2014 TRUSTWAVE GLOBAL SECURITY REPORT John Yeo VP at Trustwave Stockholm - November 2014
Sammanfattning av 2014 Trustwave Global Security Report
Jul 25, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
John Yeo
VP at Trustwave
Stockholm - November 2014
1 Victim Demographics
2 Data and Systems Targeted
3 Intrusion Methods
4 Indicators of Compromise
5 Detection Statistics
6 Understanding Widespread Malware
7 Actions and Recommendations
2014 GSR: AGENDA
Welcome…
1 Victim Demographics
2 Data and Systems Targeted
3 Intrusion Methods
4 Indicators of Compromise
5 Detection Statistics
6 Understanding Widespread Malware
7 Actions and Recommendations
2014 GSR: AGENDA
2014 GSR: SUMMARY OF FINDINGS
1. More victims, more breaches
2. Shift in data types
3. Similar targets and methods as past years
4. Self detection = early detection
5. Response is key
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
WHO WERE THE
VICTIMS?
THE VOLUME OF DATA
BREACH INVESTIGATIONS
INCREASED 54% OVER 2012
ATTACK SOURCE
IP ADDRESSES
LOCATION OF
VICTIMS
19% United States 4% Germany
18% China 4% United Kingdom
16% Nigeria 4% Japan
5% Russia 3% France
5% Korea 3% Taiwan
19% Other Countries
19% United States 1% Mauritus
14% United Kingdom 1% New Zealand
11% Australia 1% Ireland
2% Hong Kong 1% Belgium
2% India 1% Canada
7% Other Countries
35% 18%
11%
RET
AIL
FOO
D &
BEV
ERA
GE
HO
SP
ITA
LIT
Y
35% RETAIL
18% FOOD & BEVERAGE
11% HOSPITALITY
9% FINANCE
8% PROFESSIONAL SERVICES
6% TECHNOLOGY
4% ENTERTAINMENT
3% TRANSPORTATION
2% HEALTH CARE
4% OTHER
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
WHAT WAS
TARGETED?
33% INCREASE IN
NON-CARD DATA
TARGETED
POS payment
card data
(track data)
45%
36%
19%
Non-payment
card data
E-commerce
payment card data
E-COMMERCE MADE
UP 54% OF ASSETS
TARGETED
POINT-OF-SALE (POS)
BREACHES ACCOUNTED
FOR ONE THIRD OF OUR
INVESTIGATIONS
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
HOW DID
ATTACKERS GET
ACCESS?
WEAK PASSWORDS
OPENED THE DOOR FOR
THE INITIAL INTRUSION IN
31% OF COMPROMISES
MOST COMMON
PASSWORD FOUND
WITHIN CORPORATE
ENVIRONMENTS?
TOP 25 PASSWORDS
16
BY PERCENT
PASSWORD LENGTH
17
ALMOST ALL
APPLICATIONS
SCANNED
HARBORED ONE
OR MORE
SERIOUS
SECURITY
VULNERABILITIES
TOP 10 APPLICATION VULNERABILITIES
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
INDICATORS OF
COMPROMISE
Businesses often…
1. Don’t centralize logging
2. Log but don’t monitor
3. Log the wrong things
important because…
ANOMALOUS ACCOUNT ACTIVITY
UNEXPLAINED OR SUSPICIOUS OUTBOUND DATA
NEW AND/OR SUSPICIOUS FILES DROPPED
GEOGRAPHIC ANOMALIES IN LOGINS
UNEXPLAINED OR SUSPICIOUS CHANGES TO THE WINDOWS REGISTRY
EVIDENCE OF LOG TAMPERING
EVIDENCE OF TAMPERING WITH ANTI-VIRUS SERVICES
ANOMALOUS SERVICE ACTIVITY (SERVICES ADDED, STOPPED OR PAUSED)
INTERRUPTION IN THE PAYMENT PROCESS FLOW (E-COMMERCE)
UNEXPLAINED ACCESS TO ADMINSTRATION CONSOLES OR WEB ADMIN (E-COMMERCE)
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
DETECTION
STATISTICS
71% OF COMPROMISE
VICTIMS DID NOT DETECT
BREACHES THEMSELVES
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
UNDERSTANDING
WIDESPREAD
MALWARE
NARRATIVE OF A
MALICIOUS CAMPAIGN
THE TOP THREE MALWARE
HOSTING COUNTRIES WERE:
42% UNITED STATES
13% RUSSIA
9% GERMANY
MALWARE STRAINS:
PASSWORD STEALERS
BANKING TROJANS
DDOS BOTS
RANSOMWARE
FAKE UPDATES OR ANTI-VIRUS
CRYPTO-CURRENCY MINER
POINT-OF-SALE MALWARE
SPAMBOTS
BLACKHOLE TOPPED
THE LIST OF MOST
PREVALENT EXPLOIT
KITS AT 49%
85% OF EXPLOITS
DETECTED WERE OF
THIRD-PARTY PLUG-INS
INCLUDING JAVA AND
ADOBE FLASH, ACROBAT
AND READER
78% OF EXPLOITS
DETECTED WERE OF
JAVA VULNERABILITIES
SPAM MADE UP
70 PERCENT OF
INBOUND MAIL
IN TERMS OF
MALICIOUS SPAM,
59% INCLUDED
ATTACHMENTS &
41% INCLUDED LINKS
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
ACTION PLAN/
RECOMMENDATIONS
TO DO LIST:
1. Educate employees on best
security practices through
security awareness training.
2. Invest in gateway security
technologies to protect
networks and users against
zero-day exploits, targeted
malware and blended
threats.
TO DO LIST:
1. Implement and enforce
strong password policies for
employees.
2. Change default and “admin”
passwords immediately.
3. Consider two-factor
authentication solutions.
TO DO LIST:
1. Know your data - discover all
types of sensitive data
across your environment.
2. Combine ongoing scanning
and testing across all assets
- endpoint, network,
application and database -
so you can identify and fix
flaws before an attacker
finds them.
TO DO LIST:
1. Pit a security expert against
your network hosts,
applications and databases
for a real-world threat
perspective.
2. Test resilience of your
systems with regular
penetration testing.
TO DO LIST:
1. Develop, institute, and
rehearse an incident
response plan.
2. Ensure ongoing security
training and education of
your IT staff.
3. Consider a MSSP for expert
help, including ongoing
tuning of your technologies
and continuous threat
monitoring.
IN CLOSING, SECURITY IS:
1. A continuous process
2. Compliance != Security
3. Is bigger than the IT dept
4. Is an effective combination:
• of People
• pf Process
• of Technology; AND
• of expert partners
2014
TRUSTWAVE GLOBAL
SECURITY REPORT
Further
Resources
www.trustwave.com/GSR
blog.spiderlabs.com
ANY QUESTIONS?
Related Documents
