Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Similar presentations


Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,"— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore, BCOMM Territory Manager, Eastern Canada

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2 "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28 th 2012

3 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3 "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28 th 2012

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 Modern times… call for modern measures...

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Top CISO Priorities – 2013 Secure Data and Policy Controls Data exfiltration through the use of multi-protocol outbound channels challenges traditional controls Enable Secure Mobility Mobile devices and policies pose major issues as organizations need to enable secure access to data Advanced Attacks Targeting Data Ensuring security of data-at-rest and data-in-motion continues to be challenged with multi-vectored attacks

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Top 5 Global Risks Source: World Economic Forum

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Technological Risks

8 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 High Profile APT Attacks Are Increasingly Common

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Attacks Increasingly Sophisticated Dynamic Web Attacks Malicious Exploits Spear Phishing s Multi-Vector Delivered via Web or Blended attacks with containing malicious URLs Uses application/OS exploits Multi-Stage Initial exploit stage followed by malware executable download, callbacks and exfiltration Lateral movement to infect other network assets

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Top 5 Modern Malware Trends

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 Trend #1: Motivation is Data “Capitalization” Political, Financial, Intellectual Nature of threats changing –From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating –High profile victims common (e.g., RSA, Symantec, Google) –Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Worms Viruses Disruption Spyware/ Bots Cybercrime Cyber-espionage and Cybercrime Damage of Attacks

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 Trend #2: Modern Malware Targets the Application

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 Hacking? Not so much…

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Polymorphism on demand

16 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 Blog Post?

17 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 RSS Feed?

18 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 Trend #3: Socialized Attack Vectors Spear-Phishing is a social attack –No real technical countermeasure –Users un(der)trained –Effective way to drive malicious traffic –“Whaling” for high return 83% of spam uses URLs –URL shorteners –Social engineering URLs –Still on the decline Browser/App Infection Vectors –Browser itself –ActiveX / Java –Plug-ins (PDF, QuickTime) –Adobe Flash –JavaScript/AJAX Percent of Spam Containing Links Source: Cisco Systems 18

19 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 LinkedIn is a Gold Mine…

20 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 Successful Spear Phish

21 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 Trend #4: It’s not just about files anymore Modern Malware is about a sequence of protocol flows which serve to exploit an application A file may be invoked or transported, but usually after a successful exploit The new reality of Modern Malware or APT is that file- based analysis is inadequate Exploit Downloads Callback ServerInfection Server Data Exfiltration Binary Download Callbacks

22 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 The Attack Life Cycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware executable download Compromised Web Server, or Web 2.0 Site 1 Callback Server IPS 3 2 Malware spreads laterally 4 Data exfiltration 5 File Share 2 File Share 1 5 4

23 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 Exploit Detection is Critical Malware exploits take a similar form: –Write data to memory –Trick the system to execute that code in memory Exploitation of the system is the first stage –Subsequent stages can be hidden –You will miss attacks if relying on object/file analysis Only FireEye detects the exploit stage –Captures resulting stages –Shares globally

24 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Timed Malware

25 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Ho, Ho, Ho… Timed Malware: December 25 th. Where is the IT staff? ;) FireEye works 24/7/365 so you don’t have to events on Xmas.

26 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 Trend #5: Mobile Device Malware

27 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Trend #5: Mobile Malware Incremental (See Timestamp)

28 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 BYOD = Bring Your own DOOM! Source: “Boy Genius”www.bgr.com

29 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 FBI Warning (October 15, 2012) Source:

30 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Thank You! Frank Salvatore, BCOMM Territory Manager, Eastern Canada


Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,"

Similar presentations


Ads by Google