• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
0926182320 Sophos[1]
 

0926182320 Sophos[1]

on

  • 663 views

Security Threat Report

Security Threat Report

Statistics

Views

Total Views
663
Views on SlideShare
654
Embed Views
9

Actions

Likes
1
Downloads
17
Comments
0

4 Embeds 9

http://seguridad-informacion.blogspot.com 6
http://64.233.169.132 1
http://seguridad-informacion.blogspot.com.es 1
http://seguridad-informacion.blogspot.com.ar 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

0926182320 Sophos[1] 0926182320 Sophos[1] Presentation Transcript

  • Security Threat Report 2008: What you need to know Christopher Vernon Senior Sales Engineer, Sophos
  • Agenda
    • Malware – The size and shape of the problem
    • Spam – China and beyond
    • Phishing – Socializing
    • Web – The threat to your reputation
    • Not just a Microsoft problem
    • Summary
  • Malware – The Size and Shape
    • 20,000 new suspicious files sent to SophosLabs every day - that’s 1 every 4 seconds
    • Most are Trojans designed to silent steal information, or compromise PCs
    • AV-Test.org estimates that there are over 11 million unique samples of malware in existence
    • The web is clearly the major vector for attack
    • One new infected webpage discovered every 5 seconds - over 90% are legitimate websites that have been hit by attacks such as SQL Injection
  • Shift in Delivery
    • Only 1 in 2500 emails have malware attachments
    • Down from 1 in 332 in same 2007 period
    • Shifted to ‘links in email’
    • Long tail of ‘Old’ malware
    • PushDo – new malware, old technique
  • Spam – China and Beyond
    • 96.5% of email is spam - only one in 28 business emails is legitimate
    • New spam web page every 20 seconds
    • Moving to Chinese domains
      • Harder to get information
      • Easier to register
    • Backscatter
      • Non-delivery reports of spam
      • Do you click on spam?
      • 1 in every 530 page requests were to spam URLs
  • Pump and Dump Done?
    • Volumes have dropped from 30+ % of all spam to less than 1%
    • Very few stock symbols being ‘spamvertised’
    • Market slowdown? SEC crackdown?
    • Moving to “short selling”
      • “ Amazon having troubles ”
  • Phishing - Socializing
    • Not just financial
      • Banks
      • Tax payers
      • Auction
      • Payment sites
    • Also Social
      • Facebook
  • Social Targets
    • Social networking sites increasingly targeted
      • Spam
      • Scam
      • Adware
  • Spear Phishing
      • Very targeted activity
      • Use Facebook, LinkedIn, etc. to identify targets
        • University of Waterloo
        • Oak Ridge National Lab
        • University of Minnesota
      • Can also be used to target malware
        • Subpoena CEO = Install keylogger
    Remember Phishing works on all platforms!
  • Web – The Threat to Your Reputation
    • 16,173 new malicious web pages a day!
    • Major brands affected
      • Euro 2008 soccer tournament
      • UK broadcaster ITV
      • Cambridge University Press
      • Lawn Tennis Association
      • Trend Micro
      • Sony PlayStation
  • SQL Injection Attacks
    • Mal/BadSrc – 29% of infections in June ’08
    • Simple attack method
      • Search for vulnerable servers
      • Target attack
      • Inserts iframe snippets into every page
    • Variety of payloads
      • Including ‘scareware’
  • Not Just a Microsoft Problem
    • Nearly 60% of compromised web sites are running Apache
    • Websites must be properly “hardened” to prevent hackers from taking advantage
  • What about Apple?
    • Small amount of malware being written for Apple Macs
      • Increasingly Mac malware is financially-motivated
      • The Hovdy Trojan turned off security, firewalls, and gave remote access to hackers
    • High level of complacency amongst Mac users may make Apple Macs a “soft target” in the future
    • Record sales of Apple hardware, mean its marketshare is growing
  • What about Mobile?
    • Malware – Very Low Threat
      • No single platform, and mostly written by enthusiasts
      • A single proof-of-concept Apple iPhone Trojan was found
    • Spam
      • Internet-enabled phones like the iPhone are vulnerable to phishing attacks
      • SMS text message spam is limited in the West, but..
      • 353.8 Billion ‘spam’ messages sent via SMS in China - 600 a year for every mobile phone owner
      • 438,668 complaints in one month alone
  • What About Linux?
      • 70% of attacks on Linux honeypot, infected with a 6 year old virus
      • Linux servers used as command and control for botnets
      • Analysis shows RST-B is a global problem, with thousands of compromised servers
  • SophosLabs global network of experts SophosLabs™ Knows Threats Better Than Anyone
  • Summary
    • Malware growth continues
      • Proactive detection is critical
    • Financial motivation for most threats including spam
      • Spam still makes money!
    • Web represents biggest threat
      • To users, and your corporate reputation
    • Don’t forget other platforms
      • Mac increasingly targeted
      • Linux could be your ‘typhoid Mary’
  • Staying ahead of the curve
    • Get the latest breaking news about new malware, spam, security threats, and arrests straight to your desktop at www.sophos.com/feeds
    • Get daily updates from SophosLabs Blog, which provides insight into the most interesting and widespread threats www.sophos.com/blog
  • Thank you
    • Call Worldwide: + 44 1235 55 9933
    • [email_address]