Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

on

  • 1,353 views

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats ...

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business?

• Gain a detailed overview of the next generation of threats out there
• Understand how to detect key threats and attacks before they develop a stranglehold on your business
• Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line

Statistics

Views

Total Views
1,353
Views on SlideShare
1,334
Embed Views
19

Actions

Likes
4
Downloads
40
Comments
0

1 Embed 19

http://www.linkedin.com 19

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats Presentation Transcript

  • Dean Barnes Paul ZimskiPrincipal Security Manager – VP, Solution Marketing,Threat Management LumensionRoyal Mail
  • POLL #1
  • State Sponsored Malware is Officially Out of the Shadows Google begins alerting Gmail users to state-sponsored attacks. Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.
  • HOW……did we get to the point where youronline email provider specifically warnsusers of state- sponsored attacks?
  • FIRST……a little history.
  • Event Timeline: Stuxnet • Publically disclosed 13 months after the first attack against Iran • Designed to sabotage Iranian nuclear refinement plants • Stuxnet attacked Windows systems using an unprecedented four zero-day attacks • First to include a programmable logic controller (PLC) rootkit • Has a valid, but abused digital signature • Payload targeted only Siemens supervisory control and data acquisition (SCADA) systems 2009.06: STUXNET
  • Event Timeline: Duqu • Considered to be “next generation Stuxnet” • Believed that Duqu was created by the same authors as Stuxnet • Exploits zero-day Windows kernel vulnerabilities • Components are signed with stolen digital keys • Highly targeted and related to the nuclear program of Iran • Designed to capture information such as keystrokes and system information • Central command and control with modular payload delivery – also capable of attacking 2010.09: DUQU 2009.06: STUXNET
  • Event Timeline: Flame • Designed for targeted cyber espionage against Middle Eastern countries • Spreads to systems over a local network (LAN) or via USB stick • Creates Bluetooth beacons to steal data from nearby devices • “Most complex malware ever found” • “Collision" attack on the MD5 algorithm – to create fraudulent Microsoft digital certificates • Utilized multiple zero day exploits 2011.05: FLAME 2010.09: DUQU 2009.06: STUXNET
  • Common APT Characteristics • Highly Targeted and endpoint focused • Use Sophisticated and Low-tech techniques – USB Key Delivery; social engineering • Zero-day vulnerabilities • Fraudulent Certificates • Centralized Command and Control • Undetected for prolonged periods – Exfiltration masking 10
  • Weaponized - What’s Different? Development Delivery Detection Command & Control Intent• Nation-States • Zero day • Digitally signed • Central command • Surveillance propagation with compromised• Truly customized certificates • Modular payloads • Disrupt / Destroy payloads • Multi-vectored: Blue tooth, USB, • Outbound ex- network filtration masking
  • WHY……should the enterprise care?
  • Why Should the Enterprise Care? Retaliation Risk US Admits Stuxnet - expect increasing retaliation risk against sensitive economic and infrastructure assets
  • Why Should the Enterprise Care? Collateral Damage Loss of control of weaponized malware in (once weaponized malware is released control is effectively lost) – being exposed to accidentally spreading malware (Stuxnet was discovered after it escaped its targeted environment and started spreading)
  • Why Should the Enterprise Care? Adaptation by Cyber Criminals Targeted attacks on sensitive information Variants of Stuxnet already seen
  • What Should The Enterprise Do? Know Where the Risk Is Every endpoint Need to have Need to have a is an enterprise of ONE. autonomous protection. layered approach.
  • POLL #2
  • Defense in Depth Strategy AV Successful risk mitigation starts with a solid Control the Known vulnerability management foundation, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  • Effectiveness of AV? Pros: AV • Stops “background noise” malware Control the Known • May detect reused code (low probability) • Will eventually clean payloads after they are discovered Cons: • Not an effective line of defense for proactive detection • Can degrade overall endpoint performance with little return on protection
  • Device Control Effectiveness Pros: • Can prevent unauthorized devices from delivering Device Control payloads Control the Flow • Can stop specific file types from being copied to host machines • Stops a common delivery vector for evading extensive physical and technologic security controls Cons: • Limited scope for payload delivery interruption
  • Encryption Effectiveness? Hard Drive and Media Encryption Control the Data Pros: • Makes lateral data acquisition more difficult • A good data protection layer outside of APT Cons: • Generally will not protect data if endpoint is compromised at a system level
  • Application Control Effectiveness Application Control Control the Grey Pros: • Extremely effective against zero day attacks • Stops unknown, targeted malware payloads • Low performance impact on endpoints Cons: • Susceptible to compromise as policy flexibility is increased • Does not stop memory injections (attacks that do not escape service memory)
  • Patch and Configuration Basics Patch and Configuration Management Control the Vulnerability Landscape Pros: • Eliminates the attackable surface area that hackers can target • Central configuration of native desktop firewalls • Improves endpoint performance and stability • Can enable native memory injection protection Cons: • Does not stop zero-day vulnerabilities
  • Defense in Depth Strategy AV Successful risk mitigation starts with a solid Control the Known vulnerability management foundation, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  • Employee Education Often the first and last line of defense. lumension.com/how-to-stay-safe-online
  • Summary - Defense in Depth Endpoint Strategy AntiVirus Disinfect generic malware Drive-by malware USB Device Control Enable secure device use Threat Data Vectors Loss Hard Drive & Insider Risk Media Encryption Protect stored data APTApplication Control Stop un-trusted change Protection Zero DayPatch & Configuration Reduce attackable surface area AutomatedManagement attacksLandscape
  • Learn More Quantify Your IT Watch the Get a Risk with Free On-Demand Demos Free Trial Scanners