SlideShare a Scribd company logo

Website Security Threats - January 2014 Update

Download as PPTX, PDF
Symantec Website Security
Symantec Website Security

WEBSITE SECURITY THREATS: JANUARY 2014 UPDATE

Technology
1 of 13
Andrew Horbury Product Marketing Manager andy_horbury@symantec.com Andrew Shepherd EMEA Marketing Manager andrew_shepherd@symantec.com WEBSITE SECURITY THREATS: JANUARY 2014 UPDATE Thursday 9th January 2014
Agenda Website Security Threats: January 2014 Update 1 2 3 4 5 6 Month in Numbers Creepware Emerging and new types of malware Gartner – why Interest in IT Risk is growing Everyone is a target Stranger than fiction 7 Good news
The month in Numbers • US$50,000 – Cybercrime boss Paunch earned US$50,000 a month • 40 million – Target targeted: Cybercriminals may have spent the Christmas shopping season feasting on the proceeds of 40m stolen payment cards • 00000000 – For nearly 20 years, the launch code for US nuclear missiles was 00000000 • 61% – Bots account for 61% of all website traffic up 21% yoy • 93% and 87% – 93 percent of large organisations suffered a security breach last year, while 87 percent of small businesses also experienced Website Security Threats: January 2014 Update
The month in Numbers • 18BN GBP – Mobile influenced £18bn of retail sales in 2013 • 54 million – Turkish press reports that records of 54 million Turkish citizens have been stolen by attackers • The 2 million Pony – 1,580,000 website login credentials stolen – 320,000 email account credentials stolen – 41,000 FTP account credentials stolen – 3,000 Remote Desktop credentials stolen – 3,000 Secure Shell account credentials stolen Website Security Threats: January 2014 Update
Creepware • Remote Access Trojans (RATs) – Differs from tools due to malicious intent – Allows someone to control a computer from a remote location • How? – Drive-by downloads – Malicious links – Exploit kits – Peer-to-peer file sharing/torrents • Why? – Voyeurism, information/file stealing, blackmail/sextortion, trolling, using computer for DDoS attacks Website Security Threats: January 2014 Update
New and emerging types of Malware • Malicious Firefox add in – The ‘Advanced Power’ botnet, active since May 2013 has infected more than 12,500 computers. – The bot uses compromised Windows systems to scan for vulnerable websites to conduct SQL injection attacks • Malware posing as Microsoft IIS to steal user data – New malware found that disguises itself as a module for Microsoft’s IIS Web server in order to evade detection. – The malware has been observed targeting credit card data on ecommerce websites. – While the malware is not widespread yet, it could also be used to steal login details or any other sensitive data that’s sent to a compromised IIS instance. Website Security Threats: January 2014 Update
Gartner – why Interest in IT Risk is growing 1. Lack of understanding 2. Increasing pressure to disclose technology risk 3. Lack of visibility into key business relationships with third-parties 4. Growing interconnection between technology and business risks Website Security Threats: January 2014 Update
Everyone is a target…… • Snapchat hack impacts 4.6 million users – Hackers have published the usernames and phone numbers of more than 4.6 million Snapchat users in order to “raise public awareness on how reckless many internet companies are with user information”. • 9 out of 10 large firms suffered a breach, says survey – ​Around 93 percent of large companies and 87 percent of small businesses suffered a security breach in 2013 Website Security Threats: January 2014 Update
Stranger than fiction Website Security Threats: January 2014 Update G20 Leaders are not immune to the charms of Carla Bruni Harvard student uses Tor to send bomb threat to skip exam - FBI unamused US agency destroys $170k of equipment to get rid of virus - Only 6 machines infected
Good News • Global ATM heist – eight arrested (two of the suspects posted this image) • Not so secret launch codes – Guide tours of silos – Soldiers given checklist containing the launch code • Glitter nail varnish could protect your laptop…. • Have you been breached? Theres an app for that! Website Security Threats: January 2014 Update
Link Glossary (Press Print screen now) • Paunch – http://www.group-ib.com/index.php/7-novosti/790-group-ib-assists-to-suppress- the-activities-of-a-blackhole-exploit-kit-author-paunch-is-arrestedq%22 • Target – http://www.reuters.com/article/2013/12/19/us-target-breach- idUSBRE9BH1GX20131219 • Nuclear Code – http://www.huffingtonpost.com/2013/12/05/nuclear-missile-code-00000000- cold-war_n_4386784.html • Bots account for 61% of web traffic – http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 • 9 out of 10 large firms suffered a breach – http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 • Mobile influenced £18bn of retail sales in 2013 – http://econsultancy.com/blog/10717-mobile-will-influence-15bn-of-in-store- sales-in-2012 • Turkish Hack • http://www.hurriyetdailynews.com/russian-hackers-stole-54-million-turkish- citizens-id-data-claim.aspx?pageID=238&nID=59644&NewsCatID=338 Website Security Threats: January 2014 Update
Link Glossary 2 • Creepware – Symantec Blog – https://www-secure.symantec.com/connect/blogs/creepware-who-s- watching-you • Gartner 4 Reasons Behind the Growing Interest in IT Risk – http://blogs.gartner.com/john-wheeler/4-reasons-driving-growing-interest- in-it-risks/ • 2013 Information Security Breaches Survey – http://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf • Nail Varnish – http://www.wired.co.uk/news/archive/2014-01/02/data-security-nail-polish • Have I been Pwned – https://haveibeenpwned.com/ Website Security Threats: January 2014 Update
Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 Website Security Threats: January 2014 Update Next webinar: Thursday 13th February 2014 9.30am UK / 10.30am CET

Recommended

Cyber Threat Trends in Taiwan
Cyber Threat Trends in TaiwanCyber Threat Trends in Taiwan
Cyber Threat Trends in Taiwan
APNIC
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.
Symantec Website Security
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
nexxtep
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
Tal Be'ery
 
Cybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected AgeCybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected Age
dlblumen
 

Recommended

Cyber Threat Trends in Taiwan
Cyber Threat Trends in TaiwanCyber Threat Trends in Taiwan
Cyber Threat Trends in Taiwan
APNIC
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.
Symantec Website Security
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cybe...
nexxtep
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
Tal Be'ery
 
Cybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected AgeCybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected Age
dlblumen
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
SurfWatch Labs
 
Cyber Security Trends for 2020 to Keep an Eye On
Cyber Security Trends for 2020 to Keep an Eye OnCyber Security Trends for 2020 to Keep an Eye On
Cyber Security Trends for 2020 to Keep an Eye On
Tyrone Systems
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
Priyanka Aash
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
RapidSSLOnline.com
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
Bangladesh Network Operators Group
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
Quick Heal Technologies Ltd.
 
Cyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleCyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji Bankole
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Report
worldwidebranding
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
Mastel Indonesia
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
Goutama Bachtiar
 
Cyber security (2) (2)
Cyber security (2) (2)Cyber security (2) (2)
Cyber security (2) (2)
ameyjakate
 
News Byte Session By Mukesh Pathak
News Byte Session By Mukesh PathakNews Byte Session By Mukesh Pathak
News Byte Session By Mukesh Pathak
Mukesh Pathak
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
Security Bootcamp for Startups and Small Businesses
Security Bootcamp for Startups and Small Businesses Security Bootcamp for Startups and Small Businesses
Security Bootcamp for Startups and Small Businesses
Alison Gianotto
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
Thomvest Ventures
 

More Related Content

What's hot

The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Report
worldwidebranding
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
Security Bootcamp for Startups and Small Businesses
Security Bootcamp for Startups and Small Businesses Security Bootcamp for Startups and Small Businesses
Security Bootcamp for Startups and Small Businesses
Alison Gianotto
 

What's hot (20)

How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Cyber Security Trends for 2020 to Keep an Eye On
Cyber Security Trends for 2020 to Keep an Eye OnCyber Security Trends for 2020 to Keep an Eye On
Cyber Security Trends for 2020 to Keep an Eye On
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
Cyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleCyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji Bankole
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Report
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
 
Cyber security (2) (2)
Cyber security (2) (2)Cyber security (2) (2)
Cyber security (2) (2)
 
News Byte Session By Mukesh Pathak
News Byte Session By Mukesh PathakNews Byte Session By Mukesh Pathak
News Byte Session By Mukesh Pathak
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Security Bootcamp for Startups and Small Businesses
Security Bootcamp for Startups and Small Businesses Security Bootcamp for Startups and Small Businesses
Security Bootcamp for Startups and Small Businesses
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 

Similar to Website Security Threats - January 2014 Update

Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
Adam Heller
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
Ulf Mattsson
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
Microsoft Asia
 

Similar to Website Security Threats - January 2014 Update (20)

Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Symantec Website Security Threats: February 2014 Update.
Symantec Website Security Threats: February 2014 Update.Symantec Website Security Threats: February 2014 Update.
Symantec Website Security Threats: February 2014 Update.
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
 
Business under cyberassault
Business under cyberassaultBusiness under cyberassault
Business under cyberassault
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threats
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Year of the AppSec Breach_Forrester
Year of the AppSec Breach_ForresterYear of the AppSec Breach_Forrester
Year of the AppSec Breach_Forrester
 

More from Symantec Website Security

Сертификаты подписания кода Symantec
Сертификаты подписания кода SymantecСертификаты подписания кода Symantec
Сертификаты подписания кода Symantec
Symantec Website Security
 
Symantec Code Signing (FR)
Symantec Code Signing (FR)Symantec Code Signing (FR)
Symantec Code Signing (FR)
Symantec Website Security
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Symantec Website Security
 
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarliGuida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Symantec Website Security
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Symantec Website Security
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Symantec Website Security
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Symantec Website Security
 
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Symantec Website Security
 

More from Symantec Website Security (20)

Symantec Code Sign (NAM)
Symantec Code Sign (NAM)Symantec Code Sign (NAM)
Symantec Code Sign (NAM)
 
Symantec Code Signing (SE)
Symantec Code Signing (SE)Symantec Code Signing (SE)
Symantec Code Signing (SE)
 
Сертификаты подписания кода Symantec
Сертификаты подписания кода SymantecСертификаты подписания кода Symantec
Сертификаты подписания кода Symantec
 
Symantec Code Signing (IT)
Symantec Code Signing (IT)Symantec Code Signing (IT)
Symantec Code Signing (IT)
 
Symantec Code Signing (FR)
Symantec Code Signing (FR)Symantec Code Signing (FR)
Symantec Code Signing (FR)
 
Code signing de Symantec (ES)
Code signing de Symantec (ES)Code signing de Symantec (ES)
Code signing de Symantec (ES)
 
Symantec Code Signing (DE)
Symantec Code Signing (DE)Symantec Code Signing (DE)
Symantec Code Signing (DE)
 
Symantec Code Signing (CH)
Symantec Code Signing (CH)Symantec Code Signing (CH)
Symantec Code Signing (CH)
 
Symantec Code Signing (UK)
Symantec Code Signing (UK)Symantec Code Signing (UK)
Symantec Code Signing (UK)
 
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
 
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarliGuida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
 
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
 
Symantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threatsSymantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threats
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
Cybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber SpiesCybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber Spies
 
Maine, turvallisuus, luotettavuus... verkkokaupan valuutta
Maine, turvallisuus, luotettavuus... verkkokaupan valuuttaMaine, turvallisuus, luotettavuus... verkkokaupan valuutta
Maine, turvallisuus, luotettavuus... verkkokaupan valuutta
 

Recently uploaded

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 

Recently uploaded (20)

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 

Website Security Threats - January 2014 Update

  • 1. Andrew Horbury Product Marketing Manager andy_horbury@symantec.com Andrew Shepherd EMEA Marketing Manager andrew_shepherd@symantec.com WEBSITE SECURITY THREATS: JANUARY 2014 UPDATE Thursday 9th January 2014
  • 2. Agenda Website Security Threats: January 2014 Update 1 2 3 4 5 6 Month in Numbers Creepware Emerging and new types of malware Gartner – why Interest in IT Risk is growing Everyone is a target Stranger than fiction 7 Good news
  • 3. The month in Numbers • US$50,000 – Cybercrime boss Paunch earned US$50,000 a month • 40 million – Target targeted: Cybercriminals may have spent the Christmas shopping season feasting on the proceeds of 40m stolen payment cards • 00000000 – For nearly 20 years, the launch code for US nuclear missiles was 00000000 • 61% – Bots account for 61% of all website traffic up 21% yoy • 93% and 87% – 93 percent of large organisations suffered a security breach last year, while 87 percent of small businesses also experienced Website Security Threats: January 2014 Update
  • 4. The month in Numbers • 18BN GBP – Mobile influenced £18bn of retail sales in 2013 • 54 million – Turkish press reports that records of 54 million Turkish citizens have been stolen by attackers • The 2 million Pony – 1,580,000 website login credentials stolen – 320,000 email account credentials stolen – 41,000 FTP account credentials stolen – 3,000 Remote Desktop credentials stolen – 3,000 Secure Shell account credentials stolen Website Security Threats: January 2014 Update
  • 5. Creepware • Remote Access Trojans (RATs) – Differs from tools due to malicious intent – Allows someone to control a computer from a remote location • How? – Drive-by downloads – Malicious links – Exploit kits – Peer-to-peer file sharing/torrents • Why? – Voyeurism, information/file stealing, blackmail/sextortion, trolling, using computer for DDoS attacks Website Security Threats: January 2014 Update
  • 6. New and emerging types of Malware • Malicious Firefox add in – The ‘Advanced Power’ botnet, active since May 2013 has infected more than 12,500 computers. – The bot uses compromised Windows systems to scan for vulnerable websites to conduct SQL injection attacks • Malware posing as Microsoft IIS to steal user data – New malware found that disguises itself as a module for Microsoft’s IIS Web server in order to evade detection. – The malware has been observed targeting credit card data on ecommerce websites. – While the malware is not widespread yet, it could also be used to steal login details or any other sensitive data that’s sent to a compromised IIS instance. Website Security Threats: January 2014 Update
  • 7. Gartner – why Interest in IT Risk is growing 1. Lack of understanding 2. Increasing pressure to disclose technology risk 3. Lack of visibility into key business relationships with third-parties 4. Growing interconnection between technology and business risks Website Security Threats: January 2014 Update
  • 8. Everyone is a target…… • Snapchat hack impacts 4.6 million users – Hackers have published the usernames and phone numbers of more than 4.6 million Snapchat users in order to “raise public awareness on how reckless many internet companies are with user information”. • 9 out of 10 large firms suffered a breach, says survey – ​Around 93 percent of large companies and 87 percent of small businesses suffered a security breach in 2013 Website Security Threats: January 2014 Update
  • 9. Stranger than fiction Website Security Threats: January 2014 Update G20 Leaders are not immune to the charms of Carla Bruni Harvard student uses Tor to send bomb threat to skip exam - FBI unamused US agency destroys $170k of equipment to get rid of virus - Only 6 machines infected
  • 10. Good News • Global ATM heist – eight arrested (two of the suspects posted this image) • Not so secret launch codes – Guide tours of silos – Soldiers given checklist containing the launch code • Glitter nail varnish could protect your laptop…. • Have you been breached? Theres an app for that! Website Security Threats: January 2014 Update
  • 11. Link Glossary (Press Print screen now) • Paunch – http://www.group-ib.com/index.php/7-novosti/790-group-ib-assists-to-suppress- the-activities-of-a-blackhole-exploit-kit-author-paunch-is-arrestedq%22 • Target – http://www.reuters.com/article/2013/12/19/us-target-breach- idUSBRE9BH1GX20131219 • Nuclear Code – http://www.huffingtonpost.com/2013/12/05/nuclear-missile-code-00000000- cold-war_n_4386784.html • Bots account for 61% of web traffic – http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 • 9 out of 10 large firms suffered a breach – http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013 • Mobile influenced £18bn of retail sales in 2013 – http://econsultancy.com/blog/10717-mobile-will-influence-15bn-of-in-store- sales-in-2012 • Turkish Hack • http://www.hurriyetdailynews.com/russian-hackers-stole-54-million-turkish- citizens-id-data-claim.aspx?pageID=238&nID=59644&NewsCatID=338 Website Security Threats: January 2014 Update
  • 12. Link Glossary 2 • Creepware – Symantec Blog – https://www-secure.symantec.com/connect/blogs/creepware-who-s- watching-you • Gartner 4 Reasons Behind the Growing Interest in IT Risk – http://blogs.gartner.com/john-wheeler/4-reasons-driving-growing-interest- in-it-risks/ • 2013 Information Security Breaches Survey – http://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf • Nail Varnish – http://www.wired.co.uk/news/archive/2014-01/02/data-security-nail-polish • Have I been Pwned – https://haveibeenpwned.com/ Website Security Threats: January 2014 Update
  • 13. Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 Website Security Threats: January 2014 Update Next webinar: Thursday 13th February 2014 9.30am UK / 10.30am CET