Changing threat landscape The Botnet perspective
|
|
- Simon Bell
- 8 years ago
- Views:
Transcription
1 Changing threat landscape The Botnet perspective
2 Online Interactions Changing and Increasing INSTANT MESSAGING MUSIC BLOGS GAMES FILE SHARING CALENDAR 2 ND GENERATION CHAT PC Centric Online Centric PICTURES LATE 1990 s FINANCES VOIP EARLY 2000 s SOCIAL NETWORKS CURRENT COLLABORATION BotNet Seminar - CERT-IN 2
3 Threats Will Continue to Evolve Threats Will Continue to Evolve Financial / Criminal Phishing Zero Day Exploits & Threats Motivation Bots & Botnets Spyware Spam Crimeware Worms Vulnerabilities Curiosity / Viruses Technical Interest Mainstream Timing BotNet Seminar - CERT-IN 3
4 Global Intelligence Network 4 Symantec SOCs Symantec Monitored Countries + 40,000+ Registered Sensors in 180+ Countries + 8 Symantec Security Response Centers 200,000 Millions Hundreds malware of threat security of submissions MSS reports alerts customers per month per month >6,000 Managed Security Devices Million Systems Worldwide + 30% of World s Traffic + Advanced Honey Network Tokyo, Japan Calgary, Canada San Francisco, CA Redwood City, CA Santa Monica, CA Dublin, Ireland Twyford, England Munich, Germany Taipei, Taiwan Alexandria, VA Pune, India Sydney, Australia BotNet Seminar - CERT-IN 4
5 ISTR XI Global trends The current threat environment is characterized by an increase in data theft, data leakage, and the creation of malicious code that targets specific organizations. Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity Increased inter-operability between diverse threats - blended threats Year of the zero-day, targeted malicious code and the exploitation of medium severity vulnerabilities High levels of malicious activity across the Internet with increases in bot networks, phishing, spam and Trojans BotNet Seminar - CERT-IN 5
6 The Fraud Food Chain Phisher Cashier Spammer Egg Drop Server Fraud Website (+ Trojan horse) Botherder Phishing Messages Victims BotNet Seminar - CERT-IN 6
7 India Threat landscape The Indian threat landscape ecosystem -Malcode -Spam Zombies -Command and Control -Bots -Phishers -Spammers India is the hub for more than 40 Command and Control servers BotNet Seminar - CERT-IN 7
8 India ISTR XI - Active bot-infected computers per day Symantec observed an average of 19,095 active distinct bot-infected computers per day in the APJ region. Symantec detected an average of 277 active botinfected computers per day in India.. BotNet Seminar - CERT-IN 8
9 Bot-infected computers by city Rank City Percent of bot infected computers in India 1 Mumbai 38% 2 New Delhi 25% 3 Bangalore 15% 4 Chennai 10% 5 Bhopal 4% 6 Hyderabad 2% 7 Surat 1% 8 Bhubaneswar 1% 9 Pune 1% Mumbai had the highest number of bot-infected computers in India, accounting for 38 percent of the total 25 percent of all bot-infected computers in India were located in New Delhi Bangalore ranked third, accounting for 15 percent of bot-infected computers in India 10 Noida 1% BotNet Seminar - CERT-IN 9
10 India - ISTR XI Spam Spam originating in India accounted for one percent of all spam originating in the top 25 spam-producing countries making India the eighteenth ranked country worldwide for originating spam. A high percentage of originating in India constituted spam. Of the messages originating in India 76 percent were considered spam BotNet Seminar - CERT-IN 10
11 India - ISTR XI Threats to confidential information 60% of the top 50 malicious codes reported in India contained threats to confidential information 84% of confidential information threats by volume allowed remote access BotNet Seminar - CERT-IN 11
12 Top Attacks against India Rank Short Description Proportion 1 Generic TCP Segment Overwrite Attack 63% 2 Generic HTTP CONNECT TCP Tunnel Attack 17% 3 Microsoft SQL Server 2000 Resolution Service Stack Overflow Attack 8% 4 Generic SMB Authentication Failure Event 5% 5 Generic SMB User Enumeration 3% 6 Generic TCP Hijacking Attack 2% 7 Generic IP Overlapping Fragment (teardrop, teardrop2, bonk, boink) DoS attack 1% BotNet Seminar - CERT-IN 12
13 Attacks on & from India Top originating countries for Attacks on India Top destination Countries for attacks from India Rank Country 1 United States 84% 2 Australia 6% 3 United Kingdom 3% 4 Switzerland 2% 5 China 1% 6 Germany 1% 7 Taiwan 1% Attack Proportion Rank Country Proportion 1 United States 68% 2 Australia 11% 3 United Kingdom 9% 4 China 2% 5 Canada 2% 6 Italy 1% 7 Switzerland 1% 8 Singapore 1% BotNet Seminar - CERT-IN 13
14 Botnet BotNet Seminar - CERT-IN 14
15 What is a botnet? An army of compromised hosts ( bots ) coordinated via a command and control center (C&C). The perpetrator is usually called a botmaster. C&C Server Find and infect more machines Bots BotNet Seminar - CERT-IN 15
16 A botnet is comparable to compulsory military service for windows boxes Bjorn Stromberg BotNet Seminar - CERT-IN 16
17 What is a botnet? Internet Relay Chat (IRC) is the most predominant protocol in use today to disseminate C&C information. Simple and flexible Many open source implementations are available BotNet Seminar - CERT-IN 17
18 Bot life cycle 1. Miscreant (botherd) launches worm, virus, or other mechanism to infect Windows machine. 2. Infected machines contact botnet controller via IRC. 2.5: Infection vector closed. 3. Spammer (sponsor) pays miscreant for use of botnet. 4. Spammer uses botnet to send spam s. (Usually NOT through IRC channel; typically botherd will open proxy ports on bots and provide proxy list to spammer.) (Image from Wikipedia.) BotNet Seminar - CERT-IN 18
19 Botnet life cycle 1. Compromise of controller. 2. Distribution of malware compromise of individual bots. 3. Bots connect to controller; form botnet. 4. Botnet activity used by botherder for own purposes or use sold to others. 5. Botnet controller identified by NSP/ISP security; monitored or shutdown. 6. Bots become idle or attempt to contact another controller; some bots have vulnerabilities repaired. BotNet Seminar - CERT-IN 19
20 Roles and responsibilities Botherder: Collects and manages bots. Botnet seller: Sells the use of bots (or proxies) to spammers. Spammer: Sends spam. Sponsor: Pays spammer to promote products or services. Exploit developer: Develops code to exploit vulnerabilities. Bot developer: Develops (or more commonly, modifies existing) bot code. Money launderer ( payment processor ): Work-at-home opportunity to process payments/launder money for sponsors. BotNet Seminar - CERT-IN 20
21 Typical IRC Infection Cycle optional Bots usually require some form of authentication from their botmaster BotNet Seminar - CERT-IN 21
22 How authentication happens? Generally speaking, the bot-to-irc server communication requires any combination of 3 types of authentication: bot authenticates itself to server bot authenticates itself to C&C channel botmaster authenticates himself/herself to bots before they accept commands Passwords for steps I and II are hard-coded in the binary and sent in clear. BotNet Seminar - CERT-IN 22
23 Example Illicit activities piracy mining attacks hosting Activities which has been seen Stealing CD Keys: 50 botnets Š ,000 bots/net PRIVMSG #atta :BGR $ getcdkeys BGR !nmavmkmyam@ PRIVMSG #atta :Microsoft Windows Product ID CD Key: ( ). BGR !nmavmkmyam@ PRIVMSG #atta :[CDKEYS]: Search completed. Clients/servers spread around the world Reading a user's clipboard: B][!Guardian@globalop.xxx.xxx PRIVMSG ## chem## :~getclip Ch3m !~zbhibvn@xxx-7CCCB7AA.click-network.com PRIVMSG ##chem## :- [Clipboard Data]- Ch3m !~zbhibvn@xxx-7CCCB7AA.click-network.com PRIVMSG ##chem ## :If You think the refs screwed the seahawks over put your name down!!! Š Different geographic concentrations DDoS someone: devil!evil@admin.of.hell.network.us PRIVMSG #t3rr0r0fc1a :! pflood s7n 2K503827!s7s@ PRIVMSG #t3rr0r0fc1a :\002Packets\002 \002D\002one \002;\002>\n s7n 2K503827!s7s@ PRIVMSG #t3rr0r0fc1a flooding...\n Setup a webserver (presumably for phshing) [ DeXTeR]!alexo@l broadband.actcom.net.il PRIVMSG [Del]29466 :.http 7564 c:\\ [ Del]38628!zaazbob@born113.athome233.wau.nl PRIVMSG _[DeXTeR] :[HTTPD]: Server listening on IP: :7564, Directory: c:\\. BotNet Seminar - CERT-IN 23
24 Uses of BotNets Distributed Denial-of-Service Attacks Spamming Sniffing Traffic Keylogging Spreading new malware BotNet Seminar - CERT-IN 24
25 Uses of BotNets Installing Advertisement Add-ons and Browser Helper Objects (BHOs) Attacking IRC Chat Networks Manipulating online polls/games Mass identity theft BotNet Seminar - CERT-IN 25
26 Types of Botnets Agobot/Phatbot/Forbot/XtremBot SDBot/RBot/UrBot/UrXBot/... mirc-based Bots - GT-Bots BotNet Seminar - CERT-IN 26
27 Types of Botnets DSNX Bots Q8 Bots kaiten Perl-based bots BotNet Seminar - CERT-IN 27
28 Existing host-based bot detection Signature-based Behavior-based Monitor outbound network connection attempts (e.g. Symantec End Point Protection, ZoneAlarm, ) Block certain ports (25, 6667,...) Hybrid: content-based filtering Match network packet contents to known command strings (keywords) BotNet Seminar - CERT-IN 28
29 Content-based filtering BotNet Seminar - CERT-IN 29
30 Existing network-based botnet detection Use botnets ongoing C&C behavior as basis of detection {port, protocol, content-based} filtering Identify a particular IRC channel as likely to be rendezvous point via heuristics Distinguish botnet DDoS attack on website from flash crowd Identify botnet traffic based on its anomalous rate of dynamic- DNS lookups BotNet Seminar - CERT-IN 30
31 Defense mechanisms: Prevention Prevent infections at the host: Endpoint Security, Vulnerability Management. Prevent malware delivery on the network: Firewalls, Intrusion Prevention Systems, Clean IP, Mail Filtering, Composite Blocking List. Prevent sale of services to miscreants: AUPs, contracts, customer screening. Prevent phishing: Tools to identify fake websites for end users. BotNet Seminar - CERT-IN 31
32 Defense mechanisms: Detection Detection of host infections: Host Intrusion Detection Systems (IDS s), honeypots, monitoring botnet controller activity. Detection of malware on the network: Network IDS, Netflow, Darknets/Internet Motions Sensors/Internet Telescopes, honey monkeys. Detection of spam operations/miscreants: Spamhaus, monitoring miscreant communications. BotNet Seminar - CERT-IN 32
33 Defense mechanisms: Response Nullrouting of botnet controllers Quarantining of bots, automated notifications Bot simulation/intentional infection/monitoring (Microsoft Honey Monkeys, Decoy Bot) Undercover investigation (ICCC, FBI) Civil and criminal prosecution BotNet Seminar - CERT-IN 33
34 References Tracking BotnetsUsing honeynets to learn more about Bots The Honeynet Project & Research Alliance BotNet Seminar - CERT-IN 34
35 Conclusion Botnets are the primary infrastructure of criminal activity on the Internet, used most heavily for spamming, phishing, and creating more bots. An effective response to botnets in order to reduce spam, phishing, and denial of service requires a combination of policies and procedures, technology, and legal responses from network providers, ISPs, organizations on the Internet, and law enforcement and prosecutors. All of these components need to respond and change as the threats continue to evolve. BotNet Seminar - CERT-IN 35
36 Future Watch As broadband penetration in India increases, the impact of threats will increase Level of attacks are getting modular, sophisticated and for financial gain Clear signs of online underground economy for fraud India is a participant in the fraud food chain Increasing evidence of data leakage and financial driven crimes Old threats persist, as newer threats continue to emerge BotNet Seminar - CERT-IN 36
37 Key Findings The home user sector was by far the most highly targeted sector in the region, with attackers taking advantage of the relatively limited security measures and practices to gain access to confidential information. Threats targeting online games and gamers are emerging as a new focus of malicious activity. Phishers are expected to expand their targets to massively multiplayer online games. Phishing activity tends to mirror an average business week as attackers attempt to mimic legitimate companies practices. Holidays such as Christmas and New Year and large events like the FIFA World Cup increase the amount of phishing activity. MSN Messenger was affected by 35% of new instant messaging threats in the second half of the year. BotNet Seminar - CERT-IN 37
38 Thank You! 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. BotNet Seminar - CERT-IN 38
CS 6262 - Network Security: Botnets
CS 6262 - Network Security: Botnets Professor Patrick Traynor Fall 2011 Story 2 Botnets A botnet is a network of software robots (bots) run on zombie machines which run are controlled by command and control
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security
More informationLecture 19 - Network Security
Lecture 19 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Exploiting the network... The Internet is extremely
More informationInformation & network security in the new threat landscape. Sarah Greenwood
Information & network security in the new threat landscape Sarah Greenwood Today s Discussion 6 The current threat landscape Security technology moving forward The role of policy makers 2 Symantec Global
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationSymantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.
Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationCountermeasures against Bots
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
More informationBotNets- Cyber Torrirism
BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation
More informationHow To Stop A Ddos Attack On A Website From Being Successful
White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationBest Practices for a BYOD World
Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile
More informationThe author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:
The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Author: Examining the Creation, Distribution, and Function
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationCSC574 Computer and Network Security Module: Internet Malware
CSC574 Computer and Network Security Module: Internet Malware Prof. William Enck Spring 2013 1 Worms A worm is a self-propagating program. As relevant to this discussion 1. Exploits some vulnerability
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationImplementation of Botcatch for Identifying Bot Infected Hosts
Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationPhishing Activity Trends Report June, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationStopping zombies, botnets and other email- and web-borne threats
Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationMulti-phase IRC Botnet and Botnet Behavior Detection Model
Multi-phase IRC otnet and otnet ehavior Detection Model Aymen Hasan Rashid Al Awadi Information Technology Research Development Center, University of Kufa, Najaf, Iraq School of Computer Sciences Universiti
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record
More informationCS 356 Lecture 9 Malicious Code. Spring 2013
CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationCEH Version8 Course Outline
CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationA TASTE OF HTTP BOTNETS
Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationCybercrime Security Risks and Challenges Facing Business
Cybercrime Security Risks and Challenges Facing Business Sven Hansen Technical Manager South Africa East Africa Security Conference August 2013 1 Agenda 1 What is Cyber Crime? 2 Cyber Crime Trends 3 Impact
More informationORGANIZADOR: APOIANTE PRINCIPAL:
ORGANIZADOR: APOIANTE PRINCIPAL: Miguel Gomes 912412885 luismiguel_gomes@symantec.com Alliances Portugal, Africa, Brasil Coverage One of the biggest CSP worlwide Tec. Inovator Strong Cloud Bet and investment
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationPhishing Activity Trends Report for the Month of December, 2007
Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationQuarterly Report: Symantec Intelligence Quarterly
Symantec Intelligence Quarterly: Best Practices and Methodologies Quarterly Report: Symantec Intelligence Quarterly Symantec Intelligence Quarterly: Best Practices and Methodologies Contents Symantec
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCommissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss
Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationCurrent counter-measures and responses by CERTs
Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationPractical tips for a. Safe Christmas
Practical tips for a Safe Christmas CONTENTS 1. Online shopping 2 2. Online games 4 3. Instant messaging and mail 5 4. Practical tips for a safe digital Christmas 6 The Christmas holidays normally see
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationChoosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!
Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both! Matteo Masserini Steven Kulley Tarun Sondhi Emerging Region Sales Specialist Regional Product Manager - EMEA
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:
More informationCyber and Mobile Landscape, Challenges, & Best Practices
Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationSecurity Business Review
Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large
More informationSecurity Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs
Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Albert Rees Computer Crime and Intellectual Property Section (CCIPS) Criminal Division,
More informationThe FBI and the Internet
The FBI and the Internet Special Agent Robert Flaim Federal Bureau of Investigation Presentation Goals To give you a better understanding of: The FBI Cyber Division, its priorities, and its mission The
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationDDoS Attacks & Defenses
DDoS Attacks & Defenses DDOS(1/2) Distributed Denial of Service (DDoS) attacks form a significant security threat making networked systems unavailable by flooding with useless traffic using large numbers
More informationSpyware. Summary. Overview of Spyware. Who Is Spying?
Spyware US-CERT Summary This paper gives an overview of spyware and outlines some practices to defend against it. Spyware is becoming more widespread as online attackers and traditional criminals use it
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationMITB Grabbing Login Credentials
MITB Grabbing Login Credentials Original pre-login fields UID, password & site Modified pre-login fields Now with ATM details and MMN New fields added MITB malware inserted additional fields. Records them,
More informationSymptoms Based Detection and Removal of Bot Processes
Symptoms Based Detection and Removal of Bot Processes 1 T Ravi Prasad, 2 Adepu Sridhar Asst. Prof. Computer Science and engg. Vignan University, Guntur, India 1 Thati.Raviprasad@gmail.com, 2 sridharuce@gmail.com
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationCYBER SECURITY. II. SCANDALOUS HACKINGS To show the seriousness of hacking we have included some very scandalous hacking incidences.
CYBER SECURITY Mandar Tawde, Pooja Singh, Maithili Sawant, Girish Nair Information Technology, Government Polytechnic Mumbai 49, Kherwadi Ali Yawar Jung Marg, Bandra (E), Mumbai-400051, India mandar258@gmail.com,
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More information1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS
1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS Dominic Stahl Systems Engineer Central Europe 11.3.2014 Agenda Preface Advanced DNS Protection DDOS DNS Firewall dynamic Blacklisting
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationUse of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack
Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack Shantanu Shukla 1, Sonal Sinha 2 1 Pranveer Singh Institute of Technology, Kanpur, Uttar Pradesh, India 2 Assistant Professor, Pranveer
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationCertified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led
Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Course Description This class will immerse the student into an interactive environment where they will
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationTips to help you stay safe online
Tips to help you stay safe online There are now thought to be more than 200,000 malicious programs in existence - the vast majority of which are aimed at subverting Windows PCs. These problem programs
More information