Your SlideShare is downloading. ×
OWASP InfoSec India Conference 2012August 24th – 25th, 2012                                 The OWASP FoundationHotel Crow...
Alok Gupta                 Experience: 20+ years in the Information and                    Communications Technology (ICT...
Abstract & Agenda “Malware is everywhere “and will continue to spread. Over the years, malware has infected every corner...
DisclaimerEverything, I state here ismy opinion and is basedon my limited knowledge& reseacrhI am sure that some of youwil...
Malware Basics Malware, is a malicious  software used or created to  disrupt computer  operation, gather sensitive  infor...
The Malware Museum Viruses Worms Trojans Spyware/Adware/Ransomware Bots / Robots / Agents Backdoor / Trapdoor Zombi...
Type of Cyber Malware & attack mode   OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
Malware History 40 years ago Bob Thomas began experimenting with  the concept of a mobile application and developed the  ...
Malware Evolution Throughout the 1990s and early 2000s, malware  continued to evolve, adding new functions and infection ...
Malware Synthesis The attention shifted to designing a platform that could  sustain an ongoing and dynamic attack. Stealt...
Malware Modernization Malware development is big business due to associated  economics. It is no longer a backyard of com...
Malware: Key Questions? Infection: How is the malware delivered? Via an   executable, packed into a file, delivered via a...
Malware Key Questions? Command and Control: How is the command-and-  control managed? Does it get updated configuration f...
Malware Explosion!Malware continues to grow in terms of  infection rate and new targets. Last year,  there were 25 millio...
Malware Trends SSL no more safe. Cybercriminals can grab your  username / password before the encryption technology  kick...
Industrial Espionage              and     Weaponized MalwareOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurga...
StuxnetTargets industrial controlsystems and PLC’s such asSiemens SimaticVast array of components usedZero-day exploitsW...
DuquDuqu is a computerworm discovered on 1September 2011,thought to be relatedto the Stuxnet worm.Duqu gathersinformation ...
Flame   Flame is a  sophisticated  attack toolkit“Flame’s mission is not about stealing   identities. It is  about gatheri...
Gauss Gauss is a new class of threat   that swarms over systems   searching for private   information, mostly on   bankin...
Latest from the Malware Stable  OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
DNS MalwareOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
Shamoon malware infects, steals data and wipes  Overwrites themaster boot record                        Steals data from t...
New Android Malware Steals Your Money Via SMS Trojan!SMSZombie.A in china affected 5,00,000 mobiles      OWASP InfoSec Ind...
Frankenstein virus creates malware by pilfering code   Frankenstein Virus Can      build itself on any    computer from st...
Crisis The recently discovered Crisis financial malware can spread   using capabilities built into VMware virtual machine...
Mobile Users-Watch out! 6 out of every 10 cyber-security breaches occur as a  result of a mobile device* In 2011, malwar...
Mobile Malware TrendsMobile                                  Automated  Pickpocketing                               Repa...
Top malware email attacks in past 30 days.      OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
Early Warning! Treat fraud prevention and  malware detection in a single  context Analyse crucial information  for all t...
Sandboxing Sandboxing is a   popular technique   for creating confined   execution   environments, which   could be used ...
Analyze Suspicious Files OnlineOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
Thanks for your time and attention!                     Alok Guptaalok.gupta@pyramidcyber.com                 +91-99991896...
Subscribe mailing list            www.owasp.be            Keep up to date!                                                ...
Upcoming SlideShare
Loading in...5
×

From app sec to malsec malware hooked, criminal crooked alok gupta

1,085

Published on

From AppSec to MalSec Malware Hooked, Criminal Crooked - Alok Gupta - OWASP India Conference 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,085
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "From app sec to malsec malware hooked, criminal crooked alok gupta"

  1. 1. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in From AppSec to MalSec Malware hooked, criminal crooked! Alok Gupta Founder & Managing Director Pyramid Cyber Security & Forensic (P) Limited Email:alok.gupta@pyramidcyber.com +91-9999189650 OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  2. 2. Alok Gupta  Experience: 20+ years in the Information and Communications Technology (ICT) industry  Serial Entrepreneur , Founder & Managing Director, Pyramid Cyber Security & Forensic, a boutique Digital Forensic and specialised Information Security solution and services provider  Past member of the National Committee on Information Technology for Confederation of Indian Industries (CII)  Advised several Enterprises and Government agencies leverage use of ICT and Information Security to compete and grow in the global economy.  Board of Members of the Amity Institute of Cyber Law & Cyber Crimes  Member of IMS Law advisory committee  Writes Columns, frequently quoted in IT, Security & Forensic media , regularly speaks at several events, workshops, seminars and forums in India and InternationallyOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  3. 3. Abstract & Agenda “Malware is everywhere “and will continue to spread. Over the years, malware has infected every corner of the internet, and has branched out to industrial espionage to social networks and mobile devices too. Given the tremendous success cyber criminals enjoy, they will continue to use legitimate websites as a primary delivery mode for malware. Malware are becoming more sophisticated and customizable. Emergence of anti-malware technologies is constantly attempting to tackle such threats. After all it is bad guys verses the good guys and the battle is on! Today’s talk will address what it is, how it infects and spreads, how widespread is the problem and what enterprises, governments and individuals should do in order to stay protected. The discussion will cover analysis, latest trends, strategies for mitigation and recent case studies. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 3
  4. 4. DisclaimerEverything, I state here ismy opinion and is basedon my limited knowledge& reseacrhI am sure that some of youwill already know most ofit so do not get angry! OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 4
  5. 5. Malware Basics Malware, is a malicious software used or created to disrupt computer operation, gather sensitive information, or gain access to computer network and mobile systems. Malware can appear in the form of code, scripts, active content, and other software. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 5
  6. 6. The Malware Museum Viruses Worms Trojans Spyware/Adware/Ransomware Bots / Robots / Agents Backdoor / Trapdoor Zombie Porn Diallers Key loggers Exploits Bug Rootkits OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  7. 7. Type of Cyber Malware & attack mode OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  8. 8. Malware History 40 years ago Bob Thomas began experimenting with the concept of a mobile application and developed the Creeper program, which had the ability to move from machine to machine. Creeper quickly proliferated through ARPANET infecting everything in its path, and the emergence of the computer virus By 1988, the Morris Worm had taken hold and shown the power of relatively simple programs to use applications and the Internet to rapidly infect large numbers of machines in very short periods of time. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  9. 9. Malware Evolution Throughout the 1990s and early 2000s, malware continued to evolve, adding new functions and infection rates. The power of the malware was largely predetermined at the time it was written and logic of threat was largely contained within the malware’s code itself By 2007 first botnets began to appear, and fundamentally changed the world of malware. Infected hosts could now be centrally controlled by a remote attacker, allowing all the individual machines to cooperate as one massive distributed malware application OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  10. 10. Malware Synthesis The attention shifted to designing a platform that could sustain an ongoing and dynamic attack. Stealth became a primary objective because intruders could now control and take advantage of an infected machine for an indefinite period of time The attacker could now update the malware program at will in order to send spam one day and steal credit card numbers the next day and so on. The strength of a piece of malware came to rest on the quality of its communication, management and ability to avoid detection. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  11. 11. Malware Modernization Malware development is big business due to associated economics. It is no longer a backyard of computer hackers. Modern Malware is used for extorting money, collecting confidential and proprietary information, industrial espionage, social engineering etc. Fraud and scare tactics are a major priority of current malware creation. Affordable massively parallel computing capabilities have further fuelled activities such as spam mail transmission, DDoS and advanced persistent threats. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  12. 12. Malware: Key Questions? Infection: How is the malware delivered? Via an executable, packed into a file, delivered via an infected webpage? How does the malware communicate? Persistence: Once on the host, how is the host able to persist on the infected host without triggering host-based security? Does it use a rootkit? Does it disable antivirus? Does it install backdoors? Communication: The ability to communicate largely represents the power of the malware. Does it communicate on non-standard ports, encrypt its traffic, use proxies, or tunnel within other approved applications? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  13. 13. Malware Key Questions? Command and Control: How is the command-and- control managed? Does it get updated configuration files, or send and receive messages from peer-to-peer networks? How does the malware cope with the loss of a command- and-control server? Malicious Functions: How to we keep track of the end behaviour of the malware. Some malware will remain very focused, targeting a specific type of information within a specific organization. Others will vary over time, shifting with the needs and desires of bot owner. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  14. 14. Malware Explosion!Malware continues to grow in terms of infection rate and new targets. Last year, there were 25 million new, unique strains of malware released and that number is projected to grow to 87 million by the end of 2015.The shift toward BYOD workplace practices contributes to increased risk that corporate assets will be lost in addition to traditional attacks on e-commerce. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  15. 15. Malware Trends SSL no more safe. Cybercriminals can grab your username / password before the encryption technology kicks in Targeted malware is on the rise; malware that accesses your browser history will infect you if you meet certain criteria New malware is hard to spot and remove Ransomware is increasing, would not go away unless you pay! Old problems resurface Mobile malware increasing OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  16. 16. Industrial Espionage and Weaponized MalwareOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  17. 17. StuxnetTargets industrial controlsystems and PLC’s such asSiemens SimaticVast array of components usedZero-day exploitsWindows rootkitPLC rootkit (first ever)Antivirus evasionPeer-to-Peer updatesSigned driver with a validcertificateCode changes are hidden OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  18. 18. DuquDuqu is a computerworm discovered on 1September 2011,thought to be relatedto the Stuxnet worm.Duqu gathersinformation that is usefulin attacking industrialcontrol systems. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  19. 19. Flame Flame is a sophisticated attack toolkit“Flame’s mission is not about stealing identities. It is about gathering intelligence OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  20. 20. Gauss Gauss is a new class of threat that swarms over systems searching for private information, mostly on banking Gauss can steal access credentials for various online banking systems and payment methods and various information such as network interfaces, computer’s drives and BIOS Gauss can steal browser history, social network and instant messaging info OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  21. 21. Latest from the Malware Stable OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  22. 22. DNS MalwareOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  23. 23. Shamoon malware infects, steals data and wipes Overwrites themaster boot record Steals data from theof a computer, and Users, Documents andwhich they suspect Settings, and is being used in System32/Drivers and targeted attacks System32/Config folders against specific on Windows computers.. companies. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  24. 24. New Android Malware Steals Your Money Via SMS Trojan!SMSZombie.A in china affected 5,00,000 mobiles OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  25. 25. Frankenstein virus creates malware by pilfering code Frankenstein Virus Can build itself on any computer from stolen snippets of code Potential for hard-to- detect viruses that are stitched together from benign code pilfered from ordinary programs OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  26. 26. Crisis The recently discovered Crisis financial malware can spread using capabilities built into VMware virtual machines Also known as Morcut, the malicious rootkit spreads via an installer thats disguised as an Adobe Flash Player installer First malware that attempts to spread onto a virtual machine OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  27. 27. Mobile Users-Watch out! 6 out of every 10 cyber-security breaches occur as a result of a mobile device* In 2011, malware targeting smartphones increased 155% In a span of just 10 months, the volume of malware targeting Android phones increased 3,325% A typical security breach costs a business more than a half a million dollars* In a world of 7 billion people, there are now 5.9 billion mobile-phone subscribers. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 27
  28. 28. Mobile Malware TrendsMobile Automated Pickpocketing RepackagingMobile botnets Browser AttacksMalvertising Vulnerable Smart Devices OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India) 28
  29. 29. Top malware email attacks in past 30 days. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  30. 30. Early Warning! Treat fraud prevention and malware detection in a single context Analyse crucial information for all targeted systems Deploy Cyber Intelligence that includes host and network forensics, data auditing and non signature based malware detection. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  31. 31. Sandboxing Sandboxing is a popular technique for creating confined execution environments, which could be used for running un trusted programs. A sandbox limits, or reduces, the level of access its applications have. It is a container. OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  32. 32. Analyze Suspicious Files OnlineOWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  33. 33. Thanks for your time and attention! Alok Guptaalok.gupta@pyramidcyber.com +91-9999189650 OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  34. 34. Subscribe mailing list www.owasp.be Keep up to date! 34OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

×