Your SlideShare is downloading. ×
0
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Battling Malware In The Enterprise
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Battling Malware In The Enterprise

509

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
509
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ayed Alqarta | @aqartaIT Security Consultant
  • 2.  Malware trends in 2012 Malware Stats: State of Kuwait How Malware infiltrates Enterprise Today Effective Malware Mitigations
  • 3. Malware Newsws
  • 4.  Trojans for mobile platforms (SMS to premium ###, defeat SMS-based dual-factore info stealing, Zeus/SpyEye) Malicious Trojans will spread in more innovative ways. (Facebook and twitter) Attacks targeting corporate networks (Espionage) More malware attacking Mac OS (Flashback) Web exploits toolkits are on the rise with more zer0- day vulnerabilities
  • 5. Symantec Intelligence Quarterly: July - September, 2011
  • 6. Symantec Intelligence Quarterly: July - September, 2011
  • 7. Botnet C&C Activity by countrySource: Umbradata Red countries: over 1,501 vetted C&C
  • 8.  Top observed botnet families at multiple enterprise customers:  Palevo.C  Palevo.18  Mariposa.P  Mariposa.F  Conficker.B  Conficker.D  Virut  Sality
  • 9. • Compromised websites (infected with malware)• Malvertising (Malicious Ads)• Malware websites• Software downloads• P2P/Torrent websites• Social Networks• Blogs Web
  • 10. Email Removable Mobiles Media LaptopsATM (Yes, they (Personal, run Windows Work, Vendor, too !) Contractor) Virtual Private Wireless and Network / 3G/Edge Remote Access
  • 11. Malvertising (from "malicious advertising") is the use of onlineadvertising to spread malware.Internet advertisement networks provide attackers with an effectivevenue for targeting numerous computers through malicious bannerads.Such malvertisements may take the form of Flash programs that looklike regular ads, but contain code that attacks the visitors systemdirectly or redirects the browser to a malicious website.Malicious ads can also be implemented without Flash by simplyredirecting the destination of the ad after the launch of thecampaign.
  • 12. Exploit kitsA type of crimeware Web application developed to help hackers takeadvantage of unpatched exploits in order to hack computers via maliciousscripts planted on compromised websites. Unsuspecting users visiting thesecompromised sites would be redirected to a browser vulnerability-exploitingmalware portal website in order to distribute banking Trojans or similarmalware through the visiting computer.Most exploit kits are based on PHP and a MySQL backend and incorporatesupport for exploiting the most widely used and vulnerable security flaws inorder to provide hackers with the highest probability of successfulexploitation. The kits typically target versions of the Windows operatingsystem and applications installed on Windows platforms.
  • 13.  Multiple layers of mixed-vendor virus scan engines Spam Email File UTM Proxy Endpoints Filter Server Server Defense-in-Depth
  • 14.  Device & Application control  Block removable drives like “USB Flash” disks to prevent AutoRun attacks.  If not possible, only allow documents and trusted files to run from USB, except executables.  Disable the “Auto Play” functionality in Windows.  Consider using “Secure Flash disk”, which has onboard antivirus scan engine to protect it against malware.
  • 15.  Device & Application control  Use App control solution (standalone / apart of endpoint security) to lockdown critical systems.  App control policy can protect against all kind of malware including zer0-day, since there is no need for signatures (Whitelisting).
  • 16.  Patch management (OS/Browsers/Apps)  Be up-to-date with latest patch related information from various source  Download patches and run extensive tests to validate the authenticity and accuracy of patches  Install security and critical patches/service packs for OS and 3rd party applications.  Maintain a testing environment to test patches before approving them to production systems.  Generate reports of various patch management tasks  Monitor the patching progress in the enterprise
  • 17.  Patch management (OS/Browsers/Apps) Top Attacked applications by web exploit kitsKaspersky
  • 18. Patch management (3d Party Apps)• Java Run Time Environment (JRE)• Adobe Reader, Acrobat, Air, Shockwave Player, Flash Player• Mozilla Firefox• Mozilla Thunderbird• Google Chrome• Apple Safari, iTunes, QuickTime• Microsoft Internet Explorer• Microsoft Office• RealNetworks RealPlayer
  • 19.  Vulnerabilities Research Resources  http://technet.microsoft.com/en-us/security/bulletin  http://www.kb.cert.org/vuls/  http://secunia.com/community/advisories/  http://www.symantec.com/security_response/landing/vulnerabi lities.jsp  http://tools.cisco.com/security/center/publicationListing  http://www.vupen.com/english/security-advisories/  http://www.us-cert.gov/current/  http://www.adobe.com/support/security/  http://www.verisigninc.com/en_US/products-and- services/network-intelligence-availability/idefense/public- vulnerability-reports/index.xhtml
  • 20.  Web filtering  Block access to malicious domains (Malware, Phishing, Botnet C&C, Compromised Websites, Malware hosting, Advertisements, Pornography, Dynamic DNS, Social Networks Games, Computer Software, Uncategorized)  Proxy must include an antivirus/antispyware engine to scan downloaded files  Block downloading suspicious files (.exe, .cmd, .pif, .bat, .scr, .dll, .sys)  Generate reports and warn top policy violators  Manually block domains/URLs which are not-categoriezed by vendor (blocklist)
  • 21.  Geo-based filtering (top-malware hosting countries)  Block inbound/outbound to these countries (China, Russia, Korea, Brazil, Thailand, Taiwan, Japan, Poland, Peru)  Logs (UTM/Proxy) will help detecting possible infections  This filtering will stop/decrease (SPAM, Malware, Malicious websites, Phishing)  A proactive security technique to prevent threats
  • 22.  Threat Intelligence Feeds / Blacklists  Integrate threat feeds with security products in the enterprise to block traffic from/to bad reputation hosts  Proactively secure the network from zer0-day threats without relying on signatures  Threat intelligence can be integrated with SIEM tools  Threat feeds will contain: ▪ Malicious code senders ▪ Spam senders ▪ Phishing senders ▪ Botnet C&C servers ▪ Compromised Hosts ▪ Malware Domains
  • 23.  Battling Malware in The Enterprise Malware Forensics Dojo  Learn from an experienced malware expert  Practical skills and applicable knowledge  Real world scenarios from the field
  • 24. Thank you@aqarta a.qarta@gmail.com

×