Malware mitigation

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1






    For another way to look at the growing problem of data loss, consider the black market value for various forms of stolen identities…
    $980-$4,900 Trojan program to steal online account information
    $490 Credit Card Number with PIN
    $78-$294 Billing data, including account number, address, Social Security number, home address, and birthdate
    $147 Driver's license
    $147 Birth certificate
    $98 Social Security card
    $6-$24 Credit card number with security code and expiration date
    $6 PayPal account logon and password
    *****www.informationweek.com*****

    Extra data points
    $40 standard credit card number
    $120 signature card (one step beyond platinum and corporate)
    Or 100 in mixed batch for $30 each
















































    R

    R

    R

    R

    1 Favorite

    Malware mitigation - Presentation Transcript

    1. Devise a strategy to mitigate malware Ramsés Gallego CISM, CGEIT, CISSP, SCPM, ITIL, Six Sigma Black Belt Certified General Manager Entel Security & Risk Management rgallego@entel.es © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    2. Agenda • Malware: what is it really? • Different types of malware • We are under attack... but how? And why? • Let me show you • Strategy on how to mitigate those risks © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    3. Malware: what is it really? • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code • Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    4. A bigger problem than we think • Malware is now economically motivated and backed by organized crime and foreign interest • The development of highly critical malware such as targeted attacks is also on the rise • The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove • There are many bot networks to de-fraud business models and consumers through sophisticated social engineering © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    5. It’s not for fun... It’s money! • Consumers are now the prime target for ID Theft and other on-line fraud • Traditional signature based anti-virus solutions have become useless to these new sophisticated attacks © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    6. Understanding the Risk The Market Value of Sensitive Data 980€-4.900€ 147€ Trojan to steal account Birth certificate information 98€ 490€ Social Security card Credit Card Number with PIN 6€-24€ 78-294€ Credit card number Billing data 6€ 147€ PayPal account Driver's license logon and password © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    7. Overview of crimeware families Crimeware is broken down into several categories • Banking Trojans Limbo PayRob.A Sinowal Aifone.A Banbra Variants • Keyloggers (Banbra, Cimuz) • Bots (Clickbot.a, Botnet.A, Aifone.A) • Phishing (Barclays, PayPal) • Targeted Trojans © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    8. What is spyware? • Spyware is software installed on a computer that gathers information without the user's knowledge and relays that information to advertisers or other 3rd parties • Several subcategories of spyware: –Adware • Advertising-supported software that displays pop-up advertisements whenever the program is running. Often collect personal information and web surfing habits –System monitors • Programs that capture everything you do on your computer, from keystrokes, emails and chat room dialogue, to which sites you visit and which programs you run –Trojan horses • Malicious programs that appear harmless but steal or destroy data or provide unauthorised external access © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    9. How spyware infiltrates • People don’t purposefully and knowingly install spyware –Can be included with applications you want to install, such as peer-to-peer clients or desktop utilities –Some silently load when you visit a seemingly-innocent Web page (‘The Ghost in the browser’) • Installed silently in the background – most users never know their computers are infected © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    10. Spyware threats organizations • Wastes computing resources –Sends back information periodically, often daily –Consumes an organisation’s bandwidth • Exposes proprietary information –It could send files to a competitor’s server –It could monitor e-mail and send out the contents • Poses serious security risks –It could send emails on behalf of the user –It could provide a spy or hacker with a backdoor into the systems –It could change documents and specifications on systems to damage research or other projects • May introduce compliance risks © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    11. How botnets are used to commit financial fraud • A bot network consists of a “controller” and compromised zombie PCs. There have been cases of bot networks containing up to 1.5 Million zombie PCs like in the Dutch botnet case • The bots that infect systems can perform several actions such as relay spam, launch malware and perform ID theft • Some of the common methods for bot infection is through websites that contain exploits and vulnerabilities that actively transmit malware to the PC visiting the site. • Components can also be downloaded such as ActiveX controls, etc that will then deal with the rest of the infection process • Social engineering techniques also exist to infect systems through spam, phishing and other content. Once a PC has become infected it can receive remote commands from the “bot master” remotely © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    12. And they are using new methods • Botnets are beginning to use P2P networks to gain control of more computers • Researchers were previously able to shut down a botnet by targeting its Command & Control center (and IRC channel or website). Hackers are now using P2P networks to connect bots in a more “horizontal,” peer manner, which makes shutting down the botnets much more difficult © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    13. The problem of keylogging • Keyloggers are programs that run in the background recording all keystrokes and which may also send those keystrokes (potentially including passwords or confidential information) to an external party • 2 types of Keylogger programs: –Commercial –Viral (included as part of blended threat with Worm, Trojan Horse, BOT, etc.. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    14. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    15. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    16. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    17. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    18. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    19. Sophisticated Social Engineering • Common social engineering techniques: – Spear-Phishing and other highly targeted scams – Spam with exploits – Phishing emails that direct users to web-sites with hidden Trojans – Malware through IM channels © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    20. No real bank would do this! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    21. Infection strategies used by hackers • Common infection strategies used by hackers –A web site is physically hacked and seeded with Trojans (i.e. Superbowl website case) –Phishing emails with exploits –Malware through IM channels –Malware attached to freeware and shareware –Malware in the form of video codecs –Infection through botnets © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    22. Overview of Targeted Attacks • Characteristics of Targeted Attacks: – Involve “Highly Critical” malware tailored towards attacking a specific target (i.e. Bank Of America) – Such malware target a specific set of confidential information to capture and send to a 3rd party – Targeted attacks always involve a hacker hired to design malware to bypass specific defenses – Attacks are very localized; therefore, distribution is limited. In most cases AV labs do not receive a sample which results in no signature file – Current security solutions will not detect the malware because the hacker has prepared against commonly used AV programs – Hackers are using sophisticated stealth techniques such as rootkits to hide the presence of malware © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    23. Information? Ready available! • IT departments know about sites...but so do all the other departments! –Question is…do we know who, when, where and how? –More importantly…do we have the means to stop it? • Information is easy to find! (27,000,000 results returned on Google when the search term ‘How To Hack’ is used) • Hacking tools can be easy to use –Some don’t require any programming skills at all! (Keyloggers can come with nice user interfaces, such as ‘The Perfect Keylogger’) with a ‘Next’, ‘Next’, ‘Next’ install! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    24. …step-by-step guides available! • You no longer need to go underground or to university to learn how to become a successful hacker! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    25. …step-by-step guides available! • You no longer need to go underground or to university to learn how to become a successful hacker! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    26. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    27. Do it yourself! Incredible! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    28. Example - Denial of Service © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    29. Example - Denial of Service • You visit a web site and click on a link © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    30. Example - Denial of Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    31. Example - Denial of Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer • You can only close the program to prevent the attack. The machine does not work © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    32. Example - Redirection of sites © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    33. Example - Redirection of sites • You connect to online banking to see your accounts © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    34. Example - Redirection of sites • You connect to online banking to see your accounts • A hostile applet sends an identical page © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    35. Example - Redirection of sites • You connect to online banking to see your accounts • A hostile applet sends an identical page • You introduce your credentials while a hacker is receiving them or they are being sent to an Internet directory © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    36. Example - Sending files in background © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    37. Example - Sending files in background • A postcard is received by email © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    38. Example - Sending files in background • A postcard is received by email • An applet executes an animation • That applet is copying the last Word document and is sending it in the background to the Internet © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    39. Example - Harm exectutables © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    40. Example - Harm exectutables • There is type of attack that seems to be from known companies who invite to install the last security patch or Service Pack • The executable file is a Trojan or malicious code that puts our environment at risk © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    41. Example - Phising and scam © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    42. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    43. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    44. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    45. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    46. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising •In this case, the ‘help’ options include the download of an Excel file to be sent by fax •A real and legal organization would never do this…. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    47. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising •In this case, the ‘help’ options include the download of an Excel file to be sent by fax •A real and legal organization would never do this…. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    48. Strategy: Protect every vector © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    49. Strategy: Protect every vector Firewall © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    50. Strategy: Protect every vector Secure Content Manager Firewall © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    51. Strategy: Protect every vector Antivirus/ Antispyware Secure Content Manager Firewall © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    52. Strategy: Protect every vector Antivirus/ Antispyware Secure Content Manager Firewall VPN © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    53. Strategy: Protect every vector Antivirus/ Data Leak Prevention Antispyware Secure Content Manager Firewall VPN © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    54. Strategy: Consider other approaches Internet • Effectiveness vs. Efficiency • SaaS approach • UTM devices • More than one solution will leverage your security • Education, education, education • Centralised management © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    55. Objective: Keep the bad guys out! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    56. Objective: Keep the bad guys out! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    57. THANK YOU Devise a strategy to mitigate malware Ramsés Gallego CISM, CGEIT, CISSP, SCPM, ITIL, Six Sigma Black Belt Certified General Manager Entel Security & Risk Management rgallego@entel.es © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    SlideShare Zeitgeist 2009

    + Ramsés GallegoRamsés Gallego Nominate

    custom

    266 views, 1 favs, 0 embeds more stats

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 266
      • 266 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 1
    • Downloads 0
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.