Symantec: The rise of hacktivism and insider threats

67 %
33 %
Information about Symantec: The rise of hacktivism and insider threats
Technology

Published on February 18, 2014

Author: NortonSecuredUK

Source: slideshare.net

Description

The rise of hacktivism and insiders: new tactics, new motives

Insiders Outsiders, Hactivists, Cybercriminals – the lines have blurred but the game remains the same – how you can protect your infrastructure and organization from web based and cyber threats.

With incidences of malware and vulnerabilities on the rise – how does your organisation measure up and how are you prepared for the future? Is your web infrastructure robust enough to cope? Join Symantec to understand the threat landscape and motivations that drive them.

The rise of hacktivism and insiders: new tactics, new motives Andrew Horbury Senior Product Marketing Manager

Data sources: ISTR, WSTR, Symantec Security Response hacktivism and insiders: new tactics, new motives 2

Agenda 1 Why we are here today 2 Hacktivism 101 3 How do they do it? 4 Web based attacks 5 Insiders 101 6 Mediation 7 Information sources hacktivism and insiders: new tactics, new motives 3

What is a Hacktivist ? • Def. haktɪvɪst/ (noun) - a person who gains unauthorised access to computer files or networks in order to further social or political ends. • The term was coined in 1996 by Omega, a member of the popular group of hackers known as Cult of the Dead Cow • Hacktivism includes cyber attacks performed to promote (or motivated by) political or social scopes Source: http://hackmageddon.com/2013-cyber-attacks-timeline-master-index/ hacktivism and insiders: new tactics, new motives 4

From activist to Hacktivist hacktivism and insiders: new tactics, new motives 5

Anonymous hacks Vatican website http://www.zdnet.com/blog/security/anonymous-hacks-abortion-clinic-steals-10000-records/10675 hacktivism and insiders: new tactics, new motives 6

So what happens? • Criminals buy ready-made malware, such as the Sakura toolkit, which is then installed on someone else’s website. It scans visitors’ computers for known vulnerabilities and picks the most effective exploit to infect them. hacktivism and insiders: new tactics, new motives 7

Our Websites are Being Used Against Us Vulnerabilities and malware on the rise….. 53% 61% of web sites serving malware are legitimate sites of legitimate websites have unpatched vulnerabilities 25% have critical vulnerabilities unpatched hacktivism and insiders: new tactics, new motives 8

Our Websites are Being Used Against Us 53% 61% of web sites serving malware are legitimate sites of legitimate websites have unpatched vulnerabilities 25% vulnerabilities reported in 2012 have critical vulnerabilities unpatched hacktivism and insiders: new tactics, new motives 9

Web based attacks on the rise The number of Web-based attacks increased by almost a third in 2012. These attacks silently infect enterprise and consumer users when they visit a compromised website. In other words, you can be infected simply by visiting a legitimate website. Typically, attackers infiltrate the website to install their attack toolkits and malware payloads, unbeknown to the site owner or the potential victims. hacktivism and insiders: new tactics, new motives 10

Why are you telling me this? My company is not important – why would anyone attack me? “C’mon no one will attack my company… will they?” hacktivism and insiders: new tactics, new motives 11

Targeted Attacks by Company Size: 2012

Small businesses say…… • 41% have been a victim of cybercrime in past 12 months. • 20% have had a virus infection in their business • 8% have suffered from a hacking incident • 20% have not taken any steps to protect themselves at all! In a pool of 2000+ that’s at least 400 businesses that are probably at high risk • Only 36% say they regularly apply security patches • 60% kept their antivirus software up to date hacktivism and insiders: new tactics, new motives 13

hacktivism and insiders: new tactics, new motives 14

Targeted Attacks by Industry: 2012 24% Manufacturing Manufacturing 19% Finance, Insurance & Real Estate Finance, Insurance & Real Estate 17% Services – Non-Traditional Services – Non-Traditional 12% Government Government 10% Energy/Utilities Energy/Utilities 8% Services – Professional Services – Professional Wholesale Wholesale 2% Retail Retail 2% Aerospace Aerospace 2% Transportation, Communications, tion, Communications, Electric, Gas Electric, Gas 1% 0% 5% 10% 15% 20% 25% 30% 15

Targeted Attacks by Job Function: 2012 30% R&D 27% Sales 24% 25% C-Level 17% 20% 15% Senior 12% Shared Mailbox 13% 10% 5% Recruitment Media 4% 3% PA 1% 0% • Attacks may start with the ultimate target but often look opportunistically for any entry into a company hacktivism and insiders: new tactics, new motives 16

Are your employees putting your company’s data at risk? • Insider theft makes up between 8-14% of confirmed data breaches, compared to the 88 or 92 percent attributed to external actors • Insider account for 69 percent of all corporate security issues • UK Information Commissioner’s Office fined & prosecuted more businesses because of insider incidents than they did outsider attacks in 2012 hacktivism and insiders: new tactics, new motives 17

Are your employees putting your company’s data at risk? • More than 30 percent of insiders engaging in IT sabotage have a prior arrest history • They may brag about the damage they could do to the organisation if they so desired. • Bitterness about being passed over for promotion • Considering starting up a competing business and using the organisation’s resources and IP for a new/side business • The pattern or quantity of the information they retrieve might change drastically, potentially indicating data theft. hacktivism and insiders: new tactics, new motives 18

Malicious Insiders could pose the greatest risk Areas of Focus….. • Know your people • Focus on deterrence, not detection • Identify information that is most likely to be valuable • Monitor ingress and egress • Baseline normal activity hacktivism and insiders: new tactics, new motives 19

What do they do and what are the threats? Everyone is a target. hacktivism and insiders: new tactics, new motives 20

Anonymous has claimed responsibility for a broad range of actions: publication of bank managers’ details, DDoS attacks on government websites, taking child pornography websites offline, hacking of two MIT websites, publication of the VMware source code and attacks on Israeli websites hacktivism and insiders: new tactics, new motives 21

Cutting Sword of Justice hacktivism and insiders: new tactics, new motives 22

Profile of Hacktivist threats • Hacktivists mainly target the information, public and service sectors. • They primarily operate in Western Europe and North America. • Their most common attack methods are SQL injection, using stolen credentials, brute force and DoS attacks, remote file inclusion and backdoors • The main assets they target are web applications, databases and mail servers • Their desired data is personal information, credentials and internal corporate data hacktivism and insiders: new tactics, new motives 23

Insider threats • Unauthorised access to or use of corporate information. • Viruses, worms or other malicious code. • Theft of intellectual property (IP). The same research found that: • Insiders often attempt to gain colleagues passwords or gain access through trickery or exploit a relationship • >70 percent of intellectual property theft cases, insiders steal the information within 30 days of announcing their resignation • More than half of insiders committing IT sabotage were former employees who regained access via backdoors or corporate accounts that were never properly disabled hacktivism and insiders: new tactics, new motives 24

Policies Procedures and employee access • Temporary consultant at the Korea Credit Bureau stole the customer details of up to 20 million South Koreans • Can be accidental as well as deliberate hacktivism and insiders: new tactics, new motives 25

What can you do about it? •Security - assume that you are a target •Culture - majority of insider attacks are instigated by disgruntled employees •Education - Educate staff about data protection and the threats posed by hacktivists, cybercriminals and insiders is essential. hacktivism and insiders: new tactics, new motives 26

Stay informed • Follow us on twitter @nortonsecured @threatintel @andyhorbury • www.symantec.com/threatreport • go.symantec.com/ssl • Blogs www.symantec.com/connect/blogs/websitesecurity-solutions hacktivism and insiders: new tactics, new motives 27

Thank you! Andrew Horbury andy_horbury@symantec.coml @andyhorbury Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. hacktivism and insiders: new tactics, new motives 28

Add a comment

Related presentations

Related pages

The Rise of Hacktivism and Insiders: New Tactics, New Motives

... how you can protect your infrastructure and organization from web based and cyber threats. ... vulnerabilities on the rise –... All ...
Read more

The Rise of Hacktivism and Insiders: New Tactics, New Motives

With incidences of malware and vulnerabilities on the rise ... of Hacktivism and Insiders: New Tactics, New ... from web based and cyber threats. ...
Read more

The Rise of Hacktivism and Insiders 3: Profile of a ...

Andrew Horbury outlines the typical insider activities and the related threats to ... the Symantec Internet Security ... The Rise of Hacktivism and ...
Read more

Symantec Taxonomy Presentation - Hewlett Packard

Threats Hacktivism in Action Data Breaches Rise New Attack Vectors Attack Tools Evolve Insider ... • Provision to quarantine / remediate threats Symantec ...
Read more

Insider Threats | LinkedIn

View 3187 Insider Threats posts, presentations, ... an organizational insider, ... Symantec: The rise of hacktivism and insider threats.
Read more

The Rise of Hacktivism and Insiders 4: Mitigating the ...

... are highlighted by Andrew Horbury as mitigations for insider and ... www.symantec.com ... The Rise of Hacktivism and ...
Read more

Symantec: Focused Internet Attacks Are On the Rise | CSO ...

Last week Symantec released its eighth Internet security threat report, ... Insider email. ... Symantec: Focused Internet Attacks Are On the Rise.
Read more

Olympics Cybersecurity is Like Protecting a Major Company ...

According to Symantec’s vice president for the ... insider threats, ... “And then you’ve got the more worrisome efforts that go on with hacktivism.
Read more