Addressing the biggest IT Security
Threats of 2016 – and how to
prevent them.
Presented by Sebastian Kramer
[email protected]
Threat 1: Ransomware
• What is Ransomware?
Ransomware – Encrypts your files
Ways of infection
• CryptoLocker type attacks
• CryptoWall type attacks:
Visiting of websites that are rigged with exploit kits
Ransomware on IOS
Ransomware on Android
• SimpleLocker (Andr/Slocker-A)
Scrambles files and holds your Android to ransom
2. Phishing, Spearfishing & Whaling
• Phishing is an increasingly common type of spam that can
lead to theft of your personal details such as credit card
numbers, online banking passwords and AD account
credentials.
Whaling – Why target small “phish” if
you can get the big ones?
3. Identity Theft through Hacking
Hackers try to get hold of admin accounts and passwords
through various means:
• Exploiting missing patches
• Sending documents with malicious code – You won’t even
know its there till it is too late
• Exploiting weak or poorly protected passwords
• Social engineering
4. Vulnerability Exploitation
• Patching is inherently difficult due to large number of patches
and the impact on the business
• When do I have to patch – and when can I wait?
• 3rd party patches are especially difficult to stay on top of
• Most vulnerabilities that were exploited in 2014/15 were
over a decade old
• Not just Windows OS
Global Mitigation Frameworks
• ASD – Australian Signals Directorate
The Australian Signals Directorate (ASD) produces the Australian
Government Information Security Manual (ISM). The manual is
the standard which governs the security of government ICT
systems. The NZ ISM is based on the Australian ISM.
• CSC – Critical Security Controls
The CIS Critical Security Controls are a recommended set of
actions for cyber defense that provide specific and actionable
ways to stop today's most pervasive and dangerous attacks.
ASD
• Top 4 Mitigation Strategies (total of 39)
1.
2.
3.
4.
Application Whitelisting
Patch Applications
Patch operating system vulnerabilities
Restrict administrative privileges
http://www.asd.gov.au/images/mitigation-strategies-2014.png
CIS Critical Security Controls
The CIS Critical Security Controls form the basis for Cybersecurity
Engagements
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Inventory of Authorized and Unauthorized Devices (CSC 1)
Inventory of Authorized and Unauthorized Software (CSC 2)
Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers (CSC 3)
Continuous Vulnerability Assessment and Remediation (CSC 4)
Controlled use of Administrative Privileges (CSC 5)
Maintenance, Monitoring and Analysis of Audit Logs (CSC 6)
Email and Web Browser Protection (CSC 7)
Malware Defences (CSC 8)
Limitation and Control of Network Ports, Protocols and Services (CSC 9)
Data Recovery Capability (CSC 10)
Secure Config. For Network Devices, Firewalls, routers and Switches (CSC 11)
Boundary Defenses (CSC 12)
Data Protection (CSC 13)
Controlled Access Based on the Need to Know (CSC 14)
Wireless Access Control (CSC 15)
Account Monitoring and Control (CSC 16)
Security Skills Assessment and Appropriate Training to Fill Gaps (CSC 17)
Application Software Security (CSC 18)
Incident Response and Management (CSC 19)
Penetration Tests and Red Team Exercises (CSC 20)
Source: https://www.sans.org/media/critical-security-controls/critical-controls-poster-2016.pdf
SOLUTIONS….
Covers: CSC 1–CSC 4
Covers: ASD 2-3/CSC 4
Covers: CSC 5 / CSC 14 / CSC 16 /ASD 4
Covers: ASD 1/CSC 7/CSC 8/CSC12/CSC13
Covers: CSC 10
• Agent based backup. Simple and easy to use
Covers: CSC 17
Your Security Posture
• Understanding your own security risks and where you get
your best value and protection from your security spend.
Questions?