Emerging trends in Social Networks Malware.
Social networks, such as Facebook, Twitter, and others pose a grave
threat to the security and privacy of users. This presentation highlights malware infection strategies
used by attackers to infect social networking websites and addresses security from the user
perspectives—outlining effective, secure steps that can reduce the impact of malware infections
When developer's api simplify user mode rootkits developing.Yury Chemerkin
This is a series of articles about shell extensions that enhance high-level features of any operation system. However, such possibilities not only enrich platform but simplify developing trojans, exploits that leads to the new security holes. Mostly this kind of extensions are known as usermode rootkits.
http://hakin9.org/theultimat/
When developer's api simplify user mode rootkits developing.Yury Chemerkin
This is a series of articles about shell extensions that enhance high-level features of any operation system. However, such possibilities not only enrich platform but simplify developing trojans, exploits that leads to the new security holes. Mostly this kind of extensions are known as usermode rootkits.
http://hakin9.org/theultimat/
Facebook Open Graph - The Semantic WalletJonathan Laba
This deck covers how Facebook is becoming a hub for consumer devices, apps and services to connect to each other in a secure manner to share data.
Facebook's allowance for the input and retrieval of structured data based on semantic web principles is positioning them to be the gold standard in the management of a unified digital identity.
This deck covers:
- What Social Means to Developers
- What is the Semantic Web
- Facebook's Evolution into Structured Data
- The Semantic Wallet
- Some Questions
Semantic web approach towards interoperability and privacy issues in social n...ijwscjournal
The Social Web is a set of social relations that link people through World Wide Web. This Social Web
encompasses how the websites and software are designed and developed to support social relations. The
new paradigms, tools and web services introduced by Social Web are widely accepted by internet users.
The main drawbacks of these tools are it acts as independent data silos; hence interoperability among
applications is a complex issue. This paper focuses on this issue and how best we can use semantic web
technologies to achieve interoperability among applications.
Have you tried Social Content Tool? In Revolta we came up with one tool for planning, creating and managing social media content. Content creator, as well as the one who reviews and approves it, has access to the tool.
For more information click here: www.socialcontenttool.com
Už jste vyzkoušeli Social Content Tool? Revolta přichází s jedním nástrojem pro tvrobu, plánování a správu obsahu na sociální sítě. Přístup k němu mají jak tvůrci obsahu, tak ti, kteří ho schvalují.
Pro informací klikněte na: www.socialcontenttool.com
Copy of presentation made at Comcast on social media that looks at trends in SBI and how social media listening & engagement can be used to solve simple and complex problems.
This presentation showcases how Web 2.0 could be used within an enterprise with a "day (weeks, actually) in the life of" story of how a new employee, Michael, uses web 2.0 (or Enterprise 2.0) tools to quickly get up to speed and start contibuting. Touches on social networking, social bookmarking, blogs / microblogs, wiki, virtual world, mashups, RSS
A brief overview of the open source technologies available for building social applications on top of social containers such as YAP, iGoogle, Orkut, MySpace, etc.
Given at TRISC 2010, Grapevine, Texas.
http://www.trisc.org/speakers/aditya_sood/#p
The talk sheds light on the new trends of web based malware. Technology and Insecurity goes hand in hand. With the advent of new attacks and techniques the distribution of malware through web has been increased tremendously. Browser based exploits mainly Internet Explorer have given a birth to new world of malware infection. The attackers spread malware elegantly by exploiting the vulnerabilities and drive by downloads. The infection strategies opted by attackers like malware distribution through IFRAME injections and Search Engine Optimization. In order to understand the intrinsic behavior of these web based malware a typical analysis is required to understand the logic concept working behind these web based malwares. It is necessary to dissect these malwares from bottom to top in order to control the devastating behavior. The talk will cover structured methodologies and demonstrate the static, dynamic and behavioral analysis of web malware including PCAP analytics. Demonstrations will prove the fact and necessity of web malware analysis.
Facebook Open Graph - The Semantic WalletJonathan Laba
This deck covers how Facebook is becoming a hub for consumer devices, apps and services to connect to each other in a secure manner to share data.
Facebook's allowance for the input and retrieval of structured data based on semantic web principles is positioning them to be the gold standard in the management of a unified digital identity.
This deck covers:
- What Social Means to Developers
- What is the Semantic Web
- Facebook's Evolution into Structured Data
- The Semantic Wallet
- Some Questions
Semantic web approach towards interoperability and privacy issues in social n...ijwscjournal
The Social Web is a set of social relations that link people through World Wide Web. This Social Web
encompasses how the websites and software are designed and developed to support social relations. The
new paradigms, tools and web services introduced by Social Web are widely accepted by internet users.
The main drawbacks of these tools are it acts as independent data silos; hence interoperability among
applications is a complex issue. This paper focuses on this issue and how best we can use semantic web
technologies to achieve interoperability among applications.
Have you tried Social Content Tool? In Revolta we came up with one tool for planning, creating and managing social media content. Content creator, as well as the one who reviews and approves it, has access to the tool.
For more information click here: www.socialcontenttool.com
Už jste vyzkoušeli Social Content Tool? Revolta přichází s jedním nástrojem pro tvrobu, plánování a správu obsahu na sociální sítě. Přístup k němu mají jak tvůrci obsahu, tak ti, kteří ho schvalují.
Pro informací klikněte na: www.socialcontenttool.com
Copy of presentation made at Comcast on social media that looks at trends in SBI and how social media listening & engagement can be used to solve simple and complex problems.
This presentation showcases how Web 2.0 could be used within an enterprise with a "day (weeks, actually) in the life of" story of how a new employee, Michael, uses web 2.0 (or Enterprise 2.0) tools to quickly get up to speed and start contibuting. Touches on social networking, social bookmarking, blogs / microblogs, wiki, virtual world, mashups, RSS
A brief overview of the open source technologies available for building social applications on top of social containers such as YAP, iGoogle, Orkut, MySpace, etc.
Given at TRISC 2010, Grapevine, Texas.
http://www.trisc.org/speakers/aditya_sood/#p
The talk sheds light on the new trends of web based malware. Technology and Insecurity goes hand in hand. With the advent of new attacks and techniques the distribution of malware through web has been increased tremendously. Browser based exploits mainly Internet Explorer have given a birth to new world of malware infection. The attackers spread malware elegantly by exploiting the vulnerabilities and drive by downloads. The infection strategies opted by attackers like malware distribution through IFRAME injections and Search Engine Optimization. In order to understand the intrinsic behavior of these web based malware a typical analysis is required to understand the logic concept working behind these web based malwares. It is necessary to dissect these malwares from bottom to top in order to control the devastating behavior. The talk will cover structured methodologies and demonstrate the static, dynamic and behavioral analysis of web malware including PCAP analytics. Demonstrations will prove the fact and necessity of web malware analysis.
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
Got Invited for conducting the workshop on ‘Cyber Security’ at top notch engineering college.
Sardar Patel Institute of Technology, Andheri on 3rd October, 2015.
Student feedback:-
https://drive.google.com/file/d/0B_uWWP1uW7TFWVdTanJFdTlqNkE/view?usp=sharing
Appreciation letter:-
https://drive.google.com/file/d/0B_uWWP1uW7TFMkVVUTR4V1JTN2c/view?usp=sharing
Vulnerabilities and attacks targeting social networks and industrial control ...ijcsa
Vulnerability is a weakness, shortcoming or flaw in the system or network infrastructure which can be used
by an attacker to harm the system, disrupt its normal operation and use it for his financial, competitive or
other motives or just for cyber escapades.
In this paper, we re-examined the various types of attacks on industrial control systems as well as on social
networking users. We have listed which all vulnerabilities were exploited for executing these attacks and
their effects on these systems and social networks. The focus will be mainly on the vulnerabilities that are
used in OSNs as the convertors which convert the social network into antisocial network and these
networks can be further used for the network attacks on the users associated with the victim user whereby
creating a consecutive chain of attacks on increasing number of social networking users. Another type of
attack, Stuxnet Attack which was originally designed to attack Iran’s nuclear facilities is also discussed
here which harms the system it controls by changing the code in that target system. The Stuxnet worm is a
very treacherous and hazardous means of attack and is the first of its kind as it allows the attacker to
manipulate real-time equipment.
Phishing is the fraudulent acquisition of personal information like username, password, credit card information, etc. by tricking an individual into believing that the attacker is a trustworthy entity. It is affecting all the major sector of industry day by day with lots of misuse of user’s credentials. So in today
online environment we need to protect the data from phishing and safeguard our information, which can be done through anti-phishing tools. Currently there are many freely available anti-phishing browser extensions tools that warns user when they are browsing a suspected phishing site. In this paper we did a literature survey of some of the commonly and popularly used anti-phishing browser extensions by reviewing the existing anti-phishing techniques along with their merits and demerits.
Continuing in your role as a human service provider for your local.docxrichardnorman90310
Continuing in your role as a human service provider for your local community, your manager has asked you to write an opinion piece for the local newspaper discussing gaps in prison and jail services in their state.
Write an opinion article that is 900 words. Complete the following in your article:
· Describe the major beliefs of 4 criminological theories.
· For each criminological theory, explain what human services should be provided to inmates.
· Of the services identified for each criminological theory, list the services that are not currently provided by your local or state agencies.
· Discuss your personal beliefs related to which human services should be provided by your local or state agencies.
· Discuss a conclusion focused on changes in human services you would like to see made by your local or state agencies.
Lab-8: Web Hacking
Websites have always been among the first targets of hackers. There are many reasons for this. These are the most important ones:
1) Websites have to be reachable from the Internet. Their primary purpose is to publish something or provide some service for the public
2) There are more than 1 billion websites as almost every organization, and many individuals have websites
3) As opposed to the earlier years of the world wide web, websites are very dynamic today. They come with forms and dynamic applications implemented by many different frontend and backend technologies. A wide variety of dynamic applications not only bring more functionality to web applications but also introduces vulnerabilities.
As a result, we are talking about something valuable that is billions in amount, accessible by anybody, and a commonplace for wrong implementation and vulnerabilities.Section-1: Exploit Cross-Site Scripting (XSS) Vulnerability
An XSS attack enables malicious users to inject client-side scripts such as JavaScript codes into web pages viewed by other users. The term XSS is used to describe both the vulnerability and the attack type, such as XSS attack / XSS vulnerability on the web application.
1) Log into Windows 7 Attacker on the Netlab environment.
2) Open Firefox by clicking the icon on the desktop or start menu
3) Visit this page
http://192.168.2.15/dvwa/login.php
This is the "Damn Vulnerable Web Application" hosted on the OWASP BWA machine on Netlab.
4)
Log in to web application by typing
user as Username and
user as Password. After logging in, you will see the page below.
5) Click on the XSS reflected on the left menu and type your nickname into the textbook at the right pane of the webpage. (I typed "ethical" and clicked the submit button. The web application gets what you typed as the input, add Hello to the beginning, and prints to the screen.
6)
Try some basic HTML tags now. Type
<h1>your nickname</h1>
I typed "<h1>ethical</h1> and then clicked submit button. I confirm .
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYijistjournal
The web is absolutely necessary part of our lives. It is wide platform which is used for information sharing and service over internet. They are used for the financial, government, healthcare, education and many critical services. Everyday billions of user purchase items, transfer money, retrieve information and communicate over web with each other. Although the web is best friend of users because it provide anytime anywhere access to information and services at the same time. All things are created by human in the world so its reality that the things created by man are little bit problematic. So web applications are also created by human so it contains too many loopholes. The popularity of applications allure hackers towards them. Now a Days Securing and maintaining the websites against attack is very hard and challenging task. Finding loopholes in Web application, Computer system or network and exploiting them called hacking. New approaches for web attacks are invented day to day so the study of detect and prevent against web application attack and finding solution is important part in internet world. In this paper we introduced all web application based attack including two major attacks like XSS (Cross Site Scripting) and SQLI.
Unlimited Attempts AllowedDetails
Virtual Labs: Sniffing & Social Engineering
Consider what you have learned so far about Sniffing and Social Engineering as you review the objectives and scenario below. Complete the lab that follows on EC-Council's website using the link below.
Objective
Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people know certain valuable information yet are generally careless in protecting it.
The objective of this lab is to:
Detect phishing sites
Protect the network from phishing attacks
Perform Credential Harvesting
Perform security assessment on a machine using a payload generated by SET
Scenario
Social engineering is the art of convincing people to reveal sensitive information in order to perform some malicious action. Organizations fall victim to social engineering tricks despite having security policies and best security solutions in place, as social engineering targets people’s weaknesses or good nature. Reconnaissance and social engineering is generally an essential component of any information security attack.
Cybercriminals are increasingly utilizing social engineering techniques to exploit the most vulnerable link in information system security: employees. Social engineering can take many forms, including phishing emails, fake sites, and impersonation.
McAfee's new “Hacking the Human Operating System” whitepaper focuses on the use of social engineering to attack home and business users and finds once again that people are the weakest link. The McAfee report points out that there are many organizations who develop and deliver user awareness programs into their business areas, but the effectiveness of such programs varies, and in some identified cases, even after the security training has been delivered, it has done very little to educate their end-users with any valued security awareness to mitigate the threat of the social engineering attack.
It is essential for you as an expert Ethical Hacker and Penetration Tester, to assess the preparedness of your organization or the target of evaluation against the social engineering attacks.
Though social engineering primarily requires soft skills, the labs in this module demonstrate some techniques that facilitate or automate certain facets of social engineering attacks.
Week 7 Lab Assignment 1: Protect the Network
Lab Task:
The objective of this lab is to help students learn how to:
Clone a website
Obtain username and passwords using Credential Harvester method
Generate reports for a conducted penetration test
Lab Description:
Social Engineering is an ever-growing threat to organizations all over the world. Social Engineering attacks are used to compromise companies every day. Even though there are many hacking tools available throughout underground hacking communities, Social Engineering Toolkit (SET) is a boon to attackers, as it is freely available and ...
Similar to Emerging Trends in Online Social Networks Malware (20)
Enfilade: Tool to Detect Infections in MongoDB InstancesAditya K Sood
Attackers are targeting MongoDB instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MongoDB instances and trigger infections at scale to exfiltrate data, destruct data, and extort money via ransom.
Detecting Ransomware/Bot Infections in ElasticsearchAditya K Sood
Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch instances. The tool allows security researchers, penetration testers, and threat intelligence experts to detect compromised and infected Elasticsearch instances running malicious code. The tool also enables you to conduct efficient research in the field of malware targeting cloud databases.
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.
DOWNLOAD from this link : http://secniche.org/blackhat-2014/
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood
C-SCAD is an information gathering and penetration testing tool written to assess the security issues present in the Web-X (Internet Explorer-based web interface) client used to interact with the ClearSCADA server. WebX client is hosted on the embedded web server which is shipped as a part of complete ClearSCADA architecture. Primarily, the WebX client is restricted to perform any configuration changes but it can reveal potential information about the ClearSCADA server and associated components. Insecure deployments of WebX client can reveal potential information about the various functions such as alarm pages, SQL lists, and diagnostic checks including various reports.
In this article, we discuss the design of an iframe injector used to infect web-hosting software such as cPanel in an automated manner. Several different iframe injector designs exist, but we look at one of the most basic: NiFramer.
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Emerging Trends in Online Social Networks Malware
1.
2. $WHOAMI
Aditya K Sood
Senior Consultant at IOActive: http://ioactive.com/
Others
Worked previously for Armorize, Coseinc and KPMG
Active Speaker at Security conferences
Written Content – IEEE Magazine/ Virus Bulletin/
ISSA/ISACA/CrossTalk/HITB/Hakin9/Elsevier NESE|CFS
Personal Website:
LinkedIn : http://www.linkedin.com/in/adityaks
Website: http://www.secniche.org
Blog: http://secniche.blogspot.com
Coordinated Research
Rohit Bansal, Cyber Security Division, PMO INDIA
Dr. Richard J Enbody, Associate Professor, Michigan State University
About IOActive
Established in 1998, IOActive is an industry leader that offers comprehensive computer security
services with specializations in smart grid technologies, software assurance, and compliance. Boasting a
well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including
power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech,
social networking, and software development organizations.
3. WHOAMI !
The points presented in this talk is completely based on the independent
research and does not relate to any of my previous or present employer.
A number of images have been taken from different resources (Sophos,
etc.) and others collected during real time analysis
Phishing emails, spam messages, rogue tweets, etc.
Reverse engineering snippets of malware
The demos (videos) are built using compromised malware and real time
analysis of different attacks
Disclaimer
4. WHOAMI !
A malicious link is served on OSNs
Users follow that link and gets infected with malware
Question – Who is responsible?
OSN Vendors for serving that link
Users for following that link
Browsers for getting exploited
Third-party plugins (Java, Adobe, etc.) for inherent vulnerabilities
Anti-virus vendors for not detecting the malware
IPS/IDS for failing to detect the data exfiltration
Social Networks – Malware Paradigm !
6. Conduct operations in a deceptive manner
Steal identities and sensitive information
Breach privacy
Harness the power of inherent design of OSNs
Exploit the built-in design model to trigger attacks
Automated in nature
OSN Malware : Features
13. WHOAMI !
Phishing
Old school tactic but amazingly, it still works
Brand name manipulation and social engineering
Exploits ignorance and doubt among OSN users
Extensively used for conducting drive-by-download attacks
Trend (1) – Phishing (Facebook)
20. WHOAMI !
Koobface (2009-2010)
Inject malicious content in wall posts. Hoax warnings
Sending emails to inboxes of the registered Facebook’s users
Chain infection to distribute koobface malware to a large set of users
Also used stolen Facebook credentials for malicious purposes
Likejacking Worm (2010 -2012)
Injecting malicious links
To raise ratings by triggering unauthorized likes
Trend (6) – Worms
21. WHOAMI !
Lily Jade (2012)
Exploits Crossrider web API to build plugin to attack different
browsers
Uses jquery to send malicious messages
Ramnit Worm (2010 - 2012)
Stolen Facebook accounts’ credentials are used to deliver malicious
messages through compromised accounts
Trend (6) – Worms (cont…)
22. WHOAMI !
Injecting malicious links with likes
Manipulating the implementation of like functionality
Very effective in tricking users to follow the likes
Earlier, used to spread malware but now:
It has become a legitimate business model. Amazing !
For $5, one can get a number of likes !
Trend (7) – Likejacking/ Clickjacking
23. WHOAMI !
This demo shows how LikeJacking was conducted earlier to trigger
infections in Facebook
It worked when Facebook did not implement any confirmation button
The newly deployed code actually restricts the active implementation
of this attack, but it is not the complete solution.
A new variant of LikeJacking code can be expected in the near future.
LikeJacking/Clickjacking Demo (Facebook)
24. WHOAMI !
Stealing OSN specific user credentials
Hooks browser to capture all the POST request used for submitting
forms
HTTP POST requests carry accounts credentials
OSN specific account credentials are used earlier for building worms
Example: Koobface
Details on Form-grabbing technique:
http://www.virusbtn.com/virusbulletin/archive/2011/11/vb201111-
form-grabbing
Trend (8) – Identity Stealing (Grabbers)
25. WHOAMI !
A bot having built-in functionality to capture OSN data is installed in the
testing environment
Facebook website is opened and credentials are provided
The bot steals the user credentials
OSN Grabber (Demo)
26. Malware targeting OSN from end user
machines
Malware exploiting OSNs functionality
in an automated manner
Virtually, turns your friends into
frenmies
Exploit users by compromising
Identity
Privacy
Completely deceptive in nature
Socioware
Online
Social
Networks
Malware
Trend (9) - Socioware
27. WHOAMI !
Socioware
A class of malware explicitly use to spread infections across different OSNs
(Facebook, Twitter, etc.)
Primarily developed as built-in components of bots.
Named as SPREADERS in the underground economy
Explicitly used for building OSN worms
Subverts capabilities of OSNs to distribute malware to a large sections of users
How ?
Based on Man-in-the-Browser (MitB) paradigm
Triggering infections from already infected machines
Browsers are hooked and OSN web pages are injected
Exploit trust model that exists between users
Trend (9) – Inside Socioware
30. Creating malicious Facebook application and embedding Java applet
that triggers drive-by-download to install spreader
Using exiting botnet to upload infected machines with spreaders
Pay-per infection (PPI) with Browser exploit Packs (BEPs) to infect
websites to distribute spreaders
Using USB devices to distribute spreaders physically
Spreaders – Distribution !
31. Executable (Injection Engine) : The primary logic file that spreads
malicious messages
Status Notification Component: The executable updates about the
status of the injection (success/failure)
Link Storage Component: It stores the different injection ( URLs) to
be injected by the executable
Time Interval Component: A logic which decides when to inject the
malicious link based on the timing
Spreaders – Components !
32. Step 1 - Installed in the end users’ machines
Step 2 – Hooks browser libraries and controls HTTP communication
channel
Step 3 – Remains dormant and starts monitoring engine to detect OSN
surfing through browsers
Step 4 - On successful detection, triggers internal logic to find pattern in
the web page
Step 5 – Read the malicious message from file (or internally) for injection
Step 6 – Triggers injection and notify the state (success or failure to
C&C)
Step 7 – Deactivates itself for a few minutes and starts infecting again
Spreaders – Internal Design
33. WHOAMI !
Spreader is installed in the controlled virtual environment
Facebook website is opened and credentials are provided
Facebook chat is activated to send messages to friends
Spreader injects malicious messages after a given time interval
Spreaders Demo
34. WHOAMI !
Automated way to inject unauthorized content in HTTP responses
Technique works as:
Hijacking the communication channel of browsers
Manipulating the low level HTTP protocol libraries used by browsers
Primarily aimed for:
─ Stealing information from banking websites on end user
machines
Socioware - Universal Web Injects
35. WHOAMI !
set_url [target webpage URL] * GP
Setting the target web page to inject
For all HTTP requests G = GET & P=POST
data_before/ data_end tag
Setting the required data in the web page before injected content
data_inject/ data_end tag
Data to inject in the web page
data_before/ data_end tag
Setting the required data in the web page after the injected content
Socioware - Universal Web Injects
37. WHOAMI !
Immune System
Users feedback on the channel that is used by malware as a launchpad
Based on message classifier which identify users as infected with
malware when the classifier marked messages as shady in collaboration
with feedback provided by the users' friends
User marking in conjunction with URL characteristics and features
Refer: http://research.microsoft.com/en-us/projects/ldg/a10-stein.pdf
Traffic Analyzer
Crawling every possible URL
Resolving DNS entries and checking against blacklists
It requires resolving of URL shortners too
Facebook Built-in Protection
38. WHOAMI !
Why end users and client side software are still the
priority targets?
Point to Ponder !
39. WHOAMI !
OSN will remain the centralized target for distributing malware
Trend of automated infections against OSN will continue
Significant increase in socioware based crimeware services
Possibility of advanced likejacking attacks
Socioware attacking mobile platforms
Future !