Kathleen R. Kimball, MS, CISSP, CISM Senior Director, Security Operations & Services Information Technology Services security@psu.edusecurity@psu.edu;

  • View
    215

  • Download
    0

Embed Size (px)

Text of Kathleen R. Kimball, MS, CISSP, CISM Senior Director, Security Operations & Services Information...

  • Slide 1
  • Kathleen R. Kimball, MS, CISSP, CISM Senior Director, Security Operations & Services Information Technology Services security@psu.edusecurity@psu.edu; (814) 863-9533 March 1, 2011 SECURITY 2010 BREACHES AND MALWARE AND PHISH (OH, MY!)
  • Slide 2
  • AGENDA Security 2010 Globally Security 2010 at Penn State (both Negative and Positive) Summary Questions
  • Slide 3
  • WEB-BASED SECURITY THREATS Penn State is subject to global trends in (in)security
  • Slide 4
  • SOBERING NUMBERS From Websense Security Labs 2010 Threat Report: A 111.4% increase in the number of malicious Web sites from 2009 to 2010 79.9% of malicious Web sites were compromised legitimate sites 52% of data-stealing attacks were conducted over the Web 84.3% of all e-mail was spam Searching the Web for breaking/current news was more likely to cause a compromised computer than searching for objectionable content
  • Slide 5
  • SOPHOS ANALYSIS Sophos Security Threat Report 2011 Web remains the biggest vehicle for malware A high number are legitimate web sites serving malware or hosted malvertisements. Examples: Farm Town (game) Google sponsored links Celebrity Twitter feeds
  • Slide 6
  • SYMANTEC Internet Security Threat Report, Volume XV, April 2010 Of the top attacked vulnerabilities observed in 2009, 4 out of 5 were client side vulnerabilities that were frequently attacked by web-based attacks Most frequent vectors Internet Explorer and applications that process PDF files Crimeware kits developed for sale by the malware code writers. (Zeus kit for as little as $700) Inexperienced bad guys can buy a kit and produce a custom attack easily Over 90,000 unique variants of the Zeus toolkit observed
  • Slide 7
  • AND THE VERIZON BUSINESS RISK TEAM 2010 Data Breach Investigations Report (in Cooperation with the US Secret Service), July 2010 Organized criminal groups were responsible for 85 percent of all stolen data in 2009 Hacking and malware were responsible for over 95 percent of all data compromised 85 percent of attacks are not highly difficult
  • Slide 8
  • SECURITY 2010 AT PENN STATE The local Security landscape
  • Slide 9
  • PENN STATE 2010 EXPERIENCE >12,000,000 hostile probes daily, not even counting the latest web-based threats the older attacks are still there 2,525 fully compromised systems detected by the Universitys Intrusion Detection architecture Up 43% from 2009 854 of these were on University wired networks (not Residence Hall, wireless or modem-connected) Lowest Budget Unit total 0 compromises (8 units) Highest Budget Unit total 120 compromises 1025 compromised Access accounts detected a 57% increase from 2009
  • Slide 10
  • PENN STATE EXPERIENCE (CONTINUED) Copyright Infringement is a little bit different animal, but here are the figures: 26 different copyright holders or their representatives reported infringement by Penn State users in 2010 Growth in Complaints Handled: 2008 874 2009 1127 2010 1459
  • Slide 11
  • ON THE POSITIVE SIDE Intrusion Detection instance at the border tuned to look specifically for web-based attacks ~135,000 packets per second analyzed on average ~2.4 Gb per second on average ~20,000 40,000 alerts daily More than 139,000 overtly hostile sites dynamically blocked on an average day More than 50 local intrusion detection sensors within units throughout the University, operated on their behalf by Security Operations and Services Generic header intrusion detection and correlation pinpoints additional attacks 32 TB of header data is about 12 days ~39,000,000 lines of logs a day 34 compute queues in cluster
  • Slide 12
  • WHAT CAN USERS DO? Remove sensitive information from computers PII SSNs, Credit Card Numbers, Bank account numbers Mortgage statements Tax documents Personal health records
  • Slide 13
  • OTHER: WHAT CAN USERS DO? Run in least privilege mode 81% of Critical Microsoft vulnerabilities are mitigated by operating without administrator rights. Of the total published Microsoft vulnerabilities, 64% are mitigated by removing administrator rights. BeyondTrust 2010 MS Vulnerability Report
  • Slide 14
  • THE BOTTOM LINE Its no longer a question of if your computer is compromised its a matter of WHEN your computer is compromised. Will cause a re-thinking of how we protect data and systems. Meanwhile the standard guidance still applies: Browsing can be dangerous Scan and remove PII Practice least privilege Patch and update Operating System and applications as required when new patches or updates are released Use current anti-virus (though only about 30% effective) Utilize unit policies
  • Slide 15
  • Unfortunate Case Study A users PII scan results show just under 14,000 hits of PII. The user is busy and closes the scanning console anticipating remediation at a later date. SIX times, the same thing continues to occur; the user is busy and closes the console. Two months later the computer is compromised. Data mining unveils over 6,000+ unique PII instances.
  • Slide 16
  • Negative Media Attention From an alumnus: I received a great education at Penn State, but my life could be potentially ruined because of this. Im very disappointed in Penn State. From the mother of a former student: How could a school thats supposed to be as great as Penn State is let this happen? From a one-time student: So now my Social Security number has been severely compromised by Penn States lack of attention to security, and I have to pay the consequences.
  • Slide 17
  • FINANCIAL BURDENAPPROXIMATE COSTS Forensic Investigation/Data Mining$3500+ Address Search$500 batch + $.35/record Notification Services (mailing)$1500+ Research FundingPRICELESS ReputationPRICELESS
  • Slide 18
  • SUMMARY Penn State is not immune to the somewhat sorry state of computer and network security globally If you browse, you will at some point be compromised. (Expansion of the web-based threat) Attacks are expanding quickly in both number and sophistication. Organized crime is a major factor. While it may not be enough, users need to do all they can to protect assets and to be aware of the current environment
  • Slide 19
  • QUESTIONS?? Go forth and compute wisely.