TARGETED ATTACKS AND THE SMALL BUSINESS

greenpepperwhinnySecurity

Nov 3, 2013 (4 years and 11 days ago)

73 views

TARGETED ATTACKS AND

THE SMALL BUSINESS

Stephen Ferrero

Consultant, Xantrion

Xantrion


Founded in 2000 by Anne Bisagno and Tom Snyder


Wanted to
bring big company IT to small and
midsized organizations


Among the top 50 worldwide MSPs
(1)


45 person technical team


70 core clients


3000 end users supported


600 servers managed

(1) MSP Mentor worldwide
survey results
.

Agenda


Intro to Cybersecurity


The current SMB security paradigm


Why we need to evolve our thinking


Targeted attack methods


The new SMB security paradigm


INTRO TO CYBERSECURITY

What Is Cybersecurity

Measures taken to protect a computer or
computer system against unauthorized
access or attack.

(“Cybersecurity,”
n.d.
).

Terms

SMB



Small and midsize businesses. With less
than 1000 users.
(“Small and Midsize,”
n.d.
).

Malware



Malicious software used by attackers
to disrupt computer systems.


CURRENT SECURITY PARADIGM

Protect against

Opportunistic Attacks



Attacker

Your Company

Security mindset

“Be more secure than the other guy”


“I’m too small to be a target”



Typical security
l
ayers

Hardware Firewall

Antivirus / Antimalware

OS Security Patches

User Rights Assignment

Email Filter

Web Filter

Policies, and Awareness

User

WHY CHANGE?

Targeted Attack

Attacker

Your Company

Small Biz

31%

Midsize Biz

19%

Large Biz

50%

(Symantec,
2013)

Targeted attacks in 2012

More
targeted attacks on
SMB


Attackers have more and better resources


SMBs are typically less secure


SMBs make good launch points

TARGETED ATTACK METHODS

Spear Phishing

1


Attacker collects data about victim perhaps
“friends” them on social networking sites

2


Attacker looks for possible themes to leverage
against victim

3


Attacker crafts highly custom email message with
malware laced attachment and sends to victim

4


Victim opens highly realistic email and launches
attachment

Water Hole Attack

1


Attacker collects data about victim and the kind of
websites they visit

2


Attacker looks for vulnerabilities in these websites

3


Attacker injects JavaScript or HTML which redirect
to a separate site hosting exploit code

4


Compromised site is waiting for unsuspecting
victims

Process of A Typical Attack

Attacker delivers
custom malware to
victim

Victim opens the
attachment,
custom malware is
installed

Malware phones
home and pulls
down additional
malware

Attacker
establishes
multiple re
-
entry
points

Attacker continues
to attempt
privilege escalation
and reconnaissance

Attacker achieves
goal and exits

1

2

3

4

5

6

Hardware Firewall

Antivirus / Antimalware

OS Security Patches

User Rights Assignment

Email Filter

Web Filter

User

Spear Phishing,
Waterholing
, etc.

Ransomware

(Symantec, 2013)

Now extorts $5 Million per year

NEW SMB SECURITY PARADIGM

Protect against

Targeted Attacks



Attacker

Your Company

Security mindset

“I have important data and assets to protect”


Assume you are a
target

Typical SMB
s
ecurity
l
ayers

Hardware Firewall

Antivirus / Antimalware

OS Security Patches

User Rights Assignment

Email Filter

Web Filter

Policies, and Awareness

User

Add more layers


Educate employees


Review hiring and firing policies


Aggressive patching of OS and Apps


Acrobat, Flash, QuickTime, Java


Get off End of Life software


Windows XP


Office 2003


End of Support
-

April, 2014

Hardware Firewall

Antivirus / Antimalware

OS Security Patches

User Rights Assignment

Email Filter

Web Filter

Additional security
l
ayers

HR and Security Policies

App Security Patches

User

User Awareness and Training

Identify your valuable assets


Customer Data


Customer Relationships


Intellectual Property


Bank Account Info

Identify your special risks


Internal threats


Liability


Unmanaged mobile devices


Physical security

Plan your response

Practice secure banking


Use Two
-
Factor authentication


Require “Dual
-
Control” or separation of duties


Require one control be completed on a
dedicated PC


Require out
-
of
-
band confirmation from your
bank for large transactions

Protect mobile devices


Be aware of the increase in mobile malware


Stream data
to mobile
devices instead of
storing it there


Separate personal and work data


Track devices


Have remote
-
wipe capability


Enforce password policies

Regularly re
-
evaluate your security

Use the
Top 20 security controls
as a
framework for frequent security policy
updates. www.sans.org


Remind users of proper security best
practices

QUESTIONS

References

cybersecurity
. (
n.d.
). In Merriam
-
Webster’s online dictionary. Retrieved from
http://
www.Merriam
-

webster.com/dictionary/
cybersecurity

Small and midsize businesses. (
n.d.
). In Gartner IT Glossary. Retrieved from http
://
www.gartner.com/it
-

glossary/
smbs
-
small
-
and
-
midsize
-
businesses/

Symantec Inc. (2013, April). Internet Security Threat Report. Retrieved from

http
://
www.symantec.com/security_response/publications/threatreport.jsp

Verizon. (2012). Data Breach Investigations Report. Retrieved from

http
://www.verizonenterprise.com/products/security/dbir/?
CMP=DMC
-

SMB_Z_ZZ_ZZ_Z_TV_N_Z041

Mandiant
. (2013) M
-
Trends 2013: Attack the Security Gap. Retrieved from

https
://www.mandiant.com/resources/m
-
trends
/


Top 10 Threat Actions

1.
Keylogger

/ Form
-
Grabber / Spyware

2.
Exploitation of default or guessable passwords

3.
Use of stolen login credentials

4.
Send data to external site/entity

5.
Brute force and dictionary attacks

6.
Backdoor (Allows remote access / control)

7.
Exploitation of Backdoor or
CnC

Channel

8.
Disable or interfere with security controls

9.
Tampering

10.
Exploitation of insufficient authentication (no login required)

Advanced Persistent Threats


Long
-
term attacks


Focused on large organizations


Organized Crime or State Sponsored