New Trends in Security Attacks Final

Views:
 
Category: Education
     
 

Presentation Description

No description available.

Comments

By: shanky.nia (109 month(s) ago)

this is so awesome, plz can i have a copy of this shanky.nia@gmail.com

By: aarthikasirajan (111 month(s) ago)

hi your presentation s too good plz i need a copy of this ppt ,thank you

By: chops975 (114 month(s) ago)

Dear Sir, It is a great presentation kindly send to gchopra975@gmail.com. Regards

By: ninet7 (115 month(s) ago)

Hi there... I really like your presentation about the Current Trends in Security. Can i have a copy of your presentation? I appreciate your help. Thanks..

By: nath_at (122 month(s) ago)

I like the presentation is very good, i like to hv a copy

See all

Presentation Transcript

Current Trends in Security Attacks: 

Current Trends in Security Attacks By Jim Willoughby, MCSE, CISSP, CISM, CEH

Slide2: 

Malware Threat Cycle

Intrusion Landscape: 

Intrusion Landscape Hackers ~75% Script Kiddies ~24% Skilled ~1% Sophisticated Malware - Virus - Worm Mainly payload medium Bot/IRC Kits Spyware - Adware Professionally developed Randamp;D budgets Tied to legit businesses Pay per click Pay per install

Motivational Range: 

Motivational Range Storage House warez, e.g. pirated movies, games, and / or software Bandwidth Warez downloads Facilitates attacks against others Distributed computing, e.g. password cracking Botnet Extortion / DDoS Identity Theft Spam Phishing Anarchy

Vulnerability Spectrum: 

Vulnerability Spectrum Code Based Vulnerability Configuration Based Vulnerability Vulnerable services, like FTP and PHP Permissions wide open Weak Passwords Brute Force Social Engineering Trojan Phishing Browsing web-based P2P software

Threat Gamut: 

Threat Gamut Worms Email Worms Trojans Stealth Viruses Rootkits Alternate Data Streams Phishing Backdoor Adware / Spyware

Worms: 

Worms Rely on a Code Based Vulnerability for entry Code Red, MSBlaster, SQL Slammer, and Sasser Malicious payloads Usually include an IRC backdoor Host file entries to block AV software update Generally don’t infect other 'files' Replicating parasitic computer programs that and are often unnoticed until bandwidth issues cause network problems

Email Worms: 

Email Worms Social engineering attack User is tricked into running the virus Originally relied on mail systems Many include their own SMTP engine to spread Include a malicious payload Trojan Macro Virus SPAM

Browsing as Vulnerability: 

Browsing as Vulnerability Attacking the browser Active Scripting Unpatched browser vulnerabilities Java Script Vulnerabilities Cross Zone Scripting attacks Malicious web sites and emails Spam Popup User enticed by phishing

Dangerous Surf: 

McAfee study finds that major search engine results point users towards risky sites. Dangerous sites up to as much as 72 per cent of results for certain popular keywords, 'free screen savers' 'digital music' 'popular software' 'singers' 'sponsored' results - paid for by advertisers - are more dangerous than non-sponsored results. 8.5 per cent of sponsored links were found to be dangerous 3.1 per cent of regular search results. Dangerous Surf

Spyware and Adware: 

Spyware and Adware Viruses may no longer be the top security threat Motivation purely financial Difficult to classify Many walk a fine line Main software is compliant, but installed by a malicious dropper Techniques similar virus world Trojan droppers Phone home and auto-update Rootkits

Spyware Entry : 

Spyware Entry Can be installed through bundle It comes with a desirable application Can be installed by itself The program has some useful functionality and some Pushing the technology envelope Click and you are owned Unpatched browser vulnerabilities Java vulnerabilities Social Engineering

BotnetsWhere organized crime and cyber crime meet: 

Botnets Where organized crime and cyber crime meet Organized Hacker gangs Client and server Tools Back door IRC Control channel Rootkits Dynamic DNS Dutch Police Crush Big 'Botnet,' Arrest Trio Toxbot (aka Codbot) A huge network of 100,000 PCs was used to conduct a denial-of-service attack in an extortion attempt, Also used to extort a U.S. company, steal identities, and distribute spyware Dutch prosecutors now say the botnet appears to contain around 1.5 million machines.

Evolving Motivation: 

Evolving Motivation Money Power Notoriety According to Panda 70% of new malware detected by the developer’s scanning service in the first quarter had a cybercrime or financial motive 40% of the new malware detected was spyware

Evolution of Players: 

Evolution of Players Hackers and Gangs Criminals Professional Development Environment According to Panda: Rise in popularity of Trojans and the relative waning of traditional virus attacks. Email worms were generating masses of headlines and hysteria, now they garner just 4% of new malware 'Trojans… accounted for 47 per cent of new examples of malware

Organized Crime and the Internet: 

Organized Crime and the Internet A recent McAfee study into organized crime and the internet suggests Increase in money making cyber scams. 'New hierarchy of cyber criminals' Each level, from amateur to professional, has different tactics and motives. Development in recent years of cyber gangs, who sit at the top of the cybercrime chain. Advanced groups of career criminals and hackers agree to cooperate, plan and execute long term attack strategies little interest to the socially-motivated hacker or script kiddy,' McAfee reports.

Malware Future Trends: 

Malware Future Trends Marriage of botnets and spyware According to McAfee bots fuel spyware boom Zombie bots such as Gaobot, MyTob and SDbot are often central to the spread of spyware. Exploited machines using backdoor techniques has increased over 63 per cent Often results in spyware and adware being downloaded onto affected systems Recent Headlines Botnet master jailed for five years A 20-year-old Los Angeles man used the 'rxbot' Trojan horse program to find and take control of a 400,000 Windows machine botnet He then installed ad-delivery programs from two adware firms: Quebec-based Gammacash LOUDcash, which was purchased by 180solutions and renamed ZangoCash

Malware Future Trends: 

Malware Future Trends

Malware Future Trends: 

Malware Future Trends

Malware Future Trends: 

Malware Future Trends

Malware Future Trends: 

Malware Future Trends

Malware Future Trends: 

Malware Future Trends

Future Malware Trends: 

Future Malware Trends

Blended Threats: 

Blended Threats Include aspects of all major viruses Worm characteristics Entry points Code Based Vulnerability for MS and 3rd party software Include brute force password dictionary Spread by crawling networks Mail Worm functionality Data mines the local system for addresses Spread using an SMTP engine Often include Rootkit Payload includes spyware droppers

NextGen Worm Examples: 

NextGen Worm Examples 'Swiss army knife' worm W32.Nugache.A spreads via email IM channels peer-to-peer element Control channel uses TCP port 8 rather than IRC Similar to The Linux worm Slapper Mytob's Hackers May Spawn Unstoppable 'Super Worm' Mytob Family Includes code borrowed from MyDoom and Rbot All Mytobs share characteristics such as: hijacking addresses from compromised PCs spread using its own SMTP engine dropping in a backdoor Trojan shut down security software

Spyware Trends: 

Spyware Trends Ransomware Uninstall program will not work unless you pay a fee / ransom Faux Anti-Spyware, registry cleaners GpCode and Krotten Trojans prevent boot until fee is paid Reinstalled by Droppers Recent Droppers Using Rootkit Techniques CoolWebSearch Apropos SpyAxe Look2Me

Social Engineering: 

Social Engineering Some cases require the end user to go to great extents to get infected, such as: Password protected compressed files Renamed file extensions Install prerequisite software Classic Trojan examples Holiday themed items Pornography Games Recent Trojan examples Sudoku used as bait for adware World Cup Wall Chart Trojan World of Warcraft Virtual Gold

Cross-Platform Viruses: 

Cross-Platform Viruses Not just a Windows Issue Profit is platform independent Social Engineering Appears Eternal FUD? Linux Malware Cross-Platform Virus Targets Windows / Linux Not a new idea Mac malware Proof of concept code exists for a number of known vulnerabilities Most AV companies have issued warnings this year

What About the Hackers: 

What About the Hackers Warez servers are still around, but often serve multiple functions Botnet controller Spam generator Attack Platform Rootkits are commonplace Hacker Defender, AFXRootkit, and FURootkit Buggy malware often indicates its presence System or service crash Missing services files Common tools no longer function Best guidance for hacked systems will always be a secure rebuild

The Weakest Link: 

The Weakest Link BOTNET Controllers must be discoverable Originally use hard coded IPs Use Dynamic DNS All discoverable and easy to defeat Control channel defined in malware code Block protocol Monitor with IDS Web browsing clients must be lured Phishing emails Often easy to determine from infected host Shorter list that you might think MS Honey Monkey and others, such as McAfee SiteAdvisor, scan for threats

What Can I Do Now?: 

What Can I Do Now? Apply ALL Security Updates Disable superfluous services Block unsolicited inbound traffic Require Strong passwords Updated Anti-Virus andamp; Anti-Spyware products End user education Safe Browsing Safe Email Run with least user rights Audit for compliance

Microsoft Security Products: 

Microsoft Security Products Windows Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx Windows Software Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx Microsoft Baseline Security Analyzer http://www.microsoft.com/technet/security/tools/mbsahome.mspx Microsoft OneCare http://www.windowsonecare.com Microsoft Client Protection http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx Network Access Protection http://www.microsoft.com/technet/itsolutions/network/nap/default.mspx Windows Vista http://www.microsoft.com/windowsvista/default.aspx Built in Windows Defender and MSRT Better Firewall User Account Control Windows Longhorn http://www.microsoft.com/windowsserver/bulletins/longhorn/beta1.mspx

References and Links: 

References and Links Panda Quarterly Report http://www.pandasoftware.com/pandalabsQ12006 Rootkits, Part 1 of 3: The Growing Threat, McAfee Whitepaper http://download.nai.com/products/mcafee-avert/WhitePapers/AKapoor_Rootkits1.pdf Malware Evolution, Kaspersky Labs http://www.viruslist.com/en/analysis?pubid=184012401 The Safety of Internet Search Engines, McAfee SiteAdvisor http://www.siteadvisor.com/studies/search_safety_may2006.html Trojans are the New Model Army http://www.theregister.co.uk/2006/05/08/malware_survey Virus writers get into cyber-extortion http://www.theregister.co.uk/2006/04/21/kaspersky_malware_trends_update Malicious Bots Hide Using Rootkit Code http://www.eweek.com/article2/0,1895,1816972,00.asp Alleged Pop-Up Hacker Busted http://www.wired.com/news/technology/0,1282,69480,00.html?tw=wn_tophead_2 The New Apple of Malware’s Eye: Is Mac OS X the Next Windows? McAfee Whitepaper http://download.nai.com/products/mcafee-avert/WhitePapers/NewAppleofMalwaresEye.pdf Cross platform virus PoC http://isc.sans.org/diary.php?storyid=1248andamp;rss Hackers control bot client over P2P http://www.theregister.co.uk/2006/05/02/nugache_worm

authorStream Live Help