Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

 

 
     

Behind  the  Mask:    
The  Changing  Face  of  Hacking  
June  2015  

Behind  the  Mask:    The  Changing  Face  of  Hacking                                                
 
 
 
 
2  
 
 
 
Think  your  users  and  data  are  safe?  Think  again
...
 
 
The  opportunity  for  gain  is  so  compelling  that  hackers  have  evolved  from  the  stereotype  of  bored  students  to  
today's  reality  of  highly  organized  criminal  enterprises  that  seek  not  just  notoriety  but  profit
...
 Current  advantage,  attackers
...
 
 

Introduction  

 
When  it  comes  to  modern  security  efforts,  the  stakes  are  higher  than  ever
...
 Meanwhile,  the  weakest  
link  remains  users  themselves
...
 Once  they  get  even  a  tiny  foothold  into  an  
organization  –  compromising  one  account  or  one  system  –  they  then  use  that  as  a  starting  point  for  more  
encompassing  and  destructive  forays
...
 To  defend  against  
these  multi-­‐faceted,  multi-­‐pronged  attacks,  organizations  require  an  aggressive  strategy  that  includes  high-­‐
level  support  from  management,  an  appropriate  budget,  multiple  forms  of  protection,  and  continued  user  
education
...
 It's  a  business  issue  that  is  getting  attention  at  the  highest  levels  in  
many  organizations
...
 Corporate  boards  are  on  high  alert  and  cybersecurity  is  the  foremost  issue  currently  on  directors'  
minds  now  because  it's  tied  into  the  risk  structure  of  the  organization
...
gstatic
...
   
 
In  2014,  42
...
 The  average  size  of  the  financial  hits  attributed  to  those  incidents  was  $2
...
   
 
Individuals  are  also  being  targeted
...
 Overall,  online  scams  reported  to  the  government  cost  Americans  $800  million  last  year  alone,  according  
to  IC3
...
 But  with  the  blurring  
of  work  and  personal  use  of  company  computers  and  the  broad  adoption  of  bring-­‐your-­‐own-­‐device  (BYOD)  
policies  in  most  companies,  such  attacks  can  do  double  duty  and  provide  access  to  corporate  resources  as  well
...
 These  factors  include:  
 
Well-­‐Known  Attacks  Are  Still  Commonplace:  Attackers  continue  to  leverage  well-­‐known  techniques  to  
successfully  compromise  systems  and  networks
...
iii    
 
In  fact,  the  HP  report  found  that  exploitations  of  widely  deployed  client-­‐side  and  server-­‐side  applications  are  
still  commonplace
...
   
 
The  Rise  of  "Do-­‐It-­‐Yourself"  IT:  For  years,  employees  and  departments  have  used  non-­‐sanctioned  applications  
and  services  to  get  their  work  done
...
   
 
Today,  cloud  services  and  mobile  applications  are  the  norm
...
 And  users  frequently  download  
applications  to  mobile  devices  that  are  used  for  both  their  private  and  professional  lives
...
gstatic
...
 Protected  information  can  be  leaked
...
   
 
Users  seem  to  know  that  there  are  potential  problems  working  this  way,  yet  many  continue  to  do  so
...
iv  
 
Phishing  Attacks  Remain  Effective:  Multiple  studies  have  found  varying  degrees  of  success  (all  of  which  are  
frightening)  for  phishing  aimed  at  corporate  users
...
v  As  a  result,  users  receive  many  
malicious  emails  that  they  do  not  recognize  as  threatening
...
vi  In  many  cases,  
it  took  less  than  two  minutes  for  freshly  sent  phishing  emails  to  catch  their  first  victim
...
 
 
Another  study  found  that  attackers  typically  lure  two  or  three  users  into  clicking  on  malicious  content  
immediately
...
 
 
Multi-­‐stage  Attacks  Are  More  Common:  Several  of  the  large  breaches  over  the  last  year  have  been  the  result  
of  patient  hackers
...
   
 
With  some  compound  attacks,  hackers  infiltrate  a  third-­‐party  (a  supply  chain  partner,  insurance  processor,  or  
credit  card  clearing  service,  for  example)  and  then  bide  their  time  posing  as  an  authorized  user,  all  the  while  
collecting  information  that  can  either  be  used  in  a  more  targeted  attack  or  to  steal  information
...
vii    
 
Newer  Technologies  Introduce  New  Avenues  of  Attack:  This  past  year  saw  a  rise  in  already  prevalent  mobile-­‐
malware  levels,  according  to  the  2015  HP  Cyber  Risk  Report
...
   
 
Additionally,  as  a  variety  of  physical  devices  become  connected  through  the  Internet  of  Things  (IoT),  the  diverse  
nature  of  these  technologies  opens  up  new  attack  possibilities  and  exposes  organizations  to  new  
vulnerabilities
...
gstatic
...
 Hackers  and  cyberthieves  are  using  new  techniques  and  more  
sophisticated  attacks  to  compromise  systems  and  steal  data
...
 They  must  be  able  to  locate  intruders  as  quickly  as  possible
...
 And  they  must  be  "smart"  security  solutions  capable  of  
communication  and  correlation
...
 
 
HP  offers  enterprise  security  software  and  solutions  that  provide  a  proactive  approach  to  security
...
 Offerings  include:  
 
Security  Research:  To  understand  the  nature  of  today's  evolving  threats,  HP  offers  innovative  vulnerability  
research  delivered  as  actionable  security  intelligence
...
 Solutions  include  a  next-­‐generation  firewall,  intrusion  prevention  system,  network  security  
management,  advanced  threat  appliance,  and  threat  intelligence
...
 
 
Security  Information  and  Event  Management  (SIEM):  ArcSight  SIEM  is  a  comprehensive  SIEM  solution  that  
enables  cost-­‐effective  compliance  and  provides  advanced  security  analytics  to  identify  threats  and  manage  risk,  
so  companies  can  protect  their  business
...
   
 
Application  Security:  HP  Fortify  offers  application  security  testing  and  management  solutions,  available  on-­‐
premise  or  on-­‐demand
...
   
 
Mobile  Application  Security:  HP  Fortify  helps  secure  mobile  applications  before  deployment
...
 
The  solution  offers  flexible  application  security  testing  that  includes  both  static  code  analysis  and  regularly  
scheduled  dynamic  scans  that  do  not  interfere  with  today's  fast-­‐paced  software  development  cycles
...
 Atalla  solutions  provide  continuous  protection  through  classification,  data  encryption,  
and  key  management,  offering  flexibility,  reliability,  and  manageability
...
 
 

 

   
http://t2
...
com/images?q=tbn:ANd9GcQxQU-­‐LHKSGH1e3MoBDUBg3jp-­‐fcWOZaYnEVufnjkhICp3AVLT-­‐  

Behind  the  Mask:    The  Changing  Face  of  Hacking  

6  

Conclusion  
The  cybersecurity  challenge  will  continue  to  grow  as  threats  evolve  and  thieves  see  greater  value  in  the  
information  they  can  steal
...
   
For  more  information  on  how  HP  can  help  your  organization  implement  a  successful  security  program,  fix  the  
gaps  in  your  environment,  or  aid  you  in  recovery  from  a  breach,  click  here
...
networkworld
...
html  

ii

 http://www
...
com/life-­‐style/online-­‐fraudsters-­‐swindled-­‐800-­‐million-­‐year-­‐article-­‐1
...
hp
...
html  

iv

 http://www
...
com/small-­‐business/employees-­‐engaging-­‐in-­‐risky-­‐cyber-­‐security-­‐activities
...
cioinsight
...
html  

vi

 http://www
...
com/news/technology-­‐32285433  

vii

 http://www
...
com/story/79908
...
gstatic

---