Everyones a Target Criminals are Always Two Steps Ahead 90% of all - - PowerPoint PPT Presentation

Everyone’s a Target

Hackers are Equal Opportunity Businessmen:

• 90% of all cybercrime costs are caused by web

attacks, malicious code and malicious insiders.

– Kaspersky

• 60% of enterprises said they were unable to

stop exploits because of outdated or insufficient threat intelligence. – Ponemon

• 49% said it can take within a week to more

than a month to identify a compromise. –

Ponemon

• 33% of malicious breaches are not being

caught by any of the companies’ defenses— instead discovered when notified by a 3rd party – Ponemon

Criminals are Always Two Steps Ahead

• Organized
• Well-funded
• Operate like a business:
• Use the cloud
• Run campaigns
• Growth oriented
• Able to quickly set-up fake online

store-front, attack and tear down without a trace

Cybercrime as a Business

• Crimeware kits available for

purchase online include everything needed to launch an attack

• Inexpensive and easy way for less

sophisticated criminals to get into the cybercrime business

• Different packages include malware,

exploit, phishing and botnet kits

• Specialization: botnets can be

purchased or rented based on geography

• All paid for with stolen credit cards

Malware As a Service

Use Case: Business Email Compromise

• Easy way to commit fraud
• 1. Pick a target
• 2. Get a credit card (stolen or otherwise)

and a throw away email account

• 3. Sign up for free, 30-day website domain

name and associated email

• Reported in all 50 states and 80 countries
• Ubiquiti Networks suffered a whopping

$46.7 million loss

• The Scoular Co. lost $17.2 million

Use Case: Fast Flux

• Hackers now using Dynamic DNS--

quickly changing domains

• Domain Generation Algorithms

(DGAs) for FastFlux

• Designed to exfiltrate data through

command and control hosts

• Identifies valuable data (personal

credentials, credit card #s, account #s, SSN’s etc.) and sends it “home”

Use Case: Cryptowall

g92qr2h6f.net g92qr2h6s.net … g92qr2Z6f.net g92qr2e6s.net

Malware DGA

Establish Connection Exploit Host Threat Actor Infection

Register DGA Domain

g92qr2h6f.net g92qr2h6s.net … g92qr2Z6f.net g92qr2e6s.net 103.202.31.22

DNS Exfiltration Ransomware C&C Infrastructure

The Challenge

Humans struggle to keep up with the threats Reporting on security incidents after the fact does not solve the problem Security policy needs to be tailored to the customer and use case Prevention is better than just detection Timely use of threat intelligence at the point of enforcement is challenging

Proactive Defense

Prevent

Inbound:

• Blocks malicious

attacks: botnets, spam, DDoS, phishing, scanners

• Reduces network

load

Protect

Outbound:

• Stops data theft,

malware, phishing, exploit kits

• Blocks

communications with threat actors Blocks Malicious Traffic at Firewall, Router and DNS Server

Overview

• Protects every device on the network regardless of attack type
• Prevents data exfiltration
• Threat categories blocked include:

– Malware – Ransomware – Phishing sites – Proxies / anonymous proxies – Scanners / brute force attackers

• Leverage geo blocking to provide additional protection
• Automated, near-real time security updates
• Current data to combat current threats: impossible for a human to

keep up

• Self-improving, feedback-based system

Inbound Attack

Infection spreads to

• ther

machines Inbound Attack Deposits Malware ThreatSTOP Cloud Admin Reporting

Logs up Policies down

Without ThreatSTOP Protected by ThreatSTOP

Inbound Attack Attempt Deflected

Inbound Attack

Outbound Threats

Outbound Communications with Command & Control

Without ThreatSTOP

Admin Reporting

Logs up Policies down

Protected by ThreatSTOP

Blocks Outbound Communications with Command & Control

Outbound Threats

For more information on ThreatSTOP, please contact:

sales@threatstop.com 760.542.1550