Ripple Effect (preso @s4)

489 views

Published on

containing cryptolocker. Security analytics with DNS transactions.

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
489
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
4
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Ripple Effect (preso @s4)

  1. 1. Ripple Effect Algorithmic Threat Intelligence & Containment Ping @OpenDNS.com
  2. 2. Ping Came from China Was in U. of Arizona graduate school Data mining, Machine learning InfoSec
  3. 3. Agenda DNS transactions The Ripple Effect Case study - Cryptolocker Demo
  4. 4. More IP, AS intel, the present and the past? What is this traffic spikes all about?
  5. 5. What are all these weird stuff that one was requesting?
  6. 6. The Ripple Effect The process of searching the newer and the unknown, … starting from the seeding intelligence
  7. 7. Cryptolocker DGA 1. Infection 2. retrieve encryption key from CnC 3. encrypt data files 4. collect money! IP CnC fails quickly ! DGA kicks in !
  8. 8. I don’t know the DGA!!!
  9. 9. https://sgraph.umbrella.com/domainview/name/xvaxsxbptmerjb.com/view
  10. 10. Demo http://labs.umbrella.com/wpcontent/uploads/2013/09/cyl.gif load https://sgraph.umbrella. com/thibault/Web/?name=xvaxsxbptmerjb.com
  11. 11. The Algorithm
  12. 12. November 7th 144.76.192.130 95.59.26.43
  13. 13. Beyond Cryptolocker https://sgraph.umbrella.com/domainview/name/o2i2394073g2oh2b34.com/view
  14. 14. QUESTIONS?

×