SlideShare uma empresa Scribd logo

Out of the Blue: Responding to New Zero-Day Threats

Transferir como PPT, PDF
Peter Wood
Peter Wood

Out of the Blue: Responding to New Zero-Day Threats, An Ethical Hackers View

Tecnologia
1 de 18
Out of the Blue: Responding to New Zero-Day Threats An Ethical Hacker’s View Peter Wood Chief Executive Officer First Base Technologies LLP
Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‘expert’ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group Corporate Executive Programme UK Chair FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, Mensa Slide 2 © First Base Technologies 2012
Agenda 1. Why zero-day threats are a concern to CIOs 2. Examples of zero-day attacks 3. Minimising your vulnerabilities 4. Responding to the CIO Beware: this presentation offers no easy solutions! Slide 3 © First Base Technologies 2012
Why CIOs are concerned • Criminals targeting intellectual property and corporate credentials • Attacks are strategic • Tools are ‘drag and drop’ • Malicious attacks cause 37% of data breaches (2012 Ponemon Cost of a Data Breach survey) Slide 4 © First Base Technologies 2012
Why CIOs are concerned Slide 5 http://www.net-security.org/secworld.php?id=11850 © First Base Technologies 2012
Examples of zero-day attacks Slide 6 © First Base Technologies 2012
The Aurora attack Slide 7 http://threatpost.com/ © First Base Technologies 2012
The Aurora attack “If you have done or been around any high-level incident response, you would know that these advanced persistent threats have been going on in various sectors for years. Nor is it a new development that the attackers used an 0day client- side exploit along with targeted social engineering as their initial access vector. What is brand new is the fact that a number of large companies have voluntarily gone public with the fact that they were victims to a targeted attack. And this is the most important lesson: targeted attacks do exist and happen to a number of industries besides the usual ones like credit card processors and e-commerce shops.” Dino Dai Zovi http://trailofbits.com/2010/01/24/one-exploit-should-not-ruin-your-day/ Slide 8 © First Base Technologies 2012
The RSA attack • Research public information about employees • Select low-value targets • Spear phishing email “2011 Recruitment Plan” with.xls attachment • Spreadsheet contains zero-day exploit that installs backdoor through Flash vulnerability (Backdoor is Poison Ivy variant RAT reverse-connected) 5. Digital shoulder surf & harvest credentials 6. Performed privilege escalation 7. Target and compromise high-value accounts 8. Copy data from target servers 9. Move data to staging servers and aggregate, compress and encrypt it 10. FTP to external staging server at compromised hosting site 11. Finally pull data from hosted server and remove traces Slide 9 © First Base Technologies 2012
Slide 10 http://blogs.rsa.com/rivner/anatomy-of-an-attack/ © First Base Technologies 2012
Organisations remain vulnerable Slide 11 © First Base Technologies 2012
Some background in the news Slide 12 http://www.forbes.com/sites/andygreenberg/ © First Base Technologies 2012
Minimising your vulnerabilities Slide 13 © First Base Technologies 2012
Traditional thinking • Firewalls & perimeter defences • Anti-virus • SSL VPNs • Desktop lock down (GPOs) • Intrusion Detection / Prevention • Password complexity rules • HID (proximity) cards • Secure server rooms • Visitor IDs Slide 14 © First Base Technologies 2012
Think like an attacker! Hacking is a way of thinking: - A hacker is someone who thinks outside the box - It's someone who discards conventional wisdom, and does something else instead - It's someone who looks at the edge and wonders what's beyond - It's someone who sees a set of rules and wonders what happens if you don't follow them [Bruce Schneier] Hacking applies to all aspects of life - not just computers Slide 15 © First Base Technologies 2012
Do you know how vulnerable you are? Slide 16 © First Base Technologies 2012
Talk to the CIO before an attack! CIO, we need budget for: •Security standards and procedures •On-going staff training •Secure builds and secure development OR •On-going scans and penetration tests •Fixes to the problems we find … and we need sign-off for the risk! Remember: I said “no easy solutions” Slide 17 © First Base Technologies 2012
Need more information? Peter Wood Chief Executive Officer First Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Twitter: peterwoodx Slide 18 © First Base Technologies 2012

Recomendados

Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
Peter Wood
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
Is talent shortage ws marco morana
Is talent shortage ws marco moranaIs talent shortage ws marco morana
Is talent shortage ws marco morana
Marco Morana
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
TISA
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 

Recomendados

Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
Peter Wood
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
Is talent shortage ws marco morana
Is talent shortage ws marco moranaIs talent shortage ws marco morana
Is talent shortage ws marco morana
Marco Morana
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
TISA
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Ruth Edmonds
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
Etienne Liebetrau
 
Stu r35 b
Stu r35 bStu r35 b
Stu r35 b
SelectedPresentations
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
SelectedPresentations
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)
Antonio Fontes
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
timnolan1961
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
Ben Rothke
 
News letter June 11
News letter June 11News letter June 11
News letter June 11
captsbtyagi
 
Practical approaches to IoT security
Practical approaches to IoT securityPractical approaches to IoT security
Practical approaches to IoT security
Tony Wilson
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
Mighty Guides, Inc.
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
Denim Group
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
 

Mais conteúdo relacionado

Mais procurados

News letter June 11
News letter June 11News letter June 11
News letter June 11
captsbtyagi
 
The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
Denim Group
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
 

Mais procurados (20)

Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
Stu r35 b
Stu r35 bStu r35 b
Stu r35 b
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
News letter June 11
News letter June 11News letter June 11
News letter June 11
 
Practical approaches to IoT security
Practical approaches to IoT securityPractical approaches to IoT security
Practical approaches to IoT security
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 

Semelhante a Out of the Blue: Responding to New Zero-Day Threats

Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a HackerThe Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
Peter Wood
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
NetIQ
 

Semelhante a Out of the Blue: Responding to New Zero-Day Threats (20)

Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
 
Applied mobile chaos theory
Applied mobile chaos theoryApplied mobile chaos theory
Applied mobile chaos theory
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a HackerThe Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 
Avoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsAvoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security Threats
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 

Mais de Peter Wood

Mais de Peter Wood (20)

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security Landscape
 
Security Testing in an Age of Austerity
Security Testing in an Age of AusteritySecurity Testing in an Age of Austerity
Security Testing in an Age of Austerity
 
Use of Personal Email for Business
Use of Personal Email for BusinessUse of Personal Email for Business
Use of Personal Email for Business
 
Security testing in critical systems
Security testing in critical systemsSecurity testing in critical systems
Security testing in critical systems
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Out of the Blue: Responding to New Zero-Day Threats

  • 1. Out of the Blue: Responding to New Zero-Day Threats An Ethical Hacker’s View Peter Wood Chief Executive Officer First Base Technologies LLP
  • 2. Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security ‘expert’ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group Corporate Executive Programme UK Chair FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, Mensa Slide 2 © First Base Technologies 2012
  • 3. Agenda 1. Why zero-day threats are a concern to CIOs 2. Examples of zero-day attacks 3. Minimising your vulnerabilities 4. Responding to the CIO Beware: this presentation offers no easy solutions! Slide 3 © First Base Technologies 2012
  • 4. Why CIOs are concerned • Criminals targeting intellectual property and corporate credentials • Attacks are strategic • Tools are ‘drag and drop’ • Malicious attacks cause 37% of data breaches (2012 Ponemon Cost of a Data Breach survey) Slide 4 © First Base Technologies 2012
  • 5. Why CIOs are concerned Slide 5 http://www.net-security.org/secworld.php?id=11850 © First Base Technologies 2012
  • 6. Examples of zero-day attacks Slide 6 © First Base Technologies 2012
  • 7. The Aurora attack Slide 7 http://threatpost.com/ © First Base Technologies 2012
  • 8. The Aurora attack “If you have done or been around any high-level incident response, you would know that these advanced persistent threats have been going on in various sectors for years. Nor is it a new development that the attackers used an 0day client- side exploit along with targeted social engineering as their initial access vector. What is brand new is the fact that a number of large companies have voluntarily gone public with the fact that they were victims to a targeted attack. And this is the most important lesson: targeted attacks do exist and happen to a number of industries besides the usual ones like credit card processors and e-commerce shops.” Dino Dai Zovi http://trailofbits.com/2010/01/24/one-exploit-should-not-ruin-your-day/ Slide 8 © First Base Technologies 2012
  • 9. The RSA attack • Research public information about employees • Select low-value targets • Spear phishing email “2011 Recruitment Plan” with.xls attachment • Spreadsheet contains zero-day exploit that installs backdoor through Flash vulnerability (Backdoor is Poison Ivy variant RAT reverse-connected) 5. Digital shoulder surf & harvest credentials 6. Performed privilege escalation 7. Target and compromise high-value accounts 8. Copy data from target servers 9. Move data to staging servers and aggregate, compress and encrypt it 10. FTP to external staging server at compromised hosting site 11. Finally pull data from hosted server and remove traces Slide 9 © First Base Technologies 2012
  • 10. Slide 10 http://blogs.rsa.com/rivner/anatomy-of-an-attack/ © First Base Technologies 2012
  • 11. Organisations remain vulnerable Slide 11 © First Base Technologies 2012
  • 12. Some background in the news Slide 12 http://www.forbes.com/sites/andygreenberg/ © First Base Technologies 2012
  • 13. Minimising your vulnerabilities Slide 13 © First Base Technologies 2012
  • 14. Traditional thinking • Firewalls & perimeter defences • Anti-virus • SSL VPNs • Desktop lock down (GPOs) • Intrusion Detection / Prevention • Password complexity rules • HID (proximity) cards • Secure server rooms • Visitor IDs Slide 14 © First Base Technologies 2012
  • 15. Think like an attacker! Hacking is a way of thinking: - A hacker is someone who thinks outside the box - It's someone who discards conventional wisdom, and does something else instead - It's someone who looks at the edge and wonders what's beyond - It's someone who sees a set of rules and wonders what happens if you don't follow them [Bruce Schneier] Hacking applies to all aspects of life - not just computers Slide 15 © First Base Technologies 2012
  • 16. Do you know how vulnerable you are? Slide 16 © First Base Technologies 2012
  • 17. Talk to the CIO before an attack! CIO, we need budget for: •Security standards and procedures •On-going staff training •Secure builds and secure development OR •On-going scans and penetration tests •Fixes to the problems we find … and we need sign-off for the risk! Remember: I said “no easy solutions” Slide 17 © First Base Technologies 2012
  • 18. Need more information? Peter Wood Chief Executive Officer First Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Twitter: peterwoodx Slide 18 © First Base Technologies 2012

Notas do Editor

  1. Criminals have adapted their attacks from generic and indiscriminate to personalized and targeted. Attackers continue to pursue personally identifiable information, but now this is used in targeted personalised emails that lure businesses to click and download malware. Spear phishing attacks can result in successful network compromises and data theft. The market opportunity today is for intellectual property (IP) and corporate credentials – we’ll look at a couple of examples shortly. Versatile, drag-and-drop toolkits allow criminals endless permutations of attack options, pursuing smaller businesses as the larger organizations improve their defences. Every business has a bank account, a customer database, a product design, or some other asset of value. Even if no data is stolen, every compromised system can add free compute cycles to a spam botnet.
  2. The Operation Aurora source code thefts at Symantec, Google, Adobe, Intel and Morgan Stanley, targeted IP. They used multiple stages and avenues to enter the network and navigate to the data that had value. Many of them incorporated personal data gleaned from social media, as well as zero-day vulnerabilities. The first item of value stolen was often access credentials. Stolen credentials can open the doors to administration of the database, Web or email server. If it is the CFO’s credentials, it can be the authentication required to take over and withdraw funds from the corporate bank account.
  3. The RSA attack in March 2011 theft of two-factor authentication data from RSA (a division of EMC) shows the strategic nature of these attacks: the intellectual property they stole from RSA “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” allowing criminals to break in at enterprises around the world.
  4. RSA was hacked some time in the first half of March 2011 when an employee was successfully spear phished and opened an infected spreadsheet. As soon as the spreadsheet was opened, a zero day payload permitted the installation of a backdoor Trojan (Poison Ivy). From there, the attackers basically had free reign of RSA’s internal network, which led to the eventual dissemination of data pertaining to RSA’s two-factor authenticators.”
  5. A team of hackers from French security firm Vupen dismantled Chrome’s security to win an HP-sponsored hackathon. And while Google paid a $60,000 award to each of the two hackers who won its event on the condition that they tell Google every detail of their attacks and help the company fix the vulnerabilities they had used, Vupen’s chief executive and lead hacker, Chaouki Bekrar, says his company never had any intention of telling Google its secret techniques—certainly not for $60,000 in chump change. “ We wouldn’t share this with Google for even $1 million,” says Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.” Those customers, after all, don’t aim to fix Google’s security bugs or those of any other commercial software vendor. They’re government agencies who ­purchase such “zero-day” exploits, or hacking techniques that use undisclosed flaws in software, with the ­explicit ­intention of invading or disrupting the computers and phones of crime suspects and intelligence targets.
  6. How does advanced malware get past traditional barriers? Firewalls: no use if the user opens a mail attachment containing a well-disguised zero-day exploit! IPS: Signatures, packet inspection, DNS analysis and heuristics will not detect anything unusual in a zero-day exploit, especially if the code is heavily disguised or delivered in stages Antivirus: Since the malware and the vulnerability it exploits are unknown (zero-day), traditional antivirus will not detect it. The volume of vulnerabilities in browser plug-ins like Adobe and the exponential combinations of these browsers with operating systems make it hard for antivirus vendors to keep up. Email spam filtering: Spoofed phishing sites use dynamic domains and URLs, so blacklisting lags behind criminal activities. It takes more than two days to shut down the average phishing site. Malicious code can also be carried in on laptops or USB devices, infecting a machine and spreading within the network. In general, even up-to-date machines can be infected using zero-day exploits and social engineering techniques, especially when the system is off the corporate network. Eventually, the code will phone home to the criminal for further instructions, a new payload or to deliver login credentials, financial data and other valuables. Many compromised hosts provide a privileged base so the criminal can explore further or expand his botnet with new victims. Most organisations don’t analyse outbound traffic for these malicious transmissions and destinations. Those organizations that do monitor outbound transmissions use tools that look for “known” bad actor addresses and regulated data