Post on 03-Dec-2014
description
1
Christos VentourisInformation Security SpecialistSymantec EMEA
Watch your stepin the waterhole ….
eBusinessWorld & Social Media World
Agenda
A 10 minute tribute on how things go wrong ...and possibly get you to
think twice(10mins for the next 13 slides. Keep focused :] )
eBusinessWorld & Social Media World 2
7 Years ago …
Clicking on an email or attachment link was dangerous
3eBusinessWorld & Social Media World
Today …
eBusinessWorld & Social Media World 4
Visiting your favorite website is dangerous.
1 in 532 websites infected.
browseLegitimateWeb site
Most common: DriveBy Download infections
Infection Browser is analysed312 Plug-in vulnerabilities (2012) 891 Browser vulnerabilities (2012)
Malicious Script
• hacked website• Misconfigured server
• Weak password• Banner Ads
• …
No user interaction
required
eBusinessWorld & Social Media World 5
eBusinessWorld & Social Media World 6
Your password could be hacked by Social engineering or if a website was hacked.
7 years ago …
Today : Data Breaches - again and again
• Twitter - 250‘000 user records stolen in 2013• Scribd - 500‘000 user records stolen in 2013 • Evernote resets 50 Mio accounts after data breach in 2013• LinkedIn - 6.5 Mio user records stolen in 2012• Who‘s next ?
• Many of them happen due to SQL injection on the website– Very old attack, could be protected by following the best practice
7
Are you sure that your data is well protected?
eBusinessWorld & Social Media World
Today …
eBusinessWorld & Social Media World 8
Oversharing allows the attacker to gain access to your
online resources by simply putting the pieces together
A lot of information in social networks• „Luca2013“ could be my password
• Service to reset lost passwords
• Also for spammers
• or for Phishing
9
my pet: Luca
Hey, here you get cheap rabbit food
Security QuestionName of your pet: LUCA
Hey, is that your bunny in that picture?
Fake Facebook <login>
eBusinessWorld & Social Media World
~5 years ago …
It was almost impossible to get your smartphone infected.
eBusinessWorld & Social Media World 10
Today’s mobile threats
11
eBusinessWorld & Social Media World
Today’s Android Malware• Making money with premium SMS
– Profit with SMS between $1.6K-9K / day
• Mobile BotNets exist already• DriveBy Downloads possible• Privacy is also an issue• Mobile vulnerabilities
– 416 (2012) / 315 (2011)
Heavy use of social engineering
Fake app markets
Unique (bad) APK every time
Sends Premium SMSs
12
eBusinessWorld & Social Media World
Jan
'11
Apr
Jul Oct
Jan
'12
Apr
Jul Oct
0
20
40
60
80
100
120
140
160
180
200
Android Malware Growth
eBusinessWorld & Social Media World 13
5,000
4,500
4,000
3,500
3,000
2,500
2,000
1,500
1,000
500
0
Cumulative Android Families 2011-2012
Cumulative Android Variants 2011-2012
Hacktivism
Different Motivation – Different Attacks
14
Money
Targeted Attacks
Sabotage Espionage
DDoS
Defacement
Banking Trojan
Extortion
Scam
eBusinessWorld & Social Media World
Tips of advice …• Think “What is the impact to my customers?”• Assess and Control your risks.• Implement best practices for building your eBusiness platform
– OWASP Top 10
– Find your own holes before others find them first
– Lookout for past and new platform vulnerabilities. Fix them as soon as they are announced and fix is available
• Share responsibly.– If you think you have nothing to hide, tweet a picture while in the WC
• Watch what you click ?• Protect your assets based on the threats and risks you identify.
eBusinessWorld & Social Media World 15