Arrott Htcia St Johns 101020
Upcoming SlideShare
Loading in...5
×
 

Arrott Htcia St Johns 101020

on

  • 298 views

 

Statistics

Views

Total Views
298
Views on SlideShare
293
Embed Views
5

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 5

https://www.linkedin.com 3
http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Arrott Htcia St Johns 101020 Arrott Htcia St Johns 101020 Presentation Transcript

  • EMERGING THREATS & THREAT LANDSCAPE Fighting Today’s Cybercrime Anthony Arrott, Trend Micro
  • Triple challenge to IT security
    • Changing IT
      • BEFORE: 80%+ of daily info available inside the enterprise
      • NOW: 80%+ of daily info comes from outside the enterprise
    • Changing cybercrime
      • BEFORE: vandalism, simple fraud, opportunistic data theft
      • NOW: high tech organized crime for huge profits
    • Changing protection
      • BEFORE: latest threat info deployed to each computer
      • NOW: computers query a cloud database about suspected threats
    1
  • Triple challenge to IT security
    • Changing IT
      • BEFORE: 80%+ of daily info available inside the enterprise
      • NOW: 80%+ of daily info comes from outside the enterprise
    • Changing cybercrime
      • BEFORE: vandalism, simple fraud, opportunistic data theft
      • NOW: high tech organized crime for huge profits
    • Changing protection
      • BEFORE: latest threat info deployed to each computer
      • NOW: computers query a cloud database about suspected threats
    disappearing network boundaries 1
  • Triple challenge to IT security
    • Changing IT
      • BEFORE: 80%+ of daily info available inside the enterprise
      • NOW: 80%+ of daily info comes from outside the enterprise
    • Changing cybercrime
      • BEFORE: vandalism, simple fraud, opportunistic data theft
      • NOW: high tech organized crime for huge profits
    • Changing protection
      • BEFORE: latest threat info deployed to each computer
      • NOW: computers query a cloud database about suspected threats
    disappearing network boundaries overwhelming volume of threat 1
  • Triple challenge to IT security
    • Changing IT
      • BEFORE: 80%+ of daily info available inside the enterprise
      • NOW: 80%+ of daily info comes from outside the enterprise
    • Changing cybercrime
      • BEFORE: vandalism, simple fraud, opportunistic data theft
      • NOW: high tech organized crime for huge profits
    • Changing protection
      • BEFORE: latest threat info deployed to each computer
      • NOW: computers query a cloud database about suspected threats
    disappearing network boundaries overwhelming volume of threat cloud-client protection networks 1
  • Traditional AV overwhelmed by the volume of new threats 4 > 2000 new threats per hour AV
  • Threats now mostly from the Internet 5
    • How threats arrive on PCs
      • Visits to malicious websites
        • ( 42% )
      • Downloaded by other malware
        • ( 34% )
      • E-mail attachments & links
        • ( 9% )
      • Transfers from removable disks
        • ( 8% )
      • Other (mostly via Internet)
        • ( 7% )
    source: Trend Micro
  • Use multiple layers of reputation services 4 AV Exposure Layer inspection based on source (URL, domain) http://abc.com /xyz.exe Infection Layer inspection based on file content (code, hash) http://abc.com /xyz.exe
  • John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster
  • John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster
    • 8 years in prison
    • killed by US federal agents
    • died age 31
  • John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster
    • 8 years in prison
    • killed by US federal agents
    • died age 31
    • 0 years in prison
    • listed in Forbes 400 richest Americans
    • died age 80
  • John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster
    • 8 years in prison
    • killed by US federal agents
    • died age 31
    think: VIRUS OUTBREAK
    • 0 years in prison
    • listed in Forbes 400 richest Americans
    • died age 80
  • John Dillinger, Flamboyant Bank Robber Meyer Lansky, Quiet Mobster
    • 8 years in prison
    • killed by US federal agents
    • died age 31
    think: VIRUS OUTBREAK think: BOTNET SPAM ENGINE
    • 0 years in prison
    • listed in Forbes 400 richest Americans
    • died age 80
  • Popular conception of cybercrime
  • But like Prohibition, we’re not the main victims … … more likely, we’re unwitting accessories.
  • Today‘s Infection Chain Malware Writer Criminals Spyware/Trojan Downloader Web Drive By Downloader Email Spam Port Scan Vulnerabilities Infection Vector Spam & Phishing Dedicated Denial of Service Data Leakage Adware/Clickware Recruitment Activities Wait for Instructions Get Updates from Command & Control Fool the AV Host Management Host Infection HTTP IRC DNS Bot Herder Botnet Command & Controller
  • Canadian IP addresses generating spam
  • Worldwide IP addresses generating spam Q2 2009 Q3 2009 Q4 2009 Q1 2010
  • Breakdown of compromised IP’s Business Consumer EMAIL REPUTATION
  • Top 5 spam generators as of April 2009
  • Top 5 spam generators as of April 2009 Turkey ? #2 ?
  • Top 5 spam generators as of April 2009 Trend Micro begins working with Turkish ISP
  • Top 5 spam generators as of April 2009 Start seeing dramatic reductions
  • Top 5 spam generators as of April 2009 Turkey: from #2 to #21
  • Popular conception of cybercrime
  • Not just botnet spam engines
  • … and no small amount of money Online ad revenues of Google, Yahoo, Microsoft, & AOL are more than $8b per quarter … … click fraud is more than $5b per year.
  • Obscured network boundaries Where’s my data?
  • Deceptive information transactions Who am I sharing information with?
  • Disguised website identities Is this the web address I think it is?
  • and track cyber-criminal operations
  • … billions of times a day E-mail reputation queries 6.2 billion E-mail reputation blocks 4.4 billion Web reputation queries 41 billion Web reputation blocks 585 million Trend Micro Smart Protection Network Tuesday, 14 Sep. 2010
  • Protection from the Cloud E-mail (IP) Reputation Load 295 GB per day Web (URL) Reputation Load 1305 GB per day File (MD5) Reputation Load 334 GB per day
  • Trend Micro internal use only Thank You