Factoring Malware and Organized Crime in to Web Application Security

Similar documents
MITB Grabbing Login Credentials

Protect Your Business and Customers from Online Fraud

Advancements in Botnet Attacks and Malware Distribution

CRYPTUS DIPLOMA IN IT SECURITY

The Key to Secure Online Financial Transactions

Security Evaluation CLX.Sentinel

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Detailed Description about course module wise:

Current Threat Scenario and Recent Attack Trends

Security A to Z the most important terms

Introduction: 1. Daily 360 Website Scanning for Malware

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

CEH Version8 Course Outline

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

A Network Administrator s Guide to Web App Security

Overview of computer and communications security

Course Content: Session 1. Ethics & Hacking

CS5008: Internet Computing

A Systems Engineering Approach to Developing Cyber Security Professionals

Web Application Security Considerations

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic)

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Protecting Your Business from Online Banking Fraud

Spyware. Summary. Overview of Spyware. Who Is Spying?

Securing Secure Browsers

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

CYBERTRON NETWORK SOLUTIONS

Cyber Attack Trend and Botnet

Web Applications The Hacker s New Target

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Spyware Analysis. Security Event - April 28, 2004 Page 1

F5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer

KASPERSKY FRAUD PREVENTION PLATFORM COVERING ONLINE AND MOBILE BANKING RISKS

Current counter-measures and responses by CERTs

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Where every interaction matters.

RMAR Technologies Pvt. Ltd.

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Online Payments Threats

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

The Top Web Application Attacks: Are you vulnerable?

IBM Protocol Analysis Module


WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

Application Security Best Practices. Wally LEE Principal Consultant

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

Introduction to Web Security

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

INFORMATION SECURITY REVIEW

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Information Security Threat Trends

Web application testing

WEB APPLICATION SECURITY

Threats to Online Banking

Threat Events: Software Attacks (cont.)

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Malicious Network Traffic Analysis

Cyber Security and Critical Information Infrastructure

2015 TRUSTWAVE GLOBAL SECURITY REPORT

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Basic Security Considerations for and Web Browsing

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Criteria for web application security check. Version

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Using a Malicious Proxy to Pilfer Data & Wreak Havoc. Edward J. Zaborowski ed@thezees.net

Cyber Threats to e-commerce. S.C. Leung CISSP CISA CBCP

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

LBSEC.

Application Security Testing

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

Cloud Services Prevent Zero-day and Targeted Attacks

Spy Eye and Carberp the new banker trojans offensive

Web application security

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Transcription:

Factoring Malware and Organized Crime in to Web Application Security Gunter Ollmann - VP of Research gollmann@damballa.com Blog - http://blog.damballa.com Blog - http://technicalinfodotnet.blogspot.com 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 1

Is malware a threat to Web apps? What malware are criminals using? How to botnets factor in to this? How do you use a botnet in Web app attacks? What should you be doing about this? 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 2

Web AppSec vs. Malware This is OWASP who cares about malware? Need to answer why someone breaks a Web application How is tied to ease and probability of success The world we live in Iframe injections avg. 100,000+ defacements per week Larger attacks of up to 1.5m SQL Injection-based defacements Botnets and their agents somewhere between 10-200m Storm worm of up to 10m bots I think the estimates are too high probably in the realm of 4m-12m worldwide (once you remove multiple pwn3d hosts) Identity information can be purchased from as little as 5 cents per record 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 3

Malware s Changing Face

5/14/2009 Targeted Protection Against Targeted Attacks 5

Malware & Web App Security Why is malware important to Web application security? 1. It makes secrets impossible 2. You can t trust your users 3. Vehicle for automated attack Not factoring it in to the design will cause a lot of pain later 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 6

The Malware Threat What s the malware doing today? Bypassing client-side authentication to apps Spoofing content on the users behalf Impersonating large groups of users simultaneously Anonymous & globally proxied attacks Distributed attacks & federated problem solving Efficient brute-forcing technologies 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 7

Why target Web applications? Web applications are where the money is Online Banking Funds transfers and money laundering Online Shopping Purchase fraud, money laundering and supply chain News/Information Portals SEO attacks, money market manipulation & recruitment Joe s Boring Page Infection & recruitment vectors and PII fire-sale 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 8

Learning from Online Banking Vulnerabilities in the Web banking application are more than code injection vectors and authentication bypasses Poor application flow and a complex user experience are the bread & butter of today s criminal exploitation of Web banking applications 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 9

5/14/2009 Targeted Protection Against Targeted Attacks 10

Application Complexity How many steps must the user go through? How do they know if a new step has been introduced? How are error messages handled? What gets in the way of just doing it? 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 11

5/14/2009 Targeted Protection Against Targeted Attacks 12

Tools that speed up the defacement process Not necessarily targeted Defacement submissions Commercial Web defacement 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 13

SQL Injection Attack Tools * Automatic page-rank verification * Search engine integration for finding vulnerable sites * Prioritization of results based on probability for successful injection * Reverse domain name resolution * etc. 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 14

5/14/2009 Targeted Protection Against Targeted Attacks 15

Keylogger Creators The Rat! popular keylogger creator kit Keylogger on demand or zero-day keylogger Prices in WebMoney (WMZ) The Rat! 7.0XP - 29 WMZ The Rat! 6.0XP/6.1-22 WMZ The Rat! 5.8XP - 15 WMZ The Rat! 5.5XP - 13 WMZ The Rat! 5.0XP - 9 WMZ The Rat! 4.0XP - 8 WMZ The Rat! 3.xx - 7 WMZ The Rat! 2.xx - 6 WMZ 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 16

Malware creator kits Shark 3 (Jan 08) Remote Administration Tool RAT Added anti-debugger capabilities VmWare, Norman Sandbox, Sandboxie, VirtualPC, Symantec Sandbox, Virtual Box etc. 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 17

Trojan Creator Kits Constructor/Turkojan V.4 New features Remote Desktop Webcam Streaming Audio Streaming Remote passwords MSN Sniffer Remote Shell Advanced File Manager Online & Offline keylogger Information about remote computer Etc.. 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 18

Hire-a-Malware-Coder (Custom Build) Platform: software running on MAC OS to Windows Multitasking: have the capacity to work on multiple projects Speed and responsibility: at the highest level Pre-payment for new customers: 50% of the whole price, 30% pre-pay of the whole price for repeated customers Rates: starting from 100 euros I can also offer you another deal, I will share the complete source code in exchange to access to a botnet with at least 4000 infected hosts because I don't have time to play around with me bot right now. 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 19

Hire-a-malware-coder Pricing Other models exist for hire-a-malware-coder pricing Component/functionality based pricing Loader 300 FTP & Grabber 150 Assembler Spam bases 220 Socks 4/5 70 Botnet manager 600 Scripts 70 Assembler password stealers (IE, MSN, etc.) 70 AV-remover 70 Screen-grabber 70 Rules / License -- Customer has no right to transfer any of his three 3 persons except options for harmonizing with me -- Customer does not have the right to make any decompile, research, malicious modification of any three parts -- Customer has no right where either rasprostanyat information about three and a public discussion with the exception of three entries. -- For violating the rules - without any license denial manibekov and further conversations" 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 20

5/14/2009 Targeted Protection Against Targeted Attacks 21

Intercepting Traffic Man-in-thebrowser Man-in-the-browser Malware hooks inside the Web browser System Reconfiguration DNS Settings, Local HOST file, Routing tables, WPAD and Proxy settings Trojan Application Local Proxy Agent OS Hooking Keyloggers, Screen grabber Traditional Malware Operates and intercepts data at points through which the Web browser must communicate TCP/IP Stack Interception Packet inspection, pre/post SSL logging 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 22

API Hooking Malware Clean System Application The Web browser Infected System Application The Web browser WinInet httpsendrequest(), navigateto() Winsock TCP/IP stack Malware Proxying Web browser data. WinInet httpsendrequest(), navigateto() Manipulate Copy, redirect, script, change, insert, sell. Internet Winsock TCP/IP stack Internet 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 23

MITB Grabbing Login Credentials Steal login credentials, and ask for more Pre-login First page of login sequence is manipulated Login Multiple fields & pages added to the login sequence Post-login Authenticated user asked additional security questions Requests for additional data are easy to socially engineer Ask for credit/debit card details, including PIN and CVV Additional security questions SSN, mothers maiden name, address, home phone number, mobile/cell phone number Type in all numbers of one-time-keypad scratch-card Change password for anti-keylogging partial-password systems Test or resynchronize password/transaction calculators SSL/TLS encryption bypassed, padlock intact 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 24

5/14/2009 Targeted Protection Against Targeted Attacks 25

Traditional Banking Malware Focused on stealing login information Bank number, UID, password(s), session keys Techniques include: Keylogging, screen-grabbing, video-recording of mouse movements Redirection to counterfeit site (domain/host substitution) Replacement and pop-up windows Session hijacking (duplicating session cookies) Screen overlays (superimposed counterfeit web forms) 5/14/2009 OWASP 2009 Europe - Factoring Malware and Organized Crime in to Webapp Security 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information