Windows Malware Annual Report 2014 And prognosis 2015

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Windows Malware Annual Report 2014 And prognosis 2015"

Transcription

1 Windows Malware Annual Report 2014 And prognosis 2015 February 2015 Copyright RedSocks B.V All Rights Reserved.

2 This page is left blank on purpose. Page 1

3 Table of Contents 1. Introduction Summary Analysing Malware Processing Malware Detecting Malware Classifying Malware Adware & PUPs Backdoors & Bots Exploits Rootkits Trojans Keylogging Trojans Proxy Trojans PSW Trojans Rogue Trojans Trojan Downloaders Spy Trojans Worms bit Malware Other Malware Trends Adware Backdoors and Bots Exploits Rootkits Trojans Worms bit Malware Other Malware Geolocation Dridex Regin Prognosis Page 2

4 Appendix: MD5 file hashes of with Regin infected files: Table of Figures Figure 01: Detected vs. Not-Detected p/m Figure 02: New Malicious Files p/m Figure 03: Disk Space In GBs... 8 Figure 04: Percentage Detected By Anti-Virus Figure 05: Heuristic Detection Figure 06: Adware & PUPs Figure 07: Backdoors & Bots Figure 08: Exploits Figure 09: Rootkits Figure 10: Trojans Figure 11: Keylogging Trojans Figure 12: Proxy Trojans Figure 13: Password Stealing Trojans Figure 14: Rogue Trojans Figure 15: Download Trojans Figure 16: Spy Trojans Figure 17: Worms Figure 18: 64-bit Malware Figure 19: Other Malware Figure 20: Macro-based Malware Figure 21: Adware Trend Figure 22: B&B Trend Figure 23: Exploit Trend Figure 24: Rootkit Trend Figure 25: Trojan Trend Figure 26: Worm Trend Figure 27: 64-bit Malware Trend Figure 28: Other Malware Trend Figure 29: Top 10 C&C Countries Figure 30: Reported Dridex Attacks Figure 31: Distribution Dridex Banking Trojan Figure 32: Prognoses Malware Categories (large) Figure 33: Prognoses Malware Categories (small) Page 3

5 Table of Tables Table 01: New Malicious Files p/m & Space In GBs... 8 Table 02: Malware Categories Table 03: Top 3 Adware Families Table 04: Top 3 PUP Families Table 05: Top 3 B&B Families Table 06: Top 3 Exploits Table 07: Top 3 Rootkit Families Table 08: Top 10 Trojan Categories Table 09: Top 3 Worm Families Table 10: Top 3 64-bit Malware Table 11: Top 3 Macro-based Malware Table 12: Top 10 Packers & Encryptors Table 13: Top 3 C&C Servers Table 14: Top 10 Connecting IPs Page 4

6 1. Introduction From the RedSocks Malware Research Lab, we give you our first yearly malware trend report. RedSocks is a Dutch company specializing in malware detection. Our product, RedSocks Malware Threat Defender, is a network appliance that analyses network traffic flows in real-time, based on algorithms and lists of malicious indicators. This critical information is compiled by the RedSocks Malware Intelligence Team (RSMIT). The team consists of specialists who have a passion for identifying new threats and trends on the Internet and to translate them into state-of-the-art malware detection capabilities. With this report, we hope to provide you with a deeper insight into the world of malicious threats and trends, as we look back at the data collected and processed during Page 5

7 2. Summary Last year was an eventful year with many interesting events for RedSocks: small and large data breaches, new exploits and vulnerabilities, international spying and hacking. Heartbleed, Operation Blackshades, Point of Sales (POS) malware, Poodle, Regin, ShellShock, and The Interview, a.k.a. Sony hack to name only a few. One trend which had a big impact on internet users in 2014 were the ransomware attacks. Ransomware is a type of malware which restricts access to the computer system that it infects by encrypting the data. It demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. The cybercriminals behind the ransomware attacks pretend to be a legitimate company or government organ. The selected entity will claim that the victim has done something illegal and that government forces are searching for the victim or it will claim that it has encrypted files on the victim s device. The ransomware victim will be forced to pay a ransom to retrieve the files. In most cases a simple search on the Google Search Engine will provide information on how to remove the ransomware from the infected device. Decrypting the encrypted files can be quite a challenge. Some of the most used and active ransomware of 2014 were: Cryptolocker, TorrentLocker, Reveton, WinLocker, and Ransomweb. From January 1 st to December 31 st, 2014, we processed 87 million new unique malicious files. On average we collected new samples per day or 7.3 million per month. The overall detection by Anti-Virus software improved during the year. Their detection went from 66 percent in January to 86 percent in October. In November and December their detection dropped on average 3 and 10 percent respectively. This might not sound too bad, but it means that around 24 percent of all new malicious files were not detected. This leaves us with 20.4 million undetected samples in That is 1.7 million samples per month or per Figure 01: Detected vs. Not-Detected p/m 2014 day on average. Please note that identification rates change based on the anti-virus engines used, samples chosen and time scanned. During 2014, RedSocks identified: million unique samples as adware and 5.4 million as PUPs - B&B in 1.2 million unique new files unique files that used one or more exploits - Rootkits in files million trojans million worms Page 6

8 - In total unique files as containing 64-bit malware million files were categorised as other-malware. The United States hosted the most Command & Control (C&C) servers in 2014, followed by the Russian Federation. In 3 rd place was Germany, followed by the United Kingdom. China can be found on the 5 th place. As hosting country for C& C Servers, The Netherlands increased in popularity. Starting on place 10 in January it climbed to place 8 in March and place 6 in May. From June until December, The Netherlands kept place 5 in the top 10 countries hosting C&C Servers. Overall The Netherlands became 6 th. On place 7 till 10: Ukraine, Turkey, Korea, and Iran. Of all the Command & Control (C&C) traffic we analysed: - The botnet controller Zeus and slight variations of it, was with 23 percent, by far the most popular C&C Servers among cybercriminals. - On the client-side or from the infected hosts, most traffic appeared to come from computers that were compromised by GhostBot (11.76 %), Bladabindi (8.66 %), or the Zegost (6.77 %). Page 7

9 3. Analysing Malware RedSocks Malware Research Labs tracks large numbers of malware from our globally-distributed honeypots, honeyclients, spam-nets and various botnet monitoring sensors. Due to the distribution of our honeypots, we are able to automatically collect and process new malicious samples from across the globe. We also exchange large quantities of malicious files with the Anti-Virus industry. Figure 02: New Malicious Files p/m 2014 Figure 02 and table 01, contain the total number of new unique malicious files per month. From January 1 st until December 31 st 2014, a total of 87 million unique new malicious files have been processed. Combined all new malicious files for 2014 required a total of 42 terabyte of disk space. In table 01 you can see the disk space in Gigabytes needed per month Processing Malware In 2014, on average, we processed over 235,000 new malicious files per day with our automated malware collecting and processing systems. All samples were renamed according to their hash calculation. We then checked to see if that particular piece of malware had already been processed. In figure 03, you will find the total amount of disk space needed to store all the new malicious files in gigabytes per month. Table 01: New Malicious Files p/m & Space In GBs Figure 03: Disk Space In GBs Page 8

10 3.2. Detecting Malware At RedSocks Malware Labs we use an in-house classification system for grouping malware. We have classified over 300 types for which we have created detailed statistics. Once multiple anti-virus scanners (in paranoid mode) have performed their on-demand scan, we know which malware was detected and, perhaps more importantly, which was not. The green section in figure 04 shows the percentage of all the files identified by Anti-Virus software and, in red, the percentage of files not detected. Figure 04: Percentage Detected By Anti-Virus 2014 Of all the new malicious files we processed in 2014, about 23.7 percent of them were not detected by any of the Anti-Virus products we currently use. In figure 05 the new malicious files that were detected by the Anti-Virus on heuristics in Every modern Anti- Virus solution, on the market today, uses various heuristics to detect known and unknown malware. Figure 05: Heuristic Detection 2014 Page 9

11 4. Classifying Malware We categorise malware according to its primary feature. In the 2014, malware was grouped as follows: Table 02: Malware Categories 2014 The category Others, consists of malicious samples that do not fit in any of the six main categories. First we will look at the six main categories. Page 10

12 4.1. Adware & PUPs Of all the identified malware, 9.5 million unique samples were categorised as adware in In figure 5 in green, the adware and in orange the PUPs. PUPs are the common abbreviation for Potentially Unwanted Programs, but they are also known as PUAs (Potential Unwanted Applications). A total of 5.4 million PUPs were identified in Figure 06: Adware & PUPs 2014 A PUP or PUA is an application that is installed along with the desired application the user actually asked for. In most cases, the PUP is spyware, adware or some other unwanted software. However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) informs the user that this additional program is being installed. Considering that people hardly ever read the license agreement, the distinction is a subtle one. Table 03: Top 3 Adware Families 2014 Table 04: Top 3 PUP Families 2014 Page 11

13 4.2. Backdoors & Bots As the name suggests, in this category we find threats that are used to provide a channel through which a remote attacker can access and control a computer. The backdoors & bots (B&Bs) vary in sophistication, ranging from those that only allow for the performance of limited functions to those that allow almost any action to be carried out, allowing the remote attacker to completely take over control of a computer. Figure 07: Backdoors & Bots 2014 A computer with a sophisticated B&B installed may also be referred to as a "zombie" or a "bot". A network of such bots may often be referred to as a "botnet". Botnets can have hundreds of thousands of infected nodes. Typical back door capabilities may allow a remote attacker to: - Collect information (system and personal) from the computer and any storage device attached to it - Terminate tasks and processes - Run tasks and processes - Download additional files - Upload files and other content - Report on status - Open remote command line shells - Perform denial of service attacks on other computers - Change computer settings - Shut down or restart the computer Table 05: Top 3 B&B Families 2014 B&Bs have become increasingly popular among malware creators because of the shift in motivation from fame and glory to money and profit. In today's black market economy, a computer with a backdoor can be put to work performing various criminal activities that earn money for their controllers. Schemes such as pay-per-installation, sending spam s, and harvesting personal information and identities are all ways to generate revenue. In 1.2 million unique new samples, a B&B was found. Page 26

14 4.3. Exploits An exploit is a piece of software that uses one or more vulnerabilities in a computer system to bypass security controls, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Exploits can be very dangerous and can be worth a lot of money on the black market. Figure 08: Exploits 2014 The most common exploit in 2014 was CVE C. Exploit CVE C, which identifies malicious PDF files downloaded by the Blackhole exploit kit that exploits a known vulnerability. When the PDF file is loaded, Adobe Reader opens and then closes, while a malicious executable file is dropped directly onto the C:\ drive. The dropped executable, which is actually embedded into the PDF file, tries to connect to various registered domains to download other files. The downloaded files may contain trojans or other malware. Because JavaScript is used to successfully exploit this vulnerability, disabling it for unknown documents might be Table 06: Top 3 Exploits 2014 a good idea. In 2014, we identified unique files that used one or more exploits. Page 27

15 4.4. Rootkits A rootkit is a type of software designed to hide the fact that an operating system has been compromised, sometimes by replacing vital executables. Rootkits allow viruses and other malware to hide in plain sight by disguising themselves as necessary files that your anti-virus software will overlook. Rootkits themselves are not harmful; they are simply used to hide malware, bots and worms. To install a rootkit, an attacker must first gain access to the root account by either using an exploit, or by obtaining the password, and this by cracking it or through social engineering. Rootkits are usually activated before the operating system is loaded. Because of the early loading of rootkits, they are very difficult to detect and are therefore a very powerful way for attackers to access and use the targeted computer without the owner s notice. Due to the way rootkits are used and installed, they are notoriously difficult to remove. Figure 09: Rootkits 2014 Rootkits are not used to gain elevated access, but instead are used to mask the malware and its payloads more effectively. Malware which uses rootkit technology can stay undetected for a very long time. Rootkit technology is often used in spy trojans and spyware. Table 07: Top 3 Rootkit Families 2014 Of all the new malicious files we processed in 2014, were categorised as rootkit. Page 28

16 4.5. Trojans In 2014, 28.6 million files were identified as trojan. With 43 percent they are the leading malware category. Figure 10: Trojans 2014 The trojans can be further divided into many subcategories. In table 7, you will find a top 10 of the trojan subcategories with their percentages of the total identified trojans. At nearly 62 percent of all identified trojans, are generic trojans. They were detected with heuristics. We could fill many pages with figures and tables on trojan subcategories. Instead the following six were selected for this year s report. In no particular order: keyloggers, proxy, PSW, rogue, spy, and downloaders. Table 08: Top 10 Trojan Categories Keylogging Trojans First a quick look at the trojan keyloggers. In figure 11, you will find the identification of keylogging trojans in Trojan Keyloggers are designed to track the strokes on a keyboard without the knowledge of the user. This information is then collected and used to access private accounts or collect personal information. In 7,100 unique files, a trojan keylogger was found. Figure 11: Keylogging Trojans 2014 Page 29

17 Proxy Trojans A little over 1,800 proxy trojans were identified in Proxy trojans or trojan proxies are designed to use the victim s computer as a proxy server. This gives the attacker the opportunity to do almost everything from your computer, including the possibility of conducting credit card fraud and other illegal activities. Trojan proxies are often used to launch malicious attacks against other networks. Figure 12: Proxy Trojans PSW Trojans PSW trojans are designed to steal user account information such as logins and passwords from infected computers. When launched, a PSW trojan searches system files which store a range of confidential data. If such data is found, the trojan sends it to its master. , FTP, the web (including data in a request), or other methods may be used to transmit the stolen data. Some such Trojans also steal registration information for certain software programs and games. In unique files, password stealing trojans were found. Figure 13: Password Stealing Trojans Rogue Trojans In the sub-category rogue trojans we grouped all the rogue- or fake-ware (rogue antivirus, rogue security software, etc.). A rogue trojan deceives or misleads users into paying money for fake or simulated malware removal or it claims to get rid of malware, but instead installs it. Rogue security software mainly relies on social engineering (fraud) to defeat the security. Figure 14: Rogue Trojans 2014 Cold-calling has also become a vector for distribution of this type of malware, with callers often claiming to be from "Microsoft Support" or another legitimate organization. In a little over unique files we found rogue trojans. Page 30

18 Trojan Downloaders In third place in the category trojans, with unique samples, we find the trojan downloaders or download trojans. A trojan downloader is a trojan that installs itself to the system and waits until an Internet connection becomes available. Once a connection is available, it connects to one or more remote servers or websites in order to download additional programs (usually malware or adware) onto the infected computer. Figure 15: Download Trojans 2014 Trojan downloaders are often distributed as part of the payload of another malware Spy Trojans And finally in the category trojans that we like to share are the spy trojans. Spy trojans can spy on how you are using your computer for example, by tracking the data you enter via the keyboard, mouse clicks and movements, but also by taking screen shots, or getting a list of running applications, or websites you visited. Spy trojans can be very advanced and will try to use all possible methods to spy on you. During 2014, we identified 185,000 spy trojans and 4,500 spyware. Figure 16: Spy Trojans 2014 Spyware is identical to spy trojans when analysed and when considering the various features to spy. The difference is that spyware is sold through legally registered companies, as a tool (for instance to keep an eye on your children), while spy trojans are used by cybercriminals to spy on you and the company you work for. At RedSocks we deal with spyware in the same way as we deal with spy trojans, as both are used without knowledge of the user or owner. Page 31

19 4.6. Worms Of all the identified malware, 4.6 million new samples were categorised as worm. Figure 17, shows all the different worms ( -, Generic-, IM-, IRC-, Net-, P2P-, and Script-Worms) that were identified in Figure 17: Worms 2014 Worms frequently spread by exploiting vulnerabilities in operating systems. On average 2,611 files per day were infected with the peer-to-peer worm Picsys.C, making it the most identified worm of Table 09: Top 3 Worm Families 2014 Page 32

20 bit Malware The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for some time now. In figure 18 you will find the 64-bit malware we identified in Cybercriminals don t actually need a 64-bit version to infect 64-bit Windows. One of the features of 64-bit Windows is WOW64 which is an acronym for Windows On Windows 64. WOW64 emulates a 32-bit Windows environment to allow software to run on the 64-bit operating system. Figure 18: 64-bit Malware 2014 In total, unique files were identified as containing 64-bit malware. In the top 3 of 64-bit malware, we see only members of the notorious Expiro malware family. The Expiro malware family has been around since The file infector portion Infects multiple.exe and.lnk files on all available drives. It will also compromise network mapped drives. Expiro collects user credentials and system information, and intercepts and redirects web requests. Most Expiro variations can download additional add-ons, becoming a proxy server and implementing a (D)DoS attack. Table 10: Top 3 64-bit Malware 2014 The source code for Expiro leaked in the summer of With the availability of the source code it is to be expected that many additional variants will be created and used by cyber criminals. Page 33

21 4.8. Other Malware In this last category we have combined all the malware that did not fit into the previously described categories. The total number of new malicious files in this category is 22.7 million. Figure 19: Other Malware 2014 Within Other we can find macro-based malware. During the summer of 2014, security researcher Szappi from Sophos noticed that macro malware has been making a return. We included figure 20, which shows the macro-based malware we identified in Cybercriminals often use a little social engineering trick, claiming that the document is somehow "protected" until you enable macros to decrypt or unscramble it. Figure 20: Macro-based Malware 2014 In table 14, you can see the top 3 most seen macro-based malware of Mailcab.A is a Microsoft Excel macro worm, that mass-mails itself to everyone in your address book. Lexar.B and Marker.C are both written for Microsoft Word. Table 11: Top 3 Macro-based Malware 2014 Page 34

22 5. Trends Discovering malware-propagation-trends starts with an analysis of the raw data behind the collection and processing of malware. From January to December, RedSocks Malware Research Labs identified the trends by malware category Adware Of all the identified malware, percent was categorised as adware. In figure 21, we can clearly see that adware has been increasing in popularity during the year. Cybercriminals use adware as a quick and easy cash-cow. Figure 21: Adware Trend Backdoors and Bots Of all the malicious files we analysed in 2014, 1.88 percent was identified as B&B. That is close to an average of 3,400 new unique samples per day. In April and May the amounts of new B&B started dropping. The drop was caused by Microsoft and others in an effort to bring down some of the biggest C&C servers. Figure 22: B&B Trend Exploits In 0.06 percent of all analysed malware, we found code to exploit known vulnerabilities, which amounts to, on average, in 95 new malicious files per day. Figure 23: Exploit Trend 2014 Page 35

23 5.4. Rootkits In 0.07 percent of the new malicious files, a rootkit was identified. The clear spike in April is due to 7,300 new malicious files that hide themselves with the help of Rootkit based code Trojans Figure 24: Rootkit Trend 2014 Trojans, at percent, are the largest malware category. On average 78,000 samples were identified as containing one or more trojans per day. Since 2007 trojans have been on the rise as tools for cybercriminals. Keylogging trojans were mostly active in Q1 + Q2, PSW and Spy Trojans in Q2, and in Q3 we identified more proxy trojans than in the other quarters. Rogue trojans like fake anti-virus were mainly used in Q3 and Q4. The last we want to mention are the trojan downloaders, which were mostly distributed in Q4. Figure 25: Trojan Trend Worms Altogether, worms were good for 6.83 percent of the total. With the exception of the summer holiday season, the amount of worms we saw on a daily bases increased every three months. The worms Generic , Generic and the peer-to-peer worm Picsys.C were mainly responsible for the summer spike. On average we identified 12,700 new malicious files as a worm. Figure 26: Worm Trend 2014 Page 36

24 bit Malware Malware designed to run on Windows 64-bit was identified in new malicious files in 2014, merely 205,000 in the fourth quarter only. Files infected by Expiro third generation variations were seen three times more than the second generation Expiro malware in the fourth quarter. Figure 27: 64-bit Malware Trend Other Malware After the adware, B&Bs, exploits, rootkits, worms, and the 64-bit malware, we are still left with 22.7 million identified malicious files. This is 34 percent of the total identified malware in Cybercriminals try to use various tricks to hide their malicious intentions. By compressing and/or encrypting their malicious programs, they hope to avoid detection by anti-virus programs. Figure 28: Other Malware Trend 2014 In table 11, you will find the top 10 packers and encryptors with their percentage of all packers and encryptors identified in Table 12: Top 10 Packers & Encryptors 2014 Page 37

25 6. Geolocation In the top 3 countries - hosting C&C Servers, not much changed. Throughout the year, we saw the United States leading (13,512), followed by the Russian Federation (5,736). The third place was for Germany (3,242) and United Kingdom (3,016), which kept changing places during the year. The Netherlands (1,992) increased in popularity - as a country to host C&C Servers. Starting at 10 th place in January, it climbed to 8 th place in March and 6 th in May. From June till December, The Netherlands kept 5 th place in the top 10 countries hosting C&C Servers. Figure 29: Top 10 C&C Countries 2014 We search for new C&C Servers or controllers 24 hours a day, and one out of every four C&C servers we added to our blacklist was (or still is) a Zeus botnet controller. C&C Servers are controlling countless infected devices and machines all over the world for financial gain. Table 13: Top 3 C&C Servers 2014 From the infected devices and machines, we saw the GhostBot worm more than any other malware trying to connect to its C&C Server for updates and new instructions. Table 14: Top 10 Connecting IPs 2014 Page 38

26 6.1. Dridex In 2014, some cybercriminals started to exploit Microsoft Word macros, but not in the same manner as the almost extinct macro viruses and trojans. The Dridex malware, a banking trojan, has been causing a lot of problems in This trojan has been used by cybercriminals to steal financial information from unaware internet users. The Dridex malware is related to the Cridex malware, which is also being actively used by cybercriminals to steal financial information. The Dridex malware has been used in attacks which exploited the macro functions in Microsoft Word. The macro function used by this malware is a piece of code that installs the malware on the targeted device. Figure 30: Reported Dridex Attacks 2014 Figure 31: Distribution Dridex Banking Trojan 2014 Page 39

27 6.2. Regin There is one last piece of malware we want to share with you, Regin. Identified as a very complex piece of malware, Regin was created to perform spying campaigns on international targets. This spy trojan has been in the media since 2014, but Symantec 1 has reported that the malicious code has been active since The Regin malware has been targeting at least the following identified sectors: government organizations infrastructure operators businesses researchers private individuals The Symantec report claimed that the development of the Regin malware has likely taken months or even years to complete. Systems infected with the Regin malware installed, have been found in the following countries: Pakistan Austria Belgium Iran Afghanistan India Ireland Mexico Saudi Arabia Russian Federation Below a list of compromised IP addresses: In the appendix, you will find all the MD5 file hashes that are identified to be related to the Regin spy trojan. 1 Page 40

28 7. Prognosis 2015 Without a decent working crystal ball, we cannot predict the future. We can make a few prognoses for 2015 based on the data we have (manually) collected, processed, and on the analyses we made in Since criminals became cybercriminals, they have been using malware as a tool for financial gain. For 2015 we can make the following prognoses: With the rate Adware and PUPs keep increasing, we are expecting to see ~20 million of them in The amount of B&Bs and C&C servers have been going up and down. They drop after clean-up operations, but popup elsewhere in the same or slightly modified versions. The hunt for exploits is on. Large companies like Microsoft and Google, spy agencies, and security researchers all over the world are looking for bugs to exploit. And so will the cybercriminals. Rootkits are complicated and expected to double to 100,000 new samples in Figure 32: Prognoses Malware Categories (large) In 2014, ~43 percent of the Figure 33: Prognoses Malware Categories (small) new malicious files we analysed were trojans. In 2015, 50 percent of all the new malicious files will be a trojan. During 2014, cybercriminals have gained interest in worms as tools for financial gain. Of all the new malware we expect to see in 2015, around 10 million will be worms. The amount of 64-bit Malware doubled in the last quarter of Because cybercriminals don t really need 64-bit versions of their malware, it is hard to say if this is going to be a trend or not. For 2015 we expect around 500,000 new and unique 64-bit samples. C&C Servers will remain the most used method for cybercriminals to control large international networks with infected client will be a year with many small and large data breaches, new exploits and vulnerabilities, international spying and hacking. Cybercriminals will use mobile malware and - via BYOD - infect, hack, and spy on your work. The growing popularity of Cloud storage and in particular the home-based Clouds will be exploited by cybercriminals for their own usage and get infected with ransomware. Page 41

29 More and more skimmers will switch to PoS as skimming becomes more difficult. Encrypting will be key for More malware will be encrypted and more infected computers will use encrypted communication with their C&C Servers to make detection and reverse engineering more difficult. But more importantly, organisations and companies should start encrypting their sensitive information. While some countries fear that professional encryption is a danger to national security, in The Netherlands it might become mandatory. The Dutch First Parliamentary Committee for Security and Justice (V&J) will - on February 24, discuss the proposed bill concerning mandatory data leak reports. This bill adds an obligation to report breaches of security for personal data to the Data Protection Act 2. With the obligation to report data breaches, the government wants to limit the impact of a data breach for those involved. With this proposal, the manager at a data breach - involving probability gain loss or unlawful processing of personal data - must provide not just a notification to the supervisor, the Dutch Data Protection Authority (DPA), but also inform the person concerned. This duty applies to all those responsible for the processing of personal data in both the private and public sectors. The failure to report a data breach could result in significant administrative fines from the DPA. This summary is based on the bill and the explanatory memorandum as filed with the House. The proposal (EK , A) 3 was adopted by the House unanimously on February 10, When this proposal is accepted, it will be effective immediately. We hope that you enjoyed our first Windows Malware Trend Year Report and that it provides you with insight into the threats and trends we have seen during We continue to innovate our methods, so please check back with us for our next quarterly trend report. Questions, comments, and requests can be directed towards the RedSocks Malware Research Labs. G.J.Vroon Anti-Malware Behavioural Researcher RedSocks B.V. W: T: +31 (0) E: 2 (Dutch) 3 (Dutch) Page 42

30 Appendix: MD5 file hashes of with Regin infected files: 01c2f321b6bfdb9473c079b ba bb90f71cf d9b90e2da 06665b96e293b23acc80451abb413e50 0c7ca986a0397a90d6929c6f7e6e0154 0d2ebc37da17c222e5874fc c 0e8fb612120bb1f95f53f5d61469aa a9210c8d9120f55f98f90fa5fc5c 148c1bb9d405d717252c77593aff4bd de78ae62417fcc9caa691b8644b bc1328efa0ed636d8aa4a5c 18b1b2b3f00e59db059086adafe51fcc 1c024e599ac055312a4ab75b a 1c7bc938e5f175e97b6d f08c0 22bfc970f707fd775d49e875b63c2f0c 26297dc3cd0b688de3b846983c5385e5 2c8b9d d7ade3cae98225e263b 370db49bcbab2cb3f32a339360f262c3 3ef5decc426a fc90 46cd9e65f993f54d54c7782cfedbd65b 47d0e8f9d7a a32ecc2e 4b6b86c7fec1c574706cecedf44abded 52897d02af0f7658e64e0db6af537dc2 55b8dbe7bb0c37c05a30cc a5 57c8b4c47e95acac68e0587e633be652 5ad58f99355f7f10014bd8b07eb0f5a4 5ecff6d766ec3fcce9208c3e37f a8e876f5022c6d17c215dcc c390b2bbbd291ec fc75d7 66afaa303e13faa4913eaad50f7237ea a55fb c8bf36f00f 744c07e886497f7b68f6f7fe57b7ab54 7c e63feb7cb93247f1b6bae c aba03ffd9d 85bd9de0382a13c09705c26a8306e22e a942908f76069a239a4 92a6d0366a56e5cce347a04b11c0c27c 92df53840ba6285dc baa251 92e958073ec38a487d8082e8e67c69ce a4e0ca7b0113ee cbd8291c2a a790d9291cf4af7e1c408a9b7b085cdf a8c032ba411c1f63220d7e7ce883ee8e afaee56bc5e19f92b97e8f3e7aa2187a b0a35d8ed2d bff39e57d9e5 b269894f434657db2b a67532 b29ca4f22ae7b7b25f79c1d4a421139d b505d65721bb2453d5039a389113b566 b7cbb79edd04c32dc46e23407d0c4139 b b38339abd993d07d3c33c ba7bb65634ce1e30c1e5415be3d1db1d bc4db38f a4a33bd661c5cc7d0 bfbe8c3ee78750c3a e440f8 c051614abe2b6ee986b080fba4c32f87 ca14e20cd0ef1db4a531c70f1bc7009e cf77ac7f58eb0d210df16f10613f346a cfac99d112095bedebf5eeb612e51c90 d240f06e98c8d3e647cbf4d442d79475 db405ad775ac887a337b02ea8b07fddc ee766d7a dccddc01de8eb fae3021f7e74166feaa706c302446fee fb1cde39064b b1ffd1b07b fb33fb1d9ef00c1cfb070417a fb5f1b78e8ae608a08c08755a515dce5 ffb0b9b5b a7bdf0806e1e bb6ee1de2927c90556e46e7cfe1 Page 43

31 REDSOCKS RedSocks is a Dutch company specialised in malware detection. RedSocks supplies RedSocks malware threat defender as a network appliance. This innovative appliance analyses digital traffic flows in real time based on the algorithms and lists of malicious indicators compiled by the RedSocks Malware Intelligence Team. This team consists of specialists in identifying new threats on the internet and translating them into state-of-the-art malware detection. Boogschutterstraat 9C, 7324 AE Apeldoorn, The Netherlands Tel +31 (0) Website

Malware Trend Report, Q2 2014 April May June

Malware Trend Report, Q2 2014 April May June Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...

More information

This page is left blank on purpose.

This page is left blank on purpose. This page is left blank on purpose. page 1 of 30 Table of Contents 1. Introduction... 5 2. Summary... 6 2.1. Collecting Malware... 7 2.2. Processing Malware... 7 2.3. Identifying Malware... 8 2.4. Detecting

More information

Malware Trend Report, Q4 2014 October November December

Malware Trend Report, Q4 2014 October November December Malware Trend Report, Q4 2014 October November December January 2015 Copyright RedSocks B.V. 2014-2015. All Rights Reserved. This page is left blank on purpose. Page 1 of 28 Table of Contents 1. Introduction...

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

More information

Malware Trend Report, Q1 2015 January February March

Malware Trend Report, Q1 2015 January February March Malware Trend Report, Q1 215 January February March April 215 Copyright RedSocks B.V. 214-215. All Rights Reserved. This page is left blank on purpose. Page 1 Table of Contents 1. Introduction... 4 2.

More information

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and

More information

CSCA0101 Computing Basics CSCA0101 COMPUTING BASICS. Chapter 8 Malware

CSCA0101 Computing Basics CSCA0101 COMPUTING BASICS. Chapter 8 Malware CSCA0101 COMPUTING BASICS Chapter 8 1 1. 2. Usage of 3. Types of 4. How Spreads? 5. How Can You Protect Computer? 6. Symptoms 7. Anti- Program 2 Short for malicious software. A is software used or created

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015 G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015 CONTENTS At a glance 03-03 Forecasts and trends 03-03 Current situation: 4,900 new Android malware samples every day 04-04 Half of Android malware is

More information

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015 G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015 CONTENTS At a glance 03-03 Forecasts and trends 03-03 Current situation: 4,900 new Android malware samples every day 04-04 Half of Android malware is

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

WHITE PAPER. Understanding How File Size Affects Malware Detection

WHITE PAPER. Understanding How File Size Affects Malware Detection WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

Trust the Innovator to Simplify Cloud Security

Trust the Innovator to Simplify Cloud Security Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like

More information

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.

More information

Malicious Software. IT 4823 Information Security Administration. Viruses. Malware Terminology. Virus Structure. Virus Structure

Malicious Software. IT 4823 Information Security Administration. Viruses. Malware Terminology. Virus Structure. Virus Structure Malicious Software IT 4823 Information Security Administration Malicious Software February 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

Managing Web Security in an Increasingly Challenging Threat Landscape

Managing Web Security in an Increasingly Challenging Threat Landscape Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.

More information

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Presented at Kaseya Connect 2015

Presented at Kaseya Connect 2015 Presented at Kaseya Connect 2015 1 Crushes malware. Restores confidence. Malwarebytes by the numbers. 1.9B+ Real-time protection events Industries fastest response time to new threats- both known and unknown.

More information

White Paper - Crypto Virus. A guide to protecting your IT

White Paper - Crypto Virus. A guide to protecting your IT White Paper - Crypto Virus A guide to protecting your IT Contents What is Crypto Virus?... 3 How to protect yourself from Crypto Virus?... 3 Antivirus or Managed Agents... 3 Enhanced Email Services & Extra

More information

Stopping zombies, botnets and other email- and web-borne threats

Stopping zombies, botnets and other email- and web-borne threats Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This

More information

What you need to know to keep your computer safe on the Internet

What you need to know to keep your computer safe on the Internet What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

GlobalSign Malware Monitoring

GlobalSign Malware Monitoring GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...

More information

Corporate Account Takeover. presented by Commerce Bank IT & Security Departments 2013

Corporate Account Takeover. presented by Commerce Bank IT & Security Departments 2013 Corporate Account Takeover presented by Commerce Bank IT & Security Departments 2013 Agenda 2 1 What is Corporate Account Takeover? 2 3 4 5 How does it work? Types of Security Threats & Countermeasures

More information

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This

More information

How to easily clean an infected computer (Malware Removal Guide)

How to easily clean an infected computer (Malware Removal Guide) How to easily clean an infected computer (Malware Removal Guide) Malware, short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather

More information

New Staff Members. Common Internet Threats. Phishing Sites. Overview. Spear Phishing / Whaling. Viruses & Worms. Osama is leaving the School

New Staff Members. Common Internet Threats. Phishing Sites. Overview. Spear Phishing / Whaling. Viruses & Worms. Osama is leaving the School New Staff Members Common Internet Threats Tom Chothia Computer Security, Lecture 16 Osama is leaving the School Joe Gardiner will be a new lab demonstrator Ian Batten will be a new tutor. Overview Phishing

More information

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................

More information

Spy Eye and Carberp the new banker trojans offensive

Spy Eye and Carberp the new banker trojans offensive Spy Eye and Carberp the new banker trojans offensive The common way for a wanna-be hacker to fulfill his sick aspirations is to achieve a known trojan there is a plenty on the Internet, sometimes they

More information

Emerging Trends in Malware - Antivirus and Beyond

Emerging Trends in Malware - Antivirus and Beyond Malware White Paper April 2011 Emerging Trends in Malware - Antivirus and Beyond One need only listen to the news or read the latest Twitter and media updates to hear about cyber crime and be reminded

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Spyware: Securing gateway and endpoint against data theft

Spyware: Securing gateway and endpoint against data theft Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation

More information

How Spyware and Anti-Spyware Work

How Spyware and Anti-Spyware Work 22 PART 1 INTERNET SECURITY CHAPTER 3 How Spyware and Anti-Spyware Work 23 THESE days, the biggest danger you face when you go onto the Internet might be spyware a type of malicious software that can invade

More information

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion Internet Security Seminar 2013 Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion An overview of the paper In-depth analysis of fake Antivirus companies

More information

A Critical Investigation of Botnet

A Critical Investigation of Botnet Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

Threat Events: Software Attacks (cont.)

Threat Events: Software Attacks (cont.) ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to

More information

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Takeover & Information Security Awareness. Customer Training Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Cyber Security. Maintaining Your Identity on the Net

Cyber Security. Maintaining Your Identity on the Net Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD

More information

Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats

Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus

More information

Websense Web Security Solutions

Websense Web Security Solutions Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Web 2.0 Challenge The Internet is rapidly evolving. Web 2.0 technologies are dramatically changing the way people

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS A Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT EMAIL-BASED THREATS Even with today s breakthroughs in online communication, email is still one of the main ways that most

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

A TASTE OF HTTP BOTNETS

A TASTE OF HTTP BOTNETS Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with

More information

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Cyber Security: What you need to know to protect your business. February 2014

Cyber Security: What you need to know to protect your business. February 2014 Cyber Security: What you need to know to protect your business February 2014 Presented by: Jon Zayicek Vice President Sera-Brynn Topics: The landscape is changing What are the threats? How to protect your

More information

Security Business Review

Security Business Review Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large

More information

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines

More information

Security guide. small businesses and freelancers. Security guide 1

Security guide. small businesses and freelancers. Security guide 1 Security guide small businesses and freelancers Security guide 1 1. Introduction 3. The most dangerous types of threats 5. Will you let us protect you? 2. Where is the danger and how can we protect ourselves?

More information

Using big data analytics to identify malicious content: a case study on spam emails

Using big data analytics to identify malicious content: a case study on spam emails Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime

More information

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;

More information

We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit.

We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit. We are a volunteer-based organization that is spreading cyber awareness and creating a cyber first responders unit. We participate in several team-based competitions a year to serve as training and experience

More information

Information Security Awareness

Information Security Awareness Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

The Underground Economy of the Pay-Per-Install (PPI) Business

The Underground Economy of the Pay-Per-Install (PPI) Business The Underground Economy of the Pay-Per-Install (PPI) Business Kevin Stevens, Security Researcher SecureWorks Counter Threat Unit (CTU) History of the PPI Business The Pay-Per-Install business model (PPI)

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

2015 TRUSTWAVE GLOBAL SECURITY REPORT

2015 TRUSTWAVE GLOBAL SECURITY REPORT 2015 TRUSTWAVE GLOBAL SECURITY REPORT Rahul Samant Trustwave Australia WHY DO CYBERCRIMINALS DO WHAT THEY DO? 1,425% Return on Investment (ROI) Estimated ROI for a one-month ransomware campaign Based on

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

One Minute in Cyber Security

One Minute in Cyber Security Next Presentation begins at 15:30 One Minute in Cyber Security Simon Bryden Overview Overview of threat landscape Current trends Challenges facing security vendors Focus on malware analysis The year? The

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

CS 356 Lecture 9 Malicious Code. Spring 2013

CS 356 Lecture 9 Malicious Code. Spring 2013 CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,

More information

ZNetLive Malware Monitoring

ZNetLive Malware Monitoring Introduction The criminal ways of distributing malware or malicious software online have gone through a change in past years. In place of using USB drives, attachments or disks to distribute viruses, hackers

More information

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document ESET CYBER SECURITY PRO for Mac Quick Start Guide Click here to download the most recent version of this document ESET Cyber Security Pro provides state-of-the-art protection for your computer against

More information

Top Ten Cyber Threats

Top Ten Cyber Threats Top Ten Cyber Threats Margaret M. McMahon, Ph.D. ICCRTS 2014 Introduction 2 Motivation Outline How malware affects a system Top Ten (Simple to complex) Brief description Explain impacts Main takeaways

More information

MRG Effitas 360 Assessment & Certification Programme Q4 2014

MRG Effitas 360 Assessment & Certification Programme Q4 2014 MRG Effitas 360 Assessment & Certification Programme Q4 2014 1 Contents Introduction... 3 Executive summary... 3 Certification... 4 The purpose of this report... 5 Tests employed... 6 Security Applications

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

Practical tips for a. Safe Christmas

Practical tips for a. Safe Christmas Practical tips for a Safe Christmas CONTENTS 1. Online shopping 2 2. Online games 4 3. Instant messaging and mail 5 4. Practical tips for a safe digital Christmas 6 The Christmas holidays normally see

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Kaspersky Lab. Contents

Kaspersky Lab. Contents KASPERSKY DDOS INTELLIGENCE REPORT Q3 2015 Contents Contents... 1 Q3 events... 2 Attacks on financial organizations... 2 Unusual attack scenario... 2 XOR DDoS bot activity... 2 DDoS availability... 3 Statistics

More information

Mobile App Reputation

Mobile App Reputation Mobile App Reputation A Webroot Security Intelligence Service Timur Kovalev and Darren Niller April 2013 2012 Webroot Inc. All rights reserved. Contents Rise of the Malicious App Machine... 3 Webroot App

More information