SlideShare una empresa de Scribd logo

Modern Cyber Threats and How to Combat Them Panel Discussion

Ramsés Gallego
Ramsés Gallego

The document discusses modern cyber threats and how to combat them. It was presented by an ISACA panel. The panel covered identifying current threats like web 2.0 attacks, targeted messages, botnets, rootkits and data/identity theft. Specific threats discussed included Koobface worm, which spreads on Facebook, and spear phishing attacks. The panel also reviewed the top 10 botnets responsible for spamming and their characteristics. The panel advised on utilizing tools, techniques and tactics to identify incidents and determine network vulnerabilities.

Tecnología
1 de 49
Modern  Cyber  Threats  and  How  To   Combat  Them An  ISACA  Panel  moderated  by  Todd  Fitzgerald Panelists: Jack  Callaghan R.  Kinney  Wiliams Ramsés  Gallego
Topics  to  be  covered  by  this  panel 1.  IdenIfy  What  Threats  are  Out  There  in  the   “Wild” 2.  Summarize  the  Key  Steps  to  an  Incident   IdenIficaIon 3.  UIlize  the  Tools,  Techniques,  and  TacIcs  to   Combat  Threats 4.  Determine  What  is  Really  Vulnerable  in  Their   Network
Current  Threats • Web  2.0  and  client-­‐side  a[acks • Targeted  messaging  a[acks • Botnets • Rootkits • Logic  Bombs • Data  The^ • IdenIty  The^
Web  2.0  and  client-­‐side  a[acks • Social  network  a[acks  –  Twi[er,  MySpace,   Facebook,  LinkedIn,  etc. • Mashup  Technology • Dynamic  Altering  Exploits  on  sites • Embedded  Malware  on  LegiImate  Sites • 50K  new  malware  per  week  –  MulIple  vendors
Examples • Mikeyy  worm  –  Twi[er  –  Apr  09 • Koobface  worm  –  Facebook  –  Sept  09 • Security  researchers  -­‐  >60K  pieces  of  malware   on  Twi[er  in  2009 • Phishing  episodes  through  Facebook  accounts   –  May  09 • MulIple  legiImate  sites  with  malware
Koobface  Worm • Koobface,  an  anagram  of  Facebook,  is  a  computer  worm  that  targets  the  Microso^   Windows  users  of  the  social  networking  websites  Facebook,  MySpace,  hi5,  Bebo,   Friendster  and  Twi[er.  Koobface  ulImately  a[empts,  upon  successful  infecIon,  to   gather  sensiIve  informaIon  from  the  vicIms  such  as  credit  card  numbers.  It  was   first  detected  in  December  2008  and  a  more  potent  version  appeared  in  March   2009. • Koobface  spreads  by  delivering  Facebook  messages  to  people  who  are  'friends'  of  a   Facebook  user  whose  computer  has  already  been  infected.  Upon  receipt,  the   message  directs  the  recipients  to  a  third-­‐party  website,  where  they  are  prompted  to   download  what  is  purported  to  be  an  update  of  the  Adobe  Flash  player.  If  they   download  and  execute  the  file,  Koobface  is  able  to  infect  their  system.  It  can  then   commandeer  the  computer's  search  engine  use  and  direct  it  to  contaminated   websites.  There  can  also  be  links  to  the  third-­‐party  website  on  the  Facebook  wall  of   the  friend  the  message  came  from  someImes  having  comments  like  LOL  or   YOUTUBE.  If  the  link  is  opened  the  trojan  virus  will  infect  the  computer  and  the  PC   will  become  a  Zombie  or  Host  Computer. 6
Spear  Phishing • TargeIng  of  specific  person  or  people – Uses  fake  email  from  known  person • Family  Member • Business  Associate – Almost  always  contains  key-­‐logger  Trojan – Used  to  retrieve   • Corporate  Data • Financial  Data • Personal  Data 7
Spear  Phishing   8
Top  10  BotNets • 1.  Rustock  (genera4ng  43%  of  all  spam) – The  current  king  of  spam,  its  malware  employs  a  kernel-­‐mode  rootkit,  inserts  random  text  into  spam   and  is  capable  of  TLS  encrypIon.  Concentrates  solely  on  pharmaceuIcal  spam.   • 2.  Mega-­‐D  (10.2%) – A  long-­‐running  botnet  that  has  had  its  ups  and  downs,  owing  to  the  a[enIon  it  a[racts  from   researchers.  Concentrates  mostly  on  pharmaceuIcal  spam.   • 3.  Fes4  (8%) – A  newer  spambot  that  employs  a  kernel  mode  rootkit  and  is  o^en  installed  alongside  Pushdo  on  the   same  host. • 4.  Pushdo  (6.3%) – A  mulI-­‐faceted  botnet  or  botnets,  with  many  different  types  of  campaigns.  A  major  distributor  of  malware   downloaders  and  blended  threat  e-­‐mails,  but  also  sends  pharma,  replica,  diploma  and  other  types  of  spam.   • 5.  Grum  (6.3%) – Also  employs  a  kernel-­‐level  rootkit.  A  wide  range  of  spamming  templates  changes  o^en,  served  up  by  mulIple  Web   servers.  Mostly  pharma  spam.   9
 More  Top  10  BotNets • 6.  Lethic  (4.5%) – The  malware  acts  as  a  proxy  by  relaying  SMTP  from  a  remote  server  to  its  desInaIon.  Mostly  pharma  and   replica  spam. • 7.  Bobax  (4.3%) – Another  long-­‐running  botnet  that  employs  sophisIcated  methods  to  locate  its  command  servers.  Mostly   pharma  spam. • 8.  Bagle  (3.5%) – The  name  derives  from  an  earlier  mass-­‐mailing  worm.  Nowadays,  Bagle  variants  act  as  proxies  for  data,  and   especially  spam. • 9.  Maazben  (2.0%) – By  default,  uses  a  proxy-­‐based  spam  engine.  However,  it  may  also  use  a  template-­‐based  spam  engine  if  the  bot   runs  behind  a  network  router.  Focuses  on  Casino  spam.   • 10.  Donbot  (1.3%) – Donbot  is  named  a^er  the  string  "don"  found  in  the  malware  body.  Mainly  pharma  spam. 10
Rootkits • Usually  pinpoint  focus  for  target • Hardcore  tech-­‐driven  a[ack • Either  ideology,  embezzlement,  or    “genng   back  at”  revenge  driven • Hard  to  isolate • Harder  to  remove/clean  up • DefiniIon  from  Gary  Hoagland's  book:   – "A  rootkit  is  a  set  of  programs  and  code  that  allows   a  permanent  and  undetectable  presence  on  a   computer."  
Examples • TDSS • Gromozon • Mebroot • Fu  and  FuTo • Agony • AFX • MBR  rootkits
Logic  Bombs • Disgruntled  employee  syndrome • Usually  discovered  a^er  employee  leaves • Very  destrucIve • Hard  to  detect  before  first  “bomb”  is  triggered
ID  The^  methods   • Dumpster  Diving • Online  “phishing”  –  11%  only • Stealing  Wallets/Pocketbooks • Home  Stealing • Mailbox  Raiding • Address  Fraud • PretexIng • Shoulder  Surfing • “Vishing  and  Smishing” • Skimming • Data  Breach 14
DDOS  &  Other  A[acks • The  long  standing  DDOS  a[ack  sIll  works • Targeted  a[acks  going  for  detailed  data   retrieval  and  now  occurring  more  frequently • SomeImes  a[acks  are  open  and  intenIonal   – Google  issue  with  Pakistan  from  several  years  ago
CombaIng  the  Threats • User  awareness  and  training • Incident  Response  capability • In-­‐bound  &  out-­‐bound  filters  at  gateways
Countermeasures • Web  2.0  a[acks  detected  via  behavior  based   protecIon  methods  (IDS/IPS  like) • Develop  and  implement  IDS  and  IPS  devices  to   understand  scripIng    -­‐  similar  to  browsers • UIlize  filter  feedbacks  to  improve  filtering • Develop  user  “distrust  by  default”  on  all   incoming  data  (both  Internet  and  e-­‐mail  based)   unIl  protecIon  methods  improve
Threat  Analysis • ExaminaIon  for  detailed  evaluaIon – Significance – Type  of  Malware   – ProbaIve  Value – Meets  criteria  for  inclusion • InterpretaIon  is  carried  out  separately
Incident  Response  Stages   1. PreparaIon 4.   EradicaIon 2. IdenIficaIon 5.   Recovery 3. Containment 6.   Follow-­‐Up
Types  of  Incident  Response  Tools   Needed • File  System  NavigaIon  tool • Hashing  tool • Binary  Search  tool • Imaging  tool – Bit  Copy – File  System • Deep  Retrieval  tool – Bit  Level – File  System • File  Chain  NavigaIon  tool • Network  Log  File  Analysis  tool
Response  Tools  Available • MulIple  types 1. Tools  Used 2. Log  Parser – OperaIng  System  based   3. ProDiscover • Windows  –  Microso^ 4. TCPView • UNIX  –  mulIple  types 5. Microso^  tools  –  if  Windows • Macintosh 6. TCPDump     7. Sysinternals.com  tools  –  if  Windows – Environmental  Based 8. Foundstone.com  tools – Network  Based 9. File  control  uIliIes  –  DD,  etc. 10. Wireshark  (packet  sniffer) – Management  Based 11. Nmap  (security)  Open  Source   Network  Scanner 21
Understanding  the  Risk The  Market  Value  of  SensiIve  Data 980€-4.900€ 147€ Trojan to steal account information Birth certificate 490€ 98€ Credit Card Number Social Security card with PIN 78-294€ 6€-24€ Billing data Credit card number 6€ 147€ PayPal account Driver's license logon and password 22
Malware:  what  is  it  really? • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code • Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software 23
A bigger problem than we think • Malware is now economically motivated and backed by organized crime and foreign interest • The development of highly critical malware such as targeted attacks is also on the rise • The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove • There are many bot networks to de-fraud business models and consumers through sophisticated social engineering 24
What  is  spyware? • Spyware is software installed on a computer that gathers information without the user's knowledge and relays that information to advertisers or other 3rd parties • Several subcategories of spyware: – Adware • Advertising-supported software that displays pop-up advertisements whenever the program is running. Often collect personal information and web surfing habits – System monitors • Programs that capture everything you do on your computer, from keystrokes, emails and chat room dialogue, to which sites you visit and which programs you run – Trojan horses • Malicious programs that appear harmless but steal or destroy data or provide unauthorised external access 25
How  spyware  infiltrates • People  don’t  purposefully  and  knowingly  install  spyware – Can  be  included  with  applicaIons  you  want  to  install,  such  as  peer-­‐to-­‐peer   clients  or  desktop  uIliIes – Some  silently  load  when  you  visit  a  seemingly-­‐innocent  Web  page  (‘The   Ghost  in  the  browser’) • Installed  silently  in  the  background  –  most  users  never  know   their  computers  are  infected
Spyware  threats  organizaIons • Wastes  compuIng  resources – Sends  back  informaIon  periodically,  o^en  daily – Consumes  an  organisaIon’s  bandwidth • Exposes  proprietary  informaIon – It  could  send  files  to  a  compeItor’s  server   – It  could  monitor  e-­‐mail  and  send  out  the  contents • Poses  serious  security  risks – It  could  send  emails  on  behalf  of  the  user – It  could  provide  a  spy  or  hacker  with  a  backdoor  into  the  systems – It  could  change  documents  and  specificaIons  on  systems  to  damage  research  or   other  projects • May  introduce  compliance  risks 27
How  botnets  are  used  to  commit   financial  fraud •  A  bot  network  consists  of  a  “controller”  and  compromised  zombie  PCs.  There  have   been  cases  of  bot  networks  containing  up  to  1.5  Million  zombie  PCs  like  in  the  Dutch   botnet  case •  The  bots  that  infect  systems  can  perform  several  acIons  such  as  relay  spam,  launch   malware  and  perform  ID  the^ •  Some  of  the  common  methods  for  bot  infecIon  is  through  websites  that  contain   exploits  and  vulnerabiliIes  that  acIvely  transmit  malware  to  the  PC  visiIng  the  site.   •  Components  can  also  be  downloaded  such  as  AcIveX  controls,  etc  that  will  then   deal  with  the  rest  of  the  infecIon  process •  Social  engineering  techniques  also  exist  to  infect  systems  through  spam,  phishing   and  other  content.  Once  a  PC  has  become  infected  it  can  receive  remote  commands   from  the  “bot  master”  remotely 28
And  they  are  using  new   methods •  Botnets  are  beginning  to  use  P2P  networks  to  gain   control  of  more  computers •  Researchers  were  previously  able  to  shut  down  a   botnet  by  targeIng  its  Command  &  Control  center   (and  IRC  channel  or  website).  Hackers  are  now  using   P2P  networks  to  connect  bots  in  a  more  “horizontal,”   peer  manner,  which  makes  shunng  down  the  botnets   much  more  difficult 29
The  problem  of  keylogging • Keyloggers  are  programs  that  run  in  the  background   recording  all  keystrokes  and  which  may  also  send  those   keystrokes  (potenIally  including  passwords  or   confidenIal  informaIon)  to  an  external  party • 2  types  of  Keylogger  programs: – Commercial   – Viral  (included  as  part  of  blended  threat  with  Worm,  Trojan  Horse,  BOT,  etc.. 30
Commercial  Keylogger Example 31
Commercial  Keylogger Example 32
Commercial  Keylogger Example 33
SophisIcated  Social   Engineering • Common  social  engineering  techniques: – Spear-­‐Phishing  and  other  highly  targeted  scams – Spam  with  exploits – Phishing  emails  that  direct  users  to  web-­‐sites  with  hidden  Trojans – Malware  through  IM  channels 34
No real bank would do this! 35
InfecIon  strategies  used  by   hackers • Common  infecIon  strategies  used  by  hackers – A  web  site  is  physically  hacked  and  seeded  with   Trojans  (i.e.  Superbowl  website  case) – Phishing  emails  with  exploits – Malware  through  IM  channels – Malware  a[ached  to  freeware  and  shareware – Malware  in  the  form  of  video  codecs – InfecIon  through  botnets 36
Overview  of  Targeted  A[acks • CharacterisIcs  of  Targeted  A[acks: – Involve  “Highly  CriIcal”  malware  tailored  towards  a[acking  a  specific  target   (i.e.  Bank  Of  America) – Such  malware  target  a  specific  set  of  confidenIal  informaIon  to  capture  and   send  to  a  3rd  party – Targeted  a[acks  always  involve  a  hacker  hired  to  design  malware  to  bypass   specific  defenses – A[acks  are  very  localized;  therefore,  distribuIon  is  limited.  In  most  cases  AV   labs  do  not  receive  a  sample  which  results  in  no  signature  file – Current  security  soluIons  will  not  detect  the  malware  because  the  hacker   has  prepared  against  commonly  used  AV  programs – Hackers  are  using  sophisIcated  stealth  techniques  such  as  rootkits  to  hide   the  presence  of  malware 37
InformaIon?  Ready  available!   • IT  departments  know  about  sites...but  so  do  all  the  other  departments! – QuesIon  is…do  we  know  who,  when,  where  and  how? – More  importantly…do  we  have  the  means  to  stop  it? • InformaIon  is  easy  to  find!  (131,000,000  results  returned  on  Google  when   the  search  term  ‘How  To  Hack’  is  used) • Hacking  tools  can  be  easy  to  use – Some  don’t  require  any  programming  skills  at  all!  (Keyloggers  can  come   with  nice  user  interfaces,  such  as  ‘ The  Perfect  Keylogger’)  with  a  ‘Next’,   ‘Next’,  ‘Next’  install! 38
…step-­‐by-­‐step  guides  available!   • You  no  longer  need  to  go  underground  or  to  university  to   learn  how  to  become  a  successful  hacker! 39
40
Do it yourself! Incredible! 41
Example  -­‐  Denial  of  Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer • You can only close the program to prevent the attack. The machine does not work 42
Example RedirecIon  of  sites • You connect to online banking to see your accounts • A hostile applet sends an identical page • You introduce your credentials while a hacker is receiving them or they are being sent to an Internet directory 43
Example Sending  files  in  background • A postcard is received by email • An applet executes an animation • That applet is copying the last Word document and is sending it in the background to the Internet 44
Example Harm  exectutables • There is type of attack that seems to be from known companies who invite to install the last security patch or Service Pack • The executable file is a Trojan or malicious code that puts our environment at risk 45
Example  -­‐  Phising  and  scam • Pakistan  Earthquake  –  We  found  the  URL  h[p:// pakistanhelp.com   • We  analyzed  it  and  we  saw  that  there  were  signs  of   phising • In this case, the ‘help’ options include the download of an Excel file to be sent by fax • A real and legal organization would never do this…. 46
Strategy: Protect every vector Antivirus/ Antispyware Data Leak Prevention Secure Content Manager Firewall VPN 47
Strategy: Consider other approaches Internet • Effectiveness vs. Efficiency • SaaS approach • UTM devices • More than one solution will leverage your security • Education, education, education • Centralised management 48
THANK  YOU Modern  Cyber  Threats  and  How  To   Combat  Them An  ISACA  Panel  moderated  by  Todd  Fitzgerald Panelists: Jack  Callaghan R.  Kinney  Wiliams Ramsés  Gallego

Recomendados

The Rise of Ransomware
The Rise of RansomwareThe Rise of Ransomware
The Rise of RansomwareTharindu Edirisinghe
 
Information security
Information securityInformation security
Information securityJAMEEL AHMED KHOSO
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
Malware
MalwareMalware
Malwarezelkan19
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
Social engineering
Social engineeringSocial engineering
Social engineeringlokenra
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Eh34803812
Eh34803812Eh34803812
Eh34803812IJERA Editor
 

Recomendados

The Rise of Ransomware
The Rise of RansomwareThe Rise of Ransomware
The Rise of RansomwareTharindu Edirisinghe
 
Information security
Information securityInformation security
Information securityJAMEEL AHMED KHOSO
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
Malware
MalwareMalware
Malwarezelkan19
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
Social engineering
Social engineeringSocial engineering
Social engineeringlokenra
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Eh34803812
Eh34803812Eh34803812
Eh34803812IJERA Editor
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 
The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolutionITrust - Cybersecurity as a Service
 
Botnet
BotnetBotnet
Botnetlokenra
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015n|u - The Open Security Community
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceZubair Baig
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and ThreatsMarketingArrowECS_CZ
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Mohd Harris Ahmad Jaal
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
C 7
C 7C 7
C 7Les Davy
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersKislaychd
 
Ratzan2
Ratzan2Ratzan2
Ratzan2MAFANTIRI SELLO
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationJeff Zahn
 
Ratzan2
Ratzan2Ratzan2
Ratzan2haneefvf1
 
M
MM
Mmonikamca
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & wormsvivek pratap singh
 
Viruses worms
Viruses wormsViruses worms
Viruses wormsGreater Noida Institute Of Technology
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptxMuhammadRehan856177
 

Más contenido relacionado

La actualidad más candente

Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceZubair Baig
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersKislaychd
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationJeff Zahn
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Securitysumit saurav
 

La actualidad más candente (18)

Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolution
 
Botnet
BotnetBotnet
Botnet
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion Menace
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hacking
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
 
C 7
C 7C 7
C 7
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
 
Ratzan2
Ratzan2Ratzan2
Ratzan2
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 
Ratzan2
Ratzan2Ratzan2
Ratzan2
 
M
MM
M
 
Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 

Similar a Modern Cyber Threats and How to Combat Them Panel Discussion

Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Information security and privacy
Information security and privacyInformation security and privacy
Information security and privacyJoy Chakraborty
 
Information security and privacy
Information security and privacyInformation security and privacy
Information security and privacyJoy Chakraborty
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxZarwashgulrez
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against RansomwareKevo Meehan
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimenidhidgowda185
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 

Similar a Modern Cyber Threats and How to Combat Them Panel Discussion (20)

Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Information security and privacy
Information security and privacyInformation security and privacy
Information security and privacy
 
Information security and privacy
Information security and privacyInformation security and privacy
Information security and privacy
 
Rapid malware defenses
Rapid malware defensesRapid malware defenses
Rapid malware defenses
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Malware part 2
Malware part 2Malware part 2
Malware part 2
 
Computer worm
Computer wormComputer worm
Computer worm
 
Computer worm
Computer wormComputer worm
Computer worm
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crime
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Hacking
HackingHacking
Hacking
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 

Más de Ramsés Gallego

IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011Ramsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service ManagementRamsés Gallego
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & MythsRamsés Gallego
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoRamsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_GallegoRamsés Gallego
 

Más de Ramsés Gallego (14)

IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACA
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect Storm
 
ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_program
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systems
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & Myths
 
Malware mitigation
Malware mitigationMalware mitigation
Malware mitigation
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallego
 
Entel SSO
Entel SSOEntel SSO
Entel SSO
 
Entel DLP
Entel DLPEntel DLP
Entel DLP
 
Entel S&RM
Entel S&RMEntel S&RM
Entel S&RM
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Modern Cyber Threats and How to Combat Them Panel Discussion

  • 1. Modern  Cyber  Threats  and  How  To   Combat  Them An  ISACA  Panel  moderated  by  Todd  Fitzgerald Panelists: Jack  Callaghan R.  Kinney  Wiliams Ramsés  Gallego
  • 2. Topics  to  be  covered  by  this  panel 1.  IdenIfy  What  Threats  are  Out  There  in  the   “Wild” 2.  Summarize  the  Key  Steps  to  an  Incident   IdenIficaIon 3.  UIlize  the  Tools,  Techniques,  and  TacIcs  to   Combat  Threats 4.  Determine  What  is  Really  Vulnerable  in  Their   Network
  • 3. Current  Threats • Web  2.0  and  client-­‐side  a[acks • Targeted  messaging  a[acks • Botnets • Rootkits • Logic  Bombs • Data  The^ • IdenIty  The^
  • 4. Web  2.0  and  client-­‐side  a[acks • Social  network  a[acks  –  Twi[er,  MySpace,   Facebook,  LinkedIn,  etc. • Mashup  Technology • Dynamic  Altering  Exploits  on  sites • Embedded  Malware  on  LegiImate  Sites • 50K  new  malware  per  week  –  MulIple  vendors
  • 5. Examples • Mikeyy  worm  –  Twi[er  –  Apr  09 • Koobface  worm  –  Facebook  –  Sept  09 • Security  researchers  -­‐  >60K  pieces  of  malware   on  Twi[er  in  2009 • Phishing  episodes  through  Facebook  accounts   –  May  09 • MulIple  legiImate  sites  with  malware
  • 6. Koobface  Worm • Koobface,  an  anagram  of  Facebook,  is  a  computer  worm  that  targets  the  Microso^   Windows  users  of  the  social  networking  websites  Facebook,  MySpace,  hi5,  Bebo,   Friendster  and  Twi[er.  Koobface  ulImately  a[empts,  upon  successful  infecIon,  to   gather  sensiIve  informaIon  from  the  vicIms  such  as  credit  card  numbers.  It  was   first  detected  in  December  2008  and  a  more  potent  version  appeared  in  March   2009. • Koobface  spreads  by  delivering  Facebook  messages  to  people  who  are  'friends'  of  a   Facebook  user  whose  computer  has  already  been  infected.  Upon  receipt,  the   message  directs  the  recipients  to  a  third-­‐party  website,  where  they  are  prompted  to   download  what  is  purported  to  be  an  update  of  the  Adobe  Flash  player.  If  they   download  and  execute  the  file,  Koobface  is  able  to  infect  their  system.  It  can  then   commandeer  the  computer's  search  engine  use  and  direct  it  to  contaminated   websites.  There  can  also  be  links  to  the  third-­‐party  website  on  the  Facebook  wall  of   the  friend  the  message  came  from  someImes  having  comments  like  LOL  or   YOUTUBE.  If  the  link  is  opened  the  trojan  virus  will  infect  the  computer  and  the  PC   will  become  a  Zombie  or  Host  Computer. 6
  • 7. Spear  Phishing • TargeIng  of  specific  person  or  people – Uses  fake  email  from  known  person • Family  Member • Business  Associate – Almost  always  contains  key-­‐logger  Trojan – Used  to  retrieve   • Corporate  Data • Financial  Data • Personal  Data 7
  • 9. Top  10  BotNets • 1.  Rustock  (genera4ng  43%  of  all  spam) – The  current  king  of  spam,  its  malware  employs  a  kernel-­‐mode  rootkit,  inserts  random  text  into  spam   and  is  capable  of  TLS  encrypIon.  Concentrates  solely  on  pharmaceuIcal  spam.   • 2.  Mega-­‐D  (10.2%) – A  long-­‐running  botnet  that  has  had  its  ups  and  downs,  owing  to  the  a[enIon  it  a[racts  from   researchers.  Concentrates  mostly  on  pharmaceuIcal  spam.   • 3.  Fes4  (8%) – A  newer  spambot  that  employs  a  kernel  mode  rootkit  and  is  o^en  installed  alongside  Pushdo  on  the   same  host. • 4.  Pushdo  (6.3%) – A  mulI-­‐faceted  botnet  or  botnets,  with  many  different  types  of  campaigns.  A  major  distributor  of  malware   downloaders  and  blended  threat  e-­‐mails,  but  also  sends  pharma,  replica,  diploma  and  other  types  of  spam.   • 5.  Grum  (6.3%) – Also  employs  a  kernel-­‐level  rootkit.  A  wide  range  of  spamming  templates  changes  o^en,  served  up  by  mulIple  Web   servers.  Mostly  pharma  spam.   9
  • 10.  More  Top  10  BotNets • 6.  Lethic  (4.5%) – The  malware  acts  as  a  proxy  by  relaying  SMTP  from  a  remote  server  to  its  desInaIon.  Mostly  pharma  and   replica  spam. • 7.  Bobax  (4.3%) – Another  long-­‐running  botnet  that  employs  sophisIcated  methods  to  locate  its  command  servers.  Mostly   pharma  spam. • 8.  Bagle  (3.5%) – The  name  derives  from  an  earlier  mass-­‐mailing  worm.  Nowadays,  Bagle  variants  act  as  proxies  for  data,  and   especially  spam. • 9.  Maazben  (2.0%) – By  default,  uses  a  proxy-­‐based  spam  engine.  However,  it  may  also  use  a  template-­‐based  spam  engine  if  the  bot   runs  behind  a  network  router.  Focuses  on  Casino  spam.   • 10.  Donbot  (1.3%) – Donbot  is  named  a^er  the  string  "don"  found  in  the  malware  body.  Mainly  pharma  spam. 10
  • 11. Rootkits • Usually  pinpoint  focus  for  target • Hardcore  tech-­‐driven  a[ack • Either  ideology,  embezzlement,  or    “genng   back  at”  revenge  driven • Hard  to  isolate • Harder  to  remove/clean  up • DefiniIon  from  Gary  Hoagland's  book:   – "A  rootkit  is  a  set  of  programs  and  code  that  allows   a  permanent  and  undetectable  presence  on  a   computer."  
  • 12. Examples • TDSS • Gromozon • Mebroot • Fu  and  FuTo • Agony • AFX • MBR  rootkits
  • 13. Logic  Bombs • Disgruntled  employee  syndrome • Usually  discovered  a^er  employee  leaves • Very  destrucIve • Hard  to  detect  before  first  “bomb”  is  triggered
  • 14. ID  The^  methods   • Dumpster  Diving • Online  “phishing”  –  11%  only • Stealing  Wallets/Pocketbooks • Home  Stealing • Mailbox  Raiding • Address  Fraud • PretexIng • Shoulder  Surfing • “Vishing  and  Smishing” • Skimming • Data  Breach 14
  • 15. DDOS  &  Other  A[acks • The  long  standing  DDOS  a[ack  sIll  works • Targeted  a[acks  going  for  detailed  data   retrieval  and  now  occurring  more  frequently • SomeImes  a[acks  are  open  and  intenIonal   – Google  issue  with  Pakistan  from  several  years  ago
  • 16. CombaIng  the  Threats • User  awareness  and  training • Incident  Response  capability • In-­‐bound  &  out-­‐bound  filters  at  gateways
  • 17. Countermeasures • Web  2.0  a[acks  detected  via  behavior  based   protecIon  methods  (IDS/IPS  like) • Develop  and  implement  IDS  and  IPS  devices  to   understand  scripIng    -­‐  similar  to  browsers • UIlize  filter  feedbacks  to  improve  filtering • Develop  user  “distrust  by  default”  on  all   incoming  data  (both  Internet  and  e-­‐mail  based)   unIl  protecIon  methods  improve
  • 18. Threat  Analysis • ExaminaIon  for  detailed  evaluaIon – Significance – Type  of  Malware   – ProbaIve  Value – Meets  criteria  for  inclusion • InterpretaIon  is  carried  out  separately
  • 19. Incident  Response  Stages   1. PreparaIon 4.   EradicaIon 2. IdenIficaIon 5.   Recovery 3. Containment 6.   Follow-­‐Up
  • 20. Types  of  Incident  Response  Tools   Needed • File  System  NavigaIon  tool • Hashing  tool • Binary  Search  tool • Imaging  tool – Bit  Copy – File  System • Deep  Retrieval  tool – Bit  Level – File  System • File  Chain  NavigaIon  tool • Network  Log  File  Analysis  tool
  • 21. Response  Tools  Available • MulIple  types 1. Tools  Used 2. Log  Parser – OperaIng  System  based   3. ProDiscover • Windows  –  Microso^ 4. TCPView • UNIX  –  mulIple  types 5. Microso^  tools  –  if  Windows • Macintosh 6. TCPDump     7. Sysinternals.com  tools  –  if  Windows – Environmental  Based 8. Foundstone.com  tools – Network  Based 9. File  control  uIliIes  –  DD,  etc. 10. Wireshark  (packet  sniffer) – Management  Based 11. Nmap  (security)  Open  Source   Network  Scanner 21
  • 22. Understanding  the  Risk The  Market  Value  of  SensiIve  Data 980€-4.900€ 147€ Trojan to steal account information Birth certificate 490€ 98€ Credit Card Number Social Security card with PIN 78-294€ 6€-24€ Billing data Credit card number 6€ 147€ PayPal account Driver's license logon and password 22
  • 23. Malware:  what  is  it  really? • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code • Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software 23
  • 24. A bigger problem than we think • Malware is now economically motivated and backed by organized crime and foreign interest • The development of highly critical malware such as targeted attacks is also on the rise • The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove • There are many bot networks to de-fraud business models and consumers through sophisticated social engineering 24
  • 25. What  is  spyware? • Spyware is software installed on a computer that gathers information without the user's knowledge and relays that information to advertisers or other 3rd parties • Several subcategories of spyware: – Adware • Advertising-supported software that displays pop-up advertisements whenever the program is running. Often collect personal information and web surfing habits – System monitors • Programs that capture everything you do on your computer, from keystrokes, emails and chat room dialogue, to which sites you visit and which programs you run – Trojan horses • Malicious programs that appear harmless but steal or destroy data or provide unauthorised external access 25
  • 26. How  spyware  infiltrates • People  don’t  purposefully  and  knowingly  install  spyware – Can  be  included  with  applicaIons  you  want  to  install,  such  as  peer-­‐to-­‐peer   clients  or  desktop  uIliIes – Some  silently  load  when  you  visit  a  seemingly-­‐innocent  Web  page  (‘The   Ghost  in  the  browser’) • Installed  silently  in  the  background  –  most  users  never  know   their  computers  are  infected
  • 27. Spyware  threats  organizaIons • Wastes  compuIng  resources – Sends  back  informaIon  periodically,  o^en  daily – Consumes  an  organisaIon’s  bandwidth • Exposes  proprietary  informaIon – It  could  send  files  to  a  compeItor’s  server   – It  could  monitor  e-­‐mail  and  send  out  the  contents • Poses  serious  security  risks – It  could  send  emails  on  behalf  of  the  user – It  could  provide  a  spy  or  hacker  with  a  backdoor  into  the  systems – It  could  change  documents  and  specificaIons  on  systems  to  damage  research  or   other  projects • May  introduce  compliance  risks 27
  • 28. How  botnets  are  used  to  commit   financial  fraud •  A  bot  network  consists  of  a  “controller”  and  compromised  zombie  PCs.  There  have   been  cases  of  bot  networks  containing  up  to  1.5  Million  zombie  PCs  like  in  the  Dutch   botnet  case •  The  bots  that  infect  systems  can  perform  several  acIons  such  as  relay  spam,  launch   malware  and  perform  ID  the^ •  Some  of  the  common  methods  for  bot  infecIon  is  through  websites  that  contain   exploits  and  vulnerabiliIes  that  acIvely  transmit  malware  to  the  PC  visiIng  the  site.   •  Components  can  also  be  downloaded  such  as  AcIveX  controls,  etc  that  will  then   deal  with  the  rest  of  the  infecIon  process •  Social  engineering  techniques  also  exist  to  infect  systems  through  spam,  phishing   and  other  content.  Once  a  PC  has  become  infected  it  can  receive  remote  commands   from  the  “bot  master”  remotely 28
  • 29. And  they  are  using  new   methods •  Botnets  are  beginning  to  use  P2P  networks  to  gain   control  of  more  computers •  Researchers  were  previously  able  to  shut  down  a   botnet  by  targeIng  its  Command  &  Control  center   (and  IRC  channel  or  website).  Hackers  are  now  using   P2P  networks  to  connect  bots  in  a  more  “horizontal,”   peer  manner,  which  makes  shunng  down  the  botnets   much  more  difficult 29
  • 30. The  problem  of  keylogging • Keyloggers  are  programs  that  run  in  the  background   recording  all  keystrokes  and  which  may  also  send  those   keystrokes  (potenIally  including  passwords  or   confidenIal  informaIon)  to  an  external  party • 2  types  of  Keylogger  programs: – Commercial   – Viral  (included  as  part  of  blended  threat  with  Worm,  Trojan  Horse,  BOT,  etc.. 30
  • 34. SophisIcated  Social   Engineering • Common  social  engineering  techniques: – Spear-­‐Phishing  and  other  highly  targeted  scams – Spam  with  exploits – Phishing  emails  that  direct  users  to  web-­‐sites  with  hidden  Trojans – Malware  through  IM  channels 34
  • 35. No real bank would do this! 35
  • 36. InfecIon  strategies  used  by   hackers • Common  infecIon  strategies  used  by  hackers – A  web  site  is  physically  hacked  and  seeded  with   Trojans  (i.e.  Superbowl  website  case) – Phishing  emails  with  exploits – Malware  through  IM  channels – Malware  a[ached  to  freeware  and  shareware – Malware  in  the  form  of  video  codecs – InfecIon  through  botnets 36
  • 37. Overview  of  Targeted  A[acks • CharacterisIcs  of  Targeted  A[acks: – Involve  “Highly  CriIcal”  malware  tailored  towards  a[acking  a  specific  target   (i.e.  Bank  Of  America) – Such  malware  target  a  specific  set  of  confidenIal  informaIon  to  capture  and   send  to  a  3rd  party – Targeted  a[acks  always  involve  a  hacker  hired  to  design  malware  to  bypass   specific  defenses – A[acks  are  very  localized;  therefore,  distribuIon  is  limited.  In  most  cases  AV   labs  do  not  receive  a  sample  which  results  in  no  signature  file – Current  security  soluIons  will  not  detect  the  malware  because  the  hacker   has  prepared  against  commonly  used  AV  programs – Hackers  are  using  sophisIcated  stealth  techniques  such  as  rootkits  to  hide   the  presence  of  malware 37
  • 38. InformaIon?  Ready  available!   • IT  departments  know  about  sites...but  so  do  all  the  other  departments! – QuesIon  is…do  we  know  who,  when,  where  and  how? – More  importantly…do  we  have  the  means  to  stop  it? • InformaIon  is  easy  to  find!  (131,000,000  results  returned  on  Google  when   the  search  term  ‘How  To  Hack’  is  used) • Hacking  tools  can  be  easy  to  use – Some  don’t  require  any  programming  skills  at  all!  (Keyloggers  can  come   with  nice  user  interfaces,  such  as  ‘ The  Perfect  Keylogger’)  with  a  ‘Next’,   ‘Next’,  ‘Next’  install! 38
  • 39. …step-­‐by-­‐step  guides  available!   • You  no  longer  need  to  go  underground  or  to  university  to   learn  how  to  become  a  successful  hacker! 39
  • 40. 40
  • 41. Do it yourself! Incredible! 41
  • 42. Example  -­‐  Denial  of  Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer • You can only close the program to prevent the attack. The machine does not work 42
  • 43. Example RedirecIon  of  sites • You connect to online banking to see your accounts • A hostile applet sends an identical page • You introduce your credentials while a hacker is receiving them or they are being sent to an Internet directory 43
  • 44. Example Sending  files  in  background • A postcard is received by email • An applet executes an animation • That applet is copying the last Word document and is sending it in the background to the Internet 44
  • 45. Example Harm  exectutables • There is type of attack that seems to be from known companies who invite to install the last security patch or Service Pack • The executable file is a Trojan or malicious code that puts our environment at risk 45
  • 46. Example  -­‐  Phising  and  scam • Pakistan  Earthquake  –  We  found  the  URL  h[p:// pakistanhelp.com   • We  analyzed  it  and  we  saw  that  there  were  signs  of   phising • In this case, the ‘help’ options include the download of an Excel file to be sent by fax • A real and legal organization would never do this…. 46
  • 47. Strategy: Protect every vector Antivirus/ Antispyware Data Leak Prevention Secure Content Manager Firewall VPN 47
  • 48. Strategy: Consider other approaches Internet • Effectiveness vs. Efficiency • SaaS approach • UTM devices • More than one solution will leverage your security • Education, education, education • Centralised management 48
  • 49. THANK  YOU Modern  Cyber  Threats  and  How  To   Combat  Them An  ISACA  Panel  moderated  by  Todd  Fitzgerald Panelists: Jack  Callaghan R.  Kinney  Wiliams Ramsés  Gallego