of
#CyberSecurity
in 2015
MarcosOrtiz(@marcosluis2186)
AGENDA
SCOPE
Cloud
Network
Mobile Security Security
Internet of
Things
GENERAL
FACTS
Theworldwide
CyberSecuritymarketisdefinedby
market
sizingestimates
thatrangefrom
$71billionin
2014to$155+billionby2019.
CyberSecurityMarketReportQ22015[1]
Nextgenerationcybersecurity
spendingcould
reach$15billion
to$20billion
inthenext3years.
CyberSecurityMarketReportQ22015[1]
Globalspendingonmobile
andnetworksecurity
estimatedat$11billionannually,
andgrowing.
CyberSecurityMarketReportQ22015[1]
Cybercrimewill
costBusinesses
over$2Trillionby
2019
JuniperResearch'sTheFutureofCybercrime&Security:Financialand
CorporateThreats&Mitigation[2]
Crimeinvolvingcomputersandnetworks
hascosttheworldeconomy
morethan$445billionannually,
accordingtoa2014reportbythe
CenterforStrategicand
InternationalStudies.
CyberSecurityMarketReportQ22015[1]
Demandfor(U.S.)
informationsecurityprofessionals
isexpectedtogrow
by53%through
2018.
CyberSecurityMarketReportQ22015[1]
APACspending
oncriticalinfrastructuresecurity
issettohit$22billion(USD)
by2020
CyberSecurityMarketReportQ22015[1]
ABIResearchcalculatesCyberSecurity
spendingforhealthcareprotection
willonlyreach$10billion
globallyby2020,justunder
10%oftotalspendon
criticalinfrastructuresecurity.
CyberSecurityMarketReportQ22015[1]
AccordingtoCBInsights,
inthelast5years,
$7.3billionhasbeeninvestedinto
1,208privateCyberSecuritystartups.
CBInsights[3]
Insummary,basedonmyyearsofexperienceinthefieldof
TelecommunicationsandCyberSecurity,
Iseethisnextgenerationofbigdatastreaminganalytics
asperhapstheonlysolutionthatcould
protectagainstfuturecyberattacksinenterprise,
criticalinfrastructure,telecommunications
andevengovernmentcomputersandserversand
massiveapplications,evendownto
SCADA(SupervisoryControlandDataAcquisition)
systemsincludingsmartcitiesandtheworld
ofIoTwith50Bdevicesconnectedtotheinternet.
Dr.HosseinEslambolchi[4]
MOBILE
devicesare
infected
With
Mobilesurveillanceand
MobileRemoteAccessTrojans
(mRATs)
1 in 1000
CheckPointSoftwareTechnologiesThreatResearch:TargetedAttacks
OnEnterpriseMobile[5]
42%
ofbusinessessuffered
Mobile
Securityincidents
costing
more
than$250,000
toremediate
CheckPointSoftwareTechnologies'sSecurityReport2015[6]
4,900
newAndroid
Malware
Samples
everyday
GData'sMobileMalwareReportQ12015[7]
0,03%
OutofTenofMillionsof
devices,thenumberof
onesinfectedwith
trulymaliciousexploits
wasnegligible
Verizon's2015DataBreachInvestigationsReport[8]
5B
IstheQuantityofdownloaded
Android
appswhicharevulnerable
toremoteattackslike
JBOH
(JavaScriptBindingOverHTTP)
FireEye'sMobileThreatAssessmentReport[9]
48 %
ofAndroidappshave
atleastone
highrisksecurityrating
FireEye'sMobileThreatAssessmentReport[9]
44%
Oforganizationsdonot
manage
corporatedataon
Employeeowned
devices
CheckPointSoftwareTechnologies'sSecurityReport2015[6]
33%
Ofappdevelopers
donottesttheirapps
forSecurity
CheckPointSoftwareTechnologiesSecurityReport2015[6]
5B
IstheQuantityofdownloaded
Android
appswhicharevulnerable
toremoteattackslike
JBOH
(JavaScriptBindingOverHTTP)
FireEye'sMobileThreatAssessmentReport[9]
83%
A2011viaForensics
study
found
ofpopularapps
sampled
storeddatainsecurely
NowSecure'sSecureMobileDevelopment[10]
Top 10
MostPopular
Apps
that'sdon'tencrypt
data
SkyhighNetworks'sHowtoThwartHackersandtheNSAwithEncryption[11]
95%
ofAndroiddevices
couldbeaffected
by
dangerousStagefright
bug
Zimperium[12]
CLOUD
SECURITY
923
Averagenumberof
Cloudservices
inuseby
company
SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
8%
Wefoundofcompanies
presentahighcyber
Securityrisk
totheirpartners
SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
29%
Butofdatashared
withpartners
isuploaded
tohighriskpartners
SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
10%
Whileof91%providers
encryptdataintransit
betweenthecloudservice
andenduser,just
encryptdatastoredatrest
inthecloud
SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
In2013,
ThemarketforCloudSecurity
solutionswasUSD
andisestimatedto
growatahealthy
rateof16%till2018
3.47 B
ResearchFox'sCloudSecurityMarketOutlook(20142018)[14]
90%ofcompanies
havesecurityconcernsabout
CloudComputingand
36%ofcompanies
believeCloudappsarelesssecure
thanonpremiseapps
Bitglass'sTheDefinitiveGuidetoCloudAccessSecurityBrokers[15]
Ofrespondents,
saynoneofthesecuritythreat
defensesusedare
administered
throughcloudbased
services
13%
Cisco'sAnnualSecurityReport2015[16]
NETWORK
SECURITY
83%
Oforganizations
studiedwereinfected
Withbots.
andabotcommunicates
withaC&Ceveryminute
CheckPointTechnologies'sSecurityReport2015[6]
48
DdoSattacksocurred
everydayin2014
CheckPointTechnologies'sSecurityReport2015[6]
70%
ofcriticalinfrastructure
companies
sufferedasecuritybreach
overthelastyear
SecurityWeek[17]
OpenSourcevulnerabilities
likeHeartbleed,PoodleandShellshock
affectednearlyeveryIToperation
intheworld
CheckPointTechnologies'sSecurityReport2015[6]
FinancialTrojanscontinuetobesome
ofthemostlucrativetools
forcybercrimegangs.
Symantec'sDyre:Emergingthreatonfinancialfraudlandscape[18]
Estimatedfinanciallost
from700Mcompromised
recordsshows
therealimportance
ofmanagingdatabreachrisks
400M
Verizon's2015DataInvestigationsReport[8]
OfWebAppsattacks
involveharvesting
credentialsstolenfrom
customerdevices,then
loggingtowebappswiththem
95%
Verizon's2015DataInvestigationsReport[8]
Akamai'sQ12015StateoftheInternetReport[19]
Akamai'sQ12015StateoftheInternetReport[19]
ManyDdoSrelyonimproperly
securedservices,suchasNTP,DNS
andSSDP,whichmakeitpossible
forattackerstospoofsourceIPaddress
Verizon's2015DataInvestigationsReport[8]
NTPtoppedthelistwith
maxattackbandwidthhitting
325Gbps,withSSDP
jumpingontheDoSboatfora
134Gbpscruise
Verizon's2015DataInvestigationsReport[8]
TheadoptionofIPv6hasintroduced
newattackvectors
forcompanies,becausemanythreats
previouslyconsideredmitigatedinIPv4
wereabletobypassfirewallsandother
SecuritymeasuresonIPv6
Akamai'sQ12015StateoftheInternetReport[19]
Thetwomostobservedwebapplication
attackvectorswere
LocalFileInclusion(LFI),at66%,
andSQLInjection(SQLi),
at29%.
Akamai'sQ12015StateoftheInternetReport[19]
INTERNET
OF
THINGS
IoTisakeyenablingtechnology
fordigitalbusinesses.
Approximately3.9billionconnected
thingswereinusein2014and
thisfigure
isexpectedtoriseto25billionby2020.
Andwhiledeploymentisgrowing,
therearefactorsslowingdowntherateofadoption.
Gartner'sMarketResearch[20]
IoTdevicesareactivelypenetrating
someoftheworld'smostregulated
industriesincludinghealthcare,
energyinfrastructure,government,
Financialservicesandretail
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
SomeinfrastructurehostingIoTdata
aresusceptibletohighlypublicized
andpatchablevulnerabilitiessuchas
FREAKandHeartbleed
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
WhilemostIoTinfrastructure
isrunningontopof
modernserviceproviderslike
Amazon,SoftLayer,
Verizonandothers,OpenDNSSecurityLabs
discoveredthatsome
providersarealsohostingmalicious
domains.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
SamsungSmartTVsuseuntrusted
certificatesfor
Itsinfolink.pavv.co.kr
domain
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Healthcare,Retail,
HighEducationandOil&Gas
arethe
TopIndustryVerticalsusing
Dropcamdevices
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Lookingatourdata,
thetopfiveautonomoussystems
hostingIoTinfrastructuresitesare
AS36351(Softlayer
Technologies,Inc.),
AS16509(Amazon.com,Inc.),
AS702(VerizonBusiness/UUnetEurope),
AS14618(Amazon.
com,Inc.),
andAS54113(Fastly).
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Anotherfindingwasthat
184uniqueFQDNs
werefoundtobesusceptible
toCVE20150204
morecommonly
referredtoasthetheFREAKattack.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Adeepanalysisofthe
widgets.iobridge.comFQDNusing
QualysSSLLabs'onlinescanner
providedapoorresultofGradeF
forSSLciphers.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Asimplescanwithnmapofthe
widgets.iobridge.comFQDNshowed
theresultof
manyservicesthatcouldbepotentially
exploitedtogainaccesstothe
Widgetserver
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Ourdatashowsthatnotallwd2go.com
domainsarevulnerable,
However.
ofthe70uniqueMyCloudstorage
endpoints,
only30werefoundto
bevulnerabletoCVE20150204.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
Areastowatch:
WIFIJamming
Passwordstrengh,Reuseand
AttackResistance
Unencryptedandunauthenticatedcomms
MisconfigurationofEncryption
Synack'sHomeAutomationBenchmarkingReport[22]
Areastowatch:
WIFIJamming
Passwordstrengh,Reuseand
AttackResistance
Unencryptedandunauthenticatedcomms
MisconfigurationofEncryption
Synack'sHomeAutomationBenchmarkingReport[22]
InourresearchatIOActiveLabs,weconstantlyfind
veryvulnerabletechnologybeingused
acrossdifferentindustries.Thissametechnologyalso
isusedforcriticalinfrastructurewithout
anysecuritytesting.Althoughcitiesusually
rigorouslytestdevicesandsystemsforfunctionality,
resistancetoweatherconditions,andsoon,
thereisoftenlittleornocybersecuritytestingatall,
whichisconcerningtosaytheleast.
Cerrudo'sAnEmergingUS(andWorld)Threat:CitiesWideOpentoCyberAttacks[23]
DATA
EXTRACTED
FROM
LINKS
[1]CyberSecurityMarketReportQ22015
[2]JuniperResearch'sTheFutureofCybercrime&Security
[3]CBInsights
[4]Anomalytics&CyberSecurityinthe21stCentury
[5]CheckPointThreatResearchsTargetedAttacksOnEnterpriseMobile
[6]CheckPointSoftwareTechnologies'sSecurityReport2015
[7]GData'sMobileMalwareReportQ12015
[8]Verizon's2015DataBreachInvestigationsReport
[9]FireEye'sMobileThreatAssessmentReport
[10]NowSecure'sSecureMobileDevelopment
[11]SkyhighNetworks'sHowtoThwartHackersandtheNSAwithEncryption
[12]Zimperium
[13]SkyhighNetworks'sCloudAdoption&RiskReportQ12015
[14]ResearchFox'sCloudSecurityMarketOutlook(20142018)
[15]Bitglass'sTheDefinitiveGuidetoCloudAccessSecurityBrokers
[16]Cisco'sAnnualSecurityReport2015
[17]SecurityWeek
[18]Symantec'sDyre:Emergingthreatonfinancialfraudlandscape
[19]Akamai'sQ12015StateoftheInternetReport
[20]Gartner'sMarketResearch
[21]OpenDNS'sThe2015InternetofThingsintheEnterpriseReport
[22]Synack'sHomeAutomationBenchmarkingReport
[23]AnEmergingUS(andWorld)Threat:CitiesWideOpentoCyberAttacks