Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business?
• Gain a detailed overview of the next generation of threats out there
• Understand how to detect key threats and attacks before they develop a stranglehold on your business
• Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line
4. State Sponsored Malware is Officially Out of the Shadows
Google begins alerting Gmail users
to 'state-sponsored' attacks.
Warning: We believe state-sponsored attackers
may be attempting to compromise your account
or computer. Protect yourself now.
5. HOW…
…did we get to the point where your
online email provider specifically warns
users of state- sponsored attacks?
7. Event Timeline: Stuxnet
• Publically disclosed 13 months after the first attack against Iran
• Designed to sabotage Iranian nuclear refinement plants
• Stuxnet attacked Windows systems using an unprecedented four zero-day attacks
• First to include a programmable logic controller (PLC) rootkit
• Has a valid, but abused digital signature
• Payload targeted only Siemens supervisory control and data acquisition (SCADA) systems
2009.06: STUXNET
8. Event Timeline: Duqu
• Considered to be “next generation Stuxnet”
• Believed that Duqu was created by the same authors as Stuxnet
• Exploits zero-day Windows kernel vulnerabilities
• Components are signed with stolen digital keys
• Highly targeted and related to the nuclear program of Iran
• Designed to capture information such as keystrokes and system information
• Central command and control with modular payload delivery – also capable of attacking
2010.09: DUQU
2009.06: STUXNET
9. Event Timeline: Flame
• Designed for targeted cyber espionage against Middle Eastern countries
• Spreads to systems over a local network (LAN) or via USB stick
• Creates Bluetooth beacons to steal data from nearby devices
• “Most complex malware ever found”
• “Collision" attack on the MD5 algorithm – to create fraudulent Microsoft digital certificates
• Utilized multiple zero day exploits
2011.05: FLAME
2010.09: DUQU
2009.06: STUXNET
10. Common APT Characteristics
• Highly Targeted and endpoint focused
• Use Sophisticated and Low-tech techniques
– USB Key Delivery; social engineering
• Zero-day vulnerabilities
• Fraudulent Certificates
• Centralized Command and Control
• Undetected for prolonged periods
– Exfiltration masking
10
11. Weaponized - What’s Different?
Development Delivery Detection Command & Control Intent
• Nation-States • Zero day • Digitally signed • Central command • Surveillance
propagation with compromised
• Truly customized certificates • Modular payloads • Disrupt / Destroy
payloads • Multi-vectored:
Blue tooth, USB, • Outbound ex-
network filtration masking
13. Why Should the Enterprise Care?
Retaliation Risk
US Admits Stuxnet - expect increasing retaliation risk against
sensitive economic and infrastructure assets
14. Why Should the Enterprise Care?
Collateral Damage
Loss of control of weaponized malware in (once weaponized
malware is released control is effectively lost) – being exposed to
accidentally spreading malware (Stuxnet was discovered after it
escaped its targeted environment and started spreading)
15. Why Should the Enterprise Care?
Adaptation by Cyber Criminals
Targeted attacks on sensitive information
Variants of Stuxnet already seen
16. What Should The Enterprise Do?
Know Where the Risk Is
Every endpoint Need to have Need to have a
is an enterprise of ONE. autonomous protection. layered approach.
18. Defense in Depth Strategy
AV Successful risk mitigation starts with a solid
Control the Known vulnerability management foundation,
together with layered defenses beyond
traditional black-list approaches.
Device Control
Control the Flow
Hard Drive and Media Encryption
Control the Data
Application Control
Control the Grey
Patch and Configuration Management
Control the Vulnerability Landscape
19. Effectiveness of AV?
Pros:
AV • Stops “background noise” malware
Control the Known
• May detect reused code (low probability)
• Will eventually clean payloads after they are discovered
Cons:
• Not an effective line of defense for proactive detection
• Can degrade overall endpoint performance with little
return on protection
20. Device Control Effectiveness
Pros:
• Can prevent unauthorized devices from delivering
Device Control payloads
Control the Flow
• Can stop specific file types from being copied to host
machines
• Stops a common delivery vector for evading extensive
physical and technologic security controls
Cons:
• Limited scope for payload delivery interruption
21. Encryption Effectiveness?
Hard Drive and Media Encryption
Control the Data
Pros:
• Makes lateral data acquisition more difficult
• A good data protection layer outside of APT
Cons:
• Generally will not protect data if endpoint is
compromised at a system level
22. Application Control Effectiveness
Application Control
Control the Grey
Pros:
• Extremely effective against zero day attacks
• Stops unknown, targeted malware payloads
• Low performance impact on endpoints
Cons:
• Susceptible to compromise as policy flexibility is
increased
• Does not stop memory injections (attacks that do not
escape service memory)
23. Patch and Configuration Basics
Patch and Configuration Management
Control the Vulnerability Landscape
Pros:
• Eliminates the attackable surface area that hackers can
target
• Central configuration of native desktop firewalls
• Improves endpoint performance and stability
• Can enable native memory injection protection
Cons:
• Does not stop zero-day vulnerabilities
24. Defense in Depth Strategy
AV Successful risk mitigation starts with a solid
Control the Known vulnerability management foundation,
together with layered defenses beyond
traditional black-list approaches.
Device Control
Control the Flow
Hard Drive and Media Encryption
Control the Data
Application Control
Control the Grey
Patch and Configuration Management
Control the Vulnerability Landscape
25. Employee Education
Often the first and last
line of defense.
lumension.com/how-to-stay-safe-online
26. Summary - Defense in Depth Endpoint Strategy
AntiVirus Disinfect generic malware Drive-by
malware
USB
Device Control Enable secure device use Threat
Data Vectors
Loss
Hard Drive & Insider Risk
Media Encryption Protect stored data
APT
Application Control Stop un-trusted change Protection Zero
Day
Patch & Configuration Reduce attackable surface area Automated
Management attacks
Landscape
27. Learn More
Quantify Your IT Watch the Get a
Risk with Free On-Demand Demos Free Trial
Scanners