Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Stealthy Threats Driving a New Approach to IT Security


Published on

Rootkits and other stealthy threats have significantly changed the threat landscape with their ability to evade traditional security measures. Find out how to prevent these threats from entering your systems with an integrated solution from Intel and McAfee that delivers embedded security beyond the operating system.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Stealthy Threats Driving a New Approach to IT Security

  1. 1. Stealthy ThreatsDriving a New Approach to IT Security Intel and McAfee
  2. 2. Pervasive Stealth TechniquesNo organization is safe: Threats are at work below the OS2
  3. 3. A Closer Look at Rootkits1,200 Detected Daily; 110,000 per Quarter* Designed to evade traditional OS-based security Software to provide privileged access while hiding Designed to avoid detection (“slow and low”) Used in advanced persistent threats (APTs) to steal data Kernel-mode rootkits are most difficult to detect3 *Source: McAfee Labs (Q1 2012).
  4. 4. Stuxnet: What You Need to KnowStuxnet created a new blueprint—or even a benchmark—forhackers targeting specific computing systems and stealing data Designed to disrupt industrial control systems within Iranian nuclear programs Essentially redefined stealth technique by using a unique combination of zero-day vulnerabilities, rootkits, and stolen digital certificates Remains one of the most innovative, complex threats that security researchers have been able to dissect publicly4
  5. 5. Stuxnet in Action User-mode/kernel-mode rootkits  Hides files  Decrypts and injects code into running processes Possibly Combines with Microsoft* the most Windows* OS vulnerabilities complex  Hides and then uses a rootkit specific to programmable logic controllers, not previously seen in the wild threat to date Insulates programmable logic controller with a wrapper  Intercepts calls  Reports that all systems are functioning correctly5
  6. 6. Zeus: Commercial CrimewareZeus has changed the face of cybercrime with a sophisticatedmalware toolkit Operates much like a software development kit (SDK), allowing hackers to create custom malware with kernel-mode rootkits to build a botnet of compromised hosts Spreads through compromised web sites; drive-by download installs a Trojan without any user action Hackers can rent or purchase working Zeus botnets – Initiate spam campaigns – Launch distributed denial-of-service attacks – Hunt specific data types6
  7. 7. Zeus in Action Embeds Zeus Trojans  E-mail attachments  Corrupt PDF files Advanced malware Sends spear-phishing e-mails tools for  Extracts specific information  Takes over vulnerable systems the masses: point and click Targets specific user communities  Plants custom Trojans on legitimate sites7
  8. 8. IT Security Must Adapt IT security must complement a traditional software-only approach to implement security prevention lower in the platformIf the innovation of Stuxnet combines with easy-to-useprogramming toolkits like Zeus, it becomes a far greaterthreat to the enterprise Rootkit methods will continue to shift below the user and kernel levels Attacks will target the boot, hypervisor, and firmware levels8
  9. 9. Next-Generation Security fromIntel and McAfeePreventing these stealthy threats from gaining entry into yoursystems is the most effective solution The industry’s first proactive security* approach Combines world-class processor technology with leading security software for an integrated security solution Designed to help stay ahead of crimeware innovation, from PCs and mobile devices to industrial controls and other intelligent clients *No computer system can provide absolute security under all conditions. Built-in security features available on9 select Intel® Core™ processors may require additional software, hardware, services, and/or an Internet connection. Results may vary depending upon configuration. Consult your PC manufacturer for more details.