New Trends in Security Attacks Final

25 %
75 %
Information about New Trends in Security Attacks Final
Education

Published on June 19, 2007

Author: Belly

Source: authorstream.com

Current Trends in Security Attacks:  Current Trends in Security Attacks By Jim Willoughby, MCSE, CISSP, CISM, CEH Slide2:  Malware Threat Cycle Intrusion Landscape:  Intrusion Landscape Hackers ~75% Script Kiddies ~24% Skilled ~1% Sophisticated Malware - Virus - Worm Mainly payload medium Bot/IRC Kits Spyware - Adware Professionally developed Randamp;D budgets Tied to legit businesses Pay per click Pay per install Motivational Range:  Motivational Range Storage House warez, e.g. pirated movies, games, and / or software Bandwidth Warez downloads Facilitates attacks against others Distributed computing, e.g. password cracking Botnet Extortion / DDoS Identity Theft Spam Phishing Anarchy Vulnerability Spectrum:  Vulnerability Spectrum Code Based Vulnerability Configuration Based Vulnerability Vulnerable services, like FTP and PHP Permissions wide open Weak Passwords Brute Force Social Engineering Trojan Phishing Browsing web-based P2P software Threat Gamut:  Threat Gamut Worms Email Worms Trojans Stealth Viruses Rootkits Alternate Data Streams Phishing Backdoor Adware / Spyware Worms:  Worms Rely on a Code Based Vulnerability for entry Code Red, MSBlaster, SQL Slammer, and Sasser Malicious payloads Usually include an IRC backdoor Host file entries to block AV software update Generally don’t infect other 'files' Replicating parasitic computer programs that and are often unnoticed until bandwidth issues cause network problems Email Worms:  Email Worms Social engineering attack User is tricked into running the virus Originally relied on mail systems Many include their own SMTP engine to spread Include a malicious payload Trojan Macro Virus SPAM Browsing as Vulnerability:  Browsing as Vulnerability Attacking the browser Active Scripting Unpatched browser vulnerabilities Java Script Vulnerabilities Cross Zone Scripting attacks Malicious web sites and emails Spam Popup User enticed by phishing Dangerous Surf:  McAfee study finds that major search engine results point users towards risky sites. Dangerous sites up to as much as 72 per cent of results for certain popular keywords, 'free screen savers' 'digital music' 'popular software' 'singers' 'sponsored' results - paid for by advertisers - are more dangerous than non-sponsored results. 8.5 per cent of sponsored links were found to be dangerous 3.1 per cent of regular search results. Dangerous Surf Spyware and Adware:  Spyware and Adware Viruses may no longer be the top security threat Motivation purely financial Difficult to classify Many walk a fine line Main software is compliant, but installed by a malicious dropper Techniques similar virus world Trojan droppers Phone home and auto-update Rootkits Spyware Entry :  Spyware Entry Can be installed through bundle It comes with a desirable application Can be installed by itself The program has some useful functionality and some Pushing the technology envelope Click and you are owned Unpatched browser vulnerabilities Java vulnerabilities Social Engineering BotnetsWhere organized crime and cyber crime meet:  Botnets Where organized crime and cyber crime meet Organized Hacker gangs Client and server Tools Back door IRC Control channel Rootkits Dynamic DNS Dutch Police Crush Big 'Botnet,' Arrest Trio Toxbot (aka Codbot) A huge network of 100,000 PCs was used to conduct a denial-of-service attack in an extortion attempt, Also used to extort a U.S. company, steal identities, and distribute spyware Dutch prosecutors now say the botnet appears to contain around 1.5 million machines. Evolving Motivation:  Evolving Motivation Money Power Notoriety According to Panda 70% of new malware detected by the developer’s scanning service in the first quarter had a cybercrime or financial motive 40% of the new malware detected was spyware Evolution of Players:  Evolution of Players Hackers and Gangs Criminals Professional Development Environment According to Panda: Rise in popularity of Trojans and the relative waning of traditional virus attacks. Email worms were generating masses of headlines and hysteria, now they garner just 4% of new malware 'Trojans… accounted for 47 per cent of new examples of malware Organized Crime and the Internet:  Organized Crime and the Internet A recent McAfee study into organized crime and the internet suggests Increase in money making cyber scams. 'New hierarchy of cyber criminals' Each level, from amateur to professional, has different tactics and motives. Development in recent years of cyber gangs, who sit at the top of the cybercrime chain. Advanced groups of career criminals and hackers agree to cooperate, plan and execute long term attack strategies little interest to the socially-motivated hacker or script kiddy,' McAfee reports. Malware Future Trends:  Malware Future Trends Marriage of botnets and spyware According to McAfee bots fuel spyware boom Zombie bots such as Gaobot, MyTob and SDbot are often central to the spread of spyware. Exploited machines using backdoor techniques has increased over 63 per cent Often results in spyware and adware being downloaded onto affected systems Recent Headlines Botnet master jailed for five years A 20-year-old Los Angeles man used the 'rxbot' Trojan horse program to find and take control of a 400,000 Windows machine botnet He then installed ad-delivery programs from two adware firms: Quebec-based Gammacash LOUDcash, which was purchased by 180solutions and renamed ZangoCash Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Future Malware Trends:  Future Malware Trends Blended Threats:  Blended Threats Include aspects of all major viruses Worm characteristics Entry points Code Based Vulnerability for MS and 3rd party software Include brute force password dictionary Spread by crawling networks Mail Worm functionality Data mines the local system for addresses Spread using an SMTP engine Often include Rootkit Payload includes spyware droppers NextGen Worm Examples:  NextGen Worm Examples 'Swiss army knife' worm W32.Nugache.A spreads via email IM channels peer-to-peer element Control channel uses TCP port 8 rather than IRC Similar to The Linux worm Slapper Mytob's Hackers May Spawn Unstoppable 'Super Worm' Mytob Family Includes code borrowed from MyDoom and Rbot All Mytobs share characteristics such as: hijacking addresses from compromised PCs spread using its own SMTP engine dropping in a backdoor Trojan shut down security software Spyware Trends:  Spyware Trends Ransomware Uninstall program will not work unless you pay a fee / ransom Faux Anti-Spyware, registry cleaners GpCode and Krotten Trojans prevent boot until fee is paid Reinstalled by Droppers Recent Droppers Using Rootkit Techniques CoolWebSearch Apropos SpyAxe Look2Me Social Engineering:  Social Engineering Some cases require the end user to go to great extents to get infected, such as: Password protected compressed files Renamed file extensions Install prerequisite software Classic Trojan examples Holiday themed items Pornography Games Recent Trojan examples Sudoku used as bait for adware World Cup Wall Chart Trojan World of Warcraft Virtual Gold Cross-Platform Viruses:  Cross-Platform Viruses Not just a Windows Issue Profit is platform independent Social Engineering Appears Eternal FUD? Linux Malware Cross-Platform Virus Targets Windows / Linux Not a new idea Mac malware Proof of concept code exists for a number of known vulnerabilities Most AV companies have issued warnings this year What About the Hackers:  What About the Hackers Warez servers are still around, but often serve multiple functions Botnet controller Spam generator Attack Platform Rootkits are commonplace Hacker Defender, AFXRootkit, and FURootkit Buggy malware often indicates its presence System or service crash Missing services files Common tools no longer function Best guidance for hacked systems will always be a secure rebuild The Weakest Link:  The Weakest Link BOTNET Controllers must be discoverable Originally use hard coded IPs Use Dynamic DNS All discoverable and easy to defeat Control channel defined in malware code Block protocol Monitor with IDS Web browsing clients must be lured Phishing emails Often easy to determine from infected host Shorter list that you might think MS Honey Monkey and others, such as McAfee SiteAdvisor, scan for threats What Can I Do Now?:  What Can I Do Now? Apply ALL Security Updates Disable superfluous services Block unsolicited inbound traffic Require Strong passwords Updated Anti-Virus andamp; Anti-Spyware products End user education Safe Browsing Safe Email Run with least user rights Audit for compliance Microsoft Security Products:  Microsoft Security Products Windows Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx Windows Software Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx Microsoft Baseline Security Analyzer http://www.microsoft.com/technet/security/tools/mbsahome.mspx Microsoft OneCare http://www.windowsonecare.com Microsoft Client Protection http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx Network Access Protection http://www.microsoft.com/technet/itsolutions/network/nap/default.mspx Windows Vista http://www.microsoft.com/windowsvista/default.aspx Built in Windows Defender and MSRT Better Firewall User Account Control Windows Longhorn http://www.microsoft.com/windowsserver/bulletins/longhorn/beta1.mspx References and Links:  References and Links Panda Quarterly Report http://www.pandasoftware.com/pandalabsQ12006 Rootkits, Part 1 of 3: The Growing Threat, McAfee Whitepaper http://download.nai.com/products/mcafee-avert/WhitePapers/AKapoor_Rootkits1.pdf Malware Evolution, Kaspersky Labs http://www.viruslist.com/en/analysis?pubid=184012401 The Safety of Internet Search Engines, McAfee SiteAdvisor http://www.siteadvisor.com/studies/search_safety_may2006.html Trojans are the New Model Army http://www.theregister.co.uk/2006/05/08/malware_survey Virus writers get into cyber-extortion http://www.theregister.co.uk/2006/04/21/kaspersky_malware_trends_update Malicious Bots Hide Using Rootkit Code http://www.eweek.com/article2/0,1895,1816972,00.asp Alleged Pop-Up Hacker Busted http://www.wired.com/news/technology/0,1282,69480,00.html?tw=wn_tophead_2 The New Apple of Malware’s Eye: Is Mac OS X the Next Windows? McAfee Whitepaper http://download.nai.com/products/mcafee-avert/WhitePapers/NewAppleofMalwaresEye.pdf Cross platform virus PoC http://isc.sans.org/diary.php?storyid=1248andamp;rss Hackers control bot client over P2P http://www.theregister.co.uk/2006/05/02/nugache_worm

Add a comment

Related presentations

Related pages

Targeted Attack Campaigns and Trends: 2014 Annual Report ...

2016 SECURITY PREDICTIONS. From new ... maintenance can be considered as the final “stage” of a targeted attack, ... Targeted Attack Campaigns and ...
Read more

Information Security Trends - eSecurity Planet

Security Trends ... Cyber insurance and new approaches to security ... Health care experiences 340 percent more security incidents and attacks ...
Read more

EGYPT’S RISING SECURITY THREAT

Egypt’s Rising Security Threat ... of effective security strategy. The final sections ... more attacks after June 2013, but new trends and ...
Read more

IT Security Trends | Network Security Trends to Watch | Sophos

Trends to Watch in 2014 By ... New attacks initiated by traditional malware actors may ... While we expect that new security features in the Android ...
Read more

Tsunami SYN Flood Attack – A New Trend in DDoS Attacks ...

Tsunami SYN-Flood DDoS Attack, a dangerous trend | Security Affairs - ... Tsunami SYN Flood Attack – A New Trend in DDoS Attacks? | Radware Blog ...
Read more

Security Predictions 2013-2014: Emerging Trends in IT and ...

Security Laboratory. Security ... West 2012 instructors on emerging security trends: ... fact about the new HTML5 web specification is that ...
Read more

Security Predictions 2012 & 2013 - The Emerging Security ...

Awareness helps reduce the effectiveness of security attacks and at the ... This is not a new trend, ... The Final Word on Security Predictions in 2011 ...
Read more

Blurring Boundaries: Trend Micro Security Predictions for 2014

hole attacks, new exploits of choice, ... trend, which will allow ... Trend Micro Security Predictions for 2014 Author:
Read more

TrendLabs - Threat Encyclopedia - Trend Micro USA

... Trend Micro Security ... Through good threat intelligence, targeted attacks can ... threat intelligence deliverables such as reports on new ...
Read more

New Research on Cyber-Attack Trends: Radware 2014-2015 ...

... […] New Research on Cyber-Attack Trends: Radware 2014-2015 Global Application & Network Security Rep… ...
Read more