2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in - - PowerPoint PPT Presentation

2016 Syste m Se c urity Upda te

Surviving a nd Sta ying sa fe in a c o nne c te d wo rld. Jim Hutc hins So uth So und I T Olympia , WA 866.827.9889

T

• da y

 Curre nt T

hre a ts

 Pre ve ntio n  Mitig a tio n  Re c o ve ry

Curre nt T hre a ts

 Ra nso mwa re  Ma lwa re  Ra nso mwa re  Phishing  Ra nso mwa re  DDOS/ I

ntrusio n

 Ra nso mwa re

Ma lwa re

 Spo tify F

re e – c a use d the de fa ult b ro wse r to o pe n ma lwa re / virus site s

 Humming Ba d Andro id-infe c ting Ma lwa re  OSX/ K

e ydna p ma lwa re – ke ylo g g e r

 L

inux/ I RCT e lne t I nte rne t o f T hing s (I

• T

)

 Ne w AT

M ma lwa re fa mily – Rippe r

 Ato mBo mb ing : Bra nd Ne w Co de I

nje c tio n fo r Windo ws

Ma lwa re in the Clo ud

 2-ye a r o ld ra nso mwa re stra in - Virlo c k  Sta rte d spre a ding itse lf via c lo ud sto ra g e

a nd c o lla b o ra tio n a pplic a tio ns

 “Virlo c k has e ffe c tive ly we apo nize d e ve ry

data file it e nc rypts”

 T

he re a re “Clo ud Anti-Virus” so lutio ns

 Re pre se nts unma na g e d risk

Phishing

 T

a rg e ting individua ls

 Mining so c ia l me dia fo r info rma tio n  Custo mize d e ma il – with a ma lic io us link  L

ink ta ke s the m to a c o mpro mise d site

 T

ha t site do wnlo a ds the pa ylo a d

 T

he pa ylo a d e xe c ute s in the b a c kg ro und

DDOS Atta c k

 DynDNS, a ka Dyn.c o m, a tta c ke d b y a ve ry

a g g re ssive DDo S a tta c k – Oc to b e r 2016

 Pa ypa l, Ne tflix, Wo rdc a mp, Github , T

witte r, E sty, So undc lo ud, Spo tify, Ama zo n, He ro ku, Sho pify, Pa g e rDuty, Ze nDe sk, Bra intre e , F a stly, Clo udfla re

 I

• T

de vic e s infe c te d with a b o tne t (c a me ra s)

 500,000 de vic e s we re infe c te d a nd o nly 10% o f

the m we re use d in the a tta c k.

Ra nso mwa re

 Po lymo rphic - o n the fly muta tio n  Ne w (ha c ke r) to o ls a re re a dily a va ila b le  Ro o tkits a re “e ve ryda y pe rso n” a c c e ssib le  De vic e spe c ific ve rsio ns  Billio n do lla r industry

De c e mbe r 2015 17% o f a ll o b se rve d ma lwa re

dro ppe d b y e xplo it kits wa s Ra nso mwa re

May 2016 61% o f a ll o b se rve d ma lwa re

dro ppe d b y e xplo it K its wa s Ra nso mwa re

259% inc re a se in 5 mo nths

Pre ve ntio n

 Co mmo n se nse  Po lic y & Pro c e dure  Anti-virus  Anti-e xplo it  Se g me nte d ne two rking  Ma na g e me nt a wa re ne ss a nd b uy-in  T

he re is no 100%

Ma lwa re

 AV & AE

 Ma lwa re b yte s  E

SE T

 Mo b ile

 Pre y – lo st/ sto le n  360 Mo b ile Se c urity  Bitde fe nde r/ E

SE T

Phishing

Minimizing impa c ts

 DDOS - se c o nda ry DNS pro vide r  Phishing – F

ilte rs/ Pre -e duc a tio n

 Re mo te Ac c e ss/ T

ro ja ns – Outb o und de te c tio n/ filte ring

 Ra nso mwa re / Ma lwa re – Ba c kups

DDNS a tta c ks

 Ope nDNS ha s DNS se rve r a ddre sse s:

 208.67.222.222  208.67.220.220

 Se c o nda ry DNS pro vide r  I

ng re ss/ E g re ss F illte ring

 L

• c k o ut une xpe c te d tra nsa c tio ns

Priva te VPNs

T OR: T he Onio n Ro uting pro g ra m

Re c o ve ry

 Phishing - Syste ms, T

ra ining , Po lic y

 Ra nso mwa re / Ma lwa re - Re sto re da ta

Phishing

 Upda te / impro ve E

ma il a nd F ire wa ll filte rs a nd rule s

 E

sta b lish/ I mpro ve / E xpa nd Phishing tra ining fo r use rs

 E

sta b lish and e nfor

c e mo re rig o ro us

po lic ie s & pro c e dure s

Ra nso mwa re

 Wipe & Re sto re fro m b a c kup  Just sa ve c ritic a l file s

Wipe & Re sto re fro m b a c kup

 Cle a n the syste m with purc ha se d

so ftwa re

Wipe & Re sto re fro m b a c kup

 Pa y so me o ne e lse to c le a n it up

Wipe & Re store from ba c kup!!

Ba c kups

Ne w USB c o nne c to r – T ype C

Ra nso mwa re