  • 15.
  • 17. Tracking and Predicting the Next Move • He is a guy from a European country/ (Russia) • His handle or nick is madd3 • Using ICQ 416417 as a tool of communication (illegal transaction) • A simple /whois command to the nick provided us with good information • 85.17.139.13 (Leaseweb) • ircname : John Smith • channels : #chatroom • server : irc.private-life.biz [Life Server] • Check this out user has another room. #attackroom4 • We can confirm that Athena version 2.3.5 is being use to attack other sites. • 2,300 infected Users • Cracked Software is available in forums • As of today 1 BTC to $618.00 or £361.66
  • 18. Forums to Follow – darkode.com & exploit.in- Russian Forums to Follow – darkode.com & exploit.in- Russian
  • 19. Cloud Security Best Practices
  • 21. Eight Best Practices of Cloud Security 1. Secure your code 2. Create access management policies 3. Adopt a patch management approach 4. Review logs regularly 5. Build a security toolkit 6. Stay informed of the latest vulnerabilities that may affect you 7. Understand your cloud service providers security model 8. Understand the shared security responsibility
  • 22. 1. Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • Stay informed
  • 23. 2. Create Access Management Policies • Identify data infrastructure that requires access • Define roles and responsibilities • Simplify access controls (KISS) • Continually audit access • Start with a least privilege access model
  • 24. 3. Adopt a Patch Management Approach • Inventory all production systems • Devise a plan for standardization, if possible • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
  • 25. 4. Importance of Log Management and Review • Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance • All sources of log data is collected • Data types (Windows, Syslog) • Review process • Live monitoring • Correlation logic
  • 26. 5. Build a Security Toolkit • Recommended Security Solutions - Antivirus - IP tables - Intrusion Detection System - Malware Detection - Web Application Firewalls - Anomaly behavior via netflow - Future Deep Packet Forensics
  • 27. 6. Stay Informed of the Latest Vulnerabilities • Websites to follow - http://www.securityfocus.com - http://www.exploit-db.com - http://seclists.org/fulldisclosure/ - http://www.securitybloggersnetwork.com/
  • 28. 7. Understand Your Cloud Service Providers Security Model • Review of Service Provider Responsibilities • Hypervisor Example • Questions to use when evaluating cloud service providers
  • 29. 8. Service Provider & Customer Responsibility Summary Cloud Service Provider Responsibility Foundation Services Hosts • Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented • Hardened hypervisor • System image library • Root access for customer • Access management • Patch management • Configuration hardening • Security monitoring • Log analysis Apps • Secure coding and best practices • Software and virtual patching • Configuration management • Access management • Application level attack monitoring • Network threat detection • Security monitoring Networks Customer Responsibility Compute Storage DB Network
  • 30. Examples of Shared Responsibilities
  • 31. Cloud Server Architecture • VM Servers are designed so that the hypervisor (or monitor, or Virtual Machine Manager) is the only fully privileged entity in the system, and has an extremely small footprint. • It controls only the most basic resources of the system, including CPU and memory usage, privilege checks, and hardware interrupts
  • 32. How the Hypervisor functions • In this model the processor provides 4 levels, also known as rings, which are arranged in a hierarchical fashion from Ring 0 to Ring 3. Only 0, 1 and 3 have privilege, some kernel designs demote curtain privileged components to ring 2 • The operating system runs in ring 0 with the operating system kernel controlling access to the underlying hardware • To assist virtualization, VT and Pacifica insert a new privilege level beneath Ring 0. Both add nine new machine code instructions that only work at "Ring -1," intended to be used by the hypervisor
  • 33. Application Exploitation – Without Secure Coding WordPress: 162,000 legitimate sites used for DDos attack •Exploited the XML-RPC Protocol •Pingback enabled sites were exploited - Trackback - Pingbacks - Remote Access via mobile devices •Generated over 24 million hits at a rate of 3,000 hits per second •Random query of “?4137049=643182” bypasses cache and forces full page reloads •Check logs for POST requests to the XML-RPC file
  • 34. Application Exploitation – Without Secure Coding • This June 0Day allows an attacker to remotely remove and modify files stored on the server without authentication • TimThumb ,written by Ben Gilbanks, is a simple, flexible, PHP script that resizes images. You give it a bunch of parameters, and it spits out a thumbnail image that you can display on your site. • Looking at the type of vulnerabilities that hackers were trying to exploit, we saw a clear preference for Remote File Inclusion vulnerabilities, which accounted for 96% of all vulnerability types • Patch was released in Q3
  • 35. 6. Stay Informed of the Latest Vulnerabilities • Websites to follow - http://www.securityfocus.com - http://www.exploit-db.com - http://seclists.org/fulldisclosure/ - http://www.securitybloggersnetwork.com/