A Sunny Day at the Breach Jeff Sanchez Adam Brand

Agenda • Introduction • Story Time

• Reducing Headlines • Q&A

2

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Introduction – Who We Are • Protiviti • IT Security Services

• Jeff Sanchez, Managing Director • Adam Brand, Senior Manager

3

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Introduction – Why Should IA Care about Breaches? • Understand the risk • Insight into systemic issues

• Potential financial impact

4

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: The Four Horsemen

5

Ivan & Co. Credit Card Thieves

Digital D0gs Defacers

The Bad Sh3pherds Botnet Herders

Red Team 3 Corporate Secrets Thieves

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Ivan & Co. – Credit Card Thieves

6

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Ivan & Co. – The Source

7

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Ivan & Co. – The Malware

8

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Ivan & Co. – The Scope

9

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Ivan & Co. – The Agent

10

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Ivan & Co. – The Resolution Yay…free credit monitoring!

I get a free prison tattoo. 11

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Digital D0gs – Defacers

12

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Digital D0gs – Awesome Web Designers

13

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Digital D0gs – The Resolution This new design is actually cleaner and loads faster!

14

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: The Bad Sh3pherds – Botnet Herders

15

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: The Bad Sh3pherds – Oldie But Goodie

16

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: The Bad Sh3pherds – The Resolution

Ah: rebuild, patch, done.

17

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Red Team 3 – Corporate Secrets Thieves

18

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Red Team 3 – The Source

We “heard” you were hacked.

19

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Red Team 3 – The Malware

If I keep installing malware…

I can be advanced and persistent! 20

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Red Team 3 – The Secrets

That IS the droid

they were looking for!

21

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Story Time: Red Team 3 – The Resolution

Lucky, smart…who cares? I still got the girl.

If only I wasn’t so incompetent…

I get a free prison tattoo.

I could steal secrets faster. 22

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Reducing Headlines: Overview • Breaches are inevitable – make sure there is a plan! • Reduce headlines by reducing impact

• Reduce duration and impact with a few key controls – Limit Outbound Internet – No user “administrators” – Implement File Monitoring

23

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Reducing Headlines: Limit Outbound Internet Traffic • No Internet without a proxy! • Turn off “Uncategorized Sites” (whitelist approach)

• Servers = very limited outbound access Limit the attacker’s options for command and control of their malware.

24

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Reducing Headlines: No user “administrators” • End users = guaranteed win • Heavily restrict end user machine admin rights

• Users should not install software

Many favorite attacker programs require local admin rights to run.

25

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Reducing Headlines: Implement File Monitoring • Don’t rely on anti-virus alone • Often malware places files in Windows system folders

• Follow up on alerts

Many attackers download files during their attack that should raise suspicion.

26

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Closing Thought: Get Involved Internal Audit has a role to play with breach prevention, response, and remediation – it’s time to bridge the gap.

27

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Q&A

28

© 2012 Protiviti Inc. An Equal Opportunity Employer.

Contact Information:

Jeffrey Sanchez Managing Director

Phone: (213) 327-1433

Security & Privacy Services

[email protected]

Adam Brand Senior Manager

Phone: (213) 260-4660

Security & Privacy Services

[email protected]

Powerful Insights. Proven Delivery.™

29

© 2012 Protiviti Inc. An Equal Opportunity Employer.