SlideShare una empresa de Scribd logo

Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense

Graeme Wood
Graeme Wood
TecnologíaNoticias y política
1 de 27
Descargar para leer sin conexión
CyberCrime, CyberSpy, CyberWar – Looking back in order to protect the future JD Sherry VP of Public Technology and Solutions @jdsherry
Discussion Outcomes I. How might organizations learn from elite hackers? II. Given the widespread use of APTs and the evolution of the cyber attack chain- how can advanced situational awareness be achieved? III. Predictions for 2013 and how can we counter measure?
Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013 INFORMATION HAS BECOME YOUR MOST STRATEGIC ASSET Identify trends Understand customer behavior Analyze opportunities Discover efficiencies
The New Reality • One new threat created every second 1 • A cyber intrusion happens every 5 minutes 2 • Over 90% of enterprises have malware 1 • Almost 75% have one or more bots 1 • Mobile malware outpacing PC malware – 350,000 Android pieces in 2012 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
2013 Cyber Attack Trends •DDOS-yes still… •Mobile Malware/Proximity attacks •Cross-Platform Attacks •Man-in-the-Browser Attacks •Watering Hole Attacks •MAC Attacks •Cloud Attacks/Island Hopping •SWATing
• Localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks. • The malware used in targeted attacks will have destructive capacity, either as its primary intent or as a clean-up mechanism to cover the attackers’ tracks. • Social, political and economic indicators must be used in conjunction with technical indicators to fully assess and analyze targeted attacks. Targeted Attack Trends
Offense Informs Defense: Stages of Attack 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. C&C 6. Lateral Movement 7. Exfiltration 8. Maintenance
8 6/5/2013
A Comparison of Eastern European and East Asian Blackhats
The Greatest Trick the Devil Ever Pulled was Convincing the World that He Didn’t Exist… • Kevin Spacey aka Verbal Kint-“The Usual Suspects”
Chinese Actors Gaining Headlines but… • Trend Micro has concluded that Eastern European hackers pose a greater threat than East Asian hackers • East Asian objectives: speed and cost-effectiveness. • Attacks are persistent, but use known vulnerabilities and malware and don’t hide their tracks as well. • Eastern European objectives: remain hidden throughout the operation and build online reputation. Attacks use custom malware and innovative techniques.
Eastern European Tactics • Malware is innovative: RATs have all capabilities hard- coded internally; encrypted traffic, dynamic drop zones, complex command & control • Infrastructure is internal to the operation, or bulletproof hosts are carefully selected • Professionals who build a reputation over time; they respect and do not attack the motherland • Generally control their own servers, develop DNS servers, and create sophisticated traffic systems for attacks. Hallmark is to maintain total control.
In the News… • Spanish police Ransomware-REVETON – $1M per year revenue stream – Victims tricked into paying attackers posing as law enforcement – Computers compromised as well – Trend Micro corroborates with Spanish police to bring down • South Korean media and banking attacks – Destructive Trojan/logic bombs that erased MBR • Sleep cycle set to cause mayhem on March 20 at 2PM. – Trend Micro provides intelligence prior to attack – All codes detected by APT hunter-Deep Discovery • Major Korean bank avoids major attack
The Children of Stuxnet-
ICS Attacks Become Mainstream
Go where the money is… • 93.6% of the world’s currency is digital • 6.4% cash and gold • 95% of bank heists have an electronic vector – (FINCEN)
Modern Day John Dillingers
Banking Malware: Customized and Quiet • Citadel – modularized malware that steals online-banking credentials • TinBa- Tiny Banker 56K large- memory injection • SpyEye- Automated Transfer Systems • Eurograbber – multistaged attacks that compromise desktops and mobile devices • Gozi-Prinimalka – spring attack to be aimed at 30 U.S. banking institutions • High Roller - uses automation to drain high-value bank accounts
Cybercrime or Cyber Warfare? -The Shadow Economy
IaaS DMZ Mission Critical Servers Endpoints Internet Firewall Anti-malware IDS / IPS Today’s Enterprise Challenges SaaS • Data in motion • Social Media • Virtualization and Cloud • Traditional defenses bypassed by low and slow attacks
How do you answer these questions? • Have you been targeted by an attack?  Unfortunately Yes!  Not sure? But would like to know! • How do you know?  Data breach, forensic analysis  Continuous Monitoring  Security audit  Incident response, alerts  Custom threat defense • Why are you being targeted? • What are they after?
Detection Begins with Network Indicators • Changing C&C protocols requires considerable effort • Network traffic can be correlated with other indicators to provide proactive detection • Unknown threats may be detected by extrapolating methods and characteristics from known threat communication behaviors
Mitigation Requires a Custom Defense
Data Center Physical Virtual Private Cloud Public Cloud Cloud and Data Center Security Anti-Malware Integrity Monitoring Encryption Log Inspection Firewall Intrusion Prevention Data Center Ops Security
Copyright 2013 Trend Micro Inc. Custom Defense Network-wide Detection Advanced Threat Analysis Threat Tools and Services Automated Security Updates Threat Intelligence Custom Sandboxes Network Admin Security
Risk Management 101 6/5/2013 Copyright 2013 Trend Micro Inc. 1. Has the cyber security posture of all third parties been audited? 2. Is access to all sensitive systems and computers governed by two factor authentication? 3. Does a log inspection program exist? How frequently are they reviewed? 4. Does file integrity monitoring exist? 5. Can vulnerabilities be virtually patched? 6. Is MDM and Mobile Application Reputation software utilized? 7. Do you utilize a DLP? 8. Can you migrate your layered security into the cloud? 9. Do you maintain multi-level rule-based event correlation? Is there custom sandbox analysis? 10. Do you have access to global threat intelligence? 11. Can you transfer your risk?
27Copyright © 2013 Trend Micro Incorporated.All rights reserved. Thank You! jd_sherry@trendmicro.com @jdsherry

Recomendados

Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceTieu Luu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 

Recomendados

Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceTieu Luu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attackisc2-hellenic
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpChinatu Uzuegbu
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Morakinyo Animasaun
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1Kabul Education University
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 

Más contenido relacionado

La actualidad más candente

4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attackisc2-hellenic
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpChinatu Uzuegbu
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Morakinyo Animasaun
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 

La actualidad más candente (18)

4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 

Similar a Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense

SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxBinod Rimal
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersCrawsec
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxRambilashTudu
 

Similar a Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense (20)

SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 

Más de Graeme Wood

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment Graeme Wood
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview Graeme Wood
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work? Graeme Wood
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service SegmentGraeme Wood
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewGraeme Wood
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Graeme Wood
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic ComputingGraeme Wood
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721Graeme Wood
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksGraeme Wood
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013Graeme Wood
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Graeme Wood
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marGraeme Wood
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 

Más de Graeme Wood (15)

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work?
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service Segment
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive Overview
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic Computing
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 mar
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 

Último

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Último (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Looking Back to Protect the Future: Cybercrime Trends and Advanced Threat Defense

  • 1. CyberCrime, CyberSpy, CyberWar – Looking back in order to protect the future JD Sherry VP of Public Technology and Solutions @jdsherry
  • 2. Discussion Outcomes I. How might organizations learn from elite hackers? II. Given the widespread use of APTs and the evolution of the cyber attack chain- how can advanced situational awareness be achieved? III. Predictions for 2013 and how can we counter measure?
  • 3. Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013 INFORMATION HAS BECOME YOUR MOST STRATEGIC ASSET Identify trends Understand customer behavior Analyze opportunities Discover efficiencies
  • 4. The New Reality • One new threat created every second 1 • A cyber intrusion happens every 5 minutes 2 • Over 90% of enterprises have malware 1 • Almost 75% have one or more bots 1 • Mobile malware outpacing PC malware – 350,000 Android pieces in 2012 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
  • 5. 2013 Cyber Attack Trends •DDOS-yes still… •Mobile Malware/Proximity attacks •Cross-Platform Attacks •Man-in-the-Browser Attacks •Watering Hole Attacks •MAC Attacks •Cloud Attacks/Island Hopping •SWATing
  • 6. • Localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks. • The malware used in targeted attacks will have destructive capacity, either as its primary intent or as a clean-up mechanism to cover the attackers’ tracks. • Social, political and economic indicators must be used in conjunction with technical indicators to fully assess and analyze targeted attacks. Targeted Attack Trends
  • 7. Offense Informs Defense: Stages of Attack 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. C&C 6. Lateral Movement 7. Exfiltration 8. Maintenance
  • 9. A Comparison of Eastern European and East Asian Blackhats
  • 10. The Greatest Trick the Devil Ever Pulled was Convincing the World that He Didn’t Exist… • Kevin Spacey aka Verbal Kint-“The Usual Suspects”
  • 11. Chinese Actors Gaining Headlines but… • Trend Micro has concluded that Eastern European hackers pose a greater threat than East Asian hackers • East Asian objectives: speed and cost-effectiveness. • Attacks are persistent, but use known vulnerabilities and malware and don’t hide their tracks as well. • Eastern European objectives: remain hidden throughout the operation and build online reputation. Attacks use custom malware and innovative techniques.
  • 12. Eastern European Tactics • Malware is innovative: RATs have all capabilities hard- coded internally; encrypted traffic, dynamic drop zones, complex command & control • Infrastructure is internal to the operation, or bulletproof hosts are carefully selected • Professionals who build a reputation over time; they respect and do not attack the motherland • Generally control their own servers, develop DNS servers, and create sophisticated traffic systems for attacks. Hallmark is to maintain total control.
  • 13. In the News… • Spanish police Ransomware-REVETON – $1M per year revenue stream – Victims tricked into paying attackers posing as law enforcement – Computers compromised as well – Trend Micro corroborates with Spanish police to bring down • South Korean media and banking attacks – Destructive Trojan/logic bombs that erased MBR • Sleep cycle set to cause mayhem on March 20 at 2PM. – Trend Micro provides intelligence prior to attack – All codes detected by APT hunter-Deep Discovery • Major Korean bank avoids major attack
  • 14. The Children of Stuxnet-
  • 15. ICS Attacks Become Mainstream
  • 16. Go where the money is… • 93.6% of the world’s currency is digital • 6.4% cash and gold • 95% of bank heists have an electronic vector – (FINCEN)
  • 17. Modern Day John Dillingers
  • 18. Banking Malware: Customized and Quiet • Citadel – modularized malware that steals online-banking credentials • TinBa- Tiny Banker 56K large- memory injection • SpyEye- Automated Transfer Systems • Eurograbber – multistaged attacks that compromise desktops and mobile devices • Gozi-Prinimalka – spring attack to be aimed at 30 U.S. banking institutions • High Roller - uses automation to drain high-value bank accounts
  • 19. Cybercrime or Cyber Warfare? -The Shadow Economy
  • 20. IaaS DMZ Mission Critical Servers Endpoints Internet Firewall Anti-malware IDS / IPS Today’s Enterprise Challenges SaaS • Data in motion • Social Media • Virtualization and Cloud • Traditional defenses bypassed by low and slow attacks
  • 21. How do you answer these questions? • Have you been targeted by an attack?  Unfortunately Yes!  Not sure? But would like to know! • How do you know?  Data breach, forensic analysis  Continuous Monitoring  Security audit  Incident response, alerts  Custom threat defense • Why are you being targeted? • What are they after?
  • 22. Detection Begins with Network Indicators • Changing C&C protocols requires considerable effort • Network traffic can be correlated with other indicators to provide proactive detection • Unknown threats may be detected by extrapolating methods and characteristics from known threat communication behaviors
  • 23. Mitigation Requires a Custom Defense
  • 24. Data Center Physical Virtual Private Cloud Public Cloud Cloud and Data Center Security Anti-Malware Integrity Monitoring Encryption Log Inspection Firewall Intrusion Prevention Data Center Ops Security
  • 25. Copyright 2013 Trend Micro Inc. Custom Defense Network-wide Detection Advanced Threat Analysis Threat Tools and Services Automated Security Updates Threat Intelligence Custom Sandboxes Network Admin Security
  • 26. Risk Management 101 6/5/2013 Copyright 2013 Trend Micro Inc. 1. Has the cyber security posture of all third parties been audited? 2. Is access to all sensitive systems and computers governed by two factor authentication? 3. Does a log inspection program exist? How frequently are they reviewed? 4. Does file integrity monitoring exist? 5. Can vulnerabilities be virtually patched? 6. Is MDM and Mobile Application Reputation software utilized? 7. Do you utilize a DLP? 8. Can you migrate your layered security into the cloud? 9. Do you maintain multi-level rule-based event correlation? Is there custom sandbox analysis? 10. Do you have access to global threat intelligence? 11. Can you transfer your risk?
  • 27. 27Copyright © 2013 Trend Micro Incorporated.All rights reserved. Thank You! jd_sherry@trendmicro.com @jdsherry