Embed Size (px)
DESCRIPTION
Social media is now the top delivery vehicle for malware. And social media attacks are no longer limited to those who simply post too much private informatio to their profiles. They utilize advanced techniques. What are those techniques and what can you do to avoid them? Security and forensics analyst Paul Henry of Lumension explains
Citation preview
Social Media as the Top Malware Delivery Vehicle:
How to Protect Your Network
Presented by Paul Henry
Security and Forensic Analyst, Lumension
MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFA, VCP, SANS Institute Instructor
Should I allow network users to access social media?
• Impact on productivity
• Lack of control
• Compromise of security
The New World of Social Media Malware
• Attacks are no longer limited to those who post a wealth of private information online
• Hackers now leverage advanced techniques– Click jacking– Spear phishing– Password sniffing
Click jacking
• Click jacking attacks are regularly going viral on Facebook
• Be careful with that ever popular “like” button
Spear phishing
• Phishing now makes up 23 percent of all attacks in the realm of social media
Password Sniffing
• People often share passwords across multiple accounts– It may be a complex password but if shared
across multiple accounts it increases risk
• Just as importantly, what about your secret questions used to reset your password?
Surfing Unencrypted• Users think nothing of surfing social media
sites via open, unencrypted WiFi – You are exposing your account username and
password often• Are you using that password across multiple
accounts?
• A bad guy can harvest your secret questions once he/she is able access your social media accounts….
– Why guess the password when he/she can reset it to the password of his/her choosing?
So What Can You Do?
• Educate users
• Put policies in place
• Patch, patch, patch
• Leverage an endpoint security solution
User Education
• Ensure site visits are encrypted
• Pay attention to what is displayed in the browser bar
• Don’t share personal information, such as birth date or address
• Don’t trust people you don’t know
• Password credentials
User Policy
• Lay out usage policies, such as:– No downloading content from social media
sites– Use your personal email (rather than work
email) for access
• Even better, put tools in place to enforce these policies
Deploy Patches
• The top security priority is patching client-side software (SANS Institute)
• Don’t focus on Microsoft alone – more than 2/3 of today’s vulnerabilities come
from non-Microsoft applications– check Microsoft, Mozilla and Apple regularly
for browser patches
• Look at ALL vulnerabilities (not just critical)
Effective Software
• Multiple Consoles – 3-6 different management consoles on
average
• Agent Bloat – 3-10 agents installed per endpoint – Decreased network performance
• AV is no longer enough
• Move away from point products
What You Need
• At the very least, you should be leveraging software that employs:– Application control or whitelisting– Antivirus– Patch and remediation– Enforcement of the Rule of Least Privlidge
Questions?
