SlideShare a Scribd company logo

Symantec WSS March 2014 Monthly Website Threat update

Download as PPTX, PDF
Symantec Website Security
Symantec Website Security

Symantec Website Secuirty Solutions March 2014 Threat webinar. Join us each month at brighttalk.com

Technology
1 of 12
Andrew Horbury Product Marketing Manager andy_horbury@symantec.com Andrew Shepherd EMEA Marketing Manager andrew_shepherd@symantec.com WEBSITE SECURITY THREATS: MARCH 2014 UPDATE Thursday 13th March 2014 Website Security Threats: March 2014 Update
Agenda Website Security Threats: March 2014 Update 1 2 3 4 5 6 Month in Numbers Tech Support Scam A Bad Risk Vulnerable States Grayware/Greyware Stranger than Fiction 7 Good news
The month in numbers • 360 million stolen credentials found on black market • "Pony" botnet steals US$200k worth of virtual currencies • 60,000 security alerts were set off by Neiman Marcus attackers • 5 new malware families and 272 new variants targeting Android devices each month • The overall rate of encountering mobile malware in Russia is 63 percent • Over 300k user credentials leaked on Pastebin • With over 800 million records lost 2013 was a big big year for data breaches Website Security Threats: March 2014 Update
The month in numbers cont. • 400Gbps DoS attack hits the net, largest the world has seen...so far • Hackers steal 12 million customer records from South Korean telco • 1 in 30 have been hit by CryptoLocker and 40% pay the ransom • 4 out of 5 pressured to roll out IT projects despite security worries Website Security Threats: March 2014 Update
Tech Support Scam • Fake Netflix accounts “frozen” • New tactic featuring real-time response when you call • Stealing data, installing malware and charging for non-required health check and bogus AV • Not a new tactic but a ‘classic’ that has morphed into a new and effective one • http://vimeo.com/88296385 Website Security Threats: March 2014 Update
Energy companies refused insurance due to doubts over cybersecurity • Power companies are being refused insurance for cyber- attack cover • Underwriters at Lloyd's of London have seen a ‘huge increase’ in demand for cover from energy firms • Insurers have been hit hard by data breach clean up costs from the growth in cybercrime attacks. Website Security Threats: March 2014 Update
Vulnerable States • Parliament.uk website vulnerabilities highlighted – XSS vulnerability • 5000 NHS sites had over 2000 security bugs – Older WordPress version – Older web server OS – Vulnerable to XSS • Abandoned sites are a major issue • shkspr.mobi/blog/ Website Security Threats: March 2014 Update
Mobile Grayware/Greyware….. • Apps from unofficial marketplaces can be risky…. • Grayware is not new but is taking advantage of the growth of mobile smartphones and our hunger for apps. • Malware as a Service: A new RAT toolkit is available for Android • Malicious apps such a ‘fake’ Flappy Bird is a prime example and is being used to send premium SMS messages from unsuspecting users phones Website Security Threats: March 2014 Update
Stranger than fiction • Northern Ireland Department of Justice fined £185,000 for selling filing cabinet – ….what was in it? • Dehli police ignored more than 600 complaints passed onto them from anticorruption agency over 8 years – …why? Website Security Threats: March 2014 Update
Good News • US woman wins $500K in revenge-porn suit against ex- boyfriend • Six out of ten US firms boost security spending after Target breach • @N Twitter handle returned to rightful owner • Man found guilty of tampering with three women's computers so he could spy on them through their webcams. Website Security Threats: March 2014 Update
Link Glossary • Netflix Tech support scam – http://bit.ly/1erYBHb – The Future of Mobile Malware – http://bit.ly/1kinSs4 • 4 out of 5 pros pressured to roll out IT projects – http://bit.ly/1g901pJ • Security in the energy sector – http://bit.ly/PtcWhd • Parliament/NHS Vulnerabilities – shkspr.mobi/blog/ or http://bit.ly/1i63NEH • Norton Spot – http://bit.ly/1cT9x00 • Grayware/Greyware – http://bit.ly/1iAFUbF • Android RATS – http://bit.ly/1lWcu8i • @N Twitter handle stolen but now restored – http://bit.ly/1cxJtwz Website Security Threats: March 2014 Update
Thank you! Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 @andyhorbury Website Security Threats: March 2014 Update Next webinar: Thursday 17th April 2014 9.30am UK / 10.30am CET

Recommended

Purposeful collaboration
Purposeful collaborationPurposeful collaboration
Purposeful collaboration
Alan Lepofsky
 
Présentation IE (intelligence économique) 2013 mai 16 paris
Présentation IE (intelligence économique) 2013 mai 16 parisPrésentation IE (intelligence économique) 2013 mai 16 paris
Présentation IE (intelligence économique) 2013 mai 16 paris
Datonix.it
 
Nouveau plan de transport sncb 03072014 17h00
Nouveau plan de transport sncb 03072014 17h00Nouveau plan de transport sncb 03072014 17h00
Nouveau plan de transport sncb 03072014 17h00
LeSoir.be
 
L'Hepatant 56
L'Hepatant 56L'Hepatant 56
L'Hepatant 56
soshepatites
 
Fisiologia Humana - Obstrução Intestinal
Fisiologia Humana - Obstrução IntestinalFisiologia Humana - Obstrução Intestinal
Fisiologia Humana - Obstrução Intestinal
Valdeci Alves Barboza
 
Du Data Mining à la Data Science
Du Data Mining à la Data ScienceDu Data Mining à la Data Science
Du Data Mining à la Data Science
Soft Computing
 
Symantec Code Sign (NAM)
Symantec Code Sign (NAM)Symantec Code Sign (NAM)
Symantec Code Sign (NAM)
Symantec Website Security
 
Symantec Code Signing (SE)
Symantec Code Signing (SE)Symantec Code Signing (SE)
Symantec Code Signing (SE)
Symantec Website Security
 

Recommended

Purposeful collaboration
Purposeful collaborationPurposeful collaboration
Purposeful collaboration
Alan Lepofsky
 
Présentation IE (intelligence économique) 2013 mai 16 paris
Présentation IE (intelligence économique) 2013 mai 16 parisPrésentation IE (intelligence économique) 2013 mai 16 paris
Présentation IE (intelligence économique) 2013 mai 16 paris
Datonix.it
 
Nouveau plan de transport sncb 03072014 17h00
Nouveau plan de transport sncb 03072014 17h00Nouveau plan de transport sncb 03072014 17h00
Nouveau plan de transport sncb 03072014 17h00
LeSoir.be
 
L'Hepatant 56
L'Hepatant 56L'Hepatant 56
L'Hepatant 56
soshepatites
 
Fisiologia Humana - Obstrução Intestinal
Fisiologia Humana - Obstrução IntestinalFisiologia Humana - Obstrução Intestinal
Fisiologia Humana - Obstrução Intestinal
Valdeci Alves Barboza
 
Du Data Mining à la Data Science
Du Data Mining à la Data ScienceDu Data Mining à la Data Science
Du Data Mining à la Data Science
Soft Computing
 
Symantec Code Sign (NAM)
Symantec Code Sign (NAM)Symantec Code Sign (NAM)
Symantec Code Sign (NAM)
Symantec Website Security
 
Symantec Code Signing (SE)
Symantec Code Signing (SE)Symantec Code Signing (SE)
Symantec Code Signing (SE)
Symantec Website Security
 
Сертификаты подписания кода Symantec
Сертификаты подписания кода SymantecСертификаты подписания кода Symantec
Сертификаты подписания кода Symantec
Symantec Website Security
 
Symantec Code Signing (IT)
Symantec Code Signing (IT)Symantec Code Signing (IT)
Symantec Code Signing (IT)
Symantec Website Security
 
Symantec Code Signing (FR)
Symantec Code Signing (FR)Symantec Code Signing (FR)
Symantec Code Signing (FR)
Symantec Website Security
 
Code signing de Symantec (ES)
Code signing de Symantec (ES)Code signing de Symantec (ES)
Code signing de Symantec (ES)
Symantec Website Security
 
Symantec Code Signing (DE)
Symantec Code Signing (DE)Symantec Code Signing (DE)
Symantec Code Signing (DE)
Symantec Website Security
 
Symantec Code Signing (CH)
Symantec Code Signing (CH)Symantec Code Signing (CH)
Symantec Code Signing (CH)
Symantec Website Security
 
Symantec Code Signing (UK)
Symantec Code Signing (UK)Symantec Code Signing (UK)
Symantec Code Signing (UK)
Symantec Website Security
 
Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.
Symantec Website Security
 
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Symantec Website Security
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Symantec Website Security
 
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarliGuida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Symantec Website Security
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Symantec Website Security
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Symantec Website Security
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Symantec Website Security
 
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Symantec Website Security
 
Symantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threatsSymantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threats
Symantec Website Security
 
Symantec Website Security Threats: February 2014 Update.
Symantec Website Security Threats: February 2014 Update.Symantec Website Security Threats: February 2014 Update.
Symantec Website Security Threats: February 2014 Update.
Symantec Website Security
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
Symantec Website Security
 
Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update
Symantec Website Security
 
Cybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber SpiesCybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber Spies
Symantec Website Security
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2
 

More Related Content

More from Symantec Website Security

Сертификаты подписания кода Symantec
Сертификаты подписания кода SymantecСертификаты подписания кода Symantec
Сертификаты подписания кода Symantec
Symantec Website Security
 
Symantec Code Signing (FR)
Symantec Code Signing (FR)Symantec Code Signing (FR)
Symantec Code Signing (FR)
Symantec Website Security
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Symantec Website Security
 
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarliGuida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Symantec Website Security
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Symantec Website Security
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Symantec Website Security
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Symantec Website Security
 
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Symantec Website Security
 

More from Symantec Website Security (20)

Сертификаты подписания кода Symantec
Сертификаты подписания кода SymantecСертификаты подписания кода Symantec
Сертификаты подписания кода Symantec
 
Symantec Code Signing (IT)
Symantec Code Signing (IT)Symantec Code Signing (IT)
Symantec Code Signing (IT)
 
Symantec Code Signing (FR)
Symantec Code Signing (FR)Symantec Code Signing (FR)
Symantec Code Signing (FR)
 
Code signing de Symantec (ES)
Code signing de Symantec (ES)Code signing de Symantec (ES)
Code signing de Symantec (ES)
 
Symantec Code Signing (DE)
Symantec Code Signing (DE)Symantec Code Signing (DE)
Symantec Code Signing (DE)
 
Symantec Code Signing (CH)
Symantec Code Signing (CH)Symantec Code Signing (CH)
Symantec Code Signing (CH)
 
Symantec Code Signing (UK)
Symantec Code Signing (UK)Symantec Code Signing (UK)
Symantec Code Signing (UK)
 
Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.Symantec Website Security Threats: March 2014 update.
Symantec Website Security Threats: March 2014 update.
 
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
Um guia de e-commerce para a aquisição e manutenção de novos clientes da Syma...
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
 
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarliGuida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
Guida per l'e-commerce Symantec - Come acquisire nuovi clienti e conservarli
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
 
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clientsGuía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
Guía de comercio electrónico de Symantec: Cómo atraer y retener a nuevos clients
 
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
Guide Symantec de conquête et de fidélisation de nouveaux clients sur vos sit...
 
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
Leitfaden von Symantec: „Das 1×1 der Kundengewinnung und -bindung im E-Commerce“
 
Symantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threatsSymantec: The rise of hacktivism and insider threats
Symantec: The rise of hacktivism and insider threats
 
Symantec Website Security Threats: February 2014 Update.
Symantec Website Security Threats: February 2014 Update.Symantec Website Security Threats: February 2014 Update.
Symantec Website Security Threats: February 2014 Update.
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update
 
Cybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber SpiesCybercrime - Attack of the Cyber Spies
Cybercrime - Attack of the Cyber Spies
 

Recently uploaded

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

Symantec WSS March 2014 Monthly Website Threat update

  • 1. Andrew Horbury Product Marketing Manager andy_horbury@symantec.com Andrew Shepherd EMEA Marketing Manager andrew_shepherd@symantec.com WEBSITE SECURITY THREATS: MARCH 2014 UPDATE Thursday 13th March 2014 Website Security Threats: March 2014 Update
  • 2. Agenda Website Security Threats: March 2014 Update 1 2 3 4 5 6 Month in Numbers Tech Support Scam A Bad Risk Vulnerable States Grayware/Greyware Stranger than Fiction 7 Good news
  • 3. The month in numbers • 360 million stolen credentials found on black market • "Pony" botnet steals US$200k worth of virtual currencies • 60,000 security alerts were set off by Neiman Marcus attackers • 5 new malware families and 272 new variants targeting Android devices each month • The overall rate of encountering mobile malware in Russia is 63 percent • Over 300k user credentials leaked on Pastebin • With over 800 million records lost 2013 was a big big year for data breaches Website Security Threats: March 2014 Update
  • 4. The month in numbers cont. • 400Gbps DoS attack hits the net, largest the world has seen...so far • Hackers steal 12 million customer records from South Korean telco • 1 in 30 have been hit by CryptoLocker and 40% pay the ransom • 4 out of 5 pressured to roll out IT projects despite security worries Website Security Threats: March 2014 Update
  • 5. Tech Support Scam • Fake Netflix accounts “frozen” • New tactic featuring real-time response when you call • Stealing data, installing malware and charging for non-required health check and bogus AV • Not a new tactic but a ‘classic’ that has morphed into a new and effective one • http://vimeo.com/88296385 Website Security Threats: March 2014 Update
  • 6. Energy companies refused insurance due to doubts over cybersecurity • Power companies are being refused insurance for cyber- attack cover • Underwriters at Lloyd's of London have seen a ‘huge increase’ in demand for cover from energy firms • Insurers have been hit hard by data breach clean up costs from the growth in cybercrime attacks. Website Security Threats: March 2014 Update
  • 7. Vulnerable States • Parliament.uk website vulnerabilities highlighted – XSS vulnerability • 5000 NHS sites had over 2000 security bugs – Older WordPress version – Older web server OS – Vulnerable to XSS • Abandoned sites are a major issue • shkspr.mobi/blog/ Website Security Threats: March 2014 Update
  • 8. Mobile Grayware/Greyware….. • Apps from unofficial marketplaces can be risky…. • Grayware is not new but is taking advantage of the growth of mobile smartphones and our hunger for apps. • Malware as a Service: A new RAT toolkit is available for Android • Malicious apps such a ‘fake’ Flappy Bird is a prime example and is being used to send premium SMS messages from unsuspecting users phones Website Security Threats: March 2014 Update
  • 9. Stranger than fiction • Northern Ireland Department of Justice fined £185,000 for selling filing cabinet – ….what was in it? • Dehli police ignored more than 600 complaints passed onto them from anticorruption agency over 8 years – …why? Website Security Threats: March 2014 Update
  • 10. Good News • US woman wins $500K in revenge-porn suit against ex- boyfriend • Six out of ten US firms boost security spending after Target breach • @N Twitter handle returned to rightful owner • Man found guilty of tampering with three women's computers so he could spy on them through their webcams. Website Security Threats: March 2014 Update
  • 11. Link Glossary • Netflix Tech support scam – http://bit.ly/1erYBHb – The Future of Mobile Malware – http://bit.ly/1kinSs4 • 4 out of 5 pros pressured to roll out IT projects – http://bit.ly/1g901pJ • Security in the energy sector – http://bit.ly/PtcWhd • Parliament/NHS Vulnerabilities – shkspr.mobi/blog/ or http://bit.ly/1i63NEH • Norton Spot – http://bit.ly/1cT9x00 • Grayware/Greyware – http://bit.ly/1iAFUbF • Android RATS – http://bit.ly/1lWcu8i • @N Twitter handle stolen but now restored – http://bit.ly/1cxJtwz Website Security Threats: March 2014 Update
  • 12. Thank you! Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Andrew Shepherd andrew_shepherd@symantec.com / +44 7912 552 896 Andrew Horbury andy_horbury@symantec.com / +44 7703 468 966 @andyhorbury Website Security Threats: March 2014 Update Next webinar: Thursday 17th April 2014 9.30am UK / 10.30am CET