Arrott Htcia St Johns 101020

415 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
415
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Arrott Htcia St Johns 101020

  1. 1. EMERGING THREATS & THREAT LANDSCAPE Fighting Today’s Cybercrime Anthony Arrott, Trend Micro
  2. 2. Triple challenge to IT security <ul><li>Changing IT </li></ul><ul><ul><li>BEFORE: 80%+ of daily info available inside the enterprise </li></ul></ul><ul><ul><li>NOW: 80%+ of daily info comes from outside the enterprise </li></ul></ul><ul><li>Changing cybercrime </li></ul><ul><ul><li>BEFORE: vandalism, simple fraud, opportunistic data theft </li></ul></ul><ul><ul><li>NOW: high tech organized crime for huge profits </li></ul></ul><ul><li>Changing protection </li></ul><ul><ul><li>BEFORE: latest threat info deployed to each computer </li></ul></ul><ul><ul><li>NOW: computers query a cloud database about suspected threats </li></ul></ul>1
  3. 3. Triple challenge to IT security <ul><li>Changing IT </li></ul><ul><ul><li>BEFORE: 80%+ of daily info available inside the enterprise </li></ul></ul><ul><ul><li>NOW: 80%+ of daily info comes from outside the enterprise </li></ul></ul><ul><li>Changing cybercrime </li></ul><ul><ul><li>BEFORE: vandalism, simple fraud, opportunistic data theft </li></ul></ul><ul><ul><li>NOW: high tech organized crime for huge profits </li></ul></ul><ul><li>Changing protection </li></ul><ul><ul><li>BEFORE: latest threat info deployed to each computer </li></ul></ul><ul><ul><li>NOW: computers query a cloud database about suspected threats </li></ul></ul>disappearing network boundaries 1
  4. 4. Triple challenge to IT security <ul><li>Changing IT </li></ul><ul><ul><li>BEFORE: 80%+ of daily info available inside the enterprise </li></ul></ul><ul><ul><li>NOW: 80%+ of daily info comes from outside the enterprise </li></ul></ul><ul><li>Changing cybercrime </li></ul><ul><ul><li>BEFORE: vandalism, simple fraud, opportunistic data theft </li></ul></ul><ul><ul><li>NOW: high tech organized crime for huge profits </li></ul></ul><ul><li>Changing protection </li></ul><ul><ul><li>BEFORE: latest threat info deployed to each computer </li></ul></ul><ul><ul><li>NOW: computers query a cloud database about suspected threats </li></ul></ul>disappearing network boundaries overwhelming volume of threat 1
  5. 5. Triple challenge to IT security <ul><li>Changing IT </li></ul><ul><ul><li>BEFORE: 80%+ of daily info available inside the enterprise </li></ul></ul><ul><ul><li>NOW: 80%+ of daily info comes from outside the enterprise </li></ul></ul><ul><li>Changing cybercrime </li></ul><ul><ul><li>BEFORE: vandalism, simple fraud, opportunistic data theft </li></ul></ul><ul><ul><li>NOW: high tech organized crime for huge profits </li></ul></ul><ul><li>Changing protection </li></ul><ul><ul><li>BEFORE: latest threat info deployed to each computer </li></ul></ul><ul><ul><li>NOW: computers query a cloud database about suspected threats </li></ul></ul>disappearing network boundaries overwhelming volume of threat cloud-client protection networks 1
  6. 6. Traditional AV overwhelmed by the volume of new threats 4 > 2000 new threats per hour AV
  7. 7. Threats now mostly from the Internet 5 <ul><li>How threats arrive on PCs </li></ul><ul><ul><li>Visits to malicious websites </li></ul></ul><ul><ul><ul><li>( 42% ) </li></ul></ul></ul><ul><ul><li>Downloaded by other malware </li></ul></ul><ul><ul><ul><li>( 34% ) </li></ul></ul></ul><ul><ul><li>E-mail attachments & links </li></ul></ul><ul><ul><ul><li>( 9% ) </li></ul></ul></ul><ul><ul><li>Transfers from removable disks </li></ul></ul><ul><ul><ul><li>( 8% ) </li></ul></ul></ul><ul><ul><li>Other (mostly via Internet) </li></ul></ul><ul><ul><ul><li>( 7% ) </li></ul></ul></ul>source: Trend Micro
  8. 8. Use multiple layers of reputation services 4 AV Exposure Layer inspection based on source (URL, domain) http://abc.com /xyz.exe Infection Layer inspection based on file content (code, hash) http://abc.com /xyz.exe
  9. 9. John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster
  10. 10. John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster <ul><li>8 years in prison </li></ul><ul><li>killed by US federal agents </li></ul><ul><li>died age 31 </li></ul>
  11. 11. John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster <ul><li>8 years in prison </li></ul><ul><li>killed by US federal agents </li></ul><ul><li>died age 31 </li></ul><ul><li>0 years in prison </li></ul><ul><li>listed in Forbes 400 richest Americans </li></ul><ul><li>died age 80 </li></ul>
  12. 12. John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster <ul><li>8 years in prison </li></ul><ul><li>killed by US federal agents </li></ul><ul><li>died age 31 </li></ul>think: VIRUS OUTBREAK <ul><li>0 years in prison </li></ul><ul><li>listed in Forbes 400 richest Americans </li></ul><ul><li>died age 80 </li></ul>
  13. 13. John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster <ul><li>8 years in prison </li></ul><ul><li>killed by US federal agents </li></ul><ul><li>died age 31 </li></ul>think: VIRUS OUTBREAK think: BOTNET SPAM ENGINE <ul><li>0 years in prison </li></ul><ul><li>listed in Forbes 400 richest Americans </li></ul><ul><li>died age 80 </li></ul>
  14. 14. Popular conception of cybercrime
  15. 15. But like Prohibition, we’re not the main victims … … more likely, we’re unwitting accessories.
  16. 16. Today‘s Infection Chain Malware Writer Criminals Spyware/Trojan Downloader Web Drive By Downloader Email Spam Port Scan Vulnerabilities Infection Vector Spam & Phishing Dedicated Denial of Service Data Leakage Adware/Clickware Recruitment Activities Wait for Instructions Get Updates from Command & Control Fool the AV Host Management Host Infection HTTP IRC DNS Bot Herder Botnet Command & Controller
  17. 17. Canadian IP addresses generating spam
  18. 18. Worldwide IP addresses generating spam Q2 2009 Q3 2009 Q4 2009 Q1 2010
  19. 19. Breakdown of compromised IP’s Business Consumer EMAIL REPUTATION
  20. 20. Top 5 spam generators as of April 2009
  21. 21. Top 5 spam generators as of April 2009 Turkey ? #2 ?
  22. 22. Top 5 spam generators as of April 2009 Trend Micro begins working with Turkish ISP
  23. 23. Top 5 spam generators as of April 2009 Start seeing dramatic reductions
  24. 24. Top 5 spam generators as of April 2009 Turkey: from #2 to #21
  25. 25. Popular conception of cybercrime
  26. 26. Not just botnet spam engines
  27. 27. … and no small amount of money Online ad revenues of Google, Yahoo, Microsoft, & AOL are more than $8b per quarter … … click fraud is more than $5b per year.
  28. 28. Obscured network boundaries Where’s my data?
  29. 29. Deceptive information transactions Who am I sharing information with?
  30. 30. Disguised website identities Is this the web address I think it is?
  31. 31. and track cyber-criminal operations
  32. 32. … billions of times a day E-mail reputation queries 6.2 billion E-mail reputation blocks 4.4 billion Web reputation queries 41 billion Web reputation blocks 585 million Trend Micro Smart Protection Network Tuesday, 14 Sep. 2010
  33. 33. Protection from the Cloud E-mail (IP) Reputation Load 295 GB per day Web (URL) Reputation Load 1305 GB per day File (MD5) Reputation Load 334 GB per day
  34. 34. Trend Micro internal use only Thank You

×