The rise of hacktivism and insiders: new tactics, new motives
Insiders Outsiders, Hactivists, Cybercriminals – the lines have blurred but the game remains the same – how you can protect your infrastructure and organization from web based and cyber threats.
With incidences of malware and vulnerabilities on the rise – how does your organisation measure up and how are you prepared for the future? Is your web infrastructure robust enough to cope? Join Symantec to understand the threat landscape and motivations that drive them.
Symantec: The rise of hacktivism and insider threats
1. The rise of hacktivism and insiders: new
tactics, new motives
Andrew Horbury
Senior Product Marketing Manager
2. Data sources: ISTR, WSTR, Symantec Security Response
hacktivism and insiders: new tactics, new motives
2
3. Agenda
1
Why we are here today
2
Hacktivism 101
3
How do they do it?
4
Web based attacks
5
Insiders 101
6
Mediation
7
Information sources
hacktivism and insiders: new tactics, new motives
3
4. What is a Hacktivist ?
• Def. haktɪvɪst/ (noun) - a person who gains unauthorised access to
computer files or networks in order to further social or political ends.
• The term was coined in 1996 by Omega, a member of the popular
group of hackers known as Cult of the Dead Cow
• Hacktivism includes cyber attacks performed to promote (or
motivated by) political or social scopes
Source: http://hackmageddon.com/2013-cyber-attacks-timeline-master-index/
hacktivism and insiders: new tactics, new motives
4
5. From activist to Hacktivist
hacktivism and insiders: new tactics, new motives
5
6. Anonymous hacks Vatican website
http://www.zdnet.com/blog/security/anonymous-hacks-abortion-clinic-steals-10000-records/10675
hacktivism and insiders: new tactics, new motives
6
7. So what happens?
• Criminals buy ready-made malware, such as the Sakura toolkit,
which is then installed on someone else’s website. It scans
visitors’ computers for known vulnerabilities and picks the most
effective exploit to infect them.
hacktivism and insiders: new tactics, new motives
7
8. Our Websites are Being Used Against Us
Vulnerabilities and malware on the rise…..
53%
61%
of web sites serving
malware are legitimate sites
of legitimate websites have
unpatched vulnerabilities
25%
have critical vulnerabilities
unpatched
hacktivism and insiders: new tactics, new motives
8
9. Our Websites are Being Used Against Us
53%
61%
of web sites serving
malware are legitimate sites
of legitimate websites have
unpatched vulnerabilities
25%
vulnerabilities reported in 2012
have critical vulnerabilities
unpatched
hacktivism and insiders: new tactics, new motives
9
10. Web based attacks on the rise
The number of Web-based attacks increased by
almost a third in 2012. These attacks silently infect enterprise and
consumer users when they visit a compromised website. In
other words, you can be infected simply by visiting a legitimate
website. Typically, attackers infiltrate the website to install their
attack toolkits and malware
payloads, unbeknown to the site
owner or the potential victims.
hacktivism and insiders: new tactics, new motives
10
11. Why are you telling me this? My company
is not important – why would anyone
attack me?
“C’mon no one will attack my company…
will they?”
hacktivism and insiders: new tactics, new motives
11
13. Small businesses say……
• 41% have been a victim of cybercrime in past 12 months.
• 20% have had a virus infection in their business
• 8% have suffered from a hacking incident
• 20% have not taken any steps to protect themselves at all! In a
pool of 2000+ that’s at least 400 businesses that are probably at
high risk
• Only 36% say they regularly apply security patches
• 60% kept their antivirus software up to date
hacktivism and insiders: new tactics, new motives
13
15. Targeted Attacks by Industry: 2012
24%
Manufacturing
Manufacturing
19%
Finance, Insurance & Real Estate
Finance, Insurance & Real Estate
17%
Services – Non-Traditional
Services – Non-Traditional
12%
Government
Government
10%
Energy/Utilities
Energy/Utilities
8%
Services – Professional
Services – Professional
Wholesale
Wholesale
2%
Retail
Retail
2%
Aerospace
Aerospace
2%
Transportation, Communications,
tion, Communications, Electric, Gas
Electric, Gas
1%
0%
5%
10%
15%
20%
25%
30%
15
16. Targeted Attacks by Job Function: 2012
30%
R&D
27%
Sales
24%
25%
C-Level
17%
20%
15%
Senior
12%
Shared
Mailbox
13%
10%
5%
Recruitment
Media
4%
3%
PA
1%
0%
• Attacks may start with the ultimate target but often look opportunistically
for any entry into a company
hacktivism and insiders: new tactics, new motives
16
17. Are your employees putting your company’s data at
risk?
• Insider theft makes up between
8-14% of confirmed data
breaches, compared to the 88 or
92 percent attributed to external
actors
• Insider account for 69 percent of
all corporate security issues
• UK Information Commissioner’s
Office fined & prosecuted more
businesses because of insider
incidents than they did outsider
attacks in 2012
hacktivism and insiders: new tactics, new motives
17
18. Are your employees putting your company’s data at
risk?
• More than 30 percent of insiders
engaging in IT sabotage have a prior
arrest history
• They may brag about the damage they
could do to the organisation if they so
desired.
• Bitterness about being passed over for
promotion
• Considering starting up a competing
business and using the organisation’s
resources and IP for a new/side business
• The pattern or quantity of the information
they retrieve might change
drastically, potentially indicating data
theft.
hacktivism and insiders: new tactics, new motives
18
19. Malicious Insiders could pose the greatest risk
Areas of Focus…..
• Know your people
• Focus on deterrence, not
detection
• Identify information that is
most likely to be valuable
• Monitor ingress and egress
• Baseline normal activity
hacktivism and insiders: new tactics, new motives
19
20. What do they do and what are the
threats?
Everyone is a target.
hacktivism and insiders: new tactics, new motives
20
21. Anonymous has claimed responsibility for a broad
range of actions: publication of bank managers’
details, DDoS attacks on government
websites, taking child pornography websites
offline, hacking of two MIT websites, publication of
the VMware source code and attacks on Israeli
websites
hacktivism and insiders: new tactics, new motives
21
22. Cutting Sword of Justice
hacktivism and insiders: new tactics, new motives
22
23. Profile of Hacktivist threats
• Hacktivists mainly target the information, public and
service sectors.
• They primarily operate in Western Europe and North
America.
• Their most common attack methods are SQL
injection, using stolen credentials, brute force and DoS
attacks, remote file inclusion and backdoors
• The main assets they target are web
applications, databases and mail servers
• Their desired data is personal information, credentials
and internal corporate data
hacktivism and insiders: new tactics, new motives
23
24. Insider threats
• Unauthorised access to or use of corporate information.
• Viruses, worms or other malicious code.
• Theft of intellectual property (IP).
The same research found that:
• Insiders often attempt to gain colleagues passwords or gain access
through trickery or exploit a relationship
• >70 percent of intellectual property theft cases, insiders steal the
information within 30 days of announcing their resignation
• More than half of insiders committing IT sabotage were former
employees who regained access via backdoors or corporate accounts
that were never properly disabled
hacktivism and insiders: new tactics, new motives
24
25. Policies Procedures and employee access
• Temporary consultant at the Korea
Credit Bureau stole the customer
details of up to 20 million South
Koreans
• Can be
accidental
as well as
deliberate
hacktivism and insiders: new tactics, new motives
25
26. What can you do about it?
•Security - assume that you are a target
•Culture - majority of insider attacks are instigated by
disgruntled employees
•Education - Educate staff about data protection and
the threats posed by hacktivists, cybercriminals and insiders is
essential.
hacktivism and insiders: new tactics, new motives
26
27. Stay informed
• Follow us on twitter @nortonsecured @threatintel
@andyhorbury
• www.symantec.com/threatreport
• go.symantec.com/ssl
• Blogs www.symantec.com/connect/blogs/websitesecurity-solutions
hacktivism and insiders: new tactics, new motives
27