Emerging Threats and Trends in Online Security


Published on

AVG (AU/NZ)'s Security Advisor, Michael McKinnon, details the latest emerging threats and trends in online security: toolkits, spam, rogue apps, printed malware, fake anti-virus, ransomware and mobile security.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Emerging Threats and Trends in Online Security

  1. 1. AVG.COM.AUAVG.CO.NZEmerging Threats and TrendsMichael McKinnon, Security Advisor An Avalanche Technology Group Company
  2. 2. Emerging Threats & Trends - Overview• Current Threats • Toolkits, Spam, Mobile, Printed Malware, Fake Anti-Virus, Ransomware• Trends & Emerging • Facebook, Mobile security, DNSSEC, Anonymous• Dispel some common myths along the way  2
  3. 3. Current Threats• Compiled from our local support team; and• AVG Community Powered Threat Report, Q4 2011 3
  4. 4. Blackhole Toolkit – What is it?• Web based, distribution system for exploits and malware; runs on a private or compromised server 4
  5. 5. Blackhole Toolkit – Targets many platforms• Allows them to target many platforms, including Mac! 5
  6. 6. Blackhole Toolkit – Features & facts• Other key “features”: • Analytics network • Built-in anti-virus scanning to avoid detection • Does many complex tasks very easily• Facts: • In the last ¼ of 2011 it accounted for 80.2% of all known toolkits being used • Exploit toolkits account for 58% of threat activity on malicious websites 6
  7. 7. Blackhole Toolkit – Mitigation• Always keep computers updated with latest patches to avoid 0day vulnerabilities• Run up to date Internet Security solutions – but you already know that! 7
  8. 8. Spam – SNAP POLL• In Q4 of 2011, which country sent the most spam?• China• Romania• United States• Israel 8
  9. 9. Spam – Top countries 9
  10. 10. Spam – Top domains 10
  11. 11. Spam – Mitigation• Run an anti-spam solution on servers & desktops• Be proactive and know basic email handling tips• We’ll be providing some tips and resources on how to spot email scams in the near future… 11
  12. 12. Mobile Threats – Rogue apps• Affecting mostly Android phone and tablet users 12
  13. 13. Mobile Threats – Rogue apps• In Q4 we reported the emergence of rogue “signed” applications available in the Android Marketplace• Signed with stolen/leaked digital certificates• Permission prompts on Android is weak – doesn’t make the user think at all• Risks are mostly around spying and premium SMS• Google has recently announced they are scanning apps in the Marketplace with “bouncer” 13
  14. 14. Mobile Threats – Mitigation• Update your Android device – if you cannot upgrade past Android 2.2 then BUY A NEW PHONE! (Same can be said of older iPhones stuck on iOS 4.3)• ONLY install applications from the Android Marketplace – nowhere else• Have a look at AVG Mobilation for scanning 14
  15. 15. Printed Malware – QR codes 15
  16. 16. Printed Malware – QR codesJust like URL shorteners (like bit.ly forexample), QR codes don’t reveal too much aboutthemselves until you use themIn Q4 2011 we observed a QR code being usedin a Russian forum website that linked to amalicious mobile appThese are something to keep your eyeon, especially with large, well-known, trustedbrands starting to use them for marketing 16
  17. 17. Fake AV – What is it?• Our support team has been helping clean up the following Fake AV’s for customers: • Security Shield • System Fix • XP Antivirus 2012 • Internet Security 2012• Let’s have a look at what they can do… 17
  18. 18. Fake AV – Fake “Blue Screen of Death” 18
  19. 19. Fake AV – Nag screens and pop-ups 19
  20. 20. Fake AV – Mitigation & removal• Can be very tricky to remove completely, usually involves reverting to safe-mode and removing files manually• Some tricks for removal have, in some cases, been to enter the fake AV licence key to get rid of it!• Preventing fake AV from being installed usually involves keeping the PC up to date, in combination with some user awareness 20
  21. 21. Ransomware – What is it?• Has been observed being served up by Blackhole toolkits• Unlike fake AV – this malicious code just locks up your computer and demands money!• Usually pretends to be from the government or a law enforcement agency 21
  22. 22. Ransomware – Your PC has been seized! 22
  23. 23. Ransomware – Mitigation• Update, update, update!• Since the vector for this is 0day vulnerabilities, usually exploited by a toolkit (like Blackhole) – staying updated is the first line of defence• And, of course, AVG 2012 Internet Security• Browsing questionable websites (i.e. user habit) could also be a contributory factor in these examples 23
  24. 24. Trends & Emerging Threats• Predictions for 2012• And some overall stats and trends 24
  25. 25. Top 10 Web Threats – Q4 2011 25
  26. 26. Trends & Emerging – Facebook or Scambook?• Global spam levels are decreasing• Scammers are now using Facebook, which provides: • Instant access to 850+ million users • Built-in word of mouth provides viral spread • Default “trust” with Facebook is still high 26
  27. 27. Trends & Emerging – Mobile Security• Did you know? • Lost/stolen smartphones & tablets can be located using GPS tracking • Mobile devices can be remote wiped if fallen into the wrong hands • PIN number should always be used, but also these can be activated remotely 27
  28. 28. Trends & Emerging – DNSSEC• The Domain Name System (DNS) is vulnerable, so DNSSEC promises to cryptographically secure it• We should see improvements over time with true verification of legitimate sites, good for eCommerce and consumer confidence online• Will make stolen SSL certificates much harder to exploit in the wild• Should start to have some impacts on reducing spam levels further, in conjunction with DMARC 28
  29. 29. Trends & Emerging – #opGlobalBlackout• “Anonymous” announced that it is attempting to bring down the Internet on 31st March 2012• http://pastebin.com/NKbnh8q8• Will be interesting to see what happens, if anything, I suspect the Internet will be just fine • No doubt it will hit the news 29
  30. 30. Thank You! Connect with us to stay up to date with the latest news and information about online threats and scams. We also provide simple and useful security tips, designed to keep out community safe. Come and say hello! twitter.com/avgaunz facebook.com/avgaunz Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved. 30