Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

Published byShona Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE."— Presentation transcript:

1 ©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE

2 ©2016 Check Point Software Technologies Ltd. 2 http://blog.checkpoint.co m/wp- content/uploads/2016/04/ 4-pic.png Lawrence Abrams – Bleeping Computer

3 ©2016 Check Point Software Technologies Ltd. 3 Agenda New Attack of Choice Locky Ransomware Samsam What to do?

4 ©2016 Check Point Software Technologies Ltd. NEW ATTACK OF CHOICE 01

5 ©2016 Check Point Software Technologies Ltd. 5 Shift to Ransomware Banker malware was most prominent threat in recent years. Ransomware attacks surged in past 6 months.

6 ©2016 Check Point Software Technologies Ltd. 6 Broader Audience No need to localize or target infections

7 ©2016 Check Point Software Technologies Ltd. 7 Easy Access to funds Bank fraud alerts increase risk of banker attacks Use of bitcoins ̶ Allows transaction to remain untraceable via Tor.

8 ©2016 Check Point Software Technologies Ltd. LOCKY RANSOMWARE 02

9 ©2016 Check Point Software Technologies Ltd. 9 Initial Attacks First reported on February 16, 2016 according to Check Point Analysts. Over 50k attempts per day.

10 ©2016 Check Point Software Technologies Ltd. 10 Initial Attacks Cont’d [Restricted] ONLY for designated groups and individuals Once Macro activated – Payload is downloaded DOC, DOCM, XLS or Javascript Connection to C&C to get encryption keys Data collected: ̶ Whether the targeted machine is part of a corporate network. ̶ Server / workstation. ̶ OS UI language ̶ OS version. ̶ Statistics on each encrypted drive: number of encrypted files, failed file encryptions, and amount of encrypted raw data. Any mounted drive encrypted. (usb, local, network share)

11 ©2016 Check Point Software Technologies Ltd. 11 Evolution of Locky Change in communication pattern. Changes Domain Generation Algorithm (DGA). ̶ New top level domain list (.ru,.info,.biz,.click…) ̶ DGA value calculation more complex Change in payment and decryption instructions file name. ̶ _Lock_recover_instructions ̶ HELP_instructions.txt New Attack Vector via browser exploits Evasion Techniques

12 ©2016 Check Point Software Technologies Ltd. 12 C&C communication – IPS, Anti-Bot AV signatures Sandboxing Locky Detection

13 ©2016 Check Point Software Technologies Ltd. SAMSAM 03

14 ©2016 Check Point Software Technologies Ltd. 14 Targeted Attack Maryland’s MedStar Health hospital network ̶ Jboss Exploit used to breach environment ̶ Install tools: ̶ Credential stealing ̶ Network scanning ̶ RDP ̶ Perform Reconnaissance ̶ Gather administrative passwords ̶ Use scripts to automate Samsam installation

15 ©2016 Check Point Software Technologies Ltd. 15 Expected Evolution Use other exploits besides Jboss ̶ Web Applications most vulnerable ̶ Found via Google search Access to company servers via Mobile Apps Automation ̶ Worm Viruses Target additional industries ̶ Schools are now being targeted ̶ Certain IT departments more vulnerable than others

16 ©2016 Check Point Software Technologies Ltd. WHAT TO DO? 05

17 ©2016 Check Point Software Technologies Ltd. 17 Prevention Backup important files periodically In Windows, enable automatic backups ̶ Worth a shot….. Update AV signatures ̶ Endpoint and Gateways General best practices for avoiding malware infections. ̶ User education ̶ Do you trust sender? ̶ Keep software updated

18 ©2016 Check Point Software Technologies Ltd. 18 Mitigation Forensics Analysis ̶ Obtain malware sample and check against intelligence pools ̶ Proper forensics investigation may uncover encryption key ̶ Network logs and Endpoint Logs ̶ Analyze encrypted files ̶ Get Expert Help – Incident Response Services Stay up to date ̶ www.arstechnica.com www.arstechnica.com ̶ blog.checkpoint.com blog.checkpoint.com ̶ www.theregister.co.uk www.theregister.co.uk ̶ www.bleepingcomputer.com www.bleepingcomputer.com

19 ©2016 Check Point Software Technologies Ltd. 19 Prevention Pays Off….. Should you pay up? −Fahmida Y. Rashid - Infoworld 4 reasons not to pay in a ransomware attack Should you pay up?

20 ©2016 Check Point Software Technologies Ltd. 20 ©2016 Check Point Software Technologies Ltd.

Download ppt "©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE."

Similar presentations

Reuel A. Morales (Sr. Security Analyst, APAC-RTL) 04.29.2008 APAC RTL Clean Tool v5.0 Solution.

Reuel A. Morales (Sr. Security Analyst, APAC-RTL) APAC RTL Clean Tool v5.0 Solution.
Computer Security set of slides 10 Dr Alexei Vernitski.

Computer Security set of slides 10 Dr Alexei Vernitski.
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Similar presentations

Ads by Google