Our look at the latest security threats and predictions for 2014. To view Symantec Website Security Solution's webcast click here https://www.brighttalk.com/webcast/6331/92441
Unleash Your Potential - Namagunga Girls Coding Club
Website Security Threats - December 2013 Update
1. WEBSITE SECURITY THREATS:
DECEMBER 2013 UPDATE
Wednesday 4th December 2013
Andrew Horbury
Andrew Shepherd
Product Marketing Manager
EMEA Marketing Manager
andy_horbury@symantec.com
andrew_shepherd@symantec.com
2. Agenda
1
Month in Numbers
2
2014 Security Predictions
3
Every Organisation a Target
4
Ransomware Update
5
Attack, Attack, Attack
6
Good news
Website Security Threats: December 2013 Update
3. The month in numbers…..
• Eurobarometer Survey out this week reveals
– 76% European Internet users believe that the risk of
becoming a victim of cybercrime has increased in the
past year
– 46% have installed antivirus software
– 10% of EU Internet users have experienced online fraud
and a further 6% were victims of identity theft
– 37% worried about a malicious party taking or misusing
their personal data. When banking or shopping online.
• Anchorfree Survey on Public Wi-Fi usage
– 4 out of 5 concerned about ID theft when using public
Wi-Fi
– 8 out of 10 however still happy to connect to public WiFi
– Smartphone and tablet users were three times more
likely than laptop users to connect to Wi-Fi in a
shopping mall or tourist attraction.
Website Security Threats: December 2013 Update
4. Love by numbers
• Stolen Cupid data reveals weak
password choices
Password
Times used
123456
1,902,801
111111
1,212,235
123456789
574,914
1234567
173,235
12345678
140,734
0000000
107,996
Iloveyou
91,269
1234567890
81,755
??????
79,046
123123
79,013
Website Security Threats: December 2013 Update
5. Love plus one
Password
Times used
Iloveyou
91,269
lovely
54,045
qwerty
40,023
password
37,241
azerty
33,579
loveme
32,645
aaaaaa
30,273
mylove
28,266
iloveu
23,787
zxcvbnm
20,362
Website Security Threats: December 2013 Update
Password creation tips
A strong password:
• Is at least eight characters
long
• Does not contain your user
name, real name, or
company name.
• Does not contain a
complete word.
• Is significantly different from
previous passwords.
• Contains Uppercase,
lowercase, numbers and
symbols.
6. Security Predictions for 2014
Symantec:
• People will finally begin taking active steps to keep their
information private
• Scammers, data collectors and cybercriminals will not ignore
any social network, no matter how “niche” or obscure
• The “Internet of Things” becomes the “Internet of
Vulnerabilities”
• Mobile apps will prove that you can like yourself too much
Other:
• Advanced malware volume will decrease
• Attackers will be more interested in cloud data than your
network
• Attackers will increasingly lure executives and compromise
organizations via professional social networks
• Exploit kits will struggle for power in the wake of the
Blackhole author arrest
Website Security Threats: December 2013 Update
8. Assumption #1: I’m too small to be attacked
50% 2,501+
50% 1 to 2,500
Employees
2,501+
9%
1,501 to 2,500
2%
3%
5%
1,001 to 1,500
501 to 1,000
251 to 500
50%
31%
1 to 250
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Website Security Threats: December 2013 Update
9. Targeted Attacks by Company Size
50% 2,501+
50% 1 to 2,500
Employees
2,501+
9%
1,501 to 2,500
2%
3%
5%
1,001 to 1,500
501 to 1,000
87% of SMBs suffered a
cyberattack last year, only
50%
44% see security as a
31%
priority.
251 to 500
1 to 250
18%
in 2011
Greatest growth in 2012 is at companies with <250 employees
Small business often not well protected, but connected to others
Website Security Threats: December 2013 Update
10. Assumption #2: Only CEOs and Senior Management are targeted
30%
R&D
27%
Sales
24%
25%
C-Level
17%
20%
15%
Senior
12%
Shared
Mailbox
13%
10%
5%
Recruitment
4%
Media
3%
PA
1%
0%
Attacks may start with the ultimate target, but often look opportunistically for any
entry into a company
Website Security Threats: December 2013 Update
11. Every Organisation could be a target
3 tips to bear in mind
1
Attacking weak passwords: A surprising number of servers
and applications have default passwords or simple
passwords.
2
Phishing key users: A now age-old trick that is becoming
even more sophisticated as hackers pick up passwords and
gain access by targeting key users.
3
Exploiting old and unpatched software: Unpatched systems
are an easy target, especially given all the well-known and
distributed exploits for old software.
Website Security Threats: December 2013 Update
12. Ransomware – Like a Business
• Anti-Fraud Service for Fraudsters
• Multiple Pricing options
• “FBI" Ransomware
– Now offers optional extras
– Authors resort to disturbing images in bid to make
victims pay
• Cryptolocker
– Continues to cause problems
– Roughly 25 per cent of computers are not running any
real-time protection vs. malware
– Encrypts files with full PKI encryption and sets a deadline
– Offers a discount? 2 0.5 Bitcoins
Website Security Threats: December 2013 Update
13. Encrypting the world’s Web traffic
• All Web traffic could be
encrypted under new HTTP
standard proposals
• Yahoo Mail enabling SSL by
default
• If you want to make sure
you’re using an SSL
connection whenever
possible, also check out the
Electronic Frontier
Foundation’s HTTPS
Everywhere browser plugin
for Chrome and Firefox.
https://www.eff.org/https-everywhere
Website Security Threats: December 2013 Update
14. Attack, Attack, Attack
• Google Dork: 35,000 websites using a type of
proprietary internet message board
software that were vulnerable to a flaw that
allowed hackers to create new admin
account.
• Anonymous claimed to have hacked UK
Parliament’s Wi-Fi during Million Mask
march in London
Website Security Threats: December 2013 Update
15. Good News
• It can happen to the best
of us…
– Chief Wiggum not such
a distant reality
• No Beard? No worries!
– Red-haired women
tend to choose the best
passwords and men
with bushy beards or
unkempt hair, the
worst
Website Security Threats: December 2013 Update
16. Link Glossary (Press Print screen now)
• EFF Always on SSL App
– https://www.eff.org/https-everywhere
• Infographic for 2014 predictions
– http://www.symantec.com/connect/blogs/2014-predictions-symantec-0
• Register Article on Anonymous parliament
– http://www.theregister.co.uk/2013/11/12/anonymous_hacked_government_sites_usi
ng_parliament_wifi/
• BBC The gentle art of cracking passwords
– http://www.bbc.co.uk/news/technology-24519306
• Symantec WSS Resources
– @nortonsecured
– www.facebook.com/websitesecuritysolutions
– www.symantec-wss.com
Website Security Threats: December 2013 Update