Escolar Documentos
Profissional Documentos
Cultura Documentos
David OBerry CISSP-ISSAP, ISSMP, CSSLP, CRISC, CRMP, MCNE Strategic Technologies McAfee Office of the CTO (OCTO)
September 6, 2013
David OBerry, Previously Director of Strategic Development and ITS for SC Probation, Parole, & Pardon Services During my 19+ years with South Carolina MS-ISAC Executive Board SC Security Domain Chairman and Collaboration TL Midlands ISSA Chapter Founder and President Trusted Computing Groups Customer Advisory Council (TNC-CAC) Chairman, TOGs Improving The Digital EcoSytem Workgroup Chapters Published on IF-MAP, SCAP, TNC and Standards Based Defense/Mitigation (ISMH 09,10,11) My Previous Lifes Work and the IT Environment 800+ users, rapidly growing ext. user-base (1000s) 100% Mobile capable Plan started in 2002 26 30+ Full-time IT including development , engineering, help desk, & remote support Decentralized work force Heterogeneous and Open Standards Deployments Core: McAfee, Dell, Juniper, APC Network: Juniper, BlueCoat, Citrix, Imprivata Data: McAfee EEPC, Device Control, Host DLP Endpoint: McAfee AV, HIPS, Policy Auditor Management: McAfees ePolicy Platform, STRM, NSM Manager, Cacti & other Open Source products
INTERNET CONNECTIVITY
SECURITY
Android targeted malware spiked with newly discovered samples doubling in Q4 Master Boot Record attacks on the PC storage stack increased 27% New PC malware returned to its historic growth trend with known samples now totaling more than 110 million Signed malware samples hit the hockey stick inflection point doubling in three months Suspect URLs which are becoming the primary distribution mechanism for malware increased 70% in Q4 A new Advanced Persistent Threat (APT) known as Blitzkrieg appeared that targets financial services firms and their customers
Source: http://www.mcafee.com/us/resources/reports/rpquarterly-threat-q4-2012.pdf
Q4-2012
January 2013 +4,000,000 +426,000 +423,000 +358,000 +50 +111,000 +655,000 +66,000 +65,000 +790
February 2013 +5,300,000 +656,000 +344,000 +313,000 +90 +104,000 +629,000 +71,000 +55,000 +940
Malware Zoo Autorun Exploits FakeAV, Scareware Macintosh Mobile (*) PWS & Keyloggers Ransomware Rootkits Unix Like
54,200,000 5,600,000 1,820,000 5,500,000 2,160 14,500 11,389,000 132,000 1,986,000 52,000
76,600,000 8,000,000 3,000,000 9,200,000 3,250 43,000 15,547,000 365,000 2,931,000 56,000
113,600,000 +9,300,000 +8,600,000 +12,100,000 12,000,000 5,400,000 13,100,000 4,200 1,073,000 22,300,000 1,066,000 3,874,000 64,000 +1,240,000 +698,000 +981,000 320 +52,000 +865,000 +387,000 +980,000 210 +195,000 +1,300,000 +868,000 +1,184,000 180 +768,000 +1,871,000 +227,000 +179,000 +3,400
(*): Mobile malware and Potentially Unwanted Program binaries with libraries, unpacked and repacked samples.
McAfee ConfidentialInternal Use Only
10,000
30
90%
Of all threats have been financially motivated
85%
Malware is obfuscated
Andherewego
Vulnerabilities - more
Overview of vulnerabilities patched by Apple
Source: https://www.nsslabs.com/news/press-releases/nss-labs-vulnerabilitythreat-report-sees-significant-rise-vulnerability
The source code for Zeus was leaked on the internet in May 2011. Available on forums, rapid-share, and torrents if you search for it. Anyone with compiling skills can create infinite Zeus variants. In a 3 year period, weve seen 25,165,306 unique samples. You read that right, that is over 25 million Zeus variants Averaging 120,000 200,000 new Zeus variants per month for a while now.
Source: http://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leavesnatural-gas-pipelines-vulnerable-to-sabotage
Browser 15%
0%
CGI Command Execution 12%
Of CISOs See Employees As The Greatest Data Threat Of Data Breaches Come From Internal Sources Unable To Audit Or Quantify Loss After A Data Breach
Survey: Dark Reading/InformationWeek Survey: MIS Training Institute at CISO Summit McAfee DatagateReport. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia)
fabric
elements
application tier
files (NAS)
switches
large scale virtualized utility fabric provides application services to millions of users
intranet
Multi-tiered applications
McAfee ConfidentialInternal Use Only
Operating System
Virtual Machine
Memory Disk Networ k Display
Ultimate APTs compromise devices below OS, either before or after shipment
BIOS
CPU
Source: http://resources.infosecinstitute.com/social-media-use-in-the-militarysector/
McAfee ConfidentialInternal Use Only
Anonymous + SCADA
Stuxnet Proliferation
Anonymous Doxing
Secure
Ubiquitous
Environment
Access to a
Computing
TO FROM
to 50 Billion
McAfee ConfidentialInternal Use Only
No protection
57%
Anti-theft device
31%
Encryption
19%
17%
Client firewall
11%
Anti-virus/anti-malware
5%
Other 0%
Rogue Certificates
Threats such as Flame, Stuxnet, and Duqu used rogue certificates to great effect to evade detection. Although this is not the first time we have seen this behavior (fake AV, certain Zeus variants, Conficker, and even some old Symbian malware used them), we expect to see this trend increase in 2012 and beyond. We need to be aware and very concerned about the implications of large-scale rogue certificates on the whitelisting and application control technologies that use these certs. Wide-scale targeting of certificate authorities and the broader use of fraudulent, yet valid digital certificates has ramifications for public-key infrastructure, secure browsing, and transactions
Coordinated Security
Asset Management System Endpoint Security (via NAC)
Routing
IDS
Switching
Wireless
Firewalls