Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD.

Published byAllen Curtis Modified over 10 years ago

Similar presentations

Presentation on theme: "Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD."— Presentation transcript:

1 Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD MILTON

2 Riddle Me This… Hint: Aka – FRAN or STAN

3 11, 12 and 13 (so far) bloodiest years on record… White House eCard (spear-phishing) HBGary Federal (social engineering) Night Dragon (spear-phishing) London Stock Exchange Website (watering-hole) French Finance Ministry (spear-phishing) Dupont, J&J, GE (spear-phishing) Charlieware (poisoned SEO) Nasdaq (spear-phishing) Office of Australian Prime Minister (spear-phishing) RSA (spear-phishing) Epsilon (spear-phishing) Barracuda Networks (spear-phishing) Oak Ridge National Labs (spear-phishing) Lockheed Martin (spear-phishing) Northrup Grumman (spear-phishing) Gannet Military Publications (spear-phishing) PNNL (spear-phishing) ShadyRAT (spear-phishing) DIB and IC campaign (spear-phishing) Voho campaign (watering-holes and spear-phishing) Mirage campaign (spear-phishing) Elderwood campaign (spear-phishing) White House Military Office (spear-phishing) Telvent compromise (spear-phishing) Council on Foreign Relations (watering hole) Capstone Turbine (watering hole) RedOctober (spear-phishing) Speedtest.net (watering-hole/drive-by) DoE (spear-phishing) Federal Reserve (spear-phishing) Bit9 (TBD) NYT, WSJ, WaPO (spear-phishing) Apple, Microsoft, Facebook (watering-hole) National Journal (watering hole) FemmeCorp (watering holes) South Korea (spear-phishing) 11 Energy Firms (spear-phishing) Cannot keep this slide up to date… A Problem of Pandemic Proportions

4 Competitive Futures Are at Stake Theirs Ours The good news is…theyre stealing petabytes worth of data… The bad news is…in time, theyll have sorted through it all

5 The Primary Target – The Unwitting Accomplices The User The #1 Attack Vector = Ubiquitous usage of Internet and Email has enabled adversaries to shift tactics Prey on human psychology Spear Phishing – The New Black Drive by Downloads Malicious sites Weaponized Attachments Watering Hole Attacks Hijacked trusted sites Trust in social networks Facebook, Twitter, LinkedIn Faith in Internet search engines Poisoned SEO User Initiated Infections Fake A/V and fear mongering

6 Alarming Malware Statistics 280 million malicious programs detected in April 2012* 80,000+ new malware variants daily ** 134 million web-borne infections detected (48% of all threats) in April 2012* 24 million malicious URLs detected in April 2012* 30,000+ new malicious URLs daily** 95% of APTs involve spear- phishing*** Organizations witnessing an average of 643 malicious URL events per week*** 225% increase from 2012** * Kaspersky April 2012 Threat Report ** Panda Labs Q1 2012 Internet Threat Report *** FireEye September 2012 Advanced Threats Report ****Both Mandiant and Trend Micro – 2013 Reports

7 KIA – Mandiant APT-2 Spear-Phish www.invincea.com/blog www.invincea.com/blog or - http://https://www.invincea.com/2 013/02/mandiant-report-spear- phishing-campaign-kia-with- invincea-cve-2011-0611/

8 Java - Getting Bullied…

9 Enterprise Security Architecture for Addressing APT Firewalls/Web Proxies Network Controls Anti-Virus Forensics and IR User Training In Use | Confidence* 84% 66% 34% 92% 64% 31% 55% 52% 17% 40% App Whitelisting 22% 49% *Invincea APT Survey Q4 2012

10 Einsteins Definition of Insanity Patching software as vulnerabilities are made public Detecting intruders and infected systems after the fact Recovering and restoring the infected machines back to a clean state Security Insanity Cycle

11 Addressing the Critical Vulnerability in Java 7 Uninstall Java…

12 Addressing the Critical Vulnerability in IE Stop Using IE…

13 Addressing the Pandemic of Spear-Phishing Dont Click on Links You Dont Trust…

14 An Alternative to Bad Advice Not quite…but pretty darn close…

15 Rethink Security If…you could negate user error And…contain malware in a virtual environment And…stop zero-days in their tracks without signatures Then…preventing APTs would be possible Making Prevention Possible Again

16 Solve the User Problem Protect the User SOC Server Appliance Enterprise Endpoint Application & Data Collection

17 Contain the Contaminants Prevention Pre-Breach Forensics Protect every user and the network from their error Feed actionable forensic intelligence without the breach Detection Detect zero-day attacks without signatures

18 Mapping the APT Kill Chain Stage 1: Reconnaissance Research the target Stage 2: Attack Delivery Spearphish with URL links and/or attachment Stage 5: Internal Recon Scan network for targets Stage 3: Client Exploit & Compromise Vulnerability exploited or user tricked into running executable Stage 8: Stage Data & Exfil Archive/encrypt, leak to drop sites Stage 4: C2 Remote Command & Control. Stage 6: Lateral Movement Colonize network Stage 7: Establish Persistence Root presence to re-infect as machines are remediated Stage 9: Incident Response Analysis, remediation, public relations, damage control

19 Invincea – Breaking the APT Workflow Containment | Detection | Prevention | Intelligence Highly targeted apps run in contained environment Behavioral based detection spots all malware including 0-days Automatic kill and remediation to clean state Forensic intelligence on thwarted attacks fed to broader infrastructure Threat Data Server

20 Real World Results 0days K.I.A.

21 KIA – Speedtest.net Drive-by Java 7 CVE-2013-0422 Drive-by Download/Watering Hole Attack Thwarted by Invincea Exploit running for days on Speedtest.net website (boasts 4 BILLION+ visits) Whitelisted or blacklisted website? More than likely whitelisted Increasingly common poisoning tactic from adversaries Detected without signatures, immediately killed and forensically analyzed by Invincea www.invincea.com/blog www.invincea.com/blog or - http://www.invincea.com/2013/02/ popular-site-speedtest-net- compromised-by-exploitdrive-by- stopped-by-invincea/

22 KIA – Adobe Flash CVE-2013-0634 Weaponized Office Document (Word) Used to Spread Adobe 0day (CVE 2013-0634) Spoofed document looking like IEEE as the author (community of interest being targeted) No protection from anti-virus given 0day nature Increasingly common poisoning tactic from adversaries Detected without signatures, immediately killed and forensically analyzed by Invincea www.invincea.com/blog www.invincea.com/blog or - http://www.invincea.com/2013/02/ exploit-down-analysis-and- protection-against-adobe-flash- exploit-cve-2013-0634/

23 KIA – National Journal Website Drive-by Download/Watering Hole Attack Thwarted by Invincea Exploit running on National Journal website days AFTER initial disclosure (secondary attack?) Whitelisted or blacklisted website? More than likely whitelisted Running Fiesta/ZeroAccess Exploit Kit – attacking 2 Java vulnerabilities Detected without signatures, immediately killed and forensically analyzed by Invincea www.invincea.com/blog www.invincea.com/blog or - http://www.invincea.com/2013/03/ kia-nationaljournal-com-pushing- malware-through-fiesta-ek-killed- with-invincea/

24 Chadd Milton: chadd.milton@invincea.com chadd.milton@invincea.com Go ahead…spear-phish me! www.invincea.com Twitter: @Invincea www.invincea.com Want a t-shirt? Drop a note to megan.cavanaugh@invincea.com – only one catch, youve got to tweet a pic of you wearing it!megan.cavanaugh@invincea.com Lets Get Moving

Download ppt "Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD."

Similar presentations

Viruses & Spyware A Module of the CYC Course – Computer Security 8-28-10.

Viruses & Spyware A Module of the CYC Course – Computer Security
Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
Intrusion Prevention anno 2012: Widening the IPS concept.

Intrusion Prevention anno 2012: Widening the IPS concept.
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
© Blue Coat Systems, Inc. 2011. All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.

Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Spear-Phishing, Watering Holes, Drive-by Downloads The Need for Rapid Endpoint Security Innovation Security without Limits Darin Dick.

Spear-Phishing, Watering Holes, Drive-by Downloads The Need for Rapid Endpoint Security Innovation Security without Limits Darin Dick.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
Anup Ghosh Founder and CEO Invincea, Inc. www.invincea.com.

Anup Ghosh Founder and CEO Invincea, Inc.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

Similar presentations

Ads by Google