Security Trend of New Computing Era

Similar documents
Protecting Virtual Environments

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

The Scenes of Cyber Crime

Securing the SMB Cloud Generation

(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

MRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014

Cyber Vigilantes. Rob Rachwald Director of Security Strategy. Porto Alegre, October 5, 2011

WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Remediation Testing Report

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

CHAPTER 8 SECURING INFORMATION SYSTEMS

Trend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]

INTERPOL For official use only. Fighting with friends

IBM Security Systems IBM X-Force 2012 Annual Trend and Risk Report

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Elementary Computing CSC 100. M. Cheng, Computer Science

Internet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008

Next Generation Endpoint Security Confused?

Threat Landscape vs Threat Management. Thomas Ludvik Næss Country Manager

Synchronized Security

Sizing and Scoping ecrime

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

ITU Regional Cybersecurity Forum for Asia-Pacific

Seqrite Endpoint Security

Symantec Intelligence Quarterly: Best Practices and Methodologies October - December, 2009

Automating Security Response based on Internet Reputation

Big Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO

Unique Phishing Attacks (2008 vs in thousands)

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Real World Testing Report

The Risks and Opportunities of Mobile Working within Cloud Environments

MOBILE SECURITY OVERVIEW. Tim LeMaster

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Symantec Ransomware Protection

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

Report on Spamvertising and Phishing using.hk Domain Names and McAfee Report. ccnso Meeting June 24, 2008

Network Security Fundamentals

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

Quick Heal Total Security

Top 10 Considerations for Securing Private Clouds

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

FIREWALL BEST PRACTICES TO BLOCK

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

White Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Security Gaps from the Field

IBM Security Network Protection Solutions

Protection Against Malware. Alan German Ottawa PC Users Group

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Panda Security 2010 Page 1

Intelligent and Secure Network

CIS 5373 Systems Security

Gladiator Incident Alert

Security Made Simple by Sophos

TOP 10 Vulnerability Trends for By Nevis Labs

QUARTERLY TRENDS AND ANALYSIS REPORT

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Copyright 2011 Trend Micro Inc.

The Six Most Dangerous New Attack Techniques And What s Coming Next? Ed Skoudis CounterHackChallenge

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Assessing Global Security Threat Levels Bryan Lu, Project Manager / Researcher

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Online Threats. This include human using them!

How To Remove Personal Antivirus Security Pro Virus Windows 8


IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

Cyber Crime Update. Mark Brett Programme Director February 2016

Latest View on the Threat of Information Security and Risk Management Trends

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Employee Security Awareness Training

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Course Outline (version 2)

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Smart Protection Network. Raimund Genes, CTO

The State of Spam. Paul Wood Senior Analyst, MessageLabs Intelligence Symantec Hosted Services

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Chapter 6 Network and Internet Security and Privacy

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

PRACTICING SAFE COMPUTING AT HOME

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Invincea Endpoint Protection Test

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Symantec Endpoint Protection

Computer Network Vulnerabilities

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Imperva Incapsula Website Security

Transcription:

Security Trend of New Computing Era Presented by Roland Cheung HKCERT

Agenda Security Threat Overview Introduction of Botnet Impact of Botnet Fight Back Botnet Security Protection Scheme

Security Threat Overview

Security Threat -Trend Cloud Computing Data Social Network Privacy Mobile Security Apps

Security Threat -Type Phishing/Defacement Malicious Code Injection / SQL Injection Distributed Denial of Service (DDoS) Malware Botnet etc

Security Threat -Impact Financial Loss Data Loss Identity Theft Service unavailability

Security Threat -Underground Economy Fig 1 - Sales ranking on underground economy (Source from Symantec)

Introduction of Botnet

What is Botnet? Botnet (aka Zombie Network, 殭屍網路 ) A collection of compromised computers (called bots, zombie) under a common command-and-control (called C&C) infrastructure. http://en.wikipedia.org/wiki/botnet

Botnet Structure Bot Herder/Master Command and Control Servers (C&C, C2) Bots Fig 2 - Typical Botnet structure

Spread Channel Website Email Instant Messenger (IM) P2P file sharing network Mobile device application

Website Code Injection Hidden iframe direct to the malicious website contains vulnerability exploit 1H of 2010, over 2,500 Common Vulnerabilities and Exposures (CVE) recorded. Apple is top vendors of CVE, issued about 180. Fig 3 -Source from Trend Micro

Website Malicious Multimedia Content Exploit media player vulnerability Malicious codec file installation Fig 4 Fake YouTube website delivers malware (Kooface)

Website Search Engine Optimization Poisoning (aka Black hat SEO) Using unethical SEO techniques in order to obtain a higher search ranking to post malicious link on hot topic Deliver Fake AV Fig 5 - Black hat SEO exploit Google search

Website Malvertisting (malicious advertising) Use of online advertising to spread malware Fig 6 -In Apr 2010, malicious advertisement display fake security warnings

Malicious attachment Email Ms office document,.doc,.xls,.ppt.pdf.lnk.swf Malicious link embedded E.g. Pushdo, Waledac, Kooface

MSN, QQ Embedding link File transfer Instant Messenger E.g. Mariposa

P2P File sharing network BT, emule, Foxy etc. E.g. Storm, Waledac, Nugache

Mobile Device Application Zeus ver 2.0, Man in the mobile (Mitmo) Reported in Sep 2010 Installed in mobile devices like BlackBerry and Symbian mobile phones Sniff all the SMS messages that are being delivered. Steals both the online username and password

Malware Fig 7 - Top 10 malware hosting countries (Source from SOPHOS)

Communication Channel IRC HTTP/HTTPS P2P Twitter

Twitter Fig 8. Botnet use twitter to deliver the command (Source from Arbot Networks)

Twitter TwitterNet Builder-A kit for building Twitter Botnet

Impact of Botnet

Global botnet infection rate Fig 9 Microsoft Security Intelligence Report Vol.9 88 locations around the world, no of computers cleaned for every 1,000 execution of MSRT.

Global botnet infection Fig 10 Bot infection statistics (Source from Mcafee)

Active Botnet Families Fig 11 - Top 10 bot families detected (Source from Microsoft)

Botnet Ecosystem Fig 12 -Source from microsoft

Fight Back Botnet

Fight Back Year 2010 is becoming a good year in shutting down big botnets. Mariposa Waledac Bredolab ZeuS

Case Study -Mariposa Mariposa, (butterfly in Spanish) Discovered in December 2008 12.7 million bots in more than 190 countries (Top country India, Top city - Seoul ) Spread via IM, P2P file sharing, website exploit IE vulnerability

Case Study -Mariposa Fig 13 Mariposa C&C server More than 200 binaries Connect the C&C using anonymous VPN service

Case Study -Mariposa Stole credit card, banking credentials, user identity (username, password) Belonging to more than 800,000 users.

Case Study -Mariposa Mariposa Working Group (MWG) established in May 2009 Members:

Case Study -Mariposa In Dec 2009, MWG took control of the Mariposa Botnet In Feb 2010 arrested the leader (alias Netkairo ) by Spanish Civil Guard In Jul 2010, arrested the suspected creator (alias Iserdo )by Slovenian police

Lesson Learned Case Study -Mariposa 97% bots use DNS to locate C&C, detect the bots by DNS activity Sinkhole the domain used by C&C server

Waledac Case Study -Waledac Discovered in Apr 2008 Estimated 70,000-90,000 infected computers Spread via email 1.5 billion spam messages a day (about 1% of the total global spam volume) Connect the C&C using P2P network

Case Study Waledac Fraudulent greeting cards and breaking news events. Email contains a link point to a malicious websites Deliver exploit code when visited Adobe reader, Flash, IE, MS Office components etc.

Case Study -Waledac Fig 14 - Waledac P2P communication structure (Source from Symantec)

Case Study -Waledac Operation b49 initiated by Microsoft s Digital Crimes Unit Members: In Feb 2010, Cut off 273 Harmful botnet domains used by Waledac

Case Study -Waledac Waledac Tracker http://www.sudosecure.net/waledac/index.php Fig 15 Waledac Tracker (Source from sudosecure)

Case Study -Waledac Lesson learned Solved legal issue Microsoft Corporation v. John Does 1-27, et. al. http://www.microsoft.com/presspass/events/rsa/docs/complaint.pdf

Security Protection Scheme

Security Protection Scheme Anti-virus/Anti-malware Firewall Apply security patches Malicious Website detection File analysis

Anti-virus/Anti-malware Deploy Cloud technology A unknown application is launched, ask the cloud network to look up this application Immediate protection against the latest threats

Firewall In-bound and out-bound detection Open ports detection Unknown application warning System change warning Sandbox Logging

Apply security patches Vendor's OS and application update checking features Secunia - Personal Software Inspector (PSI) http://secunia.com/vulnerability_scanning/personal/

Malicious Website detection IE 8, Firefox 3 built-in website detection features

Malicious Website detection Google Safe Browsing

Malicious Website detection Wepawet http://www.mywot.com/en/download MonkeyWrench http://monkeywrench.de/index.html

Malicious Website detection Blocklist Malware Domain Blocklist http://www.malwaredomains.com/files/domains.txt ZeuS Blocklist https://zeustracker.abuse.ch/blocklist.php SpyEye Blocklist https://spyeyetracker.abuse.ch/blocklist.php

VirusTotal http://www.virustotal.com File Analysis

MalOffice File Analysis http://mwanalysis.org/?site=7&page=submit

Q & A Thank You Emai: hkcert@hkcert.org Hong Kong Clean PC Day 2010 Seminar Hong (Nov) Kong Clean PC Day Security 2010 Seminar the Social (Nov) Networking and Cloud Computing Age

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback