How CNCERT/CC fighting to Botnets. Dr.Mingqi CHEN CNCERT/CC March 31, Beijing
|
|
- Amy Cook
- 8 years ago
- Views:
Transcription
1 How CNCERT/CC fighting to Botnets Dr.Mingqi CHEN CNCERT/CC March 31, Beijing
2 Part 1 Content New security threats Part 2 How to detect and handle BotNets Part 3 Fighting BotNets Activities Part 4 Suggestions for Cooperation
3 1 Botnet at China Background: At China, the internet: 111 million Netizens Near 694 thousand websites 136,106 M international bandwidth (from CNNIC, 17 th survey till Dec ) New threats: Phishing/Spyware/Botnet
4 Phishing Top 3 Hosting Countries: U.S:34.67%. Korea:9.83%, China:8.98%
5 Spywares of China Oct.9-Dec : For 30+ Spywares,700, 000+ host at China Mainland What they are doing? -collect information and send back to servers -get key words form servers -down load files from servers Control servers: -most at foreign countries -such as: U.S 42 Korea 26
6 Selling Zombies Online
7 Providing DDoS Attack Service DDoS Attack Service! Prices List: -No FW:100RMB/H -100M Hardware FW:300RMB/H -1000M Hardware FW:600RMB/H -10,000+ chickens is guaranteed
8 Botnets detected at 2005 Number Number distrubution of Botnets at 2005 (more than 1000 infected hosts) 143 Botnets>5000 infected hosts Biggest: infected hosts 120 What they are doing? >10 万 5-10 万 3-5 万 1-3 万 Botnet's Scale
9 2 How to detect and handle Botnet Network structure of a BotNet -IRC based
10 Methods to detect Botnets 1 Honeynet Honeypot/Honeywall Log analysis+bot sample analysis -honeynet project 2 IDS +IRC protocol analysis NetSec Monitoring Platform 3 BOT Beahvior Fast joining bots Long standing connection Not talkative -DdoSVax Porject
11 Comparision of detecting methods of IRC Botnets Scope and bot type Information Type Information granularity HoneyPot 监 测 点 上 有 感 染 传 播 能 力 的 bot bot 收 到 / 发 出 的 所 有 消 息 很 细, 但 只 限 于 bot 收 发 的 信 息 IRC protocol 监 测 范 围 内 活 动 的 bot 符 合 已 知 的 (IRC) 协 议 监 测 条 件 的 网 络 通 信 内 容 掌 握 整 体 信 息 和 一 些 特 定 命 令 信 息 ; 如 : 可 以 发 现 控 制 者 和 控 制 服 务 器 之 间 的 信 息, 但 缺 乏 报 文 内 容 信 息 Bot behaviour 监 测 范 围 内 发 现 较 大 规 模 的 且 严 格 使 用 IRC 协 议 的 botnet 不 适 合 收 集 具 体 信 息 掌 握 整 体 信 息 ; 不 适 合 收 集 具 体 信 息
12 Secret Life Cycle of Botnets 1 Botnet creation By SPAM/Social Enginering/Website with Malicious Codes Bt Botnets/worms:Deloder/Mytob/Zotob 2 Botnet spread TOPIC ##asn-new## :.advscan asn1smb r -b s 3 Botnet transfer( IRC Server transfer) a. Physical host transfer b. Logical host transfer(dds) c. Host Internal transfer
13 Secret Life Cycle of Botnets (cont.) 4 Botnet update By TOPIC 或 PRIVMSG update file: PRIVMSG ##em :!upadfkadf stolen By increase or decease module: PRIVMSG #NotaBot :.spread.add.module vnc_scan\r\n 2005 年 09 月 19 日 02 点 5 Botnet Activity Attack activities:ddos/download spywares/info.stealing/scaning&spreading TOPIC ##bla :.ddos.random *.* // 发 动 拒 绝 服 务 攻 击 Sep.27 8PM 6 Botnet decease a C&C servers not available b bot cleaned by user or AV product c.remove/.uninstall by hacker or others d take the control by other bots
14 3 Preconditions of Botnets handling As Sun Tzu says: 知 己 知 彼, 百 战 不 殆 Known the enemy and yourself and you can fight a hindered battles with no danger of defeat ---The art of war C&C server info.: -DNS/IP Port Access password(if); Channel Info.: -Name Access password(if); Control password Coding rules: -Controller ID authentication: login password -Coding rules& controller in Bot Command set supported by Bot: -Authentication update self-delete commands. Such as login.update.download.uninstall etc.
15 Botnets handling 一 Control whole botnet 擒 贼 先 擒 王 模 拟 控 制 者, 对 僵 尸 网 络 进 行 完 全 控 制 Final Solution: Analysis the bot code Locate C&C server with the authortion or agree of user Send false update command( 吃 毒 丸 ) ; Send self-delete command ( 集 体 自 杀 ); Precondition:get the authentication information of controller 二 Cut communication channel of zombies and C&C server 釜 底 抽 薪 切 断 用 户 主 机 和 控 制 服 务 器 的 联 系 : Blcok C&C server with the accurate info.of C&C server 在 局 域 网 边 界, 阻 断 与 控 制 服 务 器 之 间 的 通 信 条 件 : 掌 握 控 制 服 务 器 的 准 确 信 息 Cancel DN serverce with : 取 消 域 名, 无 法 解 析 ; 条 件 : 得 到 授 权 三 Clean bot and patch system 攘 外 必 先 安 内 清 除 用 户 终 端 上 的 Bot 程 序, 打 补 丁 : By User: 手 工 查 杀 By AV product: 专 杀 工 具 或 升 级 杀 毒 程 序
16 Our actions 1. Keep Detecting Botnets through our platform, since Dec Exchange Botnets Data, especially C&C Server --Form Our partners --Form some CERTs teams 3.With the help of Local Branch and ISPs, with the agree of the Host owner of C&C server: close down the C&C server. 4. Through Information sharing channel, inform users of zombies, provide clean tools for some botnets. 5. Share bot codes and analysis results 6. Proactively work with all relevant departments to strike the criminal behaviors: creating, spreading and using malicious Bots.
17 Network Security Drills Dec.20, 2005: -MII & all backbone carriers of China joined -Deputy Minster of MII and 50+ officials Two Scenarios: -Critical Infrastructure attacked by Hackers -DDoS Attack driven by Botnets Dec.21,2005:APCERT security Drills
18 Incident Classification Standard Guidelines for Classification of Information Security Incidents (Draft Stage) - Make and Spread Bot/Trajon/Worm/Virus/other Macilious Code - Mass PII Incident(proposed) -
19 Typical Cases of CNCERT/CC - In Dec 2004, CNCERT/CC detected and broke down a IRC BotNet of 170,000+ hosts, which was used for a DDOS attack.(media Number: 60,000 hosts, Reported last year) - Aug ,CNCERT/CC found a Botnet of 150,000+ hosts -find clues of hackers : 昵 称 为 gunit 的 用 户 曾 经 登 陆 该 网 络 并 向 多 个 频 道 发 送 控 制 命 令, 命 令 为 扫 描 某 种 漏 洞 (2005 年 8 月 29 日 ) - Oct ,W32/Toxbot incident, 290,000+ host, reported by SURFnet
20 CERTs level 4 Suggestions 1 Malicious code share and analysis 2 BotNets elimination: - Exchange C&C Server and clients information - Cooperation to break down BotNets 3 Information sharing Unaware victim information
21 No safe homeland without safe neighbors! Thanks!
Current counter-measures and responses by CERTs
Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationCERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency
CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency I. Alarming call for cooperation with ISPs Slammer Worm Spread most of vulnerable SQL servers
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationKorea s experience of massive DDoS attacks from Botnet
Korea s experience of massive DDoS attacks from Botnet April 12, 2011 Heung Youl YOUM Ph.D. SoonChunHyang University, Korea President, KIISC, Korea Vice-chairman, ITU-T SG 17 1 Table of Contents Overview
More informationCyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in
Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Web Evolution Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos.
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationThe author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:
The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Author: Examining the Creation, Distribution, and Function
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationTHE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing
THE BEST WAY TO CATCH A THIEF Patrick Bedwell, Vice President, Product Marketing AlienVault Vision Accelerating and simplifying threat detection and incident response for IT teams with limited resources,
More informationCountermeasures against Bots
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationNetwork and Incident monitoring
August, 2013 Network and Incident monitoring Koichiro (Sparky) Komiyama Sam Sasaki JPCERT Coordination Center, Japan Agenda 1. Introduction of TSUBAME 2. Recent Observation cases 2 1. INTRODUCTION OF TSUBAME
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Albert Rees Computer Crime and Intellectual Property Section (CCIPS) Criminal Division,
More informationIncident Response 101: You ve been hacked, now what?
Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationThe HoneyNet Project Scan Of The Month Scan 27
The HoneyNet Project Scan Of The Month Scan 27 23 rd April 2003 Shomiron Das Gupta shomiron@lycos.co.uk 1.0 Scope This month's challenge is a Windows challenge suitable for both beginning and intermediate
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationSECURING APACHE : DOS & DDOS ATTACKS - II
SECURING APACHE : DOS & DDOS ATTACKS - II How DDoS attacks are performed A DDoS attack has to be carefully prepared by the attackers. They first recruit the zombie army, by looking for vulnerable machines,
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationWhat keep the CIO up at Night Managing Security Nightmares
What keep the CIO up at Night Managing Security Nightmares Tajul Muhammad Taha and Law SC Copyright 2011 Trend Micro Inc. What is CIOs real NIGHTMARES? Security Threats Advance Persistence Threats (APT)
More informationWorkshop on Infrastructure Security and Operational Challenges of Service Provider Networks
Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the
More informationTunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc
Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationCS 6262 - Network Security: Botnets
CS 6262 - Network Security: Botnets Professor Patrick Traynor Fall 2011 Story 2 Botnets A botnet is a network of software robots (bots) run on zombie machines which run are controlled by command and control
More informationDetecting Bots with Automatically Generated Network Signatures
Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationBEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION
BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION December 2013 In the last few years, we have seen the mobile space explode with malware. According to a recent report by Trend Micro, the number of
More informationGeneral Service Level Agreement
General Service Level Agreement Pricing We offer an unlimited Break / Fix for each device. Cost is below. Server Management = $199 / month per server Network Management = $199 / month per company Desktop
More informationThreat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform
Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform Sebastian Zabala Senior Systems Engineer 2013 Trustwave Holdings, Inc. 1 THREAT MANAGEMENT
More informationspying with bots spying with bots
spying with bots T HORSTEN HOLZ spying with bots Thorsten Holz is a research student at the Laboratory for Dependable Distributed Systems at RWTH Aachen University. He is one of the founders of the German
More informationProtection for Mac and Linux computers: genuine need or nice to have?
Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationMITB Grabbing Login Credentials
MITB Grabbing Login Credentials Original pre-login fields UID, password & site Modified pre-login fields Now with ATM details and MMN New fields added MITB malware inserted additional fields. Records them,
More informationBotnet Detection by Abnormal IRC Traffic Analysis
Botnet Detection by Abnormal IRC Traffic Analysis Gu-Hsin Lai 1, Chia-Mei Chen 1, and Ray-Yu Tzeng 2, Chi-Sung Laih 2, Christos Faloutsos 3 1 National Sun Yat-Sen University Kaohsiung 804, Taiwan 2 National
More informationFoundations of Computer Security
Foundations of Computer Security Lecture 1: Dr. Bill Young Department of Computer Sciences University of Texas at Austin Lecture 1: 1 Course Topics Topics we will cover include: What is computer security?
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationProperty of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply
Malware - Mules & Money Mobile Edition v2.0 By Steve Stasiukonis What We Do Security Assessments & Penetration Tests Incident Response Digital Investigation & Forensic Services Technical Surveillance Countermeasure
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationRevealing Botnets Using Network Traffic Statistics
Revealing Botnets Using Network Traffic Statistics P. Čeleda, R. Krejčí, V. Krmíček {celeda vojtec}@ics.muni.cz, radek.krejci@mail.muni.cz Security and Protection of Information 2011, 10-12 May 2011, Brno,
More informationIs Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic
Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems Presenter: Matt Harkrider Founder, Alert Logic Who We Are: Corporate Fact Sheet Founded: 2002 Sample Customers: HQ: Houston,
More informationNetwork attack and defense
Network attack and defense CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan 1 Outline 1. Overview
More informationBotNets- Cyber Torrirism
BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation
More information6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?
INFO 3435 ecommerce 6. ecommerce Security and Payment Systems Alexander Nikov Teaching Objectives Explain the scope of ecommerce crime and security problems. Describe the key dimensions of e-commerce security.
More informationThe anatomy of an online banking fraud
The anatomy of an online banking fraud or: Harvesting bank account data By Valentin Höbel. Mail to valentin@xenuser.org (March2010) I. What this document is about II. Introduction III. The anatomy of an
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationDISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS
DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS GONG JIAN 2 jgong@njnet.edu.cn Jiangsu Key Laboratory of Computer Networking Technology, China, Nanjing, Southeast University AHMAD JAKALAN
More informationwww.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach
100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationMulti-phase IRC Botnet and Botnet Behavior Detection Model
Multi-phase IRC otnet and otnet ehavior Detection Model Aymen Hasan Rashid Al Awadi Information Technology Research Development Center, University of Kufa, Najaf, Iraq School of Computer Sciences Universiti
More information10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationEmail Threat Trend Report Second Quarter 2007
Email Threat Trend Report Second Quarter 2007, Ltd. 2550 SW Grapevine Parkway, Suite 150 Grapevine, Texas 76051 Phone: (817) 601-3222 Fax: (817) 601-3223 http://www.altn.com/ 2007 Contents Emerging Email
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationBotnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno
CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationMalicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software
CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationMalware Analysis Quiz 6
Malware Analysis Quiz 6 1. Are these files packed? If so, which packer? The file is not packed, as running the command strings shelll reveals a number of interesting character sequences, such as: irc.ircnet.net
More informationTop Ten Cyber Threats
Top Ten Cyber Threats Margaret M. McMahon, Ph.D. ICCRTS 2014 Introduction 2 Motivation Outline How malware affects a system Top Ten (Simple to complex) Brief description Explain impacts Main takeaways
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationStopping zombies, botnets and other email- and web-borne threats
Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationSpeaker Info Tal Be ery
Battlefield Network Speaker Info Tal Be ery Senior Security Research Manager @Microsoft Former VP for Research @Aorato (Acquire by Microsoft) 15 years of security research Author of the TIME attack on
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationUse of The Information Services Active Directory Service (AD) Code of Practice
Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationD m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015. Black market of cybercrime in Russia
D m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015 Black market of cybercrime in Russia WHOAMI Information Security Manager (Russia and CIS) Information Security Officer Information Security
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationUniversities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence
Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationTowards Automated Botnet Detection and Mitigation
Towards Automated Botnet Detection and Mitigation Stopping the Root Cause of Spam Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation Tools & techniques for botnet detection nepenthes
More informationNew challenges in Data privacy.
New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013
More informationDDoS Attacks Can Take Down Your Online Services
DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill
More informationAnalysis of Network Beaconing Activity for Incident Response
Analysis of Network Beaconing Activity for Incident Response FloCon2008 Peter Balland, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by under
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationImplementation of Botcatch for Identifying Bot Infected Hosts
Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More information