Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1FtqWLb.
Alex Holden examines hackers’ techniques, skills, and shortfalls. He takes a snapshot of the current threat landscape and derives practical lessons by analyzing a number of high profile breaches. Filmed at qconnewyork.com.
Alex Holden is the founder and CISO of Hold Security, LLC. He leads Hold Security in helping all size businesses, including global Fortune 500 companies, with their data security needs. Considered one of the leading security experts, he regularly voices his expert opinion in the mainstream media including CNN, NY Times, and Reuters.
2. InfoQ.com: News & Community Site
• 750,000 unique visitors/month
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• News 15-20 / week
• Articles 3-4 / week
• Presentations (videos) 12-15 / week
• Interviews 2-3 / week
• Books 1 / month
Watch the video with slide
synchronization on InfoQ.com!
http://www.infoq.com/presentations
/hackers-threat-defense
3. Presented at QCon New York
www.qconnewyork.com
Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
4. INFORMATION SECURITY – EVOLVING TARGET
• Rapid evolution of technology creates ample
opportunity for cybercrime to thrive.
• Technology infiltrated our culture faster than
education about safety.
5. LINE OF DEFENSE - TECHNOLOGY
• Firewalls
• Anti-virus
• Encryption
• Monitoring
• Authentication
6. LINE OF DEFENSE - PEOPLE
• C-suite
• Legal
• Information Technology
• Business Units
• Privacy & Audit
7. LINE OF DEFENSE - COMPLIANCE
• Laws
• Regulations
• Rules
• Policies
8. HACKERS – THE OTHER SIDE
• State or Corporate Sponsored
• Hacktivists – Driven by Political or Social Agendas
• Profit Seekers
• Revenge
• Employees
10. MODERN HACKER
• Не говорит по-английски
• Semi-educated
• Lazy
• Money-hungry
• Addicted to drugs, alcohol, gambling
11. MODERN HACKER
• 99% of hackers fail in their carriers
• On a run from the law
• On a run from competition
• On a run from street gangs
12. HACKERS VIEW OF US
• War of stereotypes
“I’m fighting a holy war against the West… They drive
their Rolls Royces and go home to their million-dollar
houses, while people here are struggling. I will never
harm my fellow Slavs; but America, Europe, and
Australia deserve it.”
- aqua (jabberzeus)
14. TARGET BREACH
• Hackers learned from their bad experience with BlackPOS with
Verifone POS attempted breach in Russia (Feb-Mar 2013)
• Breach planned for several months
• Botnet breach of a vendor
• A week before the Black Friday – extensive testing
• Two weeks of data collection before putting the data up for sale
15. TARGET BREACH
• Kartoxa POS Malware author - Rinat Shabaev was
looking for a regular job programming, asking for
about $12 / hour
• After failing to find any significant project he turns
to hacker community who use his skills write
malware
16. THE CYBERVOR BREACH
• Spam
• Credentials
• Distribution
• 1.2 billion credential breach from 420,000 websites (CyberVor)
• Credential attack for hire
• Spam via email and social media
• Travel Scams
• Financial Services
• Moderate profits
17. DEFENSE 101
• Understand your enemy
• Emerging patterns
• Hackers types
• Hackers business models
19. ADVISE - QUANTITATIVE ANALYSIS
• Sony breach lessons
• How much of your data is transferred?
• What is normal? What is not?
• Learn to look at statistics
17