New Trends in Security Attacks Final

Information about New Trends in Security Attacks Final

Published on June 19, 2007

Author: Belly

Source: authorstream.com

Content

Current Trends in Security Attacks:  Current Trends in Security Attacks By Jim Willoughby, MCSE, CISSP, CISM, CEH Slide2:  Malware Threat Cycle Intrusion Landscape:  Intrusion Landscape Hackers ~75% Script Kiddies ~24% Skilled ~1% Sophisticated Malware - Virus - Worm Mainly payload medium Bot/IRC Kits Spyware - Adware Professionally developed Randamp;D budgets Tied to legit businesses Pay per click Pay per install Motivational Range:  Motivational Range Storage House warez, e.g. pirated movies, games, and / or software Bandwidth Warez downloads Facilitates attacks against others Distributed computing, e.g. password cracking Botnet Extortion / DDoS Identity Theft Spam Phishing Anarchy Vulnerability Spectrum:  Vulnerability Spectrum Code Based Vulnerability Configuration Based Vulnerability Vulnerable services, like FTP and PHP Permissions wide open Weak Passwords Brute Force Social Engineering Trojan Phishing Browsing web-based P2P software Threat Gamut:  Threat Gamut Worms Email Worms Trojans Stealth Viruses Rootkits Alternate Data Streams Phishing Backdoor Adware / Spyware Worms:  Worms Rely on a Code Based Vulnerability for entry Code Red, MSBlaster, SQL Slammer, and Sasser Malicious payloads Usually include an IRC backdoor Host file entries to block AV software update Generally don’t infect other 'files' Replicating parasitic computer programs that and are often unnoticed until bandwidth issues cause network problems Email Worms:  Email Worms Social engineering attack User is tricked into running the virus Originally relied on mail systems Many include their own SMTP engine to spread Include a malicious payload Trojan Macro Virus SPAM Browsing as Vulnerability:  Browsing as Vulnerability Attacking the browser Active Scripting Unpatched browser vulnerabilities Java Script Vulnerabilities Cross Zone Scripting attacks Malicious web sites and emails Spam Popup User enticed by phishing Dangerous Surf:  McAfee study finds that major search engine results point users towards risky sites. Dangerous sites up to as much as 72 per cent of results for certain popular keywords, 'free screen savers' 'digital music' 'popular software' 'singers' 'sponsored' results - paid for by advertisers - are more dangerous than non-sponsored results. 8.5 per cent of sponsored links were found to be dangerous 3.1 per cent of regular search results. Dangerous Surf Spyware and Adware:  Spyware and Adware Viruses may no longer be the top security threat Motivation purely financial Difficult to classify Many walk a fine line Main software is compliant, but installed by a malicious dropper Techniques similar virus world Trojan droppers Phone home and auto-update Rootkits Spyware Entry :  Spyware Entry Can be installed through bundle It comes with a desirable application Can be installed by itself The program has some useful functionality and some Pushing the technology envelope Click and you are owned Unpatched browser vulnerabilities Java vulnerabilities Social Engineering BotnetsWhere organized crime and cyber crime meet:  Botnets Where organized crime and cyber crime meet Organized Hacker gangs Client and server Tools Back door IRC Control channel Rootkits Dynamic DNS Dutch Police Crush Big 'Botnet,' Arrest Trio Toxbot (aka Codbot) A huge network of 100,000 PCs was used to conduct a denial-of-service attack in an extortion attempt, Also used to extort a U.S. company, steal identities, and distribute spyware Dutch prosecutors now say the botnet appears to contain around 1.5 million machines. Evolving Motivation:  Evolving Motivation Money Power Notoriety According to Panda 70% of new malware detected by the developer’s scanning service in the first quarter had a cybercrime or financial motive 40% of the new malware detected was spyware Evolution of Players:  Evolution of Players Hackers and Gangs Criminals Professional Development Environment According to Panda: Rise in popularity of Trojans and the relative waning of traditional virus attacks. Email worms were generating masses of headlines and hysteria, now they garner just 4% of new malware 'Trojans… accounted for 47 per cent of new examples of malware Organized Crime and the Internet:  Organized Crime and the Internet A recent McAfee study into organized crime and the internet suggests Increase in money making cyber scams. 'New hierarchy of cyber criminals' Each level, from amateur to professional, has different tactics and motives. Development in recent years of cyber gangs, who sit at the top of the cybercrime chain. Advanced groups of career criminals and hackers agree to cooperate, plan and execute long term attack strategies little interest to the socially-motivated hacker or script kiddy,' McAfee reports. Malware Future Trends:  Malware Future Trends Marriage of botnets and spyware According to McAfee bots fuel spyware boom Zombie bots such as Gaobot, MyTob and SDbot are often central to the spread of spyware. Exploited machines using backdoor techniques has increased over 63 per cent Often results in spyware and adware being downloaded onto affected systems Recent Headlines Botnet master jailed for five years A 20-year-old Los Angeles man used the 'rxbot' Trojan horse program to find and take control of a 400,000 Windows machine botnet He then installed ad-delivery programs from two adware firms: Quebec-based Gammacash LOUDcash, which was purchased by 180solutions and renamed ZangoCash Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Malware Future Trends:  Malware Future Trends Future Malware Trends:  Future Malware Trends Blended Threats:  Blended Threats Include aspects of all major viruses Worm characteristics Entry points Code Based Vulnerability for MS and 3rd party software Include brute force password dictionary Spread by crawling networks Mail Worm functionality Data mines the local system for addresses Spread using an SMTP engine Often include Rootkit Payload includes spyware droppers NextGen Worm Examples:  NextGen Worm Examples 'Swiss army knife' worm W32.Nugache.A spreads via email IM channels peer-to-peer element Control channel uses TCP port 8 rather than IRC Similar to The Linux worm Slapper Mytob's Hackers May Spawn Unstoppable 'Super Worm' Mytob Family Includes code borrowed from MyDoom and Rbot All Mytobs share characteristics such as: hijacking addresses from compromised PCs spread using its own SMTP engine dropping in a backdoor Trojan shut down security software Spyware Trends:  Spyware Trends Ransomware Uninstall program will not work unless you pay a fee / ransom Faux Anti-Spyware, registry cleaners GpCode and Krotten Trojans prevent boot until fee is paid Reinstalled by Droppers Recent Droppers Using Rootkit Techniques CoolWebSearch Apropos SpyAxe Look2Me Social Engineering:  Social Engineering Some cases require the end user to go to great extents to get infected, such as: Password protected compressed files Renamed file extensions Install prerequisite software Classic Trojan examples Holiday themed items Pornography Games Recent Trojan examples Sudoku used as bait for adware World Cup Wall Chart Trojan World of Warcraft Virtual Gold Cross-Platform Viruses:  Cross-Platform Viruses Not just a Windows Issue Profit is platform independent Social Engineering Appears Eternal FUD? Linux Malware Cross-Platform Virus Targets Windows / Linux Not a new idea Mac malware Proof of concept code exists for a number of known vulnerabilities Most AV companies have issued warnings this year What About the Hackers:  What About the Hackers Warez servers are still around, but often serve multiple functions Botnet controller Spam generator Attack Platform Rootkits are commonplace Hacker Defender, AFXRootkit, and FURootkit Buggy malware often indicates its presence System or service crash Missing services files Common tools no longer function Best guidance for hacked systems will always be a secure rebuild The Weakest Link:  The Weakest Link BOTNET Controllers must be discoverable Originally use hard coded IPs Use Dynamic DNS All discoverable and easy to defeat Control channel defined in malware code Block protocol Monitor with IDS Web browsing clients must be lured Phishing emails Often easy to determine from infected host Shorter list that you might think MS Honey Monkey and others, such as McAfee SiteAdvisor, scan for threats What Can I Do Now?:  What Can I Do Now? Apply ALL Security Updates Disable superfluous services Block unsolicited inbound traffic Require Strong passwords Updated Anti-Virus andamp; Anti-Spyware products End user education Safe Browsing Safe Email Run with least user rights Audit for compliance Microsoft Security Products:  Microsoft Security Products Windows Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx Windows Software Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx Microsoft Baseline Security Analyzer http://www.microsoft.com/technet/security/tools/mbsahome.mspx Microsoft OneCare http://www.windowsonecare.com Microsoft Client Protection http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx Network Access Protection http://www.microsoft.com/technet/itsolutions/network/nap/default.mspx Windows Vista http://www.microsoft.com/windowsvista/default.aspx Built in Windows Defender and MSRT Better Firewall User Account Control Windows Longhorn http://www.microsoft.com/windowsserver/bulletins/longhorn/beta1.mspx References and Links:  References and Links Panda Quarterly Report http://www.pandasoftware.com/pandalabsQ12006 Rootkits, Part 1 of 3: The Growing Threat, McAfee Whitepaper http://download.nai.com/products/mcafee-avert/WhitePapers/AKapoor_Rootkits1.pdf Malware Evolution, Kaspersky Labs http://www.viruslist.com/en/analysis?pubid=184012401 The Safety of Internet Search Engines, McAfee SiteAdvisor http://www.siteadvisor.com/studies/search_safety_may2006.html Trojans are the New Model Army http://www.theregister.co.uk/2006/05/08/malware_survey Virus writers get into cyber-extortion http://www.theregister.co.uk/2006/04/21/kaspersky_malware_trends_update Malicious Bots Hide Using Rootkit Code http://www.eweek.com/article2/0,1895,1816972,00.asp Alleged Pop-Up Hacker Busted http://www.wired.com/news/technology/0,1282,69480,00.html?tw=wn_tophead_2 The New Apple of Malware’s Eye: Is Mac OS X the Next Windows? McAfee Whitepaper http://download.nai.com/products/mcafee-avert/WhitePapers/NewAppleofMalwaresEye.pdf Cross platform virus PoC http://isc.sans.org/diary.php?storyid=1248andamp;rss Hackers control bot client over P2P http://www.theregister.co.uk/2006/05/02/nugache_worm

Related presentations


Other presentations created by Belly

Capital budgeting
28. 04. 2008
0 views

Capital budgeting

Nice pics slides
17. 09. 2007
0 views

Nice pics slides

perceptron 2 4 2008
30. 04. 2008
0 views

perceptron 2 4 2008

pham07
18. 04. 2008
0 views

pham07

FC STONE GREAT WALL1
17. 04. 2008
0 views

FC STONE GREAT WALL1

Sauter Nuts Bolt ETFs
16. 04. 2008
0 views

Sauter Nuts Bolt ETFs

UnivOfGuelphNov26th
14. 04. 2008
0 views

UnivOfGuelphNov26th

fujiwara
13. 04. 2008
0 views

fujiwara

Week 08 Finance
10. 04. 2008
0 views

Week 08 Finance

Lct1
09. 04. 2008
0 views

Lct1

outlook
19. 06. 2007
0 views

outlook

Microsoft Windows Vista
19. 06. 2007
0 views

Microsoft Windows Vista

2004 presentation
13. 09. 2007
0 views

2004 presentation

Australian
13. 09. 2007
0 views

Australian

NBB
13. 09. 2007
0 views

NBB

Thilo Ewald ppt
13. 09. 2007
0 views

Thilo Ewald ppt

20031216 NASANIH presentation
05. 10. 2007
0 views

20031216 NASANIH presentation

mna presentation
17. 10. 2007
0 views

mna presentation

lect29 groupwords
18. 10. 2007
0 views

lect29 groupwords

Essential Q Imperialism 2
22. 10. 2007
0 views

Essential Q Imperialism 2

p puska
07. 09. 2007
0 views

p puska

Productivity
07. 09. 2007
0 views

Productivity

honeyPots
13. 09. 2007
0 views

honeyPots

NDB Bensouda
23. 10. 2007
0 views

NDB Bensouda

181105
24. 10. 2007
0 views

181105

METO200Lect19 20
05. 10. 2007
0 views

METO200Lect19 20

oksupercompsymp2006 talk matrow
17. 10. 2007
0 views

oksupercompsymp2006 talk matrow

mareyes
25. 10. 2007
0 views

mareyes

2 01 3
29. 10. 2007
0 views

2 01 3

Online Class Evaluations 8
30. 10. 2007
0 views

Online Class Evaluations 8

1 3Grand father Journey
02. 11. 2007
0 views

1 3Grand father Journey

TuijaKuisma
07. 09. 2007
0 views

TuijaKuisma

Metallsektor
14. 11. 2007
0 views

Metallsektor

insects in out
13. 09. 2007
0 views

insects in out

oasen
16. 11. 2007
0 views

oasen

Unit 10 Scent Theory
17. 11. 2007
0 views

Unit 10 Scent Theory

SPEAR 2004
21. 11. 2007
0 views

SPEAR 2004

danse macabre
22. 11. 2007
0 views

danse macabre

kmutt
13. 09. 2007
0 views

kmutt

NCUR SDT 4 19 05
04. 01. 2008
0 views

NCUR SDT 4 19 05

gerber colloq UICtop feb2002
15. 10. 2007
0 views

gerber colloq UICtop feb2002

Lioi Altered Version
07. 01. 2008
0 views

Lioi Altered Version

Five Halloween Pumpkins audacity
02. 11. 2007
0 views

Five Halloween Pumpkins audacity

smime
07. 10. 2007
0 views

smime

CdF BEC
20. 11. 2007
0 views

CdF BEC

WEB C Schumacher
23. 10. 2007
0 views

WEB C Schumacher

bsb
13. 09. 2007
0 views

bsb

2006052213550876705
03. 01. 2008
0 views

2006052213550876705

1 11
19. 02. 2008
0 views

1 11

Ukraine
20. 02. 2008
0 views

Ukraine

truck tmp1002
27. 02. 2008
0 views

truck tmp1002

ace program plan
29. 02. 2008
0 views

ace program plan

takala
07. 09. 2007
0 views

takala

464 TM12
14. 12. 2007
0 views

464 TM12

ICEBP presentation for ANZCP A
10. 03. 2008
0 views

ICEBP presentation for ANZCP A

aionescu cmc dec06
30. 10. 2007
0 views

aionescu cmc dec06

creationtalk
11. 03. 2008
0 views

creationtalk

Data Mining 2
12. 03. 2008
0 views

Data Mining 2

Omaha Pres for NAP web2
29. 12. 2007
0 views

Omaha Pres for NAP web2

sustainable development part1
26. 03. 2008
0 views

sustainable development part1

Schrage
31. 08. 2007
0 views

Schrage

IHYJP Kickoff Poster
09. 10. 2007
0 views

IHYJP Kickoff Poster

020703 DHCAL
31. 08. 2007
0 views

020703 DHCAL

Vimpel Com
31. 08. 2007
0 views

Vimpel Com

Overland vista uib itforum
19. 06. 2007
0 views

Overland vista uib itforum

OS Notes
19. 06. 2007
0 views

OS Notes

NVIDIA OpenGL on Vista
19. 06. 2007
0 views

NVIDIA OpenGL on Vista

NonAdmin Pilot
19. 06. 2007
0 views

NonAdmin Pilot

New Mexico NETUG WPF
19. 06. 2007
0 views

New Mexico NETUG WPF

nercomp SIG
19. 06. 2007
0 views

nercomp SIG

MSAM Launch Vista Final Updated
19. 06. 2007
0 views

MSAM Launch Vista Final Updated

MOSS WF Talk
19. 06. 2007
0 views

MOSS WF Talk

More Online Games
19. 06. 2007
0 views

More Online Games

MHay Wireless
19. 06. 2007
0 views

MHay Wireless

Marl WSUS3
19. 06. 2007
0 views

Marl WSUS3

mail list news
19. 06. 2007
0 views

mail list news

Lenovo UofU
19. 06. 2007
0 views

Lenovo UofU

Lecture II
19. 06. 2007
0 views

Lecture II

Smith F09
13. 10. 2007
0 views

Smith F09

35508
26. 02. 2008
0 views

35508

pinar
19. 06. 2007
0 views

pinar

pgp
19. 06. 2007
0 views

pgp

pessner
19. 06. 2007
0 views

pessner

Overview Presentation
19. 06. 2007
0 views

Overview Presentation

North Dakota Annuity Deck
19. 06. 2007
0 views

North Dakota Annuity Deck

Rutland Presentation plenary4
31. 08. 2007
0 views

Rutland Presentation plenary4

NAMI NC 112707
07. 01. 2008
0 views

NAMI NC 112707

finland poster
07. 09. 2007
0 views

finland poster

sample
27. 09. 2007
0 views

sample

dtk
13. 09. 2007
0 views

dtk

Phenotyping Oxford
17. 10. 2007
0 views

Phenotyping Oxford

dog breeding
19. 11. 2007
0 views

dog breeding

5th trondhiem
29. 11. 2007
0 views

5th trondhiem

policies regs
28. 12. 2007
0 views

policies regs

GetuHailu
13. 09. 2007
0 views

GetuHailu

genealogy
01. 10. 2007
0 views

genealogy

net info 050928
19. 06. 2007
0 views

net info 050928

chap7
15. 10. 2007
0 views

chap7

Rafael Guillen CCAD SIAM mar06
22. 10. 2007
0 views

Rafael Guillen CCAD SIAM mar06

na3 Russia
31. 08. 2007
0 views

na3 Russia

Sois Global Programs3 12 04
31. 08. 2007
0 views

Sois Global Programs3 12 04

sacha
31. 08. 2007
0 views

sacha

amm pres valdez lacnic
22. 10. 2007
0 views

amm pres valdez lacnic

nwnt
19. 06. 2007
0 views

nwnt

STAR shielding 2
13. 11. 2007
0 views

STAR shielding 2

voiceline overview
17. 10. 2007
0 views

voiceline overview

gross PPT
07. 04. 2008
0 views

gross PPT

WP1a
15. 10. 2007
0 views

WP1a

Microarray Data Standard
07. 11. 2007
0 views

Microarray Data Standard

Lim Badejo Dell Presentation 1
19. 06. 2007
0 views

Lim Badejo Dell Presentation 1

HongKong Punkka Salo
07. 09. 2007
0 views

HongKong Punkka Salo

Dvoretsky
31. 08. 2007
0 views

Dvoretsky

qm1 web
03. 01. 2008
0 views

qm1 web

IAPS
07. 09. 2007
0 views

IAPS

yalestudy
28. 09. 2007
0 views

yalestudy

digvlsideslec1
12. 10. 2007
0 views

digvlsideslec1

mead
13. 09. 2007
0 views

mead

bashmakov
31. 08. 2007
0 views

bashmakov