April: Ryan Sherstobitoff Topic: Virus and Intrusion Prevention

  • 1,637 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,637
On Slideshare
0
From Embeds
0
Number of Embeds
5

Actions

Shares
Downloads
24
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Panda Software SecurityCast Ryan Sherstobitoff Product Technology Officer Panda Software, USA
  • 2. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 3. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 4. Malware Trends 2000 - 2007 Payload Vectors Signs and Symptoms
  • 5. Malware Trends 2000 – 2007 – Cont. New and unique samples detected by AV Labs
  • 6. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 7. Current Malware Trends & Statistics
    • Current situation regarding Malware
    • Statistics from Panda Labs
    • Change in Malware dynamics
    • Effects on the industry & end-users
  • 8. Current Situation
    • Malware is now economically motivated and backed by organized crime and foreign interest.
    • The development of highly critical malware such as targeted attacks is also on the rise.
    • The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove.
    • Creation of Bot-Networks to de-fraud business models and consumers through sophisticated social engineering
    The Silent Epidemic
  • 9. Current Malware Trends & Statistics
    • Current situation regarding malicious code & vulnerabilities
    • Statistics from Panda Labs
    • Change in Malware dynamics
    • Effects on the industry & end-users
  • 10. Statistics from Panda Labs
  • 11. Statistics from Panda Labs – Cont.
  • 12. Panda Labs Statistics - Cont
  • 13. Current Malware Trends & Statistics
    • Current situation regarding malicious code & vulnerabilities
    • Statistics from Panda Labs
    • Change in Malware dynamics
    • Effects on the industry & end-users
  • 14. Change in Malware Dynamics The Dynamics of Malware have changed and the visible front has diminished. The “Silent Epidemic” has emerged. Worms Spam Phishing Bots Viruses Spyware Targeted Trojans Rootkits “ Spear Phishing” Stable Front Growing Front Front in Decline Visibility Propagation
  • 15. Current Malware Trends & Statistics
    • Current situation regarding malicious code & vulnerabilities
    • Statistics from Panda Labs
    • Change in Malware dynamics
    • Effects on the industry & end-users
  • 16. Effects on the Industry and End-Users
    • Cyber-Criminals have turned to new techniques to stay ahead of the game. Hundreds of new variants of malware are released each month in an attempt to overload the resources at AV research labs.
    • Consumers are now the prime target for ID Theft and other on-line fraud.
    • Traditional signature based anti-virus solutions have become useless to these new sophisticated attacks.
  • 17. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 18. The rise of economically motivated malware
    • Overview of crime-ware families
    • How bot-nets are used to commit financial fraud
    • Sophisticated social engineering tricks used today
    • Infection strategies used by hackers
  • 19. Overview of crime-ware families
    • Banking Trojans (Banker.BSX, Banbra variants, Citifraud.a, Crazyfrog.a, Bancos.NL)
    • Keyloggers (Banbra, Cimuz)
    • Bots (Clickbot.a, Botnet.A)
    • Phishing (Barclays, PayPal)
    • Targeted Trojans (Israel Case)
    Crime-Ware is broken down into several categories
  • 20. The rise of economically motivated malware
    • Overview of crime-ware families
    • How bot-nets are used to commit financial fraud
    • Sophisticated social engineering tricks used today
    • Infection strategies used by hackers
  • 21. How bot-nets are used to commit financial fraud
    • A bot network consists of a “controller” and compromised zombie PCs. There have been cases of bot networks containing up to 1.5 Million zombie PCs like in the Dutch bot-net case.
    • The bots that infect systems can perform several actions such as relay spam, launch malware and perform ID theft.
    • Some of the common methods for bot infection is through websites that contain exploits and vulnerabilities that actively transmit malware to the PC visiting the site. Components can also be downloaded such as ActiveX controls, etc that will then deal with the rest of the infection process.
    • Social engineering techniques also exist to infect systems through Spam, Phishing and other content.
    • Once a PC has become infected it can receive remote commands from the “Bot Master” remotely.
  • 22. How botnets are used to commit financial fraud - Cont
  • 23. How botnets are used to commit financial fraud - Cont
  • 24. The rise of economically motivated malware
    • Overview of crime-ware families
    • How bot-nets are used to commit financial fraud
    • Sophisticated social engineering tricks used today
    • Infection strategies used by hackers
  • 25. Sophisticated Social Engineering
    • Some common sophisticated social engineering techniques are:
    • Spear-Phishing and other highly targeted scams
    • Spam with exploits
    • Phishing emails that direct users to web-sites with hidden Trojans
    • Malware through IM channels
  • 26. The rise of economically motivated malware
    • Overview of crime-ware families
    • How bot-nets are used to commit financial fraud
    • Sophisticated social engineering tricks used today
    • Infection strategies used by hackers
  • 27. Infection strategies used by hackers
    • Common Infection Strategies used by hackers
    • A web-site is physically hacked and seeded with Trojans (i.e. Superbowl website case).
    • Phishing emails with exploits
    • Malware transmitted through IM channels
    • Malware attached to free-ware and share-ware
    • Malware in the form of Video Codecs
    • Infection through BOT-NETS
  • 28. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 29. Understanding your enemy – Targeted attacks
    • Overview of Targeted attacks
    • The mechanics of Targeted attacks
    • What is “Highly Critical” malware
    • Some real-world cases
  • 30. Overview of Targeted Attacks
    • Involves “Highly Critical” malware tailored towards attacking a specific target (i.e. Bank Of America)
    • Such Malware target a specific set of confidential information to capture and send to a 3 rd party
    • Targeted attacks always involve a hacker hired to design Malware to bypass specific defenses
    • Attacks are very localized; therefore, distribution is limited. In most cases AV labs do not receive a sample which results in no signature file.
    • Current security solutions will not detect the Malware because the hacker has tested to ensure it does not.
    • Hackers are using sophisticated stealth techniques such as root-kits to hide the presence of malware
  • 31. Understanding your enemy – Targeted attacks
    • Overview of Targeted attacks
    • The mechanics of Targeted attacks
    • What is “Highly Critical” malware
    • Some real-world cases
  • 32. The Mechanics of a Targeted Attack Research Discovers Target Installs Malware PC Accesses Database Credit Card Data Stolen
  • 33. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 34. Security 2.0 – Defense Strategies
    • Defending against “Highly Critical” malware
    • Tracking and defending against botnets
    • Protection strategies
  • 35. Defending against “Highly Critical” Malware
  • 36. Tracking and defending against bot-nets
  • 37. Protection Strategies
  • 38. Agenda
    • Current Malware trends and statistics
    • The rise of economically motivated malware
    • Understanding your enemy – Targeted attacks
    • Security 2.0 – Defense Strategies
    • Product Solutions
  • 39.
      • What is Malware Radar?
      • Software as a service
      • Real results obtained in pilot companies
      • How Malware Radar works
    Panda RISK Assessment
  • 40.
    • It is an automated audit service of the whole network
    • On-demand
    • It can be run locally or remotely
    • It does not require local installation or uninstallation of current security software
    • It is designed to search for and find:
      • Any malware on the network
        • Malware that goes undetected by traditional protection solutions (highly critical or targeted malware) active or latent, known or unknown
      • Security flaws
        • Protection : Check the security protection status
        • Critical vulnerabilities : Check for critical vulnerabilities exploited by malware (security holes)
    • And allows the malware detected to be cleaned (greater protection)
    What is Malware Radar?
  • 41. Malware Radar Foundations
    • Proactive approach of the latest generation of the genetic heuristic technologies TruPrevent
    • Collective intelligence
      • Datacenter network of 100 servers
      • Based on:
        • Collection of data from the community.
        • Automated data processing
        • Release of the knowledge extracted.
  • 42. New Model: Collective Intelligence 1) Collection of data from the community. The data comes from different sources. 2) Automatic data processing. The system automatically analyzes and classifies the thousands of new samples received every day. To do this, an expert system correlates the data received from the community with PandaLabs’ extensive malware knowledge base. 3) The knowledge extracted is made available to users.
  • 43. Collective Intelligence
    • Initially, through the first Panda product to integrate it: Malware Radar.
      • Periodically performing a malware audit along with the PIPS.
      • In addition to Collective Intelligence, Malware Radar offers other advantages:
        • It has more sensitive heuristics, it detects more unknown malware
        • It does not rely on the desktop protection being enabled and up-to-date
        • It detects malware that other desktop protection does not detect (for example, rootkits)
    How do we apply collective intelligence?
  • 44. Software as a Service Panda Malware Radar benefits from the software as a service (SaaS) concept
    • It does not require specific hardware
    • It does not require any software to be installed, a web browser is suffice.
    • The updates are immediate
      • Latest technologies - latest signature file
      • Latest version of the product without having to worry about upgrades
    • The intelligence and the application are in Panda
      • Minimum cost to the client
  • 45. REAL Results of the BETA All these companies thought they were protected
  • 46. How does Malware Radar Work? Real-time monitoring Registry Login Password Choose the PCs that you want to scan Distribution of a client (without installation)
    • Scan:
    • searches for all types of malware:
    • evaluates the protection
    • detects vulnerabilities
    Sends suspicious files to PandaLabs Online summary Generates detailed reports and allows disinfection of all malware detected Reports and disinfection
  • 47. Conclusion Ryan Sherstobitoff Product Technology Officer Panda Software, USA