ROUNDTABLE AND RECEPTION:
Fighting Off an Advanced Persistent Threat and Defending Infrastructure and Data
| February 9, 2012 3:30pm - 7:00pm Westin Galleria Dallas 13340 Dallas Parkway Dallas, TX 75240 |
Sponsored by |
 |
Guest Moderator Dave Shackleford Founder & Principal Consultant VooDoo Security Biography > |
Industries Represented:Healthcare, Telecommunications, Retail, Financial Services, Transportation & Shipping, Food Manufacturing & Distribution, Hi-Tech/technology, Travel, Engineering & Construction, Manufacturing
APT is a methodical professional attack conducted by well organized and well funded hackers. It is an attack cycle.
- Reconnaissance
- Intrusion
- Back doors and persistence
- Advancement - privilege escalation, data theft
APT is Not - Malware or single attack
What are we seeing...
- Attacks getting worse. More stealthy & damaging
- April 2009 US Electrical Grid compromised by Chinese & Russian hackers
- March 2011 - RSA Breach
- June 2011 - Citigroup hacked
- hactivism - targeting that went on Lulzsec & Anonymous
Media Hype!!! There is more sensationalism in the media about APT.
Sources and Areas of Opportunities for Attacks and Hacks
- Lack of patching
- Improper using of autorun
APT - High value targets. It is not stupid people but hackers are banking on human instinct, bad processes and social engineering. It is not Zero Day.
APT Techniques, methodology, and technology:
- Social engineering & phishing
- Use of Zero-day exploits
- HTTP & HTTPS C&C Channels
- Memory - resident payloads
- Use of common document formats for delivery such as PDF, DOC & XLS
- Focus on client side software exploits
- Data stealing code components
Avoid the Bullseye - Do not publicly declare, "I am not a target."
Domain controllers are the big prize. You can take over the network. Best Practice Tip: Use different admin passwords.
Most Security Shops - Spend Their Time As Follows
- Reactive....50%
- Preventative....10%
- Defensive.....40%
Older vectors and end users another area of opportunity for a hacker. End user testing of social engineering is helping to mitigate and educate end users and prevent attacks.
Changing Your Risk Profile - today's attacks require a different focus that encompasses risk management.
Prevention Techniques - Educate Users
- On browsing safely
- Do not give out personal information
- Separate work and personal info on social media
- Be wary of links and emails
Challenge
No consequences at most companies for repeat offenders of data loss and compromise. Companies need to make transition to policies that encompass security. Security does not always have the voice. Need to engage HR.
- Sometimes you need to use the stick.
- You are never going to defeat human nature.
- Mobile devices exceed PC's and laptops
- More companies are rolling out BYOD (Bring Your Own Device) Programs.
Sometimes you need to use the stick.
You are never going to defeat human nature as someone inadvertently will let the hacker in. We teach our employees to be customer service oriented and hackers take advantage of this. Education is required and try to mistake proof the process.
The hacker is going after the Tier 3 and Tier 4 merchant/processor.
Recommendations
You need combination of tactics to succeed.
- Create an awareness program. Include penalties for violating policies & taking risky actions
- Leverage technology
- Good communication and articulate risk by audience both internal and external
- Build a good executive peer network to learn from one another and benchmark
- Test Yourself - find the holes before the hacker does!