Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12



Similar documents
Security and Privacy

Defending Against Cyber Attacks with SessionLevel Network Security

Covert Operations: Kill Chain Actions using Security Analytics

Practical Steps To Securing Process Control Networks

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

The Hillstone and Trend Micro Joint Solution

Advanced Threat Protection with Dell SecureWorks Security Services

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

WHITE PAPER. Understanding How File Size Affects Malware Detection

Content Security: Protect Your Network with Five Must-Haves

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Top Ten Cyber Threats

Carbon Black and Palo Alto Networks

Advanced Persistent Threats

Cisco Advanced Malware Protection for Endpoints

User Documentation Web Traffic Security. University of Stavanger

Defending Against Data Beaches: Internal Controls for Cybersecurity

Security Analytics for Smart Grid

Agenda , Palo Alto Networks. Confidential and Proprietary.

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Fighting Advanced Threats

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Symantec Advanced Threat Protection: Network

Networking for Caribbean Development

COB 302 Management Information System (Lesson 8)

Cisco RSA Announcement Update

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Breaking the Cyber Attack Lifecycle

A Cyber Security Integrator s perspective and approach

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

OPC & Security Agenda

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Anti-exploit tools: The next wave of enterprise security

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

The Next Generation Security Operations Center

Advanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Data Center security trends

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Seven Strategies to Defend ICSs

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Cloud Based Secure Web Gateway

Advanced Threats: The New World Order

Network Security and the Small Business

Top 5 Security Trends and Strategies for 2011/2012 Peter Sandkuijl Europe SE manager network security psandkuijl@checkpoint.com

Don t Fall Victim to Cybercrime:

Cisco Cyber Threat Defense - Visibility and Network Prevention

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

Mobile Devices and Malicious Code Attack Prevention

Computer Security DD2395

One Minute in Cyber Security

Getting Ahead of Advanced Threats

Cisco Advanced Malware Protection

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

BlackRidge Technology Transport Access Control: Overview

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Computer Security. Security.di.unimi.it/sicurezza1314/ Chapter 1: 1

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Into the cybersecurity breach

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

Spear Phishing Attacks Why They are Successful and How to Stop Them

Internet Safety and Security: Strategies for Building an Internet Safety Wall

CS 356 Lecture 9 Malicious Code. Spring 2013

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Top tips for improved network security

Energy Cybersecurity Regulatory Brief

Combating the Next Generation of Advanced Malware

Types of cyber-attacks. And how to prevent them

Getting real about cyber threats: where are you headed?

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Enterprise Cybersecurity: Building an Effective Defense

FORBIDDEN - Ethical Hacking Workshop Duration

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

Stop advanced targeted attacks, identify high risk users and control Insider Threats

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

Cybersecurity for the C-Level

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

Transcription:

Trends in Malware DRAFT OUTLINE

Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance, attackers are developing ever more sophisticated malware exploits. Modern malware increasingly preys on human naivety, burrows deep within operating systems, and is even able to change its own software code to evade detection. In this session we will examine the current malware landscape, looking at who is behind the attacks, how it works, and, most importantly, what we can do to counter the threat.

Recent, High Profile Attacks Target Facility Adversary Means Attack Goal Result Strategic Goal Significance Telvent Canada Ltd Electricity Chinese hackers Malware Steal intellectual property Penetrated security defenses and obtained software and blueprints related to SCADA system Unknown Undetermined Aramco, Saudi Arabia Oil Hacktivist Malware (Shamoon) Information destruction, steal intellectual property Erased hard drives Stated: End government oppression, particularly in middle east First publicly known case of hacktivist group using state developed malware RSA IT Chinese hackers Malware (Excel Spreadsheet) Steal intellectual property Compromised RSA SecureID token generation Speculation: Steal US jet fighter blueprints from LM Speculation: Acceleration of Chinese military capability Natanz Nuclear Facility, Iran Nuclear US & Israeli Government Malware (Stuxnet) Halt or delay uranium enrichment Destroyed centrifuges Delay Iran from obtaining nuclear material First publicly known, attributed use of cyber weapon by national government

Malware Track Record 2010: On average, only 53% of malware detected on download * 2011: 250% Increase in unique malware domains ** 2011: 49% of breaches used malware *** 2012: On average, 2 new, unique pieces of malware per day **** * 2010 NSS Labs study (www. nsslabs.com) ** 2011 Cisco Global Threat report (www.cisco.com) *** 2011 Verizon Data Breach Investigations Report **** 2012 ZDNET http://www.zdnet.com/blog/bott/the-malware-numbers-game-how-many-viruses-are-out-there/4783

What is Malware Malware, short for malicious software, is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer system. - Wikipedia

Characteristics Proliferate (spread) Infect (infiltrate) Conceal (hide) Compromise (disrupt, exfiltrate)

Malware Types Virus (self replicates by attaching to another program or file) Worms (replicates independent of another program) Trojan Horses (masquerades as legitimate file or program) Rootkits (gain privileged access to a machine while concealing itself) Spyware (collect information from target system) Adware (delivers advertisements with or without consent)

Actors Government & Military Organized Crime Terrorists Activists Opportunists (just for kicks, profit, show-off skills)

Early Malware 1988 - Morris Worm (remotely connect to a UNIX process, overwrite memory (buffer overflow) and gain access to the machine) 2001 - NIMDA (spread through email or webs. Would modify or replace legitimate files on system and open remote access with admin privileges.) 2005 - Sony BMG rootkit (Installed by inserting SONY music CD into PC. Designed to prevent copying of CD - XCP. Software hid itself and opened vulnerabilities that subsequent malware exploited)

Traditional Defense Manual Inspection & Removal (use tools to look for files or settings and remove or restore) Anti-Virus (look for file or settings signature and remove or restore) Intrusion Detection / Protection (look for packet types, formats, patterns and block or redirect) Firewall (filter, permit or deny traffic) Sandboxing (limit behavior - restrict application rights/ access, lock-down systems, segment networks, etc.)

Modern Malware Customized & Targeted Polymorphic (pieces of code in the malware change for each distribution - e.g. shifting encryption, data insertion, changing code run order) Remotely controlled with encrypted communications (botnets - provide agility and flexibility) Persistent and intelligent (probe network to find more vulnerabilities, adjust tactics, blend in, low and slow) Beyond computers (mobile, industrial)

Integrated Attacks 1. Infiltrate: spam, phishing, P2P networks, web browsing, social media, social engineering, 2. Infect: trojan horse, virus, worm 3. Persist & Spread: worm, botnet, rootkit 4. Attack: Steal, SPAM, DDoS

Modern Defense Architecture (policy, governance, operations, capabilities) Intelligence-led threat defense, not just vulnerability elimination Contextual & anomaly-based threat detection Automated, policy-based enforcement

Security Architecture Security starts with goals (i.e. what s important to the business) Requires policy and governance that aligns with goals Leverages cyber defense operations that implement policy and governance Builds on an infrastructure platform that provides trust, visibility & resilience

Intelligence-led Threat Defense Assess target, adversary, risk, means as a basis for developing defenses Balance across prevention, preparation, response, and recovery Build sources of local and global intelligence

Context & Anomalybased Threat detection Complexity of modern malware means static, signature-based systems alone do not work Monitor a broad scope of behaviors to fingerprint attacks Correlate with risk of compromise

Automated, Policy- Based Enforcement User, device, location, and resources are no longer fixed Identity is the new perimeter Infrastructure must leverage policy to dynamically enforce access as user, device, location, and resources shift

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information