Presentation is loading. Please wait.

Presentation is loading. Please wait.

D r. Paul Judge Chief Research Officer Barracuda Networks The State of Internet Security: Web Attacks Take Over.

Similar presentations


Presentation on theme: "D r. Paul Judge Chief Research Officer Barracuda Networks The State of Internet Security: Web Attacks Take Over."— Presentation transcript:

1 D r. Paul Judge Chief Research Officer Barracuda Networks The State of Internet Security: Web Attacks Take Over

2

3 Half of The Spam Disappeared 3 52 Billion 26 Billion 2010

4 5 Innovations That Caused Security Gaps Habits of Effective Hackers

5 Five Innovations That Created Security Risks

6 One new domain each second 196 million domain names 47 million new sites last year 1. Rapid Growth Source:Verisign

7 Rich site-to-browser interaction Browser is the new operating system Browser is active in the application, not simply a passive display tool 2. Dynamic Web Apps: AJAX

8 3. User-Generated Content Half of Top 100 sites based on UGC 500 million users on Facebook 100 million accounts on Twitter 2.5 billion photos uploaded each month to Facebook 30 million new ads per day on Craigslist

9 20% of the workforce works remotely 1 in 11 organizations had remote workers infected 46% of remote infections come from infected Web sites 4. Remote Employees

10 Smartphone and tablet computing blur the line between personal and business computing Companies must reconsider policies for devices that are not owned by the company 5. New Devices

11 Habits Of Effective Hackers

12 1. Malicious Javascript (Four Habits Of Effective Hackers)

13 USAToday.com ad network compromised (idatrinity.com) Visitors served malicious javascript bundled with ad for Roxio Creator 2009 Automatically directed users to Rogue AV Web site (antivirusquickscanv1.com) through malicious traffic distribution system (liveavantbrowser2.cn) Malvertising

14 Exploited Site (1 of 4)

15 hxxp://dipsy.pbs.org/parents/ptframe/images/bground-leaderboard.jpg instead of: hxxp://www.pbs.org/parents/ptframe/images/bground-leaderboard.jpg Exploited Site (2 of 4)

16 Exploited Site (3 of 4)

17 hxxp://qxfcuc.info/f.cgi?jzo The above URL serves exploits that target a variety of software vulnerabilities, including those in Acrobat Reader (CVE , CVE , and CVE ), AOL Radio AmpX (CVE ), AOL SuperBuddy (CVE ) and Apple QuickTime (CVE ). The domain qxfcuc.info is part of a malware campaign that includes tens of similar websites hosted off of a handful of common IP addresses. Similar exploit code was served from most of these domains, although a handful (e.g., yyoqny.info) display a message that suggests the criminal behind this campaign is compromising systems to build a botnet he will likely later lease. Translated from Russian, that message tells prospective leasers to "Send a message to ICQ # ; stats available under ststst02." Exploited Site (4 of 4)

18 Barracuda Labs Technology: Malicious Javascript Detector (MJD) – Place content in a virtual browser environment – Perform behavioral analysis of javascript to determine its intentions Proxy

19 2. Search Engine Malware (Four Habits Of Effective Hackers)

20 Search Volumes 88,000,000,000 Per Month On Google Sites 24,000,000,000 Per Month On Twitter 9,400,000,000 Per Month On Yahoo Sites 4,100,000,000 Per Month On Microsoft Sites Sources: comScore, Twitter

21 Barracuda Labs Technology: Search Engine Malware Crawler Get Popular Search Terms Hourly Search for Those Terms Retrieve the Set of Search Results Retrieve the Web Sites for the results Analyze the Sites for Malicious Code Add Malicious Sites to Barracuda SPYDEF list

22 Data Set 4 Search Engines (Bing, Google, Twitter, Yahoo) 153 Days 157,154 Popular Topics 36,972,206 Search Results

23 34,627 malware samples found 1 in 1000 search results lead to malware 1 in 5 search topics lead to malware Frequency of Search Engine Malware

24 Total Malware by Search Engine

25 Lebron James

26 Search Engine Malware (1 of 4) 26

27 Search Engine Malware (2 of 4) 27

28 Search Engine Malware (3 of 4)

29 Search Engine Malware (4 of 4)

30 Barracuda Labs Technology: Maltrace: Malware Analysis w. Virtualization Collect thousands of malware samples daily from honeypot network Load samples into Maltrace Maltrace allows the malware to run on a virtual PC Maltrace collects the network traffic generated Maltrace creates signatures based on malicious traffic Adds the signatures to URL, IP and fingerprint databases

31 3. Social Attacks (Four Habits Of Effective Hackers)

32 Facebook Social Attacks

33 Photo ‘Tags’ Up To 50 People

34 Website Selling Fake Illegal Shoes

35 Automated Social Engineering

36 Malicious Facebook Apps

37

38 Likejacking

39

40

41

42

43

44 Twitter – Trending Topics (Step 1 of 3 )

45 Twitter – Trending Topics (Step 2 of 3 ) hxxp://securityland.cn/?uid=144&pid=3&ttl=31c48520c54 which acts as a traffic distribution system for a Rogue AV operation; the chain of redirections ends at one of the following Rogue AV distribution points: hxxp://my- systemscan.com/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2qeNm 6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2Zu Z2tnaWyVYYrJlG0%3D hxxp://my- newprotection.net/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2qeNm 6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2Zu Z2tnaWyVYYrJlG0%3D hxxp://trustsystem- protection.com/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2 qeNm6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2 Y2ZuZ2tnaWyVYYrJlG0%3D

46 Twitter – Trending Topics (step 3 of 3)

47 Barracuda Labs Technology: Twitter Reputation System Process Twitter Public Stream Query Twitter User Database for Other Users Analyze Users’ Activities Analyze Web Links Add Malicious Sites to Barracuda SPYDEF list

48 Twitter Growth Barracuda Networks Confidential Red Carpet Era November 2008 – April % of the Top 50 Twitter users joined Growth rate increased tenfold from 2% in Nov 08 to 21% in April 09

49 Twitter Crime Rate Barracuda Networks Confidential 2006 = 1.2% 2007 = 1.7% 2008 = 2.2% Red Carpet Era: During: Increased 66% 2.0% to 3.4% Crime Rate Four months later: Increased 350% 12% Crime Rate in Oct 2009 Twitter Crime Rate: the number of accounts per hundred created during a particular period of time that are suspended

50

51 4. Web Exploit Kits (Four Habits Of Effective Hackers)

52 Web Exploit Kit Overview – Most exploits served by exploit kits – (ready-made tools sold/used by criminals to attack vulnerable software components – Many exploit sites, but few exploit kit types – a handful of kit types comprise the majority of exploit sites – Examples LuckySploit, Fragus, UniquePack, NucPack Tornado, Fiesta, IcePack, FirePack, MPack

53

54

55 Barracuda Labs Technology: Exploit Kit Detector (EKD) – Leverage the many- to-few relationship between exploit sites and exploit kit types Focus of the handful of kit types that correspond to the majority of exploit sites – Use information invariant to these kits to detect instances of them in a site-independent fashion Proxy

56 Summary

57 Who Is Behind This?

58 The Worlds Greatest Spammers: Where are they now? Alan RalskyScott Richter ‘Godfather of Spam’‘King of Spam’ 70 million s per day100 millions per day #1 of top spammers list#2 and #9 of top spammers list $3 Million profit summer 2005 in pump and dump Chinese penny stocks Over 40,000 ‘Iraq Most Wanted’ card decks sold before printed 2005 FBI raid and investigation2003 New York Attorney General lawsuit 2006 Microsoft lawsuit 2008 Myspace lawsuit

59 The Worlds Greatest Spammers: Where are they now? Alan RalskyScott Richter ‘Godfather of Spam’‘King of Spam’ 70 million s per day100 millions per day #1 of top spammers list#2 and #9 of top spammers list $3 Million profit summer 2005 in pump and dump Chinese penny stocks Over 40,000 ‘Iraq Most Wanted’ card decks sold before printed 2005 FBI raid and investigation2003 New York Attorney General lawsuit 2006 Microsoft lawsuit 2008 Myspace lawsuit 2009: Sentenced to 51 months in Federal prison

60 The Worlds Greatest Spammers: Where are they now? Alan RalskyScott Richter ‘Godfather of Spam’‘King of Spam’ 70 million s per day100 millions per day #1 of top spammers list#2 and #9 of top spammers list $3 Million profit summer 2005 in pump and dump Chinese penny stocks Over 40,000 ‘Iraq Most Wanted’ card decks sold before printed 2005 FBI raid and investigation2003 New York Attorney General lawsuit 2006 Microsoft lawsuit 2008 Myspace lawsuit 2009: Sentenced to 51 months in Federal prison 2009: Founded “Lunatic Games”-a social gaming company

61 Barracuda Labs Threat Intelligence

62 Barracuda Labs Resources Web Sites and Reports – – – – – – Barracuda Labs Annual Threat Report Contact – Paul Judge, Chief Research Officer

63 Servers Barracuda Web Application Firewall Barracuda Web Application Firewalls SSL Acceleration Pipelining Caching Compression Load Balancing OWASP protection Virus scanning Data leakage Cloaking XML Firewall Remote Users Teleworkers

64 Barracuda Web Security Flex 64 Cloud-based content filtering and malware protection On-network appliances when needed for local enforcement Remote and mobile filtering Centralized multi-site management and reporting Unlimited deployment flexibility


Download ppt "D r. Paul Judge Chief Research Officer Barracuda Networks The State of Internet Security: Web Attacks Take Over."

Similar presentations


Ads by Google