Cosc 4765 SOPHOS Security Threat report about 2013 (and predictions for 2014)

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

7 Effective Habits when using the Internet Philip O’Kane 1.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Security for Internet Every Day Use Standard Security Practices and New Threats.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Tim Fredrick March 2010 NCAR/ACD/NESL Computing The Mebroot/Torpig threat UCAR Malware incidents.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Trojan Virus Presented by Andy Lindberg & Denver Bohling.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Botnets An Introduction Into the World of Botnets Tyler Hudak
Tyler’s Malware Jeopardy $100 VirusWormSpyware Trojan Horses Ransomware /Rootkits $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500.
Introduction Our Topic: Mobile Security Why is mobile security important?
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Cyber Crimes.
Viruses.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Staying Safe Online Keep your Information Secure.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.
IT security By Tilly Gerlack.
I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
The Strickland Group Founded in employees Information Technology consulting – Software Development – HelpDesk Support – Network Infrastructure.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer security By Isabelle Cooper.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.
INTRODUCTION & QUESTIONS.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Cybersecurity Test Review Introduction to Digital Technology.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Office 365 is cloud- based productivity, hosted by Microsoft. Business-class Gain large, 50GB mailboxes that can send messages up to 25MB in size,
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Android and IOS Permissions Why are they here and what do they want from me?
Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.
Websms Offers Professional Messaging Solutions via Web, , Gateway or Directly Out of Excel (Online) on the Microsoft Office 365 Platform OFFICE 365.
R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
OFFICE 365 APP BUILDER PROFILE: Druva
WorkDiff Mobile, Scenario-Based Collaboration Solution WorkDiff Allows Users to Work Differently While Using Familiar Functions of Microsoft Office 365.
Office 365 is cloud-based productivity, hosted by Microsoft.
SmartHOTEL Planner Add-In for Outlook: Office 365 Integration Enhances Room Planning, Booking, and Guest Management for Small Hotels and B&Bs OFFICE 365.
SocialBoards Self-Service, Multichannel Support Ticket Notifications in Microsoft Office 365 Groups Help Customer Care Teams to Provide Better Care OFFICE.
 Security is a must today. If your device is not secure with updated antivirus then it is surely vulnerable to the attacks of dangerous viruses, spyware.
Risk of the Internet At Home
+Vonus: An Intuitive, Cloud-Based Point-of-Sale Solution That’s Powered by Microsoft Office 365 with Tools to Increase Sales Using Social Media OFFICE.
File Manager for Microsoft Office 365, SharePoint, and OneDrive: Extensible Via Custom Connectors in Enterprise Deployments, Ideal for End Users OFFICE.
LP+365 App Transforms Office 365 into a Learning Management System That Promotes Digital Literacy and Encourages All Students to Develop Together OFFICE.
The Internet of Unsecure Things
Yooba File Sync: A Microsoft Office 365 Add-In That Syncs Sales Content in SharePoint Online to Yooba’s Sales Performance Management Solution OFFICE 365.
Reportin Integrates with Microsoft Office 365 to Provide an End-to-End Platform for Financial Teams That Simplifies Report Creation and Management OFFICE.
Threat Landscape Update
Presentation transcript:

Cosc 4765 SOPHOS Security Threat report about 2013 (and predictions for 2014)

Side note Independent test lab AV-Test, discovers it’s 50 millionth virus/malware (Jan 26, 2011) – 220,000 new malware each day 9,166 every hour or 152 every minute or about 2.5 every second. – History: 1985: 553 different viruses 2000: 176, : about 1 million 2010: about 20 million new malware variants 2013: about 83 million new malware variants – Source:

A bad day comes. April 8, 2014 – The end security updates for Windows XP Office 2003 What dangerous “zero-day-forever” attacks may follow it.

All pictures and data are from SOPHOS 2013 report.

Botnets Grow in Size & Stealth In the past 12 months, infected networks of computers called botnets have become more widespread, resilient and camouflaged—and they’re spreading dangerous new payloads like the nasty Cryptolocker ransomware. – Zeus source, leads to Gameover Which has a P2P Command&Control structure – ZeroAccess Botnet In least than 2 weeks, undoes all the countermeasures by antivirus companies. – Watch: Cryptolocker in Action Watch: Cryptolocker in Action

Botnets Grow in Size & Stealth (2) Ransomware has become more common, because fake AV and alert scams are now failing. Banking malware – Carberp steals over $250 million! – Malware like shylock/caphaw botnets targets customers of Barclays, Bank of America, Capital One, Citi, and Wells Fargo.

Botnets Grow in Size & Stealth (3) More use of the “Darknet” – Hidden networks such as Tor that are designed to resist surveillance. – Wikileaks and many people use it to protect sources. – Botnet C&C servers are hidden in the Tor network as well.

Botnet Bitcoin Mining The masters of the ZeroAccess botnet for a short time in 2013 used its computing power to create (or mine) bitcoins, the virtual currency. Back Channels and Bitcoins: ZeroAccess' Secret C&C Communications Back Channels and Bitcoins: ZeroAccess' Secret C&C Communications

Spam Reinvents Itself. From penny stock pump-and-dump schemes to natural weight loss scams, some spam just never goes away. In 2013, distributed networks of servers helped keep spam under the radar of filters, a technique called “snowshoe spamming.” – Distribute the load across a large area (botnet), so they don’t sink like snow shoes. Uses many IPs so it harder to filter spam out.

Android Malware Android malware continues to grow and evolve. – The Android Market place is an “open place” – Watch those permissions when installing. Does the facebook app really need all these permissions? – Call phone number, read your text messages, record audio, full location services, read/write contacts, read/write call log – Add/modify calendar events, Read confidential information » “send to guest without owners’ knowledge” – Read/Modify/delete the content of USB storage – Add/remove accounts, find accounts on the device – Change network connectivity, connect/disconnect wifi, download files without notification – Retrieve and Reorder running apps – Draw over other apps, prevent phone from sleeping, control vibration, change audio settings, read and change sync settings, expand/collapse status bar – And last install shortcuts and send “sticky broadcasts”.

Android Malware (2) Ransomware: – for the first time in 2013 began infecting smartphones and other Android devices. Botnets, mostly in China – Send premium SMS messages that charge the user. GinMaster: A Case Study in Android Malware

Android Malware (2)

Windows: The Growing Risk of Unpatched Systems The two known big ones are WinXP and Office2010. – Here the real issue, because it’s not your PC. All though 31% of all PCs are running winXP. – There are millions of Point of Sale devices (POS) Running WinXP, some still running Win2K. These handle Credit card information! – And a really scarey note, many medical devices are WinXP as well….

Windows: The Growing Risk of Unpatched Systems (2) So Win8/7/Vista are not new code. A vulnerability in one those will point to a now (possible) unpatched vulnerability in WinXP.

Web-Based Malware dangerous, difficult-to-detect web server attacks by Darkleech and exploit kits like Redkit have been responsible for more drive- by download attacks against vulnerable web users. – DarkLeech compromised over 40K domains Delivered ransomware and other malware to users. – Mostly in “drive-by attacks” 93% of infected sites were running Apache.

Web-Based Malware (2) Using kits (such as Blackhole and others) – Attacking Java, Adobe PDF and Flash – Other third party plugins. – Stopping most “drive by-attacks”. Plugins like no-script help, since no javascript, no java, no nothing. Back to the “stone age” of browsers. Unless there is an exploit in the browser itself of course.

Web-Based Malware Malware 101: – About an hour long video for beginning on how malware works and spreads.

Threats to Your Financial Account We are seeing more advanced persistent threats (APTs)—persistent, targeted, hard-to- detect attacks—aimed at compromising financial accounts. – What is APTs? Watch: APTsWatch: APTs

Threats to Mac OS X Mac malware is becoming more widespread, with new versions of Mac Trojans, adware and ransomware emerging in And like Windows, a number of still common version of the Mac OS X are no longer receiving security updates.

Threats to linux growing Why? – Linux servers are widely used to run websites and deliver web content, making them and the software running on them prime targets of attack. – IE, it’s all about deliverables.

Trends to watch for in 2014 Attacks on corporate and personal data in the cloud More complex Android malware – Going after person data and financial data on phones! – Attempts to spread via social networks as well. 64bit only malware. At least it won’t work on 32bit OSs.

Trends to watch for in 2014 (2) Hacking Everything – Attacks will continue to increase, but not to critical levels in – Infrastructure – “Internet of Things” From thermostats, network printers, and anything connected to the network.

References center/security-threat- report.aspx?utm_source=Non- Campaign&utm_medium=AdWords&utm_campa ign=NA-AW-GB-Security-Threat- Report&utm_content=Security-Threat- Report&utm_term=sophos%20security%20threat %20report center/security-threat- report.aspx?utm_source=Non- Campaign&utm_medium=AdWords&utm_campa ign=NA-AW-GB-Security-Threat- Report&utm_content=Security-Threat- Report&utm_term=sophos%20security%20threat %20report trends/security-trends/network-security-top- trends.aspx trends/security-trends/network-security-top- trends.aspx

Q A &

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.