Your SlideShare is downloading. ×
Malware mitigation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Malware mitigation

1,843
views

Published on

Published in: Business, Technology

0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,843
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide





  • For another way to look at the growing problem of data loss, consider the black market value for various forms of stolen identities…
    $980-$4,900 Trojan program to steal online account information
    $490 Credit Card Number with PIN
    $78-$294 Billing data, including account number, address, Social Security number, home address, and birthdate
    $147 Driver's license
    $147 Birth certificate
    $98 Social Security card
    $6-$24 Credit card number with security code and expiration date
    $6 PayPal account logon and password
    *****www.informationweek.com*****

    Extra data points
    $40 standard credit card number
    $120 signature card (one step beyond platinum and corporate)
    Or 100 in mixed batch for $30 each















































  • R
  • R
  • R
  • R
  • Transcript

    • 1. Devise a strategy to mitigate malware Ramsés Gallego CISM, CGEIT, CISSP, SCPM, ITIL, Six Sigma Black Belt Certified General Manager Entel Security & Risk Management rgallego@entel.es © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 2. Agenda • Malware: what is it really? • Different types of malware • We are under attack... but how? And why? • Let me show you • Strategy on how to mitigate those risks © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 3. Malware: what is it really? • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code • Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 4. A bigger problem than we think • Malware is now economically motivated and backed by organized crime and foreign interest • The development of highly critical malware such as targeted attacks is also on the rise • The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove • There are many bot networks to de-fraud business models and consumers through sophisticated social engineering © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 5. It’s not for fun... It’s money! • Consumers are now the prime target for ID Theft and other on-line fraud • Traditional signature based anti-virus solutions have become useless to these new sophisticated attacks © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 6. Understanding the Risk The Market Value of Sensitive Data 980€-4.900€ 147€ Trojan to steal account Birth certificate information 98€ 490€ Social Security card Credit Card Number with PIN 6€-24€ 78-294€ Credit card number Billing data 6€ 147€ PayPal account Driver's license logon and password © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 7. Overview of crimeware families Crimeware is broken down into several categories • Banking Trojans Limbo PayRob.A Sinowal Aifone.A Banbra Variants • Keyloggers (Banbra, Cimuz) • Bots (Clickbot.a, Botnet.A, Aifone.A) • Phishing (Barclays, PayPal) • Targeted Trojans © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 8. What is spyware? • Spyware is software installed on a computer that gathers information without the user's knowledge and relays that information to advertisers or other 3rd parties • Several subcategories of spyware: –Adware • Advertising-supported software that displays pop-up advertisements whenever the program is running. Often collect personal information and web surfing habits –System monitors • Programs that capture everything you do on your computer, from keystrokes, emails and chat room dialogue, to which sites you visit and which programs you run –Trojan horses • Malicious programs that appear harmless but steal or destroy data or provide unauthorised external access © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 9. How spyware infiltrates • People don’t purposefully and knowingly install spyware –Can be included with applications you want to install, such as peer-to-peer clients or desktop utilities –Some silently load when you visit a seemingly-innocent Web page (‘The Ghost in the browser’) • Installed silently in the background – most users never know their computers are infected © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 10. Spyware threats organizations • Wastes computing resources –Sends back information periodically, often daily –Consumes an organisation’s bandwidth • Exposes proprietary information –It could send files to a competitor’s server –It could monitor e-mail and send out the contents • Poses serious security risks –It could send emails on behalf of the user –It could provide a spy or hacker with a backdoor into the systems –It could change documents and specifications on systems to damage research or other projects • May introduce compliance risks © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 11. How botnets are used to commit financial fraud • A bot network consists of a “controller” and compromised zombie PCs. There have been cases of bot networks containing up to 1.5 Million zombie PCs like in the Dutch botnet case • The bots that infect systems can perform several actions such as relay spam, launch malware and perform ID theft • Some of the common methods for bot infection is through websites that contain exploits and vulnerabilities that actively transmit malware to the PC visiting the site. • Components can also be downloaded such as ActiveX controls, etc that will then deal with the rest of the infection process • Social engineering techniques also exist to infect systems through spam, phishing and other content. Once a PC has become infected it can receive remote commands from the “bot master” remotely © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 12. And they are using new methods • Botnets are beginning to use P2P networks to gain control of more computers • Researchers were previously able to shut down a botnet by targeting its Command & Control center (and IRC channel or website). Hackers are now using P2P networks to connect bots in a more “horizontal,” peer manner, which makes shutting down the botnets much more difficult © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 13. The problem of keylogging • Keyloggers are programs that run in the background recording all keystrokes and which may also send those keystrokes (potentially including passwords or confidential information) to an external party • 2 types of Keylogger programs: –Commercial –Viral (included as part of blended threat with Worm, Trojan Horse, BOT, etc.. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 14. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 15. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 16. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 17. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 18. Commercial Keylogger - Example © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 19. Sophisticated Social Engineering • Common social engineering techniques: – Spear-Phishing and other highly targeted scams – Spam with exploits – Phishing emails that direct users to web-sites with hidden Trojans – Malware through IM channels © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 20. No real bank would do this! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 21. Infection strategies used by hackers • Common infection strategies used by hackers –A web site is physically hacked and seeded with Trojans (i.e. Superbowl website case) –Phishing emails with exploits –Malware through IM channels –Malware attached to freeware and shareware –Malware in the form of video codecs –Infection through botnets © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 22. Overview of Targeted Attacks • Characteristics of Targeted Attacks: – Involve “Highly Critical” malware tailored towards attacking a specific target (i.e. Bank Of America) – Such malware target a specific set of confidential information to capture and send to a 3rd party – Targeted attacks always involve a hacker hired to design malware to bypass specific defenses – Attacks are very localized; therefore, distribution is limited. In most cases AV labs do not receive a sample which results in no signature file – Current security solutions will not detect the malware because the hacker has prepared against commonly used AV programs – Hackers are using sophisticated stealth techniques such as rootkits to hide the presence of malware © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 23. Information? Ready available! • IT departments know about sites...but so do all the other departments! –Question is…do we know who, when, where and how? –More importantly…do we have the means to stop it? • Information is easy to find! (27,000,000 results returned on Google when the search term ‘How To Hack’ is used) • Hacking tools can be easy to use –Some don’t require any programming skills at all! (Keyloggers can come with nice user interfaces, such as ‘The Perfect Keylogger’) with a ‘Next’, ‘Next’, ‘Next’ install! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 24. …step-by-step guides available! • You no longer need to go underground or to university to learn how to become a successful hacker! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 25. …step-by-step guides available! • You no longer need to go underground or to university to learn how to become a successful hacker! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 26. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 27. Do it yourself! Incredible! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 28. Example - Denial of Service © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 29. Example - Denial of Service • You visit a web site and click on a link © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 30. Example - Denial of Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 31. Example - Denial of Service • You visit a web site and click on a link • A few seconds later, many applications start to run in the computer • You can only close the program to prevent the attack. The machine does not work © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 32. Example - Redirection of sites © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 33. Example - Redirection of sites • You connect to online banking to see your accounts © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 34. Example - Redirection of sites • You connect to online banking to see your accounts • A hostile applet sends an identical page © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 35. Example - Redirection of sites • You connect to online banking to see your accounts • A hostile applet sends an identical page • You introduce your credentials while a hacker is receiving them or they are being sent to an Internet directory © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 36. Example - Sending files in background © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 37. Example - Sending files in background • A postcard is received by email © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 38. Example - Sending files in background • A postcard is received by email • An applet executes an animation • That applet is copying the last Word document and is sending it in the background to the Internet © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 39. Example - Harm exectutables © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 40. Example - Harm exectutables • There is type of attack that seems to be from known companies who invite to install the last security patch or Service Pack • The executable file is a Trojan or malicious code that puts our environment at risk © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 41. Example - Phising and scam © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 42. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 43. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 44. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 45. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 46. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising •In this case, the ‘help’ options include the download of an Excel file to be sent by fax •A real and legal organization would never do this…. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 47. Example - Phising and scam • Pakistan Earthquake – We found the URL http:// pakistanhelp.com • We analyzed it and we saw that there were signs of phising •In this case, the ‘help’ options include the download of an Excel file to be sent by fax •A real and legal organization would never do this…. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 48. Strategy: Protect every vector © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 49. Strategy: Protect every vector Firewall © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 50. Strategy: Protect every vector Secure Content Manager Firewall © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 51. Strategy: Protect every vector Antivirus/ Antispyware Secure Content Manager Firewall © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 52. Strategy: Protect every vector Antivirus/ Antispyware Secure Content Manager Firewall VPN © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 53. Strategy: Protect every vector Antivirus/ Data Leak Prevention Antispyware Secure Content Manager Firewall VPN © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 54. Strategy: Consider other approaches Internet • Effectiveness vs. Efficiency • SaaS approach • UTM devices • More than one solution will leverage your security • Education, education, education • Centralised management © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 55. Objective: Keep the bad guys out! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 56. Objective: Keep the bad guys out! © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
    • 57. THANK YOU Devise a strategy to mitigate malware Ramsés Gallego CISM, CGEIT, CISSP, SCPM, ITIL, Six Sigma Black Belt Certified General Manager Entel Security & Risk Management rgallego@entel.es © 2008 ISACA. All rights reserved Wednesday, March 25, 2009

    ×