Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vicente Diaz, Senior Virus Analyst Christian Funk, Virus Analyst Marco Preuß, Head of German Research Center Stefan Tanase, Senior Security Researcher.

Published byAshlie Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Vicente Diaz, Senior Virus Analyst Christian Funk, Virus Analyst Marco Preuß, Head of German Research Center Stefan Tanase, Senior Security Researcher."— Presentation transcript:

1 Vicente Diaz, Senior Virus Analyst Christian Funk, Virus Analyst Marco Preuß, Head of German Research Center Stefan Tanase, Senior Security Researcher Magnus Kalkuhl, Director, Europe, Global Research and Analysis Team 02.03.2011 Corporate Malware Trends 2011 Security Roundtable

2 Mobile malware threats From smart phones to smart threats

3 Low user awareness Source: Smartphone Users Study for Kaspersky Lab 4.7 pts S MARTPHONE (N=1618) 4.7 pts 6.0 pts PC / N OTEBOOK (N=1518) 6.0 pts 5.1 pts T ABLET PC (N=132) 5.1 pts N O R ISK OF M ALWARE I NFECTION E XTREMELY H IGH R ISK OF M ALWARE I NFECTION123456789 How do you estimate the malware infection risk when surfing the web from different devices?

4 For very valuable data

5 And connected to other devices Ok, my mobile was compromised, so what?

6 And bad guys know this and are taking advantage NOW Mobile threats on the rise Source: Kaspersky Lab January 2011

7 Platform Distribution Mobile malware families: 154 Mobile malware variants: 1046 Source: Kaspersky Lab, January 2011

8 Fraud example Let´s suppose someone owns your mobile telephone Attacker has access to: Geolocation Banking application Credit card data These are likely assumptions. Of course it might be the case of having access to more data.

9 Fraud example Let´s suppose someone owns your mobile telephone Dear Mr. Foo, I´m calling you from your YourBank local office in Chelsea. In order to prevent fraud we need to check some details, first I need to ensure you are the holder of the credit card with number xxx-xxx-xxx-xxx. Can you please tell me the number that appears in the back of your card? …

10 Fraud schemes Monetization Pay numbers, SMS premium Migration of PC fraud schemes to mobile devices Ransomware Social engineering: spear phishing on steroids! Your data is valuable…to those that commit fraud! Your money is valuable too!!

11 Recommendations Lock your screen Enable remote security services Back up your data Use encryption Beware of what you install Do not jailbreak/root your device Do not connect to untrusted Wi-Fi access points Do not skip updates AND Do not assume your mobile is safer than your PC

12 The human factor Protection by education

13 User education Raise security awareness of your employees WHY? Is it effective?

14 How susceptible are people to social engineering? ENISA Field Study at the University of Plymouth, UK Test set of 20 mails (11 illegitimate and 9 legitimate) Number of participants: 179 All of them were explicitly aware that they are being tested Source: ENISA (www.ifap.ru/library/book349.pdf) Correctly classifiedIncorrectly classifiedUnsure Legitimate mails36%37%27% Illegitimate mails45%28%26% Overall42%32%26% This study took place in 2008 – the quality of social engineering tactics have improved a lot since then …

15 Who should be educated? Is there a selection to be made? Executives? Human Resources? Research Department? Development Department? Plant Security? Fire Department? Works Council? Dispatch Department? Purchasing Department? Accounts Department? Customer Service? Legal Department? Marketing Department? Supply Chain Management? Facility Management? Quality Management? Advertising Department? Support Department? Finance Department? Logistics Department? IT Department? Materials Administration? Public Relations Department? Secretary? Sales Department? Shipping Department? Everyone !

16 User Education as a key for corporate security Raise security awareness of your employees How to deliver the message: Only telling what not to do doesn't work Showing the whole picture of cybercrime does! IT-security awareness will get more important in times of home offices and mobile devices Employees are part of the corporate IT landscape! Enhance the security within your company by securing the technical infrastructure as well as the human side!

17 “iThreats” Threats beyond Windows

18 Spyware – PremierOpinion Known on Windows since 2008 (Trojan-Spy) Detected on MacOSX in june 2010 Bundled with Applications and Screensaver (e.g. from MacUpdate, VersionTracker, Softpedia) Executed as root (full system access) Opens HTTP-Backdoor Steals data from local- and network-filesystem Sniffs data on network interface Injects code into Safari,Firefox,iChat Can update itself to get new functionality Sends collected data to remote-servers

19 Backdoor – HellRaiser (Reshe) HellRaiser published in 2010 (version 4.2 August 2010) Trojan-package consists of: Trojan (Server) offering full access to victims Mac Control (Client) attackers interface Configurator for the Server SMTP-Grabber for “call-home”-function of the Server version 4.2: public available version 4.4: 15$

20 Rotten apples – Botnet on Mac (Trojan.iServices) Bot-Distribution: pirated iWork 09 and Adobe CreativeSuite 4 (from P2P) PHP-script running as root launched DDoS-attack on websites ~20.000 infections

21 Trojan-Downloader – Jahlav Get primary network interface Modifies DNS-Server Executes perl-script – backdoor client component, communicates with remote server Sends data about local system (OS,CPU,Hostname)

22 Trojan-Downloader – Jahlav DNS-Changer: obfuscated Shell- Script changes DNS-Server on local system (for e.g. phishing, advertising) Can download additional malicious code 11 versions released

23 Source: Secunia Half Year Report 2010 Statistic: Vulnerabilities

24 Cross Platform Works everywhere: Adobe (SWF, PDF) exploits Apple (QuickTime) exploits Firefox (Plugins) Malware Microsoft Office (Macros) Scripts (PHP,Python)...

25 Targeted attacks Beyond Today and Tomorrow

26 By stealing, of course Stealing directly from the user Online banking accounts, credit card numbers, electronic money, blackmailing. What if I don’t have money? Providing IT resources to other cybercriminals Creating botnets, sending spam, DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. Providing access to targeted SMB and enterprise networks for interested 3 rd parties How do cybercriminals make money

27 Targeted attacks: threats to SMBs, enterprises, even beyond

28 What do attackers want? Sensitive source codes Information on future products 3rd party data hosted by the victim Credentials for production systems Executive emails Information about customers Exploring the intranet for other confidential info Easily saleable data is not really targeted What are they after?

29 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010

30 Stuxnet - the supermalware

31 Targeted attacks vs. classic malware

32 Lethal injection vs. a round of bullets Targeted attacks are not epidemics One email is enough, instead of tens of thousands Targeted organizations are either not aware, or don’t publicly disclose information It is hard to get samples for analysis Classic signature-based AV is useless New defense technologies Much higher stakes Intellectual property theft, corporate espionage

33 So, how do they do it?

34 Targeted attacks in 4 steps 1.Profiling the employees Choosing the most vulnerable targets 2.Developing a new and unique malicious program Doesn’t have to bypass all AVs, just the one used by the victim 3.Mixing the malicious payload with a perfectly tailored social engineering strategy 4.Delivering the attack

35 Targeted attacks becoming mainstream

36 So much personal information becomes public on social networks right now Advertisers are already doing it: targeted ads Age, gender, location, interests, field of work, browsing habits, relationships etc. Personal information becoming public

37 Kaspersky Lab’s predictions for this year in the field of IT Security What to watch for in 2011 A whole new generation of more organized and more malevolent malware writers Malware attacks targeting information as well as for financial gain Information becoming the target of the new breed of cybercriminals and another source of income for those already in the game The emergence of Spyware 2.0, a new class of malware that steals users' personal data (identity theft) plus other type of data it can find Spyware 2.0 becoming a popular tool for both new and old players alike An increasing number of attacks on corporate users by traditional cybercriminals and the gradual decline in direct attacks on everyday users Vulnerabilities remaining the principal method of carrying out attacks and a significant increase in the scope and speed with which they are used

38 Growth in data stealing malware 2009 vs. 2010 vs. 2011 2009 vs. 2010 - 87% growth in data stealing malware - 135% growth in Trojan-Spy family 2010 was the first year in which we added more than 100.000 signatures for data stealing malware. 2009 vs. 2010 - 87% growth in data stealing malware - 135% growth in Trojan-Spy family 2010 was the first year in which we added more than 100.000 signatures for data stealing malware.

39 Thank you! Corporate Malware Trends 2011 Security Roundtable

40 Surviving targeted attacks Proper security mindset Lack of user education and awareness Training and policies Reporting process for employees 24/7 security team with extremely fast reaction time Know your “social” friends “I only add people that I have met in real life, twice.” -- Mark Kelly, Facebook CSO The solution is simple: just delete your account! Expect the best, but think of the worst. Don't upload a picture, don't post a link or a comment unless you are prepared to take responsibility for your actions.

41 Surviving targeted attacks Minimize the attack surface Fewer 3 rd party plug-ins: Flash, Acrobat, Java Use alternative browsers Frequent updates and patches Proactive protection technologies provide the necessary edge for remaining secure Sandboxing and virtualization - isolated environments HIPS - Host-based Intrusion Prevention System Behavioral analysis In the cloud services for fast response

Download ppt "Vicente Diaz, Senior Virus Analyst Christian Funk, Virus Analyst Marco Preuß, Head of German Research Center Stefan Tanase, Senior Security Researcher."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Win the Cyberwar on Mobile Banking and Payments

Win the Cyberwar on Mobile Banking and Payments
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Staying Safe How to Identify and Avoid Bad Things.

Staying Safe How to Identify and Avoid Bad Things.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
The Most Dangerous Places on The Web (according to PC World)

The Most Dangerous Places on The Web (according to PC World)
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Similar presentations

Ads by Google