Exploring the Black Hole Exploit Kit

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Exploring the Black Hole Exploit Kit"

Transcription

1 Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department 12/29/11 Page 1/20

2 Summary The Black Hole exploit kit is a web application designed to propagate and monitor malware. The kit provides administrative features that allow operators to monitor infection statistics in real time, as well as toolsets to configure landing pages and repack malicious payloads to avoid antivirus detection. Typically, through means such as spam, victims are lured to malicious or compromised websites, from which Black Hole launches a variety of attacks on common web browser vulnerabilities found in Java, Adobe Reader, and Flash plugins. The Threat Intel team gained access to and monitored a Black Hole kit operating in the wild. Through the kit s administration panel, analysts identified the referrers distributed via spam s, the landing pages used to initiate the exploits, and the malicious binaries dropped onto victim machines. 1 This white paper summarizes the findings. 1 The Black Hole exploit kit labels URLs that redirect to malicious as referers 12/29/11 Page 2/20

3 Forum Activity The user Legacy on the forum Damagelab.org advertised the original version of the Black Hole Exploit Kit v beta on 02 September Legacy listed three individuals for potential clients to contact: Sales: Legacy, ICQ Program Support: Paunch, ICQ Team Lead: Naron, ICQ Figure 1 - Legacy's original post announcing release of Black Hole exploit kit Unlike other exploit kits, the source code for Black Hole is not for sale. Instead, potential clients have the option to lease the kit by purchasing different licenses ranging from $1,500 for one year, $1,000 for six months, or $700 for three months. It is also possible to rent the kit hosted on the author s server for a monthly fee of $500, or per week at $200. The Black Hole exploit kit has seen multiple updates since its original release. In a post dated 30 November 2011 on the forum Exploit.in, the user Paunch announced the most recent release v Figure 2 - Paunch announcing the latest updates to BH Kit (Java Rhino exploit among others) 12/29/11 Page 3/20

4 Spam All lures observed were initially sent out in spam campaigns generated by the Cutwail botnet. Each spam message contained a URL that lead to a compromised webpage. Said URLs are called redirectors or referers. We observed three different redirection techniques that lead to this particular Black Hole exploit kit: 1).htaccess 404 re- write 2) PHP script that loads iframe 3) JavaScript function evals to window.location redirect.htaccess 404 re- write Using an.htaccess re- write technique, the criminal is able append malicious JavaScript code to the 404 response page of the server. Said code writes an iframe to the page, which tells the browser to load the exploit kit. The benefit of this technique is that the attacker has an infinite number of URL combinations they can use, since every 404 response from the hacked website will return the appended JavaScript. More information and examples of an infected.htaccess file can be found on the Sucuri Blog. 2 Figure page with malicious JavaScript appended 2.htaccess info: htaccess- attacks- part- 1.html 12/29/11 Page 4/20

5 Two distinct campaigns one impersonating Bank of America and the other the IRS were observed using the.htaccess 404 re- write technique. 3 In the Bank of America spam campaign, s appeared to be sent from alert Listed below are examples of the subject headers observed: Bank of America: Account CLOSED Bank of America: Action required Bank of America: Account CLOSED Bank of America: Bill Payment CANCELED Bank of America: Unauthorized charges Figure 4 - Bank of America lure 3 StopMalvertising.com analysis of the Bank of America spam campaign: scams/bank- of- america- account- alert- leads- to- blackhole- exploit- kit.html 12/29/11 Page 5/20

6 In this attack, the lures contained links to non- existent PDF files on the server: hxxp://aracelektronik.com/8239epeoiq88534.pdf hxxp://brandonwjohnson.com/8239epeoiq89534.pdf hxxp://dafitson.com/8239epeoiq89534.pdf hxxp://easterncuisinewales.com/8238epeoiq89534.pdf hxxp://guiameloncorp.com/8239epeoiq89634.pdf hxxp://kismetindianrestaurant.co.uk/82e9epeoiq89534.pdf hxxp://masteryao.com/8239epeoiq89534.pdf hxxp://nicksvac.com/8289epeoiq89534.pdf hxxp://sanseverocommunity.com/8239epeoiq89584.pdf hxxp://thewebsitedesignpeople.co.uk/3239epeoiq86534.pdf hxxp://www.easterncuisinewales.com/8239epeoiq89534.pdf By design, the server then returned an altered 404 page containing the obfuscated JavaScript, which then eval ed to an iframe in the browser: Figure 5 - Deobfuscated JavaScript with an iframe to exploit page 12/29/11 Page 6/20

7 The IRS themed campaign functions in almost the exact same manner. Below is an example of one such with the subject IRS: Fraud Alert : Figure 6 - IRS themed lure This campaign utilized hundreds of compromised domains as lures, including but not limited to: hxxp://davidenocera.altervista.org/irsgov/reports/complaint/66n704bvvof hxxp://de.yachtexport.com.pl/irsgov/reports/complaint/66n704bvvof hxxp://digofone.com/irsgov/reports/complaint/65dhwptnb49s hxxp://foto1.hu/irsgov/reports/complaint/66n704bvvof hxxp://freebusinesscardtemplates.com.au/irsgov/reports/complaint/3rfhpmxubgib98 hxxp://freshmodels.pl/irsgov/reports/complaint/66n704hj399 hxxp://galadhwen.com/irsgov/reports/complaint/4d5623a04sf3 hxxp://gruppoaversente.it/irsgov/reports/complaint/no304ind893 hxxp://gruppoaversente.it/irsgov/reports/complaint/vad5nhv6w3doh hxxp://helyitermek.com/irsgov/reports/complaint/kl0929naike9 hxxp://hostelinflorence.com/irsgov/reports/complaint/f35704bvvof 12/29/11 Page 7/20

8 Below are Black Hole campaigns associated with this technique: Campaign dbfe c 502c1fba e 502c1fba e Black Hole URL koiwoeqwcut.com/main.php?page=dbfe c domainsecurityvultest.in/main.php?page=502c1fba e www123.pandasecuritycheck.com/main.php?page=502c1fba e dbfe c was impersonating Bank of America and 502c1fba e was IRS themed. PHP Script to iframe In the second technique, malicious PHP scripts were placed on compromised websites. While no spam samples were identified, the administration panel of the Black Hole exploit kit showed the following lures: hxxp://fnrtop.com/adinfo.php hxxp://lomaintech.com/adinfo.php hxxp://rawmercurymedia.com/adinfo.php hxxp://rendermode.com/adinfo.php hxxp://paradisewebhost.com/adinfo.php The following HTML code (an iframe to the Black Hole kit) loads into the browser of victims that click on one of the above URLs: Figure 7 - Response content of adinfo.php redirector Below are the Black Hole campaigns associated with this technique: Campaign Domain 68dfc2dfc10659c4 statistic- countervisitors.net/main.php?page=68dfc2dfc10659c4 c f49d07 statistic- countervisitors.com/main.php?page=c f49d07 dfb886473afec374 usa- server05.com/main.php?page=dfb886473afec abda media- googlestat743.com/main.php?page=095252abda ae5b527f10c01793 media- googlestat743.net/main.php?page=ae5b527f10c /29/11 Page 8/20

9 window.location Redirect The third technique, known as the window.location redirect, utilized hundreds of compromised domains as redirectors contained in a variety of spam s. Many of the domains were also used in other spam campaigns as hosting platforms for other redirectors. Below is a personalized spam sample sent on 07 December 2011: Figure 8 - Spam sample from December 7th All personally identifiable information has been blotted out of the screenshot. Redirectors had the following format: hxxp://domain.tld/invoiceid- [0-9]{5}.html hxxp://bgoharbin.com/invoiceid html hxxp://capital- humain.ca/invoiceid html hxxp://neikiddo.com/invoiceid html 12/29/11 Page 9/20

10 Another wave of s, sent December 13 th, contained subject lines like New Agreement for our group duo December 2nd 2011." 4 The redirectors had the following format: Z]{8}.html hxxp://bellomo.de/njai6evm.html hxxp://inmemoriam40-45.nl/ffcacg8g.html hxxp://dvat.doggen- vom- alten- traum.de/e33b1h21.html hxxp://curricolo.istruzioneferrara.it/ v.html hxxp://admin.youmks.cba.pl/0j1mf9zd.html hxxp://curricolo.istruzioneferrara.it/m57qr6mu.html The html pages contained obfuscated JavaScript that loaded the Black Hole kit using the window.location object. Figure 9 - JavaScript function returned by hacked page 4 Reference to lure on Dynamoo s Blog: logs- spam.html 12/29/11 Page 10/20

11 The browser eval s this JavaScript to the following: Figure 10 - window.location redirect code The Black Hole campaigns associated with this technique: Campaign 68dfc2dfc10659c4 68dfc2dfc10659c abda Domain cms- wideopendns.com/main.php?page=68dfc2dfc10659c4 domainsecurityvultest.in/main.php?page=68dfc2dfc10659c4 checkmeforsecuryty.in/main.php?page=095252abda Current status of the Black Hole domains Domain First Seen (PST) Current Status media- googlestat743.net 12/5/11 17:19 SERVFAIL statistic- countervisitors.com 12/5/11 18:06 SERVFAIL statistic- countervisitors.net 12/7/11 1:55 SERVFAIL usa- server05.com 12/7/11 4:51 SERVFAIL media- googlestat743.com 12/7/11 10:09 NXDOMAIN koiwoeqwcut.com 12/8/11 15:09 SERVFAIL checkmeforsecuryty.in 12/12/11 8:11 SERVFAIL domainsecurityvultest.in 12/13/11 1:51 NOERROR 5 cms- wideopendns.com 12/13/11 13:19 SERVFAIL www123.pandasecuritycheck.com 12/14/11 9:39 NOERROR yourpandasecuritycheck.com 12/16/11 2:56:51 NOERROR 5 domainsecurityvultest.in is suspended status is CLIENT HOLD. The domain utilizes the nameserver ns1.suspended- domain.com. 12/29/11 Page 11/20

12 Black Hole exploit kit Infrastructure Analysis confirmed that this Black Hole kit was hosted at a fast- flux bullet- proof hosting provider. The short TTL, multiple A records, and distributed nameservers are indicators of a fast- flux botnet. A passive DNS lookup revealed 95 unique IPs for the month of December Figure 11 - Query results from the authoritative nameserver Figure 12 - Query results from our passive DNS database 12/29/11 Page 12/20

13 Six of the 95 IPs at were randomly selected for closer analysis: IP Hostname Country ASN ISP hdn1.deu.da.uu.net DE 702 Verizon Deutschland pcs.intercable.net MX Television Internacional dynamicip.rima- tde.net ES 3352 Telefonica España cpe.net.cable.rogers.com CA 812 Rogers Cable pool.mediaways.net DE 6805 Telefonica o2 Deutschland cm telecable.es ES TeleCable All of the IPs are residential broadband accounts spread across the globe, strong indicators of a botnet. The evidence clearly shows that the Black Hole kit is hosted behind a fast- flux botnet. In short, the Black Hole kit is hiding behind a botnet of proxy servers, but the proxy servers are all infected computers. The diagram below shows how the whole operation works. Note that the Black Hole exploit kit sits on criminal server behind the fast- flux proxy network. Figure 13: Infrastructure of the Black Hole exploit kit 12/29/11 Page 13/20

14 Malware (Payloads) Analysis shows that all but one of the samples listed above are the same binary slightly altered by basic packer obfuscation. These binaries are all variants of the Cridex trojan. 67 MD5 DESCRIPTION FIRST SEEN VT SCORE bf391e746529f4f87098a20f1 Cridex 12/13 1/ ecbf563d13cccbc8cc6de0d9 Cridex 12/12 5/ d1dee4c981b64fb9342a66ba81bb Cridex 12/7 2/43 27e403df66918fbbd bacd8492 Cridex 12/6 22/43 8ff7ab0264af8ce3d551a4924d Cridex 12/5 4/43 d41d8cd98f00b204e ecf8427e Empty file 12/5 NA Figure 14 - Some of the malware samples dropped 6 The Cridex trojan is a keylogger designed to obtain victim banking credentials. 7 nov- 11- cridex- the- hex- of- skidlo.aspx 12/29/11 Page 14/20

15 Anti- White Hat Techniques The criminals operating this Black Hole kit made considerable efforts to protect their investment and maximize efficiency of their operation. They opted to host their exploit kit at a fast- flux botnet hosting provider in order to hide their exploit kit behind a proxy network (see Figure 15). Also, they are blocking IPs and referers that they believe are used by white hat researchers to track malware systems. The blocking mechanism appears to be block directives in the.htaccess config, however, this functionality is built directly into the Black Hole admin panel: Figure 15 Black List 12/29/11 Page 15/20

16 Statistics This section provides a glimpse into the Black Hole control panel from the vantage point of the criminal operators. Country Statistics Analysis of the statistics confirmed that the criminal actors were targeting only the United States, Germany, and Italy. Though it appears that the primary focus was victims in the United States. Figure 16 - Statistics based on country For clarification, the first column is country, the second column is hits, the third column is successful exploits, and the fourth column is successful infections. 12/29/11 Page 16/20

17 Exploit Statistics The most commonly used exploit is the newly added Java Rhino exploit [CVE ]. This exploit will work on all browsers and across every operating system. Browser Statistics Figure 17 - Exploit statistics There were many successful exploits of Safari and Chrome, but no successful malware installs. The most vulnerable browser is Firefox with a 60% exploit rate, followed by Internet Explorer with a 40% exploit rate. Figure 18 - Browser statistics 12/29/11 Page 17/20

18 Operating System Statistics The statistics panel shows that the most vulnerable and prevalent operating system is Windows XP. Overall Statistics Figure 19 - Operating system statistics The overall statistics section shows the total number of hosts infected by this Black Hole exploit kit. Figure 20 - Overall statistics 12/29/11 Page 18/20

19 Post- Exploit Traffic Direction After the exploit code is run, users are forwarded to the following domains: commercialday- net.com jdemponedelnik.bij.pl commercialday- net.com is suspended (domain status CLIENT HOLD ) and jdemponedelnik.bij.pl appears to redirect to an Incognito exploit kit. The purpose of this traffic direction is unclear. Figure 21 - Campaign monitoring page 12/29/11 Page 19/20

20 Administrator Connections Administrator connections to the exploit kit admin panel were established from the following IPs: IP COUNTRY HOSTNAME ISP US server80.it4business.ca PEER US dns2.raymondvilleisd.org VTXC NL N/A LEASEWEB US N/A NTT DE evrohoster.com LEASEWEB US 8a.7.be.static.xlhost.com XLHOST.COM DE N/A LEASEWEB MD starnet.md STARNET NL local DEDISERV GB N/A RACKSRV Most of these IPs appear to be VPS or VPN servers. 12/29/11 Page 20/20

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS Trend Micro Incorporated Research Paper 2012 Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS By: Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland

More information

Deciphering and Mitigating Blackhole Spam from Email-borne Threats

Deciphering and Mitigating Blackhole Spam from Email-borne Threats Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges

More information

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and

More information

Web Application Worms & Browser Insecurity

Web Application Worms & Browser Insecurity Web Application Worms & Browser Insecurity Mike Shema Welcome Background Hacking Exposed: Web Applications The Anti-Hacker Toolkit Hack Notes: Web Security Currently working at Qualys

More information

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Advancements in Botnet Attacks and Malware Distribution

Advancements in Botnet Attacks and Malware Distribution Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering

More information

Malicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities

More information

Phishing Activity Trends Report June, 2006

Phishing Activity Trends Report June, 2006 Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account

More information

INFORMATION SECURITY REVIEW

INFORMATION SECURITY REVIEW INFORMATION SECURITY REVIEW 14.10.2008 CERT-FI Information Security Review 3/2008 In the summer, information about a vulnerability in the internet domain name service (DNS) was released. If left unpatched,

More information

Analysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang

Analysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang Analysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang Deakin University, 221 Burwood Highway, Burwood, Victoria 3125, Australia Trend Micro 606 St Kilda Road, Melbourne,

More information

Threat Spotlight: Angler Lurking in the Domain Shadows

Threat Spotlight: Angler Lurking in the Domain Shadows White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record

More information

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with

More information

Surviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa

Surviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa Surviving and operating services despite highly skilled and well-funded organised crime groups Romain Wartel, CERN CHEP 2015, Okinawa 1 Operation Windigo (2011 - now) 30,000+ unique servers compromised

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Be Prepared for Java Zero-day Attacks

Be Prepared for Java Zero-day Attacks Threat Report Be Prepared for Java Zero-day Attacks Malware Analysis: Malicious Codes spread via cloud-based data storage services December 19, 2013 Content Overview... 3 Distributing Malicious E-mails

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

Phishing Activity Trends Report for the Month of December, 2007

Phishing Activity Trends Report for the Month of December, 2007 Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease

More information

Cross Site Scripting in Joomla Acajoom Component

Cross Site Scripting in Joomla Acajoom Component Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended

More information

4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud

4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud AARP can help you Spot & Report Fraud Fraud Fighter Call Center: Talk to a volunteer trained in how to spot and report fraud. Call the Fraud Fighter Call Center at (877) 908-3360 Fraud Watch Campaign What

More information

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most

More information

RIA SECURITY TECHNOLOGY

RIA SECURITY TECHNOLOGY RIA SECURITY TECHNOLOGY Ulysses Wang Security Researcher, Websense Hermes Li Security Researcher, Websense 2009 Websense, Inc. All rights reserved. Agenda RIA Introduction Flash Security Attack Vectors

More information

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................

More information

Using big data analytics to identify malicious content: a case study on spam emails

Using big data analytics to identify malicious content: a case study on spam emails Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime

More information

EyjafjallajöKull Framework (aka: Exploit Kits Krawler Framework)

EyjafjallajöKull Framework (aka: Exploit Kits Krawler Framework) EyjafjallajöKull Framework (aka: Exploit Kits Krawler Framework) Seeking Exploit Kits at Large Scale Made Easy By Sébastien Larinier / @Sebdraven & Guillaume Arcas / @y0m This Slide Intentionally Left

More information

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security

More information

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Practical Threat Intelligence. with Bromium LAVA

Practical Threat Intelligence. with Bromium LAVA Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

GlobalSign Malware Monitoring

GlobalSign Malware Monitoring GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...

More information

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org Measures to Protect (University) Domain Registrations and DNS Against Attacks Dave Piscitello, ICANN dave.piscitello@icann.org Why are we talking about Domain names and DNS? Domain names and URLs define

More information

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way

More information

Context Threat Intelligence

Context Threat Intelligence Context Threat Intelligence Threat Advisory The Monju Incident Context Ref. Author TA10009 Context Threat Intelligence (CTI) Date 27/01/2014 Tel +44 (0) 20 7537 7515 Fax +44 (0) 20 7537 1071 Email threat@contextis.co.uk

More information

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection Trend Micro, Incorporated Marco Dela Vega and Norman Ingal Threat Response Engineers A Trend Micro Research Paper I November

More information

WompMobile Technical FAQ

WompMobile Technical FAQ WompMobile Technical FAQ What are the technical benefits of WompMobile? The mobile site has the same exact URL as the desktop website. The mobile site automatically and instantly syncs with the desktop

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware

What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware Contents Introduction.................................2 Installation: Social engineering

More information

N J C C I C NJ CYBERSECURITY AND COMMUNICATIONS INTEGRATION CELL

N J C C I C NJ CYBERSECURITY AND COMMUNICATIONS INTEGRATION CELL 4 N J C C I C NJ CYBERSECURITY AND COMMUNICATIONS INTEGRATION CELL Exploit Kits: A Prevailing Vector for Malware Distribution August 5, 2015 Since first appearing around 2006, exploit kits (EK) have evolved

More information

MALICIOUS REDIRECTION A Look at DNS-Changing Malware

MALICIOUS REDIRECTION A Look at DNS-Changing Malware MALICIOUS REDIRECTION A Look at DNS-Changing Malware What are Domain Naming System (DNS)-changing malware? These recently garnered a lot of attention due to the recent Esthost takedown that involved a

More information

CS 558 Internet Systems and Technologies

CS 558 Internet Systems and Technologies CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.

More information

Configuring an External Domain

Configuring an External Domain Configuring an External Domain SUPPORT GUIDE DOMAINS ABOUT THIS GUIDE This guide will instruct you on how to: Use an existing domain name Set Up Your Domain to Use Tagadab Name Servers Use Your VPS/Dedicated

More information

DATA SHEET. What Darktrace Finds

DATA SHEET. What Darktrace Finds DATA SHEET What Darktrace Finds Darktrace finds anomalies that bypass other security tools, due to the uniqueness of the Enterprise Immune System, capable of detecting threats without reliance on rules,

More information

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Recommended Practice Case Study: Cross-Site Scripting. February 2007 Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber

More information

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence

More information

Real World Testing Report

Real World Testing Report Real World Testing Report A test commissioned by Symantec Corporation and performed by AV-Test GmbH Date of the report: July 30 th, 2012, last update: July 30 th, 2012 Executive Summary In July 2012, AV-Test

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

Beyond Aurora s Veil: A Vulnerable Tale

Beyond Aurora s Veil: A Vulnerable Tale Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF

More information

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion Internet Security Seminar 2013 Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion An overview of the paper In-depth analysis of fake Antivirus companies

More information

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

More information

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology

More information

Inside Nuclear s Core: Analyzing the Nuclear Exploit Kit Infrastructure Part I

Inside Nuclear s Core: Analyzing the Nuclear Exploit Kit Infrastructure Part I Inside Nuclear s Core: Analyzing the Nuclear Exploit Kit Infrastructure Part I By Check Point Threat Intelligence & Research Malware has different methods by which it propagates. Exploit kits (EKs) have

More information

Detecting Remote Access (RAT) Attacks on Online Banking Sites

Detecting Remote Access (RAT) Attacks on Online Banking Sites Detecting Remote Access (RAT) Attacks on Online Banking Sites A BioCatch White Paper Document Overview Remote Access Tools (RATs) allow an attacker to take control over a desktop and use it remotely, opening

More information

MALWARE ANALYSIS 1. STYX EXPLOIT PACK: INSIDIOUS DESIGN Aditya K. Sood & Richard J. Enbody Michigan State University, USA COMMUNICATION DESIGN

MALWARE ANALYSIS 1. STYX EXPLOIT PACK: INSIDIOUS DESIGN Aditya K. Sood & Richard J. Enbody Michigan State University, USA COMMUNICATION DESIGN MALWARE ANALYSIS 1 STYX EXPLOIT PACK: INSIDIOUS DESIGN Aditya K. Sood & Richard J. Enbody Michigan State University, USA Rohit Bansal Independent Security Researcher, India In this paper, we discuss the

More information

A more comprehensive version of this material was published in the October issue of the Virus Bulletin magazine [3].

A more comprehensive version of this material was published in the October issue of the Virus Bulletin magazine [3]. INSIDE A BLACK HOLE By Gabor Szappanos, Principal Researcher, SophosLabs Introduction Without exception the most actively deployed exploit kit in the past year was the Blackhole exploit kit. [1]. Now that

More information

Using Hacker Tricks in Legit Defensive Code

Using Hacker Tricks in Legit Defensive Code Using Hacker Tricks in Legit Defensive Code Ziv Mador Director of Security Research August 2013 Chicago Content developed and presented at RSA with: Ryan Barnett Lead Security Researcher 2013 Trustwave

More information

Microsoft Security Intelligence Report

Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 16 July through December, 2013 Key Findings Summary This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY,

More information

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians? From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that

More information

Keeping Eyes on Malicious Websites ChkDeface against Fraudulent Sites

Keeping Eyes on Malicious Websites ChkDeface against Fraudulent Sites Keeping Eyes on Malicious Websites ChkDeface against Fraudulent Sites Hiroshi KOBAYASHI, Takayuki UCHIYAMA Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) Agenda Background Increase

More information

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

Endpoint Business Products Testing Report. Performed by AV-Test GmbH Business Products Testing Report Performed by AV-Test GmbH January 2011 1 Business Products Testing Report - Performed by AV-Test GmbH Executive Summary Overview During November 2010, AV-Test performed

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz Internet Banking Attacks Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz Contents Agenda Internet banking today The most common attack vectors The possible countermeasures What protection

More information

Botnets Die Hard Owned and Operated

Botnets Die Hard Owned and Operated Botnets Die Hard Owned and Operated,,, Las Vegas, 2012 Aditya K Sood Richard J Enbody SecNiche Security Department of Computer Science and Engineering Michigan State University Aditya K Sood About Us PhD

More information

Phishing Scams Security Update Best Practices for General User

Phishing Scams Security Update Best Practices for General User Phishing Scams Security Update Best Practices for General User hishing refers to the malicious attack Pmethod by attackers who imitate legitimate companies in sending emails in order to entice people to

More information

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.

More information

Spam and All Things Salty: Spambot v2013

Spam and All Things Salty: Spambot v2013 Spam and All Things Salty: Spambot v2013 Jessa dela Torre 1 and Sabrina Lei Sioting 2 1 Forward-Looking Threat Research Team 2 Threat Cleanup and Analysis Team Trend Micro, Inc., Philippines Abstract.

More information

Password Hacking Done Easy

Password Hacking Done Easy November 2006 Password Hacking Done Easy Ofer Maor CTO Agenda Introduction to the Modern Password Hacking Client-Side Threats Password Theft Demo Real Hacking Stories Questions & Answers 2 of 26 About

More information

Five Stages of a Web Malware Attack

Five Stages of a Web Malware Attack Five Stages of a Web Malware Attack A guide to web attacks plus technology, tools and tactics for effective protection By Chris McCormack, Senior Product Marketing Manager Today s web attacks are extremely

More information

Zscaler Internet Security Frequently Asked Questions

Zscaler Internet Security Frequently Asked Questions Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices

More information

thriller INTERNET SECURITY

thriller INTERNET SECURITY + thriller INTERNET SECURITY Saturday, October 31, 2009 1:30 PM 3:00 PM Matthew 28:18-20 Website Ministry + Agenda 2 Scripture (Col 3:12-15) Prayer Internet Security Security Threats Security Protection

More information

MITB Grabbing Login Credentials

MITB Grabbing Login Credentials MITB Grabbing Login Credentials Original pre-login fields UID, password & site Modified pre-login fields Now with ATM details and MMN New fields added MITB malware inserted additional fields. Records them,

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

SOLUTION CARD WHITE PAPER

SOLUTION CARD WHITE PAPER WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This

More information

AWEBDESK LIVE CHAT SOFTWARE

AWEBDESK LIVE CHAT SOFTWARE AWEBDESK LIVE CHAT SOFTWARE Version 6.1.0 AwebDesk Softwares Administrator Guide Edition 1.0 November 2012 Page 1 TABLE OF CONTENTS Introduction.......... 3 Sign In as Admin...4 Admin Dashboard Overview.

More information

http://my6.statcounter.com/project/standard/magnify.php?project_id=1613882&ip_number=3275864294

http://my6.statcounter.com/project/standard/magnify.php?project_id=1613882&ip_number=3275864294 Pagina 1 di 8 My Projects My Profile Account Info Users Support Billing Upgrade User Forum Blog Logout [nicscics] Magnify User (Scie Chimiche (Chemtrails)) 16th December 2008 00:40:22 S T A T I S T I C

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration

More information

Versafe TotALL Online Fraud Protection

Versafe TotALL Online Fraud Protection Versafe TotALL Online Fraud Protection Protect ALL users. From ALL malware, threat types. On ALL devices. ALL transparently to the end-user. Summary of Mobile Malware & Cross-Device Attacks Overview of

More information

Spy Eye and Carberp the new banker trojans offensive

Spy Eye and Carberp the new banker trojans offensive Spy Eye and Carberp the new banker trojans offensive The common way for a wanna-be hacker to fulfill his sick aspirations is to achieve a known trojan there is a plenty on the Internet, sometimes they

More information

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox

Trend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...

More information

Web Tracking for You. Gregory Fleischer

Web Tracking for You. Gregory Fleischer Web Tracking for You Gregory Fleischer 1 INTRODUCTION 2 Me Gregory Fleischer Senior Security Consultant at FishNet Security 3 Disclaimer Why do you hate? 4 Reasons For Tracking TradiFonal reasons for tracking

More information

April 11, 2011. (Revision 2)

April 11, 2011. (Revision 2) Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of

More information

Browser Exploit Packs Exploitation Paradigm (Tactics)

Browser Exploit Packs Exploitation Paradigm (Tactics) Browser Exploit Packs Exploitation Paradigm (Tactics) Death by Bundled Exploits Virus Bulletin 2011 - Conference 5-7 th October, 2011 Barcelona, Spain Aditya K Sood Richard J Enbody SecNiche Security Department

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

More information

Threat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com

Threat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little

More information

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,

More information

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud 1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global

More information

Dr. Seltsam, oder wie ich lernte, Malware zu lieben

Dr. Seltsam, oder wie ich lernte, Malware zu lieben Dr. Seltsam, oder wie ich lernte, Malware zu lieben Matthias Schmidt schmidt@ieee.org Quid est Malware? 2 Viruses Spyware Worms Adware Malware Rootkits Trojans Keyloggers Ransomware Dialers 06/05/13 3

More information

Current counter-measures and responses by CERTs

Current counter-measures and responses by CERTs Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure

More information

The Underground Economy of the Pay-Per-Install (PPI) Business

The Underground Economy of the Pay-Per-Install (PPI) Business The Underground Economy of the Pay-Per-Install (PPI) Business Kevin Stevens, Security Researcher SecureWorks Counter Threat Unit (CTU) History of the PPI Business The Pay-Per-Install business model (PPI)

More information

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

FSOEP Web Banking & Fraud: Corporate Treasury Attacks FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

THE OPEN UNIVERSITY OF TANZANIA

THE OPEN UNIVERSITY OF TANZANIA THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather

More information

Current Threat Scenario and Recent Attack Trends

Current Threat Scenario and Recent Attack Trends Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks

More information