Richard Stiennon                  Paul Henry              Paul ZimskiAuthor and Security           Security and Forensics ...
State Sponsored Malware is Officially Out of the Shadows    Google begins alerting Gmail users    to state-sponsored attac...
HOW……did we get to the point where youronline email provider specifically warnsusers of state- sponsored attacks?
FIRST……a little history.
How Big a Problem is Weaponized Malware?         Scale vs. Real World Malware
Event Timeline: Stuxnet  •   Publically disclosed 13 months after the first attack against Iran  •   Designed to sabotage ...
Event Timeline: Duqu  •   Considered to be “next generation Stuxnet”  •   Believed that Duqu was created by the same autho...
Event Timeline: Flame  •   Designed for targeted cyber espionage against Middle Eastern countries  •   Spreads to systems ...
Weaponized Malware: Scale vs. Real World Malware     millions of malware signatures discovered in the last year
Weaponized Malware: Scale vs. Real World Malware   only a handful of known malware has ever been weaponized
Weaponized vs. General Malware  First, let’s take a look at where we’ve come from. Even the oldest remote access Trojans h...
Weaponized - What’s Different?    Development• Nation-States• Truly customized  payloads
Weaponized - What’s Different?    Development            Delivery• Nation-States      • Zero day                       pro...
Weaponized - What’s Different?    Development            Delivery              Detection• Nation-States      • Zero day   ...
Weaponized - What’s Different?    Development             Delivery            Detection        Command & Control• Nation-S...
Weaponized - What’s Different?    Development            Delivery              Detection        Command & Control         ...
WHY……should the enterprise care?
Why Should the Enterprise Care?    Retaliation Risk    US Admits Stuxnet - expect increasing retaliation risk against    s...
Why Should the Enterprise Care?    Collateral Damage    Loss of control of weaponized malware in (once weaponized    malwa...
Why Should the Enterprise Care?    Adaptation by Cyber Criminals    Targeted attacks on sensitive information    Variants ...
What Should The Enterprise Do?   Know Where the Risk Is / Endpoint Not Gateway    Every endpoint               Need to hav...
Deploy Defense in Depth Strategy                                                        Successful risk mitigation relies ...
Deploy Defense in Depth Strategy                                                        Successful risk mitigation relies ...
Deploy Defense in Depth Strategy                                                        Successful risk mitigation relies ...
Deploy Defense in Depth Strategy                                                        Successful risk mitigation relies ...
Deploy Defense in Depth Strategy                                                        Successful risk mitigation relies ...
Start Managing Risk                             Compliance                              Controls                          ...
Employee Education                         Often the first and last                            line of defense.           ...
Learn More  Quantify Your IT       Watch the       Get a   Risk with Free    On-Demand Demos   Free Trial     Scanners
Summary          Weaponized malware is a legitimate          threat however the “sky is not falling”.          Understand ...
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
Upcoming SlideShare
Loading in …5
×

Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?

1,193 views

Published on

The U.S. has not denied their role in the use of weaponized malware and already, other countries are jumping on board. India recently announced they are empowering government agencies to carry out similar such actions.

State-sponsored malware attacks are officially out of the shadows and mainstream for organizations and end users alike. In fact, Google recently announced an alert service for gmail users for “state sponsored attacks”. How exactly did we get to this point and what are the factors and threats that you need to be aware of?

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
1,193
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
38
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?

  1. 1. Richard Stiennon Paul Henry Paul ZimskiAuthor and Security Security and Forensics VP, Solution Marketing,Industry Expert, IT-Harvest Analyst, Lumension Lumension
  2. 2. State Sponsored Malware is Officially Out of the Shadows Google begins alerting Gmail users to state-sponsored attacks. Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.
  3. 3. HOW……did we get to the point where youronline email provider specifically warnsusers of state- sponsored attacks?
  4. 4. FIRST……a little history.
  5. 5. How Big a Problem is Weaponized Malware? Scale vs. Real World Malware
  6. 6. Event Timeline: Stuxnet • Publically disclosed 13 months after the first attack against Iran • Designed to sabotage Iranian nuclear refinement plants • Stuxnet attacked Windows systems using an unprecedented four zero-day attacks • First to include a programmable logic controller (PLC) rootkit • Has a valid, but abused digital signature • Payload targeted only Siemens supervisory control and data acquisition (SCADA) systems 2009.06: STUXNET
  7. 7. Event Timeline: Duqu • Considered to be “next generation Stuxnet” • Believed that Duqu was created by the same authors as Stuxnet • Exploits zero-day Windows kernel vulnerabilities • Components are signed with stolen digital keys • Highly targeted and related to the nuclear program of Iran • Designed to capture information such as keystrokes and system information • Central command and control with modular payload delivery – also capable of attacking 2010.09: DUQU 2009.06: STUXNET
  8. 8. Event Timeline: Flame • Designed for targeted cyber espionage against Middle Eastern countries • Spreads to systems over a local network (LAN) or via USB stick • Creates Bluetooth beacons to steal data from nearby devices • Most complex malware ever found • “Collision" attack on the MD5 algorithm – to create fraudulent Microsoft digital certificates • Utilized multiple zero day exploits 2011.05: FLAME 2010.09: DUQU 2009.06: STUXNET
  9. 9. Weaponized Malware: Scale vs. Real World Malware millions of malware signatures discovered in the last year
  10. 10. Weaponized Malware: Scale vs. Real World Malware only a handful of known malware has ever been weaponized
  11. 11. Weaponized vs. General Malware First, let’s take a look at where we’ve come from. Even the oldest remote access Trojans had convenient surveillance options such as rerecording the victim’s key strokes, turning on the microphone, capturing screens, etc. All in easy point-and-click interfaces. Anti-virus evasion was trivial through The use of executable “packers” to randomize signatures: Back Orifice: 1998 NetBus: 1998 Sub7: 1999
  12. 12. Weaponized - What’s Different? Development• Nation-States• Truly customized payloads
  13. 13. Weaponized - What’s Different? Development Delivery• Nation-States • Zero day propagation• Truly customized payloads • Multi-vectored: Blue tooth, USB, netwo rk
  14. 14. Weaponized - What’s Different? Development Delivery Detection• Nation-States • Zero day • Digitally signed propagation with compromised• Truly customized certificates payloads • Multi-vectored: Blue • Outbound ex- tooth, USB, netwo filtration masking rk
  15. 15. Weaponized - What’s Different? Development Delivery Detection Command & Control• Nation-States • Zero day • Digitally signed • Central command propagation with compromised• Truly customized certificates • Modular payloads payloads • Multi-vectored: Blue tooth, USB, • Outbound ex- network filtration masking
  16. 16. Weaponized - What’s Different? Development Delivery Detection Command & Control Intent• Nation-States • Zero day • Digitally signed • Central command • Surveillance propagation with compromised• Truly customized certificates • Modular payloads • Disrupt / Destroy payloads • Multi-vectored: Blue • Outbound ex- tooth, USB, netwo filtration masking rk
  17. 17. WHY……should the enterprise care?
  18. 18. Why Should the Enterprise Care? Retaliation Risk US Admits Stuxnet - expect increasing retaliation risk against sensitive economic and infrastructure assets
  19. 19. Why Should the Enterprise Care? Collateral Damage Loss of control of weaponized malware in (once weaponized malware is released control is effectively lost) – being exposed to accidentally spreading malware (Stuxnet was discovered after it escaped its targeted environment and started spreading)
  20. 20. Why Should the Enterprise Care? Adaptation by Cyber Criminals Targeted attacks on sensitive information Variants of Stuxnet already seen
  21. 21. What Should The Enterprise Do? Know Where the Risk Is / Endpoint Not Gateway Every endpoint Need to have Need to have a is an enterprise of ONE. autonomous protection. layered approach.
  22. 22. Deploy Defense in Depth Strategy Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches. Patch and Configuration Management Control the Vulnerability Landscape
  23. 23. Deploy Defense in Depth Strategy Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches. Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  24. 24. Deploy Defense in Depth Strategy Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches. Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  25. 25. Deploy Defense in Depth Strategy Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  26. 26. Deploy Defense in Depth Strategy Successful risk mitigation relies and solid AV Control the Known vulnerability management foundations, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  27. 27. Start Managing Risk Compliance Controls Risk Management Business Assessment Interests 28
  28. 28. Employee Education Often the first and last line of defense. lumension.com/how-to-stay-safe-online
  29. 29. Learn More Quantify Your IT Watch the Get a Risk with Free On-Demand Demos Free Trial Scanners
  30. 30. Summary Weaponized malware is a legitimate threat however the “sky is not falling”. Understand the risk and implement technologies, process and people to mitigate.

×