Economy of BadKnow your Enemy

Christopher BeierSr. Product Marketing ManagerSCM ProductsTripwire

2

Agenda

Economy of bad How does this economy manifest

Breaches continue to grow

Soaring cost of lost records

Attacker Motivations Three general types of Hackers

Motivations

Attacker Methods Most common attack types

3

Economy of Bad: defined

1. Participants (buyers

/sellers/resources)

2. Product

3. Currency

4. Marketplace

5. Competition

1. Yes

2. Tools, education, fruits of their efforts

3. Bitcoin, egold, and many other under the radar

4. Yes5. Yes

Value of this market

The CostAs attacks become increasingly sophisticated, security breaches have a growing financial impact on victims.

$7.7 million 2% from 2014

THE AVERAGE ANNUAL COST OF A CYBER CRIME INCIDENT IN 2015

THE ESTIMATED COST OF CYBER CRIME TO THE GLOBAL ECONOMY

$400 billion

Sources: Ponemon Institute. “2015 Cost of Cyber Crime Study: Global.”McAfee/CSIS, “Net Losses: Estimating The Global Cost Of Cyber Crime”

5

Breaches continue to grow…

IBM X-Force Threat Intelligence Report 2016

6

Healthcare records are the most valued commodity

2015 Ponemon Cost of a Breach Study

Attacker Motivations

8

All the world’s a chess board…and all the security pros, merely pieces

http://www.tripwire.com/state-of-security/off-topic/all-the-worlds-a-chess-board-and-all-the-security-pros-merely-pieces/

9

10

CYBERWAR & HACKTIVISM

THEFT OF SENSITIVE INFORMATION

CYBERCRIME & FRAUD

11

Anonymous VS. ISIS

12

300+

®

Home Profile Connections Jobs Interests Search…

connectionsConnect Send InMail

Cyber Threats Analyst at the Naval Network Warfare Command

Robin Sage – Would Someone in Your Company Connect?

Robin Sage

Massachusetts Institute of Technology

Naval Network Warfare Command 

Norfolk, CT │ Cyber Threats Analyst

25 years oldEducation

CurrentAge

13

®

Home Profile Connections Jobs Interests Search…

Connect Send InMail

Robin Sage

Massachusetts Institute of Technology

Naval Network Warfare Command 

Norfolk, CT │ Cyber Threats Analyst

Cyber Threats Analyst at the Naval Network Warfare Command

25 years oldEducation

CurrentAge

300+connections

Robin Sage – A Passive Social Engineering Attack

300+ connections (Intelligence, Bank Accountsmilitary & security agencies)

Offered work at Lockheed Martin, Google Secret base locations

Dinner invitations Interpersonal Relationships

Emails

RESULTS?

14 Flipping the Economics of Attacks, Palo Alto Networks & Ponemon Jan 2016

15Hackmageddon.com

16 Flipping the Economics of Attacks, Palo Alto Networks & Ponemon Jan 2016

Attacker Methods

18

COMMODITYATTACKS (80%)

TARGETED THREAT (19.99%)

ADVANCED THREAT (.01%)

Microsoft Targeted Attack series 2012 -2015

19

50%

NEARLY 50% OPEN E-MAILS AND CLICK ONPHISHING LINKS WITHINTHE FIRST HOUR.

99.9%

OF THE EXPLOITED VULNERABILITIESWERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED.

95%

OF MALWARE TYPES SHOWED UP FOR LESSTHAN A MONTH, AND FOUR OUT OF FIVEDIDN’T LAST BEYOND A WEEK.

SOURCE: Verizon DBIR 2015

SOURCE: Verizon DBIR 2015

SOURCE: Verizon DBIR 2015

20 IBM X-Force Threat Intelligence Report 2016

21

Recommendations

Know the battlefield Know yourself

Try to understand what you have that is valuable and what motivates those who want to take it

Get informed Tripwire, The State of Security

Tripwire, SCM for Dummies

Tripwire, Security eBooks

Verizon DBIR reports

Cisco Security Reports

Krebs on security

IBM Xforce Quarterlies

What Battlefield are you fighting on?

tripwire.com | @TripwireInc