O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
A Scribd passará a dirigir o SlideShare em 1 de dezembro de 2020A partir desta data, a Scribd passará a gerenciar sua conta do SlideShare e qualquer conteúdo que você possa ter na plataforma. Além disso, serão aplicados os Termos gerais de uso e a Política de Privacidade da Scribd. Se prefira sair da plataforma, por favor, encerre sua conta do SlideShare. Saiba mais.
Their abilities to evade capture are growing, such as using Tor anonymizing networks to cover their tracks
Most companies lack the in-house expertise and technology to protect themselves
They lack the budget and even if they had it, finding real IT security experts is difficult – there’s a shortage
Information Security analyst or director - understand regulation and create a framework to guide security environment Security Operations (SecOps): Implement and monitor framework from InfoSec Threat Intelligence: Develop and implement threat intelligence framework Incident Response & Forensics: Identify and mitigate threats
Many cloud providers are also insecure:
Many clouds were constructed before the industry realized the full importance of safeguarding data.
Those clouds were built with cost savings and performance in mind - security controls were added as an afterthought.
Rather than improve their security posture, they distract customers by emphasizing performance, speed to deployment, cost, scalability and other features.
So their customers assume they are protected – but they aren’t.
Opportunity to illustrate that threats are ongoing, gaining in severity and that brands, regardless of size, are being impacted.
Malware locks out owners from their own systems and demands ransom. Often they enter system through a downloaded file or vulnerability, then begin encrypting files. Sometimes they will just demand money – other times they’ll impersonate a law enforcement pretending that your system has been used for illegal activities/content, or they’ll pretend Windows installation needs reactivation, that a license expired.
Either way, your system is now a zombie, obeying the commands of a remote criminal network.
CryptoLocker is ransomware worm that surfaced in late 2013 It managed to collect an estimated US$3 million before it was taken down by authorities. http://www.bbc.com/news/technology-28661463
Both individuals and businesses are targeted. Chase's mom had her accounts held for ransom. They wanted $300 – but Chase rode in and straightened it out. Most people can't do that and they just pay because they're scared and no one will help them. Obviously this can become a form of corporate warfare. Can hire criminals to take down competitor.
This started 10 years ago, but more in the last 3 years. Vectors and methods are growing.
Code Spaces was a code-hosting and software collaboration platform hosted by a major cloud provider.
Pirates kidnapped their site and demanded several million in ransom. They got into their control panel and demanded money – Code Spaces was unable to pay it.
Code Spaces changed its passwords and attempted to regain control of the system, the hackers started deleting all the company's data, backups, machine configurations and off-site backups from the panel, leaving the company’s website unable to operate. The company declared bankruptcy. Their cloud provider, Amazon, had no liability. Security was not part of their obligation.
Chase can connect dots, but what if the fake FBI page said you owe $1 million instead of $200? Companies like Code Spaces may not be able to afford it and will go out of business.
So the question we get the most on this topic is – how can I avoid this happening to me?
Here are the mistakes and vulnerabilities we see.
A lot of people take the Ostrich approach: "it won't happen to me." It happened to Chase's mom! It happened to Evernote earlier this year – they paid the ransom. Lots of people pay it.
Another is wasting resources on areas that don’t need to be protected. Not every part of your environment deserves the same amount of protection – it’s smarter to figure out where your risk is and amp up on those areas.
But the #1 mistake we see is businesses using an insecure provider who doesn’t have the right capabilities. A lot of them will give you servers and get you up and running, but they have NO interest in keeping you secure
e.g. code spaces
A lot of businesses will ask what technologies can help them prevent this.
First thing, understand security is a 24/7 job.
Get a secure provider who can protect you.
Ask provider the right questions – what is their strategy, what is their security expertise? Do they have security experts on staff that can help protect you? Most don’t and don’t call that out. It’s on you to ask the questions rather than the provider to answer.
Ask if they have 2FA by default, web application firewalls, a security management protocol in place. Do they do threat intelligence management? Is security a priority for them or is it something they do when it’s a problem?
Practice multi-layered security and multiple technologies. No single technology is going to protect you. Real-time monitoring is important, so is threat intelligence, macro data, malware analysis.
FireHost was built from the ground up to focus on Security. It is the first cloud provider to ascertain specific indicators from corporate and customer environments to see if they are threat – we do this ahead of time, like minority report.
And if they are, we analyze the indicators so we can preemptively stop the threat before it happens AND recognize other threats. Trying to be proactive, not reactive.
We leverage algorithms and scientific models instead of just stuffing in data and trying to figure it out
Using data points and intelligence, we can predictively say we don’t need to lock down this area, it’s not going to hit there. We avoid spending 100s of man hours when it’s not a possibility. It’s about optimizing your mitigation strategy – making smart, efficient choices.
This is about leveraging data points and using that knowledge intuitively instead of shotgun reactions - waiting for problems and then fixing them. We’re moving away from the boy with the finger in the dam methodology to something more long term and effective.
We have a dedicated team that is wholly dedicated to vulnerability management and threat intelligence.
The vendors you choose to host or store data is part of everyone’s accountability. Focus has always been on bad guys and their tactics as well as the fallout for the victims. But we need to stress the need to consider who you collaborate with, because even if they are nice and mean well, they may not be as safe as needed. You would be in jeopardy as a result. Jeff can talk about FireHost and the principle that not all clouds and cloud providers are created equal when it comes to security and compliance. This gives us subtle yet clear positioning without over-marketing
23 September 2014
Threat Intelligence Lead
• Former Chief Cryptologist for
the National Security Agency
• US Navy (Ret.)
• The Threat Landscape
• Ransomware: Definition & Reality
• Demo: How It Works
• Mistakes & Vulnerabilities
• Protect Yourself
• What No One is Talking About
• Questions & Answers
The Threat Landscape
12 / 13
110 million customers’ credit
card and personal data stolen
01 / 14 04 / 14 05 / 14
06 / 14 07 / 14
09 / 14
Exposed Names, addresses,
emails & payment card details
145 million users’
1.1 million customers’ credit
and debit card data stolen
3 million customers’ credit
and debit card data stolen
56 Million Customers Credit Card
180 Southern California Stores
08 / 14
Nude Photos of Actresses
Revealed to the Public
09 / 14
08 / 14
Social Security #s & Personal
Data of 4.5 Million People
09 / 14
4.93 Million Gmail User Names and Passwords
Customer Data Theft
from 33 Locations
• Malware locks out system
owners & demands ransom
• Creates “zombie computer”
• Individuals & businesses targeted
• On the rise past 3 years
• CryptoLocker procured
estimated US $3 million
• Hosted by a major cloud provider
• Pirates held site for $millions
• Unable to pay; pirates deleted files
• Company filed for bankruptcy
• Cloud provider had no liability
I always call it the Wal-Mart/Target competition…
to see who can get to the lowest price and still
provide good service. Security is what gets lost.
- Jeff Schilling FireHost CSO,