SlideShare a Scribd company logo

임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판

Minseok(Jacky) Cha
Minseok(Jacky) Cha

임베디드 리눅스 악성코드 - 코드게이트 발표 Embedded Linux Malware - CodeGate 2015

Technology
1 of 77
Download to read offline
임베디드 리눅스 악성코드로 본 사물인터넷 보안 2015.04.08 안랩 시큐리티대응센터(ASEC) 분석팀 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) 책임 연구원
© AhnLab, Inc. All rights reserved. 2 :~$apropos • IoT • EmbeddedLinux • Home Network Devices • 주요 EmbeddedLinux악성코드
© AhnLab, Inc. All rights reserved. 3 :~$whoami Profile − 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) − 1988년 1월 7일 : Apple ][+ 복제품으로 컴퓨터 시작 − 1989년 : Brain virus 변형 감염 − 1997년 : AhnLab 입사 − AhnLab 책임 연구원 (Senior Antivirus Researcher) − 시큐리티 대응센터(ASEC) 분석팀에서 악성코드 분석 및 연구 중 - 민간합동 조사단, 사이버보안 전문단 - AVED, AMTSO, vforum 멤버 - Wildlist Reporter
Contents 01 02 03 04 05 IoT 그리고 Embedded Linux Home Network Threat 주요 악성코드 맺음말
01 IoT 그리고 Embedded Linux
© AhnLab, Inc. All rights reserved. 6 IoT (Internet of Things) • IoT - 사람과사물,사물과사물간정보를상호소통하는지능형기술및서비스 * Source:http://en.wikipedia.org/wiki/Internet_of_Things
© AhnLab, Inc. All rights reserved. 7 IoT (Internet of Things) • 활용 분야 - * Source:http://www.kpcb.com/blog/how-kleiner-perkins-invests-in-the-internet-of-things-picking-the-winners
© AhnLab, Inc. All rights reserved. IoT (Internet of Things) OS Embedded Linux Windows Android iOS Contiki Tizen Riot mbed
© AhnLab, Inc. All rights reserved. 9 IoT (Internet of Things) • EmbeddedLinux - * Source:http://en.wikipedia.org/wiki/Linux_on_embedded_systems
© AhnLab, Inc. All rights reserved. 10 IoT (Internet of Things) • EmbeddedLinux - settopbox,Homerouter,NAS등 * Source:https://www.synology.com/ko-kr/products/
02 Home Network
© AhnLab, Inc. All rights reserved. 12 Home Network • Home Router - 인터넷공유기,Wi-FiRouter,WirelessRouter * Source:http://en.wikipedia.org/wiki/Wireless_router
© AhnLab, Inc. All rights reserved. 13 Home Network Home Router • Specification - MIPS -EmbeddedLinux * Source:http://www.iptime.co.kr&http://www.netcheif.com/Reviews/BR-6478AC/PDF/8197D.pdf
© AhnLab, Inc. All rights reserved. 14 Home Network Network Attached Storage (NAS) • Specification - ARM,Intel등 -EmbeddedLinux * Source:https://www.qnap.com/i/en/product/model.php?II=122&event=2
© AhnLab, Inc. All rights reserved. 15 Home Network Embedded Linux • Busybox - 주요Linux명령어를하나의파일에담음 * Source:http://www.busybox.net/
© AhnLab, Inc. All rights reserved. 16 Home Network Home Router • Login - 공장출시기본Login/password
© AhnLab, Inc. All rights reserved. 17 Home Network Home Router • BusyBox -
© AhnLab, Inc. All rights reserved. 18 Home Network Home Router • cpuinfo -
© AhnLab, Inc. All rights reserved. 19 Home Network • * Source:
03 Threat
© AhnLab, Inc. All rights reserved. 21 Threat TV 드라마 • 해킹을 통한 살인 - 말기암환자가 자동차,POS,엘리베이터를해킹해살해시도 * Source:CSI NewyorkSeason6Episode2(2009)
© AhnLab, Inc. All rights reserved. 22 Threat TV 드라마 • CSI Cyber - * Source:CSI CyberSeason1Episode1(2015)
© AhnLab, Inc. All rights reserved. 23 Threat 사생활 침해 및 정보 유출 훔쳐 보기 개인 정보 유출 설정 변경/데이터 조작 광고 노출 내부/통신 데이터 조작 의료 기기는 큰 문제 Backdoor 주로 디버깅 목적 의도적으로 포함한다면 ? 악성코드 DDoS 공격 광고 노출/변경, 피싱 사이트 유도 Bitcoin 채굴 등 보안 위협
© AhnLab, Inc. All rights reserved. 24 Threat 사생활 침해 및 정보 유출 • 사생활 침해 - 도둑질에도악용가능 * Sourcehttp://abcnews.go.com/blogs/headlines/2013/08/baby-monitor-hacking-alarms-houston-parents/
© AhnLab, Inc. All rights reserved. 25 Threat 사생활 침해 및 정보 유출 • 사생활 침해 -도둑질에도이용가능 * Source:https://blogs.rsa.com/wp-content/uploads/2014/12/point-of-sale-malware-backoff.pdf
© AhnLab, Inc. All rights reserved. 26 Threat 사생활 침해 및 정보 유출 • 사생활 침해 -Babymonitors,CCTVcameras,webcams * Source:http://www.independent.co.uk/life-style/gadgets-and-tech/baby-monitors-cctv-cameras-and-webcams-from-uk-homes-and-businesses- hacked-and-uploaded-onto-russian-website-9871830.htmlparents/
© AhnLab, Inc. All rights reserved. 27 Threat 설정 변경 및 데이터 조작 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기보안취약점이용해DNS주소변경해유명사이트접속할때가짜웹사이트유도
© AhnLab, Inc. All rights reserved. 28 Threat 설정 변경 및 데이터 조작 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기허점이용해악성코드감염시도 * source:http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=20950
© AhnLab, Inc. All rights reserved. 29 Threat 설정 변경 및 데이터 조작 • Sality - Salityvirus가primaryDNS변경하는Rbrute설치 * Source:http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute29
© AhnLab, Inc. All rights reserved. 30 Threat 설정 변경 및 데이터 조작 • Ad-Fraud - DNS설정변경해다른광고보여줌 * Source:http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/
© AhnLab, Inc. All rights reserved. 31 Threat 설정 변경 및 데이터 조작 • sinology사의 NAS취약점 공격 - DSM4.3-3810orearlier취약점이용해내부보관파일암호화후돈요구ransomware등장 * source:http://www.synology.com/en-us/company/news/article/470
© AhnLab, Inc. All rights reserved. 32 Threat 악성코드 • Home Router이용한 DDoS공격 -2014년11월과12월LizardSquad의Microsoft’sXboxlive,SonyPlayStationNetwork공격 * Source:http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers
© AhnLab, Inc. All rights reserved. 33 Threat 악성코드 • LizardStresser -HomeRouter를악성코드감염시켜DDoS공격에활용 -49.99$,299.99$,1139.99$ * Source:http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
© AhnLab, Inc. All rights reserved. 34 Threat Vulnerability • MisfortuneCookie (CVE-2014-9222) - SOHOrouter취약점 * Source:http://mis.fortunecook.ie/
04 주요 악성코드
© AhnLab, Inc. All rights reserved. Timeline 2009 Aidra Gafgyt (Fgt) Uteltend(Knb, Chuck Norris) 2010 20122008 2013 2014 2015 Darlloz Uteltend(Knb, Chuck Norris 2)Psybot Themoon Moose Baswool 2011 Hydra Shellshock QnapNAS worm
© AhnLab, Inc. All rights reserved. 37 Hydra • Hydra -2011년4월공개된IRCbot -2008년부터undergroundforums에서존재 -D-Link장비취약점이용 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
© AhnLab, Inc. All rights reserved. 38 Psybot • Psybot - 2009년1월TerryBaume발견 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
© AhnLab, Inc. All rights reserved. 39 Psybot • Psybot - 첫inthewild.DDoS공격에이용 * Source:http://www.dronebl.org/blog/8
© AhnLab, Inc. All rights reserved. 40 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -2009년말CzechMasaryk대학에서발견 -MIPSLinuxIRCbot -TELNETbruteforceattack * Source:http://www.muni.cz/research/projects/4622/web/chuck_norris._botnet
© AhnLab, Inc. All rights reserved. 41 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -Sourcecode내이탈리아어‘[R]angerKillato:innomediChuckNorris!’존재 -knb-mipsUPX해제하면‘KnbKeepnickbot0.2.2’문자열존재
© AhnLab, Inc. All rights reserved. 42 Uteltend (Chuck Norris, Knb) • 파일 구성 - 설정파일 - IRCBot+DDoS공격도구 -password
© AhnLab, Inc. All rights reserved. 43 Aidra (Lightaidra) • 악성 IRCbot - 2012년2월발견.국내에도감염보고 -DDoS공격 * Source:http://www.fitsec.com/blog/index.php/2012/02/19/new-piece-of-malicious-code-infecting-routers-and-iptvs/
© AhnLab, Inc. All rights reserved. 44 Aidra (Lightaidra) getbinaries.sh / gb.sh ARM MIPS MIPSEL Power PC SuperH script
© AhnLab, Inc. All rights reserved. 45 Aidra (Lightaidra) • Aidravs Darlloz - 경쟁관계인Darlloz제거기능 추가 * Source:http://now.avg.com/war-of-the-worms/
© AhnLab, Inc. All rights reserved. 46 Darlloz (Zollard) • Darlloz -2013년10월발견된InternetofThings감염worm -x86,MIPS,ARM,PowerPC감염 -가상화폐채굴기능추가 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
© AhnLab, Inc. All rights reserved. 47 Darlloz (Zollard) • 감염 -전세계31,000대시스템감염추정 -국내시스템이전체감염중17%차지 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
© AhnLab, Inc. All rights reserved. Darlloz (Zollard) script armeabi arm Power PC MIPS mipsel x86
© AhnLab, Inc. All rights reserved. 49 Darlloz (Zollard) • Darlloz -PHP취약점php-cgiInformationDisclosureVulnerability(CVE-2012-1823)이용 -router,set-topboxes암호추측:dreambox,vizxv,stemroot,sysadmin,superuser,1234,12345,1111,smcadmin
© AhnLab, Inc. All rights reserved. 50 Darlloz (Zollard) • Darlloz - 시스템에맞는cpuminer 다운로드후설치해Mincoins,Dogecoins,Bitcoins등가상화폐채굴
© AhnLab, Inc. All rights reserved. 51 Themoon • Themoon - 2014년2월13일발견 -LinksysHomerouter취약점이용해감염 * Source:https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
© AhnLab, Inc. All rights reserved. 52 Themoon • Themoon - Strings
© AhnLab, Inc. All rights reserved. 53 Themoon • Themoon - 포함된PNG이미지
© AhnLab, Inc. All rights reserved. 54 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) -최소2014년8월부터존재 -2014년9월Shellshock(CVE-2014-6271)취약점이용해퍼지기도함 -HomeRouter,NAS등감염 -2014년말LizardSquad에서XboxLive와PlayStationNetworkDDoS공격에이용해유명해짐 -2015년1월Sourcecode공개되어변종발생중
© AhnLab, Inc. All rights reserved. 55 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - TrendMicro에서BusyBox이용한Bashlite로소개 * Source:http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox& http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p23987
© AhnLab, Inc. All rights reserved. 56 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - Dr.Web정보공개 * Source:https://news.drweb.com/show/?i=7092&lng=en
© AhnLab, Inc. All rights reserved. 57 Gafgyt (Bashlite.SMB, Fgt) • SourceCode 공개 -server,client모두공개
© AhnLab, Inc. All rights reserved. 58 Gafgyt (Bashlite.SMB, Fgt) • 기능 * Source:http://vms.drweb.com/virus/?i=4242198
© AhnLab, Inc. All rights reserved. 59 Gafgyt (Bashlite.SMB, Fgt) • bin.sh * Source:http://vms.drweb.com/virus/?i=4242198
© AhnLab, Inc. All rights reserved. 60 Moose • Moose - 최소2014년10월부터활동시작한BitCoin채굴 -ARM,MIPS버전존재 -국내HomeRouter에서도발견
© AhnLab, Inc. All rights reserved. 61 Baswool • Baswool - 2014년11월국내발견확인 -Bashwoop(Powbot)과유사
© AhnLab, Inc. All rights reserved. 62 Baswool • 변형 - Virustotal에2014년12월9일최초접수 -주요문자열암호화 * md5:331596b415ce2228e596cda400d8bfd2
05 맺음말
© AhnLab, Inc. All rights reserved. 64 Wrap up • 악성코드 - 2008년이전부터공격이진행중이었지만우리는너무몰랐네… -유명악성코드의SourceCode공개로다양한변종출현예상 -EmbeddedLinux외다른OS에도악성코드등장예상 -사물인터넷시대에는컴퓨터악성코드보다더문제될수있음 • Challenge! - ARM,MIPS… -EmbeddedLinux -기기특성 -Hardwaredebugging등
© AhnLab, Inc. All rights reserved. 현재 문제점 Antivirus 부재 • Antivirus를 포함한 별다른 보안 프로그램 없음 • 특성상 백신 및 전용 백신 배포 어려움 • 현재 사용자가 직접 설치해 야 함 악성코드 제거 • 재부팅(하지만 재감염) 혹은 수동 제거 • 가정 방문해 제거 ?! Firmware Update • 사용자가 직접 업데이트 • 얼마나 많은 사람이 Firmware Update 를 ? • 자동 firmware update ? • 제조 업체의 보안 ?
© AhnLab, Inc. All rights reserved. 예방 예방 Loinpassword 변경 최신 Firmware Update 설정 변경 (외부 접근 금지 등)
© AhnLab, Inc. All rights reserved. 67 정부 대책 • 미래부 인터넷 공유기 보안 강화 발표 -2015년6월:인터넷공유기의실시간모니터링시스템구축 -2015년7월:공유기보안업데이트체계구축·운영 * Source:http://www.ddaily.co.kr/news/article.html?no=127945
© AhnLab, Inc. All rights reserved. 68 현실 • Smart Home 분석 -온도조절장치,스마트잠금장치,스마트전구,스마트연기감지기,스마트에너지관리기기,스마트허브등50가 지분석 * Source:http://www.symantec.com/connect/blogs/iot-smart-home-giving-away-keys-your-kingdom
© AhnLab, Inc. All rights reserved. 69 현실 • 계속 발견되는 취약점 - * Source:https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
© AhnLab, Inc. All rights reserved. 70 현실 • 계속 발견되는 취약점 - * Source:https://beyondbinary.io/advisory/seagate-nas-rce
© AhnLab, Inc. All rights reserved. 71 현실 • 편리하면 좋지 그런데 보안은 ?! - * Source:http://www.fnnews.com/news/201503271743343137
© AhnLab, Inc. All rights reserved. 72 현실 • 다가오는 IoT시대 편리하면 좋지 그런데 보안은 ?! - * Source:google Security
© AhnLab, Inc. All rights reserved. 73 현재의 보안 문제 • Not reallya fair fight * source:http://image-store.slidesharecdn.com/81268b95-5c3b-4604-9129-d83ab3dc4600-large.png
© AhnLab, Inc. All rights reserved. 74 현재의 보안 문제 • 모두가 함께 해야 하는 보안 * source:http://www.security-marathon.be/?p=1786
© AhnLab, Inc. All rights reserved. 75 Q&A email : minseok.cha@ahnlab.com / mstoned7@gmail.com http://xcoolcat7.tistory.com https://twitter.com/xcoolcat7, https://twitter.com/mstoned7
© AhnLab, Inc. All rights reserved. 76 Reference • Marta Janus/Kaspersky,‘Headsof the Hydra. Malwarefor Network Devices’, 2011 (http://securelist.com/analysis/36396/heads-of-the-hydra-malware-for-network- devices/?replyto=15081&tree=0) • Marta Janus/Kaspersky,‘Stateof play: network devicesfacingbulls-eye’,2014 (http://securelist.com/blog/research/67794/state-of-play-network-devices-facing-bulls-eye) • 손기종/공유기 공격 사례를 통한 사물인터넷 기기 보안 위협, 2015 • 장영준/Samsung(Personal Communication) • 류소준 (Ryu Sojun)/KISA(Personal Communication) • 신동은 (ShinDongeun)/KISA(PersonalCommunication) • 조인중 (Cho Injoong)/SKBroadband(PersonalCommunication) • ganachoco(PersonalCommunication)
D E S I G N Y O U R S E C U R I T Y

Recommended

Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Minseok(Jacky) Cha
 
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksFrom stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksMinseok(Jacky) Cha
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
The Honeynet Project Introduction
The Honeynet Project IntroductionThe Honeynet Project Introduction
The Honeynet Project IntroductionJulia Yu-Chin Cheng
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 

Recommended

Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Minseok(Jacky) Cha
 
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksFrom stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksMinseok(Jacky) Cha
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
The Honeynet Project Introduction
The Honeynet Project IntroductionThe Honeynet Project Introduction
The Honeynet Project IntroductionJulia Yu-Chin Cheng
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Honey pots
Honey potsHoney pots
Honey potsAlok Singh
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case StudyLastline, Inc.
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Minseok(Jacky) Cha
 

More Related Content

What's hot

IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 

What's hot (20)

Honey Pot
Honey PotHoney Pot
Honey Pot
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Honeypot
Honeypot Honeypot
Honeypot
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Honey pots
Honey potsHoney pots
Honey pots
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case Study
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 

Similar to 임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Minseok(Jacky) Cha
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfnetisBin
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Phillip Maddux
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hackingBeing Uniq Sonu
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
GreyNoise - Mass Exploitation
GreyNoise - Mass ExploitationGreyNoise - Mass Exploitation
GreyNoise - Mass ExploitationAndrew Morris
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET Journal
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Minseok(Jacky) Cha
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedKavin K
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 

Similar to 임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판 (20)

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
 
Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdf
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
GreyNoise - Mass Exploitation
GreyNoise - Mass ExploitationGreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advanced
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 

More from Minseok(Jacky) Cha

Tick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishTick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishMinseok(Jacky) Cha
 
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석Minseok(Jacky) Cha
 
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판Minseok(Jacky) Cha
 
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판Minseok(Jacky) Cha
 
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판Minseok(Jacky) Cha
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Minseok(Jacky) Cha
 
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나Minseok(Jacky) Cha
 
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판Minseok(Jacky) Cha
 
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판Minseok(Jacky) Cha
 
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판Minseok(Jacky) Cha
 
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판Minseok(Jacky) Cha
 
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113Minseok(Jacky) Cha
 
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판Minseok(Jacky) Cha
 
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판Minseok(Jacky) Cha
 
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_201508102015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810Minseok(Jacky) Cha
 
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판Minseok(Jacky) Cha
 

More from Minseok(Jacky) Cha (16)

Tick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishTick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publish
 
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석
 
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판
 
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
 
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
 
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
 
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
 
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
 
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
 
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
 
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113
 
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
 
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
 
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_201508102015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
 
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판
 

Recently uploaded

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판

  • 1. 임베디드 리눅스 악성코드로 본 사물인터넷 보안 2015.04.08 안랩 시큐리티대응센터(ASEC) 분석팀 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) 책임 연구원
  • 2. © AhnLab, Inc. All rights reserved. 2 :~$apropos • IoT • EmbeddedLinux • Home Network Devices • 주요 EmbeddedLinux악성코드
  • 3. © AhnLab, Inc. All rights reserved. 3 :~$whoami Profile − 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) − 1988년 1월 7일 : Apple ][+ 복제품으로 컴퓨터 시작 − 1989년 : Brain virus 변형 감염 − 1997년 : AhnLab 입사 − AhnLab 책임 연구원 (Senior Antivirus Researcher) − 시큐리티 대응센터(ASEC) 분석팀에서 악성코드 분석 및 연구 중 - 민간합동 조사단, 사이버보안 전문단 - AVED, AMTSO, vforum 멤버 - Wildlist Reporter
  • 4. Contents 01 02 03 04 05 IoT 그리고 Embedded Linux Home Network Threat 주요 악성코드 맺음말
  • 6. © AhnLab, Inc. All rights reserved. 6 IoT (Internet of Things) • IoT - 사람과사물,사물과사물간정보를상호소통하는지능형기술및서비스 * Source:http://en.wikipedia.org/wiki/Internet_of_Things
  • 7. © AhnLab, Inc. All rights reserved. 7 IoT (Internet of Things) • 활용 분야 - * Source:http://www.kpcb.com/blog/how-kleiner-perkins-invests-in-the-internet-of-things-picking-the-winners
  • 8. © AhnLab, Inc. All rights reserved. IoT (Internet of Things) OS Embedded Linux Windows Android iOS Contiki Tizen Riot mbed
  • 9. © AhnLab, Inc. All rights reserved. 9 IoT (Internet of Things) • EmbeddedLinux - * Source:http://en.wikipedia.org/wiki/Linux_on_embedded_systems
  • 10. © AhnLab, Inc. All rights reserved. 10 IoT (Internet of Things) • EmbeddedLinux - settopbox,Homerouter,NAS등 * Source:https://www.synology.com/ko-kr/products/
  • 12. © AhnLab, Inc. All rights reserved. 12 Home Network • Home Router - 인터넷공유기,Wi-FiRouter,WirelessRouter * Source:http://en.wikipedia.org/wiki/Wireless_router
  • 13. © AhnLab, Inc. All rights reserved. 13 Home Network Home Router • Specification - MIPS -EmbeddedLinux * Source:http://www.iptime.co.kr&http://www.netcheif.com/Reviews/BR-6478AC/PDF/8197D.pdf
  • 14. © AhnLab, Inc. All rights reserved. 14 Home Network Network Attached Storage (NAS) • Specification - ARM,Intel등 -EmbeddedLinux * Source:https://www.qnap.com/i/en/product/model.php?II=122&event=2
  • 15. © AhnLab, Inc. All rights reserved. 15 Home Network Embedded Linux • Busybox - 주요Linux명령어를하나의파일에담음 * Source:http://www.busybox.net/
  • 16. © AhnLab, Inc. All rights reserved. 16 Home Network Home Router • Login - 공장출시기본Login/password
  • 17. © AhnLab, Inc. All rights reserved. 17 Home Network Home Router • BusyBox -
  • 18. © AhnLab, Inc. All rights reserved. 18 Home Network Home Router • cpuinfo -
  • 19. © AhnLab, Inc. All rights reserved. 19 Home Network • * Source:
  • 21. © AhnLab, Inc. All rights reserved. 21 Threat TV 드라마 • 해킹을 통한 살인 - 말기암환자가 자동차,POS,엘리베이터를해킹해살해시도 * Source:CSI NewyorkSeason6Episode2(2009)
  • 22. © AhnLab, Inc. All rights reserved. 22 Threat TV 드라마 • CSI Cyber - * Source:CSI CyberSeason1Episode1(2015)
  • 23. © AhnLab, Inc. All rights reserved. 23 Threat 사생활 침해 및 정보 유출 훔쳐 보기 개인 정보 유출 설정 변경/데이터 조작 광고 노출 내부/통신 데이터 조작 의료 기기는 큰 문제 Backdoor 주로 디버깅 목적 의도적으로 포함한다면 ? 악성코드 DDoS 공격 광고 노출/변경, 피싱 사이트 유도 Bitcoin 채굴 등 보안 위협
  • 24. © AhnLab, Inc. All rights reserved. 24 Threat 사생활 침해 및 정보 유출 • 사생활 침해 - 도둑질에도악용가능 * Sourcehttp://abcnews.go.com/blogs/headlines/2013/08/baby-monitor-hacking-alarms-houston-parents/
  • 25. © AhnLab, Inc. All rights reserved. 25 Threat 사생활 침해 및 정보 유출 • 사생활 침해 -도둑질에도이용가능 * Source:https://blogs.rsa.com/wp-content/uploads/2014/12/point-of-sale-malware-backoff.pdf
  • 26. © AhnLab, Inc. All rights reserved. 26 Threat 사생활 침해 및 정보 유출 • 사생활 침해 -Babymonitors,CCTVcameras,webcams * Source:http://www.independent.co.uk/life-style/gadgets-and-tech/baby-monitors-cctv-cameras-and-webcams-from-uk-homes-and-businesses- hacked-and-uploaded-onto-russian-website-9871830.htmlparents/
  • 27. © AhnLab, Inc. All rights reserved. 27 Threat 설정 변경 및 데이터 조작 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기보안취약점이용해DNS주소변경해유명사이트접속할때가짜웹사이트유도
  • 28. © AhnLab, Inc. All rights reserved. 28 Threat 설정 변경 및 데이터 조작 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기허점이용해악성코드감염시도 * source:http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=20950
  • 29. © AhnLab, Inc. All rights reserved. 29 Threat 설정 변경 및 데이터 조작 • Sality - Salityvirus가primaryDNS변경하는Rbrute설치 * Source:http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute29
  • 30. © AhnLab, Inc. All rights reserved. 30 Threat 설정 변경 및 데이터 조작 • Ad-Fraud - DNS설정변경해다른광고보여줌 * Source:http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/
  • 31. © AhnLab, Inc. All rights reserved. 31 Threat 설정 변경 및 데이터 조작 • sinology사의 NAS취약점 공격 - DSM4.3-3810orearlier취약점이용해내부보관파일암호화후돈요구ransomware등장 * source:http://www.synology.com/en-us/company/news/article/470
  • 32. © AhnLab, Inc. All rights reserved. 32 Threat 악성코드 • Home Router이용한 DDoS공격 -2014년11월과12월LizardSquad의Microsoft’sXboxlive,SonyPlayStationNetwork공격 * Source:http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers
  • 33. © AhnLab, Inc. All rights reserved. 33 Threat 악성코드 • LizardStresser -HomeRouter를악성코드감염시켜DDoS공격에활용 -49.99$,299.99$,1139.99$ * Source:http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
  • 34. © AhnLab, Inc. All rights reserved. 34 Threat Vulnerability • MisfortuneCookie (CVE-2014-9222) - SOHOrouter취약점 * Source:http://mis.fortunecook.ie/
  • 36. © AhnLab, Inc. All rights reserved. Timeline 2009 Aidra Gafgyt (Fgt) Uteltend(Knb, Chuck Norris) 2010 20122008 2013 2014 2015 Darlloz Uteltend(Knb, Chuck Norris 2)Psybot Themoon Moose Baswool 2011 Hydra Shellshock QnapNAS worm
  • 37. © AhnLab, Inc. All rights reserved. 37 Hydra • Hydra -2011년4월공개된IRCbot -2008년부터undergroundforums에서존재 -D-Link장비취약점이용 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
  • 38. © AhnLab, Inc. All rights reserved. 38 Psybot • Psybot - 2009년1월TerryBaume발견 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
  • 39. © AhnLab, Inc. All rights reserved. 39 Psybot • Psybot - 첫inthewild.DDoS공격에이용 * Source:http://www.dronebl.org/blog/8
  • 40. © AhnLab, Inc. All rights reserved. 40 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -2009년말CzechMasaryk대학에서발견 -MIPSLinuxIRCbot -TELNETbruteforceattack * Source:http://www.muni.cz/research/projects/4622/web/chuck_norris._botnet
  • 41. © AhnLab, Inc. All rights reserved. 41 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -Sourcecode내이탈리아어‘[R]angerKillato:innomediChuckNorris!’존재 -knb-mipsUPX해제하면‘KnbKeepnickbot0.2.2’문자열존재
  • 42. © AhnLab, Inc. All rights reserved. 42 Uteltend (Chuck Norris, Knb) • 파일 구성 - 설정파일 - IRCBot+DDoS공격도구 -password
  • 43. © AhnLab, Inc. All rights reserved. 43 Aidra (Lightaidra) • 악성 IRCbot - 2012년2월발견.국내에도감염보고 -DDoS공격 * Source:http://www.fitsec.com/blog/index.php/2012/02/19/new-piece-of-malicious-code-infecting-routers-and-iptvs/
  • 44. © AhnLab, Inc. All rights reserved. 44 Aidra (Lightaidra) getbinaries.sh / gb.sh ARM MIPS MIPSEL Power PC SuperH script
  • 45. © AhnLab, Inc. All rights reserved. 45 Aidra (Lightaidra) • Aidravs Darlloz - 경쟁관계인Darlloz제거기능 추가 * Source:http://now.avg.com/war-of-the-worms/
  • 46. © AhnLab, Inc. All rights reserved. 46 Darlloz (Zollard) • Darlloz -2013년10월발견된InternetofThings감염worm -x86,MIPS,ARM,PowerPC감염 -가상화폐채굴기능추가 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
  • 47. © AhnLab, Inc. All rights reserved. 47 Darlloz (Zollard) • 감염 -전세계31,000대시스템감염추정 -국내시스템이전체감염중17%차지 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
  • 48. © AhnLab, Inc. All rights reserved. Darlloz (Zollard) script armeabi arm Power PC MIPS mipsel x86
  • 49. © AhnLab, Inc. All rights reserved. 49 Darlloz (Zollard) • Darlloz -PHP취약점php-cgiInformationDisclosureVulnerability(CVE-2012-1823)이용 -router,set-topboxes암호추측:dreambox,vizxv,stemroot,sysadmin,superuser,1234,12345,1111,smcadmin
  • 50. © AhnLab, Inc. All rights reserved. 50 Darlloz (Zollard) • Darlloz - 시스템에맞는cpuminer 다운로드후설치해Mincoins,Dogecoins,Bitcoins등가상화폐채굴
  • 51. © AhnLab, Inc. All rights reserved. 51 Themoon • Themoon - 2014년2월13일발견 -LinksysHomerouter취약점이용해감염 * Source:https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
  • 52. © AhnLab, Inc. All rights reserved. 52 Themoon • Themoon - Strings
  • 53. © AhnLab, Inc. All rights reserved. 53 Themoon • Themoon - 포함된PNG이미지
  • 54. © AhnLab, Inc. All rights reserved. 54 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) -최소2014년8월부터존재 -2014년9월Shellshock(CVE-2014-6271)취약점이용해퍼지기도함 -HomeRouter,NAS등감염 -2014년말LizardSquad에서XboxLive와PlayStationNetworkDDoS공격에이용해유명해짐 -2015년1월Sourcecode공개되어변종발생중
  • 55. © AhnLab, Inc. All rights reserved. 55 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - TrendMicro에서BusyBox이용한Bashlite로소개 * Source:http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox& http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p23987
  • 56. © AhnLab, Inc. All rights reserved. 56 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - Dr.Web정보공개 * Source:https://news.drweb.com/show/?i=7092&lng=en
  • 57. © AhnLab, Inc. All rights reserved. 57 Gafgyt (Bashlite.SMB, Fgt) • SourceCode 공개 -server,client모두공개
  • 58. © AhnLab, Inc. All rights reserved. 58 Gafgyt (Bashlite.SMB, Fgt) • 기능 * Source:http://vms.drweb.com/virus/?i=4242198
  • 59. © AhnLab, Inc. All rights reserved. 59 Gafgyt (Bashlite.SMB, Fgt) • bin.sh * Source:http://vms.drweb.com/virus/?i=4242198
  • 60. © AhnLab, Inc. All rights reserved. 60 Moose • Moose - 최소2014년10월부터활동시작한BitCoin채굴 -ARM,MIPS버전존재 -국내HomeRouter에서도발견
  • 61. © AhnLab, Inc. All rights reserved. 61 Baswool • Baswool - 2014년11월국내발견확인 -Bashwoop(Powbot)과유사
  • 62. © AhnLab, Inc. All rights reserved. 62 Baswool • 변형 - Virustotal에2014년12월9일최초접수 -주요문자열암호화 * md5:331596b415ce2228e596cda400d8bfd2
  • 64. © AhnLab, Inc. All rights reserved. 64 Wrap up • 악성코드 - 2008년이전부터공격이진행중이었지만우리는너무몰랐네… -유명악성코드의SourceCode공개로다양한변종출현예상 -EmbeddedLinux외다른OS에도악성코드등장예상 -사물인터넷시대에는컴퓨터악성코드보다더문제될수있음 • Challenge! - ARM,MIPS… -EmbeddedLinux -기기특성 -Hardwaredebugging등
  • 65. © AhnLab, Inc. All rights reserved. 현재 문제점 Antivirus 부재 • Antivirus를 포함한 별다른 보안 프로그램 없음 • 특성상 백신 및 전용 백신 배포 어려움 • 현재 사용자가 직접 설치해 야 함 악성코드 제거 • 재부팅(하지만 재감염) 혹은 수동 제거 • 가정 방문해 제거 ?! Firmware Update • 사용자가 직접 업데이트 • 얼마나 많은 사람이 Firmware Update 를 ? • 자동 firmware update ? • 제조 업체의 보안 ?
  • 66. © AhnLab, Inc. All rights reserved. 예방 예방 Loinpassword 변경 최신 Firmware Update 설정 변경 (외부 접근 금지 등)
  • 67. © AhnLab, Inc. All rights reserved. 67 정부 대책 • 미래부 인터넷 공유기 보안 강화 발표 -2015년6월:인터넷공유기의실시간모니터링시스템구축 -2015년7월:공유기보안업데이트체계구축·운영 * Source:http://www.ddaily.co.kr/news/article.html?no=127945
  • 68. © AhnLab, Inc. All rights reserved. 68 현실 • Smart Home 분석 -온도조절장치,스마트잠금장치,스마트전구,스마트연기감지기,스마트에너지관리기기,스마트허브등50가 지분석 * Source:http://www.symantec.com/connect/blogs/iot-smart-home-giving-away-keys-your-kingdom
  • 69. © AhnLab, Inc. All rights reserved. 69 현실 • 계속 발견되는 취약점 - * Source:https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
  • 70. © AhnLab, Inc. All rights reserved. 70 현실 • 계속 발견되는 취약점 - * Source:https://beyondbinary.io/advisory/seagate-nas-rce
  • 71. © AhnLab, Inc. All rights reserved. 71 현실 • 편리하면 좋지 그런데 보안은 ?! - * Source:http://www.fnnews.com/news/201503271743343137
  • 72. © AhnLab, Inc. All rights reserved. 72 현실 • 다가오는 IoT시대 편리하면 좋지 그런데 보안은 ?! - * Source:google Security
  • 73. © AhnLab, Inc. All rights reserved. 73 현재의 보안 문제 • Not reallya fair fight * source:http://image-store.slidesharecdn.com/81268b95-5c3b-4604-9129-d83ab3dc4600-large.png
  • 74. © AhnLab, Inc. All rights reserved. 74 현재의 보안 문제 • 모두가 함께 해야 하는 보안 * source:http://www.security-marathon.be/?p=1786
  • 75. © AhnLab, Inc. All rights reserved. 75 Q&A email : minseok.cha@ahnlab.com / mstoned7@gmail.com http://xcoolcat7.tistory.com https://twitter.com/xcoolcat7, https://twitter.com/mstoned7
  • 76. © AhnLab, Inc. All rights reserved. 76 Reference • Marta Janus/Kaspersky,‘Headsof the Hydra. Malwarefor Network Devices’, 2011 (http://securelist.com/analysis/36396/heads-of-the-hydra-malware-for-network- devices/?replyto=15081&tree=0) • Marta Janus/Kaspersky,‘Stateof play: network devicesfacingbulls-eye’,2014 (http://securelist.com/blog/research/67794/state-of-play-network-devices-facing-bulls-eye) • 손기종/공유기 공격 사례를 통한 사물인터넷 기기 보안 위협, 2015 • 장영준/Samsung(Personal Communication) • 류소준 (Ryu Sojun)/KISA(Personal Communication) • 신동은 (ShinDongeun)/KISA(PersonalCommunication) • 조인중 (Cho Injoong)/SKBroadband(PersonalCommunication) • ganachoco(PersonalCommunication)
  • 77. D E S I G N Y O U R S E C U R I T Y