SlideShare a Scribd company logo

Malware in the Wild: Evolving to Evade Detection

Download as PPTX, PDF
Lastline, Inc.
Lastline, Inc.

Lastline co-founder and chief architect Engin Kirda presents new insights into malware in the wild including new research coming out of Lastline Labs on high resolution dynamic analysis of Windows kernel root kits at SXSW Interactive.

Software
1 of 44
Malware in the Wild: Evolving to Evade Detection Engin Kirda Co-Founder and Chief Architect engin@lastline.com 3/17/2015
Copyright ©2015 Lastline, Inc. All rights reserved. Engin Kirda, Ph.D. • Professor at Northeastern University, Boston – started malware research in about 2004 – Helped build and release popular malware analysis and detection systems (Anubis, Wepawet, …) • Co-founder of Lastline, Inc. – Lastline offers protection against zero-day threats and advanced malware – Commercialization of many years of advanced research 2
Copyright ©2015 Lastline, Inc. All rights reserved. Key Takeaways • Traditional malware detection tech now ineffective • Security automation and stealthy analysis critical to protection • Security professionals in high- demand – Need to attract, train and retain talented people 3
Copyright ©2015 Lastline, Inc. All rights reserved. You Will Learn • How has malware evolved in the last decade? • How have security technologies changed to address the threat? • What are some key characteristics of advanced malware behaviors? • Can we stop this threat? Is this a lost war? 4
How Has Malware Evolved?
Cyber-espionage and Cyber-war !!! Cyberattack (R)Evolution Time $$ Damage Millions Hundreds of Thousands Thousands Hundreds Billions Cybercrime $$$Cybervandalism #@! 6
Copyright ©2015 Lastline, Inc. All rights reserved. The Nature of the Threat Has Changed • Intruders are more prepared and organized • Attack attribution on the Internet is incredibly difficult • Intruder tools are increasingly sophisticated yet easy 7
Copyright ©2015 Lastline, Inc. All rights reserved. A Little Bit of History… • End of the 80s, viruses came out – First form of malware – Often destructive, but no financial incentive • In the 90s, worms became popular – Often destructive, but no financial incentive 8
Copyright ©2015 Lastline, Inc. All rights reserved. A Little Bit of History… • As of 2000, financial incentives became increasingly dominant – Phishing, Farming, Banking Trojans, Key-loggers… • As of 2010, targeted attacks gaining more attention in media – Attacks against companies like Google, RSA – Espionage as a major incentive 9
Copyright ©2015 Lastline, Inc. All rights reserved. Excerpts from 2014 • Dairy Queen International – Backoff, more than 300 stores, credit card infos stolen • J.P. Morgan Chase – Customer information for millions of customers compromised • Home Depot – Credit card infos stolen for more than 50 million customers • UPS – Backoff, 60 stores compromised • Target – Millions of credit card infos stolen 10
How Have Security Technologies Evolved? Emergence of Signature-Based Detection
Copyright ©2015 Lastline, Inc. All rights reserved. Traditional Malware Detection • Imagine you are identifying people based on their looks – Are they wearing a hat? – What color is their hair? – How tall are they? – What is their eye color? – How old are they? – Do we have their fingerprint? 12 Walter White
Copyright ©2015 Lastline, Inc. All rights reserved. 5B 00 00 00 00 pop ebx 8D 4B 42 lea ecx, [ebx + 42h] 51 push ecx 50 push eax 50 push eax 0F 01 4C 24 FE sidt [esp - 02h] 5B pop ebx 83 C3 1C add ebx, 1Ch FA cli 8B 2B mov ebp, [ebx] 5B 00 00 00 00 8D 4B 42 51 50 50 0F 01 4C 24 FE 5B 83 C3 1C FA 8B 2B Example: Chernobyl (CIH) Virus SIGNATURE 13
Copyright ©2015 Lastline, Inc. All rights reserved. The Problem of Evasion 14 • What if the criminal is wearing a black hat and sun glasses for disguise? • What if the criminal is also able to change his fingerprints on the fly, after every crime? • We’d be in a lot of trouble at airports. Unfortunately, we have this situation happening in the cyber- world right now Heisenberg
Copyright ©2015 Lastline, Inc. All rights reserved. 5B 00 00 00 00 pop ebx 8D 4B 42 lea ecx, [ebx + 42h] 51 push ecx 50 push eax 90 nop 50 push eax 40 inc eax 0F 01 4C 24 FE sidt [esp - 02h] 48 dec eax 5B pop ebx 83 C3 1C add ebx, 1Ch FA cli 8B 2B mov ebp, [ebx] 5B 00 00 00 00 8D 4B 42 51 50 90 50 40 0F 01 4C 24 FE 48 5B 83 C3 1C FA 8B 2B Disguising: Chernobyl (CIH) Virus DIFFERENT SIGNATURE 15
Copyright ©2015 Lastline, Inc. All rights reserved. Malware Uses Disguise • It does the same thing, but it looks different each time • Detecting malware just based on its “looks” does not work anymore 16
Malware is Now a Problem of Scale… • The number of new malware out there has been increasing exponentially • It might be the same malware sample you are dealing with, but it looks different to the naked eye… 17
Summary of traditional approaches: 1998 compared to 2015 18
Lastline Labs: AV Can’t Keep Up Antivirus systems take months to catch up to highly evasive threats. 19
Copyright ©2015 Lastline, Inc. All rights reserved. 20 Current State of Affairs • Anti-virus systems are not enough – Malware modifies itself to evade detection • Manual analysis of threats requires an enormous amount of resources – Cannot scale, reaction time in the order of days or weeks • We need to be leading in the arms-race 20
How Have Security Technologies Evolved? Emergence of Behavior-Based Detection
Copyright ©2015 Lastline, Inc. All rights reserved. Key Idea 22 • Why not just run or open the suspicious file and see how it behaves? • This approach is generally-known as sandboxing • The sandbox typically uses a virtualized, instrumented environment • The system logs the behaviors of the file
Copyright ©2015 Lastline, Inc. All rights reserved. Sandbox-Based Detection Is Popular • There are many security products now – Sandboxing is often a component that is used for unknown files • These sandboxes often vary in quality – A sandbox can be very simple, or can be more sophisticated based on its design 23
Copyright ©2015 Lastline, Inc. All rights reserved. Evasion of Behavior-Based Detection • Bad guys are not stupid • They have received the news that behavior-based detection is what everyone’s using now • Just like signature-based detection systems were evaded in the past • Behavioral evasions tricks have emerged 24
Copyright ©2015 Lastline, Inc. All rights reserved. One of The First Tricks That Emerged: Red Pill (Remember Matrix?) • A Virtual Machine (VM) is often used to run the code during analysis and detection • The red pill test allows you to find out if you’re running in a VM • There are many ways of launching evasions like that 25
Copyright ©2015 Lastline, Inc. All rights reserved. Some Dynamic Evasion Tricks • Checking for specific artifacts in the virtualized OS • Checks on CPU features that indicate VM • Looking for running processes and imitating them • Waiting for someone to click on something • Delaying the execution until analysis system gives up 26
Copyright ©2015 Lastline, Inc. All rights reserved. An Emerging Trick: Stalling Loops 27 • Simple piece of code that takes milliseconds to execute on your laptop, but hours to run in a virtualized detection system
What are some key characteristics of advanced malware behaviors? Oh Internet, where are we headed?
Copyright ©2015 Lastline, Inc. All rights reserved. Key Characteristics of Malware Today • The majority of the malware is “noise” – 50%-80% • A smaller portion is nasty – 15%-20% • An even smaller portion is very nasty – 1%-5% 29
Copyright ©2015 Lastline, Inc. All rights reserved. You’ve Probably Read This: Recent Payment Breaches • The last year has seen a dramatic escalation in the number of breached Point of Sale (PoS) systems • Many of these PoS payloads, like Backoff, evaded installed defenses and alarms • In few cases an early alarm was received, but it was ignored since indistinguishable from the background noise 30
Copyright ©2015 Lastline, Inc. All rights reserved. What is Backoff? • Malware used in numerous breaches in the last year • Secret Service estimated 1,000+ U.S. businesses affected • Targeted to Point of Sale (PoS) systems • Evades analysis 31
Copyright ©2015 Lastline, Inc. All rights reserved. How are the attackers deploying it? • Scan for Internet facing Remote Desktop applications • Brute force login credentials • Often successfully find administrative credentials • Use admin credentials to deploy Backoff to remote PoS systems 32
Copyright ©2015 Lastline, Inc. All rights reserved. Carbanak Malware • Bank robbing, raked in as much as 1 billion $ – Banks infiltrated, ATMs were taken over – Balances adjusted and funds transferred remotely • Most Carbanak samples exhibit stealthy behavior (90%) – 17% display evasive behavior (detecting sandbox) – Samples are environmentally-aware – Stealthy sandbox is needed that can detect evasions 33
Copyright ©2015 Lastline, Inc. All rights reserved. In Recent Research… • We looked at a Non- Governmental Organization (NGO) – Representing the Uyghur minority in China – Many suspicious emails were being sent – Many targeted hacking attempts • Key finding – The attacks were surprisingly simple – Malware not very sophisticated – No unknown vulnerabilities used 34
Can we stop this threat? Is this war winnable?
Copyright ©2015 Lastline, Inc. All rights reserved. The Reality is That the Threat Will Continue to Exist • The right question should be: How can we keep this threat under check and limit damage? • Similar to protecting your home – Locks can be broken – But you can use a good lock, build in alarm systems, and lock away your valuables 36
Copyright ©2015 Lastline, Inc. All rights reserved. Technology plays a crucial role, but… • Integration is very important – Whatever solutions we deploy must be easy to integrate and interoperate with existing systems • Proposed solutions need to be scalable – Organizations typically have thousands of users and multiple nodes that need protection 37
Copyright ©2015 Lastline, Inc. All rights reserved. Correlation is the key • There is no silver bullet in security! • You need to correlate information coming from different sources • Network nodes, domain names used, connections opened… • There are is a large attack surface… 38
Copyright ©2015 Lastline, Inc. All rights reserved. • It is not a question of if, but only when you’ll be breached • Getting breached is not the end of the world if… 1. … you can detect the breach quickly 2. … understand how you were breached 3. … can share this breach knowledge automatically with other components and business units Thinking like the attacker 39
Copyright ©2015 Lastline, Inc. All rights reserved. It’s Not Only a Technology Problem • Security systems sometimes fail because people fail – Education is a key component of any security solution • We need to educate students, train employees – Student hacking contents are a great example 40
Copyright ©2015 Lastline, Inc. All rights reserved. Student Hacking Competitions • Help educate and train students – Hacking contests where the aim is defense and offense – They’re fun! ;) And useful – 6 years ago, some companies were against them… now they’re organizing their own ;) 41
Copyright ©2015 Lastline, Inc. All rights reserved. New Research: Kernel-Level Detection • Operating system kernel is the blind-spot for detection – Kernel-level malware is typically invisible to sandboxes • At least one malware component often executes in kernel-space – I’m happy to announce novel techniques to automate the analysis of such malware today – http://www.lastline.com/labs 42
Copyright ©2015 Lastline, Inc. All rights reserved. Key Takeaways • Traditional malware detection tech now ineffective • Security automation and stealthy analysis critical to protection • Security professionals in high- demand – Need to attract, train and retain talented people 43
Copyright ©2015 Lastline, Inc. All rights reserved. 44 THANK YOU! For more information visit www.lastline.com or contact us at info@lastline.com.

Recommended

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case StudyLastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 

Recommended

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case StudyLastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware LabDigit Oktavianto
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesPriyanka Aash
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Rod Soto
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessSecurityMetrics
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 

More Related Content

What's hot

Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware LabDigit Oktavianto
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesPriyanka Aash
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Rod Soto
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessSecurityMetrics
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 

What's hot (20)

Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent White
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 

Viewers also liked

Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpointTamra Lovern
 
How to prevent joint problem in dogs
How to prevent joint problem in dogsHow to prevent joint problem in dogs
How to prevent joint problem in dogscanadapetcare
 
Produsele Tiens - prezentare generala (romana)
Produsele Tiens - prezentare generala (romana)Produsele Tiens - prezentare generala (romana)
Produsele Tiens - prezentare generala (romana)Silvana Preda
 
Life media powerpoint
Life media powerpointLife media powerpoint
Life media powerpointTamra Lovern
 
KCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' StoryboardKCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' Storyboardfrancesliam
 

Viewers also liked (16)

Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
 
APT - Project
APT - Project APT - Project
APT - Project
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven Security
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
Mayerlin
MayerlinMayerlin
Mayerlin
 
Alvaro
AlvaroAlvaro
Alvaro
 
(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint(Lovern tamra historyingraphicdesign)powerpoint
(Lovern tamra historyingraphicdesign)powerpoint
 
How to prevent joint problem in dogs
How to prevent joint problem in dogsHow to prevent joint problem in dogs
How to prevent joint problem in dogs
 
Realmadrid-Atleticodemadrid
Realmadrid-AtleticodemadridRealmadrid-Atleticodemadrid
Realmadrid-Atleticodemadrid
 
Produsele Tiens - prezentare generala (romana)
Produsele Tiens - prezentare generala (romana)Produsele Tiens - prezentare generala (romana)
Produsele Tiens - prezentare generala (romana)
 
JLF
JLFJLF
JLF
 
Life media powerpoint
Life media powerpointLife media powerpoint
Life media powerpoint
 
KCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' StoryboardKCB101 Not Your Mothers' Storyboard
KCB101 Not Your Mothers' Storyboard
 

Similar to Malware in the Wild: Evolving to Evade Detection

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityAVG Technologies AU
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Hacking Portugal v1.1
Hacking Portugal v1.1Hacking Portugal v1.1
Hacking Portugal v1.1Dinis Cruz
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Scot Secure 2016
Scot Secure 2016Scot Secure 2016
Scot Secure 2016Ray Bugg
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Agora Group
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
APT or not - does it make a difference if you are compromised?
APT or not - does it make a difference if you are compromised?APT or not - does it make a difference if you are compromised?
APT or not - does it make a difference if you are compromised?Thomas Malmberg
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial SectorLIFARS
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 

Similar to Malware in the Wild: Evolving to Evade Detection (20)

A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online Security
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Hacking Portugal v1.1
Hacking Portugal v1.1Hacking Portugal v1.1
Hacking Portugal v1.1
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Scot Secure 2016
Scot Secure 2016Scot Secure 2016
Scot Secure 2016
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
APT or not - does it make a difference if you are compromised?
APT or not - does it make a difference if you are compromised?APT or not - does it make a difference if you are compromised?
APT or not - does it make a difference if you are compromised?
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial Sector
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 

Recently uploaded

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 

Recently uploaded (20)

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 

Malware in the Wild: Evolving to Evade Detection

  • 1. Malware in the Wild: Evolving to Evade Detection Engin Kirda Co-Founder and Chief Architect engin@lastline.com 3/17/2015
  • 2. Copyright ©2015 Lastline, Inc. All rights reserved. Engin Kirda, Ph.D. • Professor at Northeastern University, Boston – started malware research in about 2004 – Helped build and release popular malware analysis and detection systems (Anubis, Wepawet, …) • Co-founder of Lastline, Inc. – Lastline offers protection against zero-day threats and advanced malware – Commercialization of many years of advanced research 2
  • 3. Copyright ©2015 Lastline, Inc. All rights reserved. Key Takeaways • Traditional malware detection tech now ineffective • Security automation and stealthy analysis critical to protection • Security professionals in high- demand – Need to attract, train and retain talented people 3
  • 4. Copyright ©2015 Lastline, Inc. All rights reserved. You Will Learn • How has malware evolved in the last decade? • How have security technologies changed to address the threat? • What are some key characteristics of advanced malware behaviors? • Can we stop this threat? Is this a lost war? 4
  • 5. How Has Malware Evolved?
  • 6. Cyber-espionage and Cyber-war !!! Cyberattack (R)Evolution Time $$ Damage Millions Hundreds of Thousands Thousands Hundreds Billions Cybercrime $$$Cybervandalism #@! 6
  • 7. Copyright ©2015 Lastline, Inc. All rights reserved. The Nature of the Threat Has Changed • Intruders are more prepared and organized • Attack attribution on the Internet is incredibly difficult • Intruder tools are increasingly sophisticated yet easy 7
  • 8. Copyright ©2015 Lastline, Inc. All rights reserved. A Little Bit of History… • End of the 80s, viruses came out – First form of malware – Often destructive, but no financial incentive • In the 90s, worms became popular – Often destructive, but no financial incentive 8
  • 9. Copyright ©2015 Lastline, Inc. All rights reserved. A Little Bit of History… • As of 2000, financial incentives became increasingly dominant – Phishing, Farming, Banking Trojans, Key-loggers… • As of 2010, targeted attacks gaining more attention in media – Attacks against companies like Google, RSA – Espionage as a major incentive 9
  • 10. Copyright ©2015 Lastline, Inc. All rights reserved. Excerpts from 2014 • Dairy Queen International – Backoff, more than 300 stores, credit card infos stolen • J.P. Morgan Chase – Customer information for millions of customers compromised • Home Depot – Credit card infos stolen for more than 50 million customers • UPS – Backoff, 60 stores compromised • Target – Millions of credit card infos stolen 10
  • 11. How Have Security Technologies Evolved? Emergence of Signature-Based Detection
  • 12. Copyright ©2015 Lastline, Inc. All rights reserved. Traditional Malware Detection • Imagine you are identifying people based on their looks – Are they wearing a hat? – What color is their hair? – How tall are they? – What is their eye color? – How old are they? – Do we have their fingerprint? 12 Walter White
  • 13. Copyright ©2015 Lastline, Inc. All rights reserved. 5B 00 00 00 00 pop ebx 8D 4B 42 lea ecx, [ebx + 42h] 51 push ecx 50 push eax 50 push eax 0F 01 4C 24 FE sidt [esp - 02h] 5B pop ebx 83 C3 1C add ebx, 1Ch FA cli 8B 2B mov ebp, [ebx] 5B 00 00 00 00 8D 4B 42 51 50 50 0F 01 4C 24 FE 5B 83 C3 1C FA 8B 2B Example: Chernobyl (CIH) Virus SIGNATURE 13
  • 14. Copyright ©2015 Lastline, Inc. All rights reserved. The Problem of Evasion 14 • What if the criminal is wearing a black hat and sun glasses for disguise? • What if the criminal is also able to change his fingerprints on the fly, after every crime? • We’d be in a lot of trouble at airports. Unfortunately, we have this situation happening in the cyber- world right now Heisenberg
  • 15. Copyright ©2015 Lastline, Inc. All rights reserved. 5B 00 00 00 00 pop ebx 8D 4B 42 lea ecx, [ebx + 42h] 51 push ecx 50 push eax 90 nop 50 push eax 40 inc eax 0F 01 4C 24 FE sidt [esp - 02h] 48 dec eax 5B pop ebx 83 C3 1C add ebx, 1Ch FA cli 8B 2B mov ebp, [ebx] 5B 00 00 00 00 8D 4B 42 51 50 90 50 40 0F 01 4C 24 FE 48 5B 83 C3 1C FA 8B 2B Disguising: Chernobyl (CIH) Virus DIFFERENT SIGNATURE 15
  • 16. Copyright ©2015 Lastline, Inc. All rights reserved. Malware Uses Disguise • It does the same thing, but it looks different each time • Detecting malware just based on its “looks” does not work anymore 16
  • 17. Malware is Now a Problem of Scale… • The number of new malware out there has been increasing exponentially • It might be the same malware sample you are dealing with, but it looks different to the naked eye… 17
  • 18. Summary of traditional approaches: 1998 compared to 2015 18
  • 19. Lastline Labs: AV Can’t Keep Up Antivirus systems take months to catch up to highly evasive threats. 19
  • 20. Copyright ©2015 Lastline, Inc. All rights reserved. 20 Current State of Affairs • Anti-virus systems are not enough – Malware modifies itself to evade detection • Manual analysis of threats requires an enormous amount of resources – Cannot scale, reaction time in the order of days or weeks • We need to be leading in the arms-race 20
  • 21. How Have Security Technologies Evolved? Emergence of Behavior-Based Detection
  • 22. Copyright ©2015 Lastline, Inc. All rights reserved. Key Idea 22 • Why not just run or open the suspicious file and see how it behaves? • This approach is generally-known as sandboxing • The sandbox typically uses a virtualized, instrumented environment • The system logs the behaviors of the file
  • 23. Copyright ©2015 Lastline, Inc. All rights reserved. Sandbox-Based Detection Is Popular • There are many security products now – Sandboxing is often a component that is used for unknown files • These sandboxes often vary in quality – A sandbox can be very simple, or can be more sophisticated based on its design 23
  • 24. Copyright ©2015 Lastline, Inc. All rights reserved. Evasion of Behavior-Based Detection • Bad guys are not stupid • They have received the news that behavior-based detection is what everyone’s using now • Just like signature-based detection systems were evaded in the past • Behavioral evasions tricks have emerged 24
  • 25. Copyright ©2015 Lastline, Inc. All rights reserved. One of The First Tricks That Emerged: Red Pill (Remember Matrix?) • A Virtual Machine (VM) is often used to run the code during analysis and detection • The red pill test allows you to find out if you’re running in a VM • There are many ways of launching evasions like that 25
  • 26. Copyright ©2015 Lastline, Inc. All rights reserved. Some Dynamic Evasion Tricks • Checking for specific artifacts in the virtualized OS • Checks on CPU features that indicate VM • Looking for running processes and imitating them • Waiting for someone to click on something • Delaying the execution until analysis system gives up 26
  • 27. Copyright ©2015 Lastline, Inc. All rights reserved. An Emerging Trick: Stalling Loops 27 • Simple piece of code that takes milliseconds to execute on your laptop, but hours to run in a virtualized detection system
  • 28. What are some key characteristics of advanced malware behaviors? Oh Internet, where are we headed?
  • 29. Copyright ©2015 Lastline, Inc. All rights reserved. Key Characteristics of Malware Today • The majority of the malware is “noise” – 50%-80% • A smaller portion is nasty – 15%-20% • An even smaller portion is very nasty – 1%-5% 29
  • 30. Copyright ©2015 Lastline, Inc. All rights reserved. You’ve Probably Read This: Recent Payment Breaches • The last year has seen a dramatic escalation in the number of breached Point of Sale (PoS) systems • Many of these PoS payloads, like Backoff, evaded installed defenses and alarms • In few cases an early alarm was received, but it was ignored since indistinguishable from the background noise 30
  • 31. Copyright ©2015 Lastline, Inc. All rights reserved. What is Backoff? • Malware used in numerous breaches in the last year • Secret Service estimated 1,000+ U.S. businesses affected • Targeted to Point of Sale (PoS) systems • Evades analysis 31
  • 32. Copyright ©2015 Lastline, Inc. All rights reserved. How are the attackers deploying it? • Scan for Internet facing Remote Desktop applications • Brute force login credentials • Often successfully find administrative credentials • Use admin credentials to deploy Backoff to remote PoS systems 32
  • 33. Copyright ©2015 Lastline, Inc. All rights reserved. Carbanak Malware • Bank robbing, raked in as much as 1 billion $ – Banks infiltrated, ATMs were taken over – Balances adjusted and funds transferred remotely • Most Carbanak samples exhibit stealthy behavior (90%) – 17% display evasive behavior (detecting sandbox) – Samples are environmentally-aware – Stealthy sandbox is needed that can detect evasions 33
  • 34. Copyright ©2015 Lastline, Inc. All rights reserved. In Recent Research… • We looked at a Non- Governmental Organization (NGO) – Representing the Uyghur minority in China – Many suspicious emails were being sent – Many targeted hacking attempts • Key finding – The attacks were surprisingly simple – Malware not very sophisticated – No unknown vulnerabilities used 34
  • 35. Can we stop this threat? Is this war winnable?
  • 36. Copyright ©2015 Lastline, Inc. All rights reserved. The Reality is That the Threat Will Continue to Exist • The right question should be: How can we keep this threat under check and limit damage? • Similar to protecting your home – Locks can be broken – But you can use a good lock, build in alarm systems, and lock away your valuables 36
  • 37. Copyright ©2015 Lastline, Inc. All rights reserved. Technology plays a crucial role, but… • Integration is very important – Whatever solutions we deploy must be easy to integrate and interoperate with existing systems • Proposed solutions need to be scalable – Organizations typically have thousands of users and multiple nodes that need protection 37
  • 38. Copyright ©2015 Lastline, Inc. All rights reserved. Correlation is the key • There is no silver bullet in security! • You need to correlate information coming from different sources • Network nodes, domain names used, connections opened… • There are is a large attack surface… 38
  • 39. Copyright ©2015 Lastline, Inc. All rights reserved. • It is not a question of if, but only when you’ll be breached • Getting breached is not the end of the world if… 1. … you can detect the breach quickly 2. … understand how you were breached 3. … can share this breach knowledge automatically with other components and business units Thinking like the attacker 39
  • 40. Copyright ©2015 Lastline, Inc. All rights reserved. It’s Not Only a Technology Problem • Security systems sometimes fail because people fail – Education is a key component of any security solution • We need to educate students, train employees – Student hacking contents are a great example 40
  • 41. Copyright ©2015 Lastline, Inc. All rights reserved. Student Hacking Competitions • Help educate and train students – Hacking contests where the aim is defense and offense – They’re fun! ;) And useful – 6 years ago, some companies were against them… now they’re organizing their own ;) 41
  • 42. Copyright ©2015 Lastline, Inc. All rights reserved. New Research: Kernel-Level Detection • Operating system kernel is the blind-spot for detection – Kernel-level malware is typically invisible to sandboxes • At least one malware component often executes in kernel-space – I’m happy to announce novel techniques to automate the analysis of such malware today – http://www.lastline.com/labs 42
  • 43. Copyright ©2015 Lastline, Inc. All rights reserved. Key Takeaways • Traditional malware detection tech now ineffective • Security automation and stealthy analysis critical to protection • Security professionals in high- demand – Need to attract, train and retain talented people 43
  • 44. Copyright ©2015 Lastline, Inc. All rights reserved. 44 THANK YOU! For more information visit www.lastline.com or contact us at info@lastline.com.