Mais conteúdo relacionado Semelhante a Containing the outbreak: The healthcare security pandemic (20) Containing the outbreak: The healthcare security pandemic1. © 2016 Avecto Ltdavecto.com
Containing the outbreak
The healthcare security
pandemic
James Maude
Senior Security Engineer
2016 Avecto Ltdavecto.com
2. © 2016 Avecto Ltdavecto.com
Introducing James Maude
James Maude
Senior Security Engineer
› Broad remit in endpoint security
research, conducting in-depth analysis
of malware and penetration testing to
identify attack vectors and trends in
the evolving security landscape.
› Active involvement in the security
research community
› Background in Digital Forensics &
Research
3. © 2016 Avecto Ltdavecto.com
What is happening
Ransomware strains
Attack vectors
Explore solutions
Agenda
2016 Avecto Ltdavecto.com
4. © 2016 Avecto Ltdavecto.com
Ransomware’s impact on the healthcare market has been headline news.
5. © 2016 Avecto Ltdavecto.com
Ransomware has exploded over the past 12 months
7. © 2016 Avecto Ltdavecto.com
› Same group as successful Dridex banking trojan campaigns
› Phishing Word document contains dropper macro
› Encrypts data on local drives and network shares
› Attempts to erase local backup copies of files
Locky Analysis
2016 Avecto Ltdavecto.com
8. © 2016 Avecto Ltdavecto.com
› Evolves quickly, usually undetected ( VirusTotal )
› Multiple strains tested in Avecto labs – all stopped proactively
2016 Avecto Ltdavecto.com
Locky Analysis
9. © 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com
Example of a free ransomware kit on the
dark web
10. © 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com
Makes generating ransomware payloads easy
11. © 2016 Avecto Ltdavecto.com
› Low barrier to entry
› Increasingly looking for high value targets
› Network shares and mounted devices
› Decrypting not an option
› Constantly evolving to bypass defences
Ransomware Evolution
2016 Avecto Ltdavecto.com
12. © 2016 Avecto Ltdavecto.com
› A lot of shared time critical data = high value
› Aging and vulnerable systems
› Admin rights required for legacy apps
› Security not top of agenda
Why is healthcare a target?
2016 Avecto Ltdavecto.com
13. © 2016 Avecto Ltdavecto.com
› 35% of NHS trusts run XP
› 14% have no transition date set
› Melbourne Health and QBot
The aging population
2016 Avecto Ltdavecto.com
blog.avecto.com
15. © 2016 Avecto Ltdavecto.com
CSOChief Security Officer
› Advanced network appliance
› Patched and updated
› Award winning AV software
› SIEM and SOC
› User opens a word doc..
How good security can be undermined by
ransomware
16. © 2016 Avecto Ltdavecto.com
How to prevent the infection?
2016 Avecto Ltdavecto.com
17. © 2016 Avecto Ltdavecto.com
› Right medicine in the right dose
› Least Privilege
› Screen and establish a baseline
› Whitelist
› Isolate the vulnerable
› Sandbox applications that
introduce infections
Immunisation
2016 Avecto Ltdavecto.com
As recommended by:
18. © 2016 Avecto Ltdavecto.com
• Isolates browser, downloaded content and email attachments
• Mitigates ransomware / web threats
• Protect data and contain unknown threats
• #1 Defense strategy
• Easy to achieve whitelisting
• Regain control of unknown applications
• Mitigates 85% Critical Windows vulnerabilities
• Protect user and system
• Privileges when you need them
19. © 2016 Avecto Ltdavecto.com
Preventing
ransomware in
healthcare is
possible!
1.
Get proactive,
reduce the
attack surface
2.
Foundational
security starts
with the
endpoint
3.
Prevention is possible
Visit www.avecto.com for more details.