Presented at Kaseya Connect 2015 1
Crushes malware. Restores confidence.
Malwarebytes by the numbers. 1.9B+ Real-time protection events Industries fastest response time to new threats- both known and unknown. 5B+ Pieces of malware removed to date Teaming reputable researchers along with our proven heuristics technology, Malwarebytes continues to win awards. Malwarebytes targets threats, we don t just detect them, taking the fight to the criminals. 250M+ Highest Unique PC s cleaned in 2014 User installed consumer anti-malware scanner worldwide* 30M+ Active monthly users * MBAM Free / OPSWAT 1
Today s Threat Landscape
Malware, viruses WHAT?!?! The word MALWARE is a contraction: MALICIOUS + SOFTWARE = MALWARE A virus is malicious, so it too, technically, is malware. PROBLEM: The industry uses the terms (virus and malware) almost interchangeably and your clients don t really understand the differences. Wikipedia: A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously, used to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability. The reality is this: Malware is bad. Viruses are bad. There is some overlap and one thing is certain You don t want either one on your clients computers! * MBAM Free / OPSWAT 2
It s all over the news: Current defenses are FAILING 3
RISK Malwarebytes Evolving threat landscape Rogue AV Trojan PUP and PUM Rootkits Exploits APTs Ransomware Multi-stage malware Email Worms Network Worms Spyware File-Infectors Viruses 4
Modern Malware and PUPs Ransomware Encrypt files and hold them for ransom Ex. Cryptolocker, Cryptowall, FBI Ransomware Banking Trojans Steals banking info by man in the middle keystroke logging Also now seen being used to steal credentials of SaaS applications (Salesforce) Ex. Zeus, Citadel, Spyeye, Carberp, Dyre Potentially Unwanted Programs Obtrusive advertising, inserting ads, Pop-ups, Hijack search engine/home page, bundled with other software, etc. Used to deliver malware 5
Malvertising Malicious Advertising (Malvertising) is a type of online attack wherein malicious code hidden within an online ad infects your computer with malware How it works: User visits a legitimate site and is presented with banners or pop up adds Malvertising utilizes tactics like iframes that redirect users to exploit landing pages where malicious code attacks the system Cybercriminals are able to use malvertising by submitting boobytrapped ads to ad networks for real time bidding; after the ad wins the bid it is propagated in real time Malicious ads rotate with normal ads so hard to detect 6
Vulnerabilities and Exploit Kits Exploit Kits infect people by using holes in outdated software that billions of people use like Internet Explorer, Adobe Flash, Adobe reader The holes or vulnerabilities give cyber criminals an undefended window into users computers allowing them to install and monitor what they want Run payload in memory only Open reverse TCP shell to attacker Migrate code to a Windows System process Kill or suspend the AV Drop & run malware.exe 7
How easy is it to get infected? https://youtu.be/34rrjkrkj1s 8
How common are Exploit Kits? 10
But are YOUR CLIENTS being affected? Survey says In August, 2014 Malwarebytes commissioned a blind online survey designed by independent research firm Lawless Research Responding were 685 endpoint security purchase decision-makers from Research Now online panel in US companies with 50 or more employees 50 to 99: 121 100 to 999: 343 1,000+: 221 11
67% of firms experienced malware In the past 12 months, did your company experience the following infections, threats or attacks? Total N=685 Malware (viruses, worms, spyware and other malicious programs) 67% Potentially Unwanted Program (PUP) 42% File infector virus 40% Hacking or network intrusion 29% Drive-by download 19% Advanced Persistent Threat (APT, a targeted attack aimed at your organization) 17% DoS or DDoS 16% Ransomware 15% Four in ten companies had PUPs and file infector viruses Almost two in ten dealt with APTs, DoS/DDoS, and ransomware Source: The Challenge of Endpoint Security. August 2014. Malwarebytes. N=685 firms with 50+ employees. 12
Highest Severity: Ransomware & APTs In the past 12 months, did your company experience the following infections, threats or attacks? Total N=685 How severe were they? Low Severity Medium Severity High Severity Ransomware 15% 23% 39% 38% Advanced Persistent Threat (APT, a targeted attack aimed at your organization) 17% 28% 35% 37% DoS or DDoS 16% 25% 51% 24% File infector virus 40% 36% 41% 23% Hacking or network intrusion 29% 31% 46% 23% Drive-by download 19% 40% 40% 20% Malware (viruses, worms, spyware and other malicious programs) 67% 40% 42% 18% Potentially Unwanted Program (PUP) 42% 50% 38% 13% Source: The Challenge of Endpoint Security. August 2014. Malwarebytes. N=685 firms with 50+ employees. 13
Impact of threats and attacks is high What impact did the threats or attacks have on your organization? N=561 No Impact Low Impact Medium Impact High Impact Increased help-desk time 12% 25% 40% 24% Reduced employee productivity 13% 31% 37% 20% Difficult to remediate 18% 37% 32% 13% Customer data lost or compromised 50% 22% 19% 9% Intellectual property lost or compromised 49% 24% 19% 8% Negative effect on reputation or sales 51% 25% 18% 6% Medium to High Impact 64%: Increased help-desk time 57%: Reduced employee productivity 45%: Difficult to remediate Source: The Challenge of Endpoint Security. August 2014. Malwarebytes. N=685 firms with 50+ employees. 14
Actions Taken to Remove Threats What actions do you take when a threat is not removed by your AV or anti-malware? Quarantine the machine and reimage Contact our endpoint security vendor for help Look for a solution online Use a free malware removal tool 34% 39% 48% 47% When a threat isn t removed by anti-virus or anti-malware: Five in ten quarantine/reimage the machine and contact their security vendor for more help Use Use a a purchased malware removal toold 28% 0% 10% 20% 30% 40% 50% 60% Source: The Challenge of Endpoint Security. August 2014. Malwarebytes. N=685 firms with 50+ employees. 15
Anti-Exploit Anti-Malware Better Endpoint Security
Better Endpoint Security A layered approach Prevents start of advanced attack chain Malwarebytes Endpoint Security: Proactive Zero-Day Exploit Prevention Proactive Zero-Day Malware Protection Advanced Threat Removal Zero-Day Layer Traditional Layer Zero-Day Threat Protection for Endpoints Removes advanced malware already present Prevents installation of zero-day malware Antivirus Web filtering Whitelisting IDS/IPS, Firewall 16
Risk So what is Zero Day? Zero-Day 3+ days later Malware Traditional Anti-Virus Solutions Malwarebytes Age of Threat 17
Anti-Exploit Stops unknown and known exploit attacks Focuses on HOW vs. WHAT is being delivered Prevents exploit attacks against software vulnerabilities by shielding popular applications and browsers Proactive technology; doesn t rely on signatures, blacklisting, sandboxing or VMs Extremely lightweight footprint (3MB) Minimal to no configuration - set it, and forget it ADDED BENEFIT - Enables security patching on YOUR timetable 18
Anti-Malware Eliminates zero-hour malware your endpoint security can miss Award-winning detection/remediation engine Publicly recommended by other security vendors Leverages malware detection/removal from 300M+ user community Real-time IP blocker stops malware command & control path and prevents phishing Tiny endpoint footprint improves performance (8MB vs. 300MB industry standard)** ** Passmark Performance Test October 2014-80% score vs competition (average 55%) 20
THANK YOU Questions? Your presenters from Malwarebytes: Chad Bacher, VP of Products cbacher@malwarebytes.org Terry Fleming, VP of Channel Sales tfleming@malwarebytes.org Malwarebytes Anti-Exploit Video URL: https://youtu.be/34rrjkrkj1s
Join the IT Management Cloud Revolution Take the complexity out of IT management & security with Kaseya www.kaseya.com 24