R1 RIER ARR BA.
|
|
- Bernard Welch
- 8 years ago
- Views:
Transcription
1 R1 RIER ARR A
2 $5 - $20 Spent and you are NOT Secure
3 Network Security Must Cover oth Espionage The act or practice of spying or of using spies to obtain secret information, as about another government or a business competitor. Sabotage The deliberate destruction, disruption, or damage of equipment, a public service, etc., as by enemy agents, dissatisfied employees, etc. any similar il action or behavior
4 Very Little Difference other than the platform Process are the same targets might be different Zero-Day Virus Targets Control Systems? Control System Malware Social Media Malware
5 Fundamentals Have NOT Changed The Only Secure Process Inspect All 7 OSI Layers Inspect All Traffic and Traffic Types Analyze activities in Total via Intelligence React in Real Time
6 Fundamental Process for Exploiters/Cyber Criminals i 1. Reconnaissance & Knowledge of Enterprise (all platforms and infra structure) 2. Initial Intrusion into the Network-Social Engineering 3. Establish a ackdoor into the Network 4. Obtain User Credentials 5. Install Hacking Utilities 6. Privilege Escalation- Lateral Movement-data Exfiltration 7. Maintain Presence (Persistence) or Cleanup and exit
7 Myths I will check my logs and change rules I am protected with a Firewall Does not inspect traffic I.e. Not all HTTP Request are valid but are accepted I am protected with IDS/IDP Protects signatures of known attacks arrier1 does detect anomalies in data traffic I am protected with Encryption VPN Encryption only protects data while in transport Stored Data My Anti Virus is up to date My OS is patched Regularly Defense in Depth means a box for each Deep Packet Inspection is not well defined I outsource my Web Site and use a cloud provider
8 Can Anyone tell me where the Virus is?
9 Name This Attack
10 Name This Attack How Does it Work Program exploits a Microsoft Vulnerability MS Server Service Patch Spreads over LAN- US Memory Sticks- PC It copies itself in the AMIN$\system32 folder 297 Subroutines Propagated as a DLL PC are turned to drones on a otnet Programmed to seek updates through a list of domains 7750 Domains on the list ½ are active or ( ) Resolve to only 42 unique IP s 28 domains most up for sale by registrar Obtains a second list of names on the user account using a series of weak passwords Uses a crafted RPC request Checks for Windows Version and Disables Windows Auto Update Features Windows Security Center Windows Defender Windows Error Reporting Sends UPNP Message to Open local Random High order ports (back door) Will create a variant of HTTP server and opens a random port ,000 10,000 Go out to site for external facing IP address Searches in blocks of 250 domain names Operating Systems can handle only 256 request at one time Goes to sleep but checks every 30 sec Using the same UTC clock everyone converges on the registered domains at the exact same time and asks if an executable is available. Send URL request for port 80 and a Windows binary is returned and validated with a locally stored public key If not connected it will try every e 60 secs. Http request
11 There are always clue or signals before the attack APT is no different
12 Headlines in Wired Magazine Google Hack Attack Was Ultra Sophisticated, New Details Show y Kim Zetter Author Jan.14,2010, Categories: reaches, Cybersecurity,Hacks and Cracks Hackers seeking source code from Google, Adobe Rackspace, Juniper, and dozens of other highprofile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer.
13 To help protect your privacy, PowerPoint prevented this external picture from being automatically downloaded. To download and display this picture, click Options in the Message ar, and then click Enable external content. What are Advanced Persistent Threats Wikipedia definition usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage, but applies equally to other threats such as that of traditional espionage or attack.[1] Other recognized attack vectors include infected media, supply chain compromise, and social engineering. i Individuals, id such as an individual id hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.[2] Translated- Long Term sophisticated attacks Example: Stuxnet
14 Other version of an APT Stuxnet designed to sabotage an industrial control system 100 kb Flame a universal attacking tool kit used mostly for cyber espionage Nitro 20 Megs in size It can record audio if a microphone it can do screen captures and transmit visual data. It can steal information from the input boxes when they are hidden behind asterisks, password fields; Night Dragon methodical and progressive intrusions into the targeted infrastructure. Company extranet web servers compromised through SQL-injection techniques, allowing remote command execution compromised web servers as command and control (C&C) servers Using the RAT malware, they proceeded to connect to other machines Duqu Duqu is essentially the precursor to a future Stuxnet-like attack. designed to gain remote access capabilities. Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT)
15 APT will Force IT to rethink Security APT is just a new phrase to describe malware that took advantage of sometimes simple weaknesses in networks that the targeted, victimized organization spent millions of dollars investing in technology..
16 Not Much Different than lended Threats lended Threats vs Conficker vs Suxnet vs APT lended Threat was the first generation APT is stealthier Originated in the Air Force but now has gone mainstream Victims include large, medium, and small organizations including Google ut as IT security vendors take up APT, it turns out not everyone uses it the same way source Network World Ellen Messmer editor Then Polymorphic Attacks
17 asics of APT s Advanced Attackers have a full suite of Intelligent Gathering tools to go after their target Combine multiple target methods Persistent Slow and low approach to gathering information about their attack subject Constant Monitoring Threat Individuals that carry these attacks out are very skilled, motivated, organized and have a specific objective
18 Timeline
19 APT Termed an Entire Threat Class Threat Classes Insider Fraud Threat Vehicles Drive-by-Malware Industrial espionage Hactivism i RAT (remote access tool) Rootkits DDos Keyloger Modifications -File and or Registry General Operation turned Against you ARP requests Portable Executables Injected Threads ie running process of explorer.exe Other Aspects Malware ot ackdoor C&C 8 different communication methods
20 Malware makes up part of the APT You are being target right now Over 100,000+ Malware is automatically sent out each day Anti-Virus is not designed to stop Malware Malware is a human issue Malware is not released until it gets PAST AV tools y the time vectors hardened Malware has mutated
21 Anatomy of an APT Reconnaissance Attacker gains foothold on victim system Open a shell prompt to see if the system is mapped to a network drive Victim system is connected to the network drive prompting attacker to initiate a port scan Attacker will thereby identify available ports running services on other systems AV Dbases OS Apps Attackers moves to targeting VIP victims
22 Anatomy Moving in Entry Phishing with attachment Dropper Files placed (msvcr.dll) Key functions identified subroutines are renamed Win32/COSWid Gets Code Value from PNG File (uses compression) Can be packaged in HTML files System Check (dg003.exe) Checks to see if it is a command prompt Then checks AV programs running and from who Enumerating the registry key at Software\Microsoft\Windows\current Version Creates another file name Marks its spot or presence This came from ZeuS
23 Anatomy Now inside Changes MAC time of newly created file Debugging Process Patches for injecting msvcr.dll into explorer.exe Memory address redirected volume in explorer.exe to 8 0E Generates a debugger message and then terminates itself Goal is changing file names but keeping the names close not to be noticed and then creating mutux (mutual exclusion algorithms) Resolving DNS names Injected msvcr.dll resolves Attempt to connect to non-routable IP address Runs a loop and waits for instructions from the C&C
24 Anatomy Various Roles C&C Role Collects hard disk information Msvcr.dll jumps into function at 0x to 0x10001E9A Calls API s GetLogicalDrives GetDriveTypeA GetdiskFreeSpaceExA Script is written to decrypt msvcr.dll sends standard HTTP request with machine ID and receives standard HTTP response Send collected information through encryption HTTP traffic to C&C New binaries are downloaded and injected Only selected files are uploaded Files with extensions of *.dll and *.v2
25 Anatomy Trojan Use in APT Trojan Used for Collection of Passwords Extracts information from SAM file and generates a temp. file with prefix of SAM All passwords are written to temporary files and compressed and renamed efore termination this process files are renamed avcwin32.exe to svcwin32.exe Collection of File System Details Scans all hard disk, CDROW and Floppy diskette File names and MAC time Collected information is kept inside a file called drive compressed and injected to msvcr.dll Trojan Used for Capturing Screens aacvcwin32.exe screen captures bitmap format every 1000 milliseconds Screens are compressed and renamed with extension of *.v2
26 DNS Role Scalability Virtual Host Support Evasion of Common lacklist Where is myhacked.site.com After searching it is located Then cached for future inquiries
27 Lifecycle Malicious Mail with infected attachment or link RAT Installation (remote access tool or remote administration tool) User opens infected attachment User follows the link and malicious software is installed Outbound perceived to be less hazardous Example POISONIVY RAT Control RAT communicates with C&C Server for orders Information Gathering Compromised host used as a hop Attacker sweeps the Internal networks
28 Type of Communications Protocol (c&c) in APT s Lurk X-Shell C601 Communications Cookie Stealing Murcy Communications Oscar Protocol Protocol D Protocol QDigit Protocol Name Servers
29 How X-Shell C601 works -X-Shell RAT is commercial software Compromised computers communicated with path.alyac.org on port 443 This is not SSL traffic It was command-line based Remote Administration Tool (RAT) C indicates it was not a free version but custom At byte 288 name listed as svchost.exe System registry was compromised RAT executes as a service by the trusted process svchost.exe Functionality depends on the version, release, and etc. Common Functionality Start a command shell Control processes and services, upload/download files Terminate TCP connections Create user accounts Retrieve system information Log user activity ( via keylogger) Modify timestamps on files Conduct process injection Conduct ddos Shutdown or restart the computer
30 X-Shell continued RAT Awareness VM Proxy Can used a specified DNS server to resolve callback domains Some have rootkit functionality and avoid detection by antivirus software 3 rd party plugins can be developed and integrated Encrypted file search SMS notification service Used as a part of a botnet to send spam or DDOS RAT and Malware are generated by a Control Program Options to digitally sign the malware, specify it connections mode, install malware, recover the System Service Dispatch Table before installation, and Abort installation if a VM is detected When X-Shell malware is generated the connect mode is selected malware is configured with a static C2 host and control port During generation notify the malware of a new C2 host and port via a configuration webpage Malware communicates with a webpage and a C2 server a regular intervals between seconds
31 How it Works Lurk Protocol Uses TCP port 80 via the Lurk Protocol 15-byte header followed by data compression Header contained Protocol identifier, size, and compression information Decompressed data revealed Name, Computer Specifications, and OS of the compromised Computer Domain windowpdate.org pointed to S. Korea IP address Malware used to send communication to office.windowupdate.org was signed using a compromised code signing certificate belonging to YNK Japan Inc. a producer of on line games. This same certificate has been used in attacks including Hupigon malware Compromised code signing cedrtificate was revoked on July 29, 2011 revocation was not active before July 29, THE CERTIFICATE continued to validate after the revocation
32 Anatomy Summary and Review Dropper dg003.exe Droppee msvcr.dll Trojan-Spies fvcwin32.exe acvcwin32.exe avcwin32.exe Uses large amount of Windows API calls to reduce its size Encrypted HTTP traffic to transmit collected information back to the C&C s uses for reconnaissance Then send spear-phising phising
33 How did SK Communications get Hacked? Communication Malware Programmed to communicate with several Callback Domains DNS was used for directions to the callback domain DNS gives out the callback domain and IP location Malware communications with the C2 server located at x.x.x.x. to obtain C2 instructions or to send a response C2 server provides additional instructions to the malware Callback locations was registered (for 1 yr) but very close to a legitimate company The 1 yr. registration was not renewed Office.windowupdate.org vs windowupdate.org The adm. Address and contact t information listed in the DNS records is identical to that listed for the legitimate Microsoft domain 8 Different types of C2 communications were observed to alyac.org subdomains Communications included Update information
34 How to Catches Such an Attack Unrecognized or never before seen traffic type on Port 80 Web Content Filter updates all domains on a 24 hr. basis Domains do not match up Outbound traffic to a S. Korean IP address was not authorized Windowupdate.org and alyac.org were resolving with the same IP address IDS would identify unknown patterns Web Content Filtering and AARE would identify Intelligent/Algorithms would have identified, captured, and blocked Geo Location to the CO Source from Shaoxing China but botnets in Illinois, Texas, Taiwan If any of these would mutate the AARE engine and analytics would have Honeypot detects and learns from entrance attempts Average size File Names Svchost.ext Lexplore.exe Iprinp.kll Wiinzf21.dll Avoids Outbound HTTP Persistence Outbound uses TCP port 80 and 443 Several use other ports and mutate
35 How Intelligence Catches Such an Attack (arrier1) Global Identification of malicious domains Look at DNS queries and Responses Requestor Diversityit Are these machines local or have diversity? Requestor Profile Is it from ISP Small usiness Machine Stand Alone PC Human Lookups have a different diurnal distribution than Malware lookups Resolved IP address reputation # of Requestor IP per CIDR Network ase lining Network ehavior Analysis Layered Algorithms Layered Algorithms Rule Set, Network ehavioral Analysis, and Layered Algorithms
36 Operation Aurora Targeted APT Google Juniper Adobe Rackspace Grumman SCM (software configuration management) not locked down Anatomy Once infected masked SSL to C&C located in Texas, Illinois, Taiwan Included compromised customers of Rackspace Shaoxing China is the source of around 25% of the APT attacks
37 Conclusion APT is showing up beyond just the Military APT mutates and already has several variants It takes more than just static stand alone security components to identify and stop these attacks arrier1 has identified and accurately blocked sophisticated attacks such as APT
38 A ARRI IER1 Thank You
IBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationAdvanced Persistent Threats
Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationTrends in Advanced Threat Protection
Trends in Advanced Threat Protection John Martin Senior Security Architect IBM Security Systems Division 1 2012 IBM Corporation John Martin Senior Security Architect IBM Security Systems Division Security
More informationAPT Advanced Persistent Threat Time to rethink?
APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationDescription: Objective: Attending students will learn:
Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of
More informationDDos Monitoring System using Cloud AV. 2009.09.30 AhnLab, Inc. SiHaeng Cho, Director of R & D Center
DDos Monitoring System using Cloud AV 2009.09.30 AhnLab, Inc. SiHaeng Cho, Director of R & D Center Table of Contents I. Recent Security Threat Trend II. III. Security Industry Response & Issues AhnLab
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationAdvanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management
A Websense Brief By Patrick Murray, Senior Director of Product Management Advanced Persistent Threats: From FUD to Facts With Websense, you can stay a step ahead of the threats. From our roots in web filtering,
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationThe Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats.
The Federal CISO Dilemma You have to do FISMA. You must defend against cyber threats. October 2012 Executive Summary Federal CISOs face a unique cyber security challenge copious amounts of regulatory compliance
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationFighting Advanced Persistent Threats (APT) with Open Source Tools
Fighting Advanced Persistent Threats (APT) with Open Source Tools What is APT? The US Air Force invented the term in 2006 APT refers to advanced techniques used to gain access to an intelligence objective
More informationPerspectives on Cyber Security Strategies & Tactics
Perspectives on Cyber Security Strategies & Tactics Joshua Schmookler, Passaic County NJ MIS Department Security Administrator Micah Hassinger, Bergen County NJ Communications Director of Information Technology
More informationSecurity Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs
Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More informationWeb 2.0 and Data Protection. Paul Tsang Security Consultant McAfee
Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade
More informationCybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com
Cybercrime: evoluzione del malware e degli attacchi Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com About Palo Alto Networks We are the network security company World-class
More informationDETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?
A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationSecurity & Threat Detection: Go Beyond Monitoring
Copyright 2014 Splunk Inc. Security & Threat Detection: Go Beyond Monitoring Philip Sow, CISSP Sales Engineering Manager SEA Security: We have come a long way.. FIG 1: New Malware Sample Over Years Advanced
More informationThe Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!
The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting! March 18 th Meeting ediscovery and Social Media -- What Records Managers Need to Know By: Kelly Twigger Americans spend an average
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationBeyond Aurora s Veil: A Vulnerable Tale
Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationFighting Advanced Persistent Threats (APT) with Open Source Tools
Fighting Advanced Persistent Threats (APT) with Open Source Tools What is APT? The US Air Force invented the term in 2006 APT refers to advanced techniques used to gain access to an intelligence objective
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationTespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report
Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationMalware B-Z: Inside the Threat From Blackhole to ZeroAccess
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and
More informationLASTLINE WHITEPAPER. In-Depth Analysis of Malware
LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationUNCLASSIFIED. http://www.govcertuk.gov.uk. General Enquiries. Incidents incidents@govcertuk.gov.uk Incidents incidents@govcertuk.gsi.gov.uk.
Version 1.2 19-June-2013 GUIDELINES Incident Response Guidelines Executive Summary Government Departments have a responsibility to report computer incidents under the terms laid out in the SPF, issued
More informationSecuring Secure Browsers
Securing Secure Browsers SESSION ID: TRM-T11 Prashant Kumar Verma Sr. Consultant & Head (Security Testing) Paladion Networks @prashantverma21 Agenda Browser Threats Secure Browsers to address threats Secure
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAdvanced Persistent Threats
Advanced Persistent Threats George R Magee~ FCNSA, FCNSP, Fortinet Larry Cushing~ CEO, Unified Technologies Visit us at Booth #11 1 May 27, 2014 2 Threat landscape An Internet Minute 7 7 Fortinet Confidential
More informationEndpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014
Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationFrom Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?
From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that
More informationWhat do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware
What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware Contents Introduction.................................2 Installation: Social engineering
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationHow Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com
How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationASEC REPORT VOL.29 2012.06. AhnLab Monthly Security Report. Malicious Code Trend Security Trend Web Security Trend
ASEC REPORT VOL.29 2012.06 AhnLab Monthly Security Report Disclosure to or reproduction for others without the specific written authorization of AhnLab is prohibited. Copyright (c) AhnLab, Inc. All rights
More informationCyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security
Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning
More information