Cyber Security KTN

About This Presentation

Title:

Description:

Number of Views:29

Avg rating:3.0/5.0

Slides: 13

Provided by: aeat49

Category:

Tags: ktn | cyber | security

Transcript and Presenter's Notes

Title: Cyber Security KTN

1
Cyber Security KTN Metrics SIG Kick-off
Meeting Presentation by Jeremy Ward
2
Todays Internet Threat Landscape

Cybercrimes online fraud and the theft of
confidential information have some publicity.
But surveys (eg DTI breaches survey) show that
the impression is that Internet threats are less
significant as a result of decline in
well-publicised threats.
Quieter, stealthier threats now the norm, through
bots using customizable or modular malicious
code.
Web applications and web browsers increasingly
the focal point of attacks.
In countries with a longer history of on-line
trading (eg USA), there is evidence of
plateauing, or decline because trust is lost.

3
What does the Internet look like?

Cybercrime is likely to increase
as the rewards get more attractive, it is
logical that attackers will improve their
methods.
We believe that traditional perimeter defenses
are not enough
with the rise in client side attacks and web
application attacks, it seems likely that
attackers are able to find new ways into the
network.
We think that the volume and severity of attacks
continues to rise
because there is a short patch window,
increasing numbers of malicious code variants and
stealthy, silent attacks.
HOWEVER, WE DONT KNOW FOR SURE

4
We have some evidence

Japanese Power Plant Compromised
Database accessed with a hidden file sharing
program. Peer-to-Peer software allowed inside the
network.
European Bank Customers Compromised by Phishing
Customers of large banks in the UK, Spain and
Germany have been infected with the sophisticated
Metafisher Trojan horse.
Text Files Compromised
The Briz.A Trojan horse enabled a hacker to
obtain 62MB of text files (62,000 printed pages).
The hacker organised them into folders by
victims nationality and sold them to the highest
bidder.
These are good stories but theyre only
anecdotal!

5
What do we know objectivelyabout malicious code?

Modular malicious code accounts for 88 of the
top 50 malicious code in a 6 month reporting
period

6
What do we know objectivelyabout threats to
confidentiality?

Threats to confidential information continue to
increase with 80 of the Top 50 reported
malicious code having the potential to expose
confidential information.

7
What do we know objectively about
vulnerabilities?

In the last 6 months of 2005, 69 of all
vulnerabilities reported to Symantec were web
application vulnerabilities.

8
The Challenges

Malicious code is a threat, but doesnt
necessarily pose a risk
Vulnerabilities dont pose a risk unless there
are available exploits and they are unpatched
Current measurements look at malicious code and
vulnerabilities, but dont objectively assess the
risk they pose to ordinary Internet-connected
systems
No clear, objective, statistically valid way of
measuring the effectiveness of technological
countermeasures in ordinary Internet-connected
systems.

9
Proposal

SIG should consider the design of a series of
testbeds to benchmark the reality of Internet
threats and the effectiveness of technological
countermeasures.
These should be representative of client systems
actually connected to the Internet.
Their build should be proportionate to market
representation in terms of OS, applications and
Web browsers.
They should be protected by a representative
selection of Firewalls and AV systems.
Each testbed should be monitored by IDS.
All updated signatures and patches should be
applied.