SlideShare a Scribd company logo

Ghosts In The Machine Today's Invisible Threats Oct 2009

Trend Micro
Trend Micro

Trend Micro examines today's invisible threats (i.e. data stealing malware) and finds surprising statistics about machines compromised by malware.

Technology
1 of 11
Download to read offline
Ghosts in the Machine Today’s Invisible Threats Focus Report Series September 2009 A Trend Micro White Paper | September 2009
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS I. Executive Summary Viruses are invisible without a microscope, yet remain one of the most deadly organisms that exist in nature. The term “computer virus” is aptly named to describe one of the greatest challenges of our online world. Yesterday’s computer viruses were not invisible and were instead created by “showoff” hackers out to demonstrate skill and daring. Today’s viruses, or malware, are more like their biological namesake and are today created to be invisible to users to evade detection. Current malware are usually part of an infection chain whose sole purpose is making money for cybercriminals. In addition to being invisible, today’s malware are also As part of their invisible pervasive. Current research of approximately 100 million compromised IP’s indicates that nature, today’s threats computers are also infected (or frequently and quickly reinfected) for longer time do not typically damage periods — often with malware that keep the machine captive as a sleeper bot, ready to the computer systems be activated for eventual, criminal purposes. they infect. Rather—like In addition to external threats, many of today’s organizations are similarly worried about parasites—these threats internal threats—either malware placed inside maliciously or accidental introduction of exploit their hosts to malware due to employee accident or error. The Conficker worm is probably the best, stay alive.. current example of invisible malware in action, with estimates ranging from 1.25 to five million infected computers. Most security software solutions are woefully ineffective at fighting the invisible malware enemy because of the sheer number that exist and because today’s viruses are so difficult to detect. Trend Micro advocates a new approach toward chasing down invisible infections—an approach that involves several tiers of protection, rather than simply trying to protect the desktop. Additionally, all Trend Micro solutions are based upon a revolutionary, cloud-content security infrastructure that stops invisible threats in the Internet cloud before they can reach a user’s desktop or server platform. The following white paper explores the evolution of threats—from highly visible to unseen—and offers several unique technology solutions to expose and eradicate the “ghosts in the machine.” II. Challenges of Today’s Invisible Threats Which is scarier—a tiger or a microbe? Most people would agree that the large teeth and extreme hunting instinct of tigers pose a more formidable enemy. Yet tigers do not wipe out entire villages like an aggressive virus. More than 25 million people have died of AIDS infections related to the HIV virus since 1981 [1] while tigers claim less than 100 victims per year. Viruses are not visibly dangerous—one cannot see a virus without a microscope–yet experience tells us that viruses can indeed be deadly. Viruses that threaten computers are for the most part invisible. Of course an IT guru or security expert can identify errant code but most of today’s dangerous web threats are largely invisible to users. Computer viruses that are written to gain attention are largely passé. Actually, viruses that command attention comprise less than one percent of the total malware population. Some PC users may remember the “cascade virus,” which dropped all the letters on the screen to the bottom of the page or “Yankee Doodle,” which played the famous song every day at 5pm on infected computers. These show-off viruses were largely written by college students and amateur hackers and have always totaled less than one tenth of a percent of viruses in circulation—and even less of infected systems. 2 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS As part of their invisible nature, today’s threats do not typically damage the computer systems they infect. Rather—like parasites—these threats exploit their hosts to stay alive. According to David Perry, Global Director of Education for Trend Micro, in his more than 20 years spent researching viruses, he has yet to find a computer that has been damaged by malware. Almost all reported damages due to malware, including disk drives, monitors, RAM chips, motherboards and processors, etc. are bogus. Today’s threats live on their host evading detection not to cause damage or disruption, but to steal Most data-destroying information from the host and to be used for the purpose of compromising and stealing malware were built information from others. and distributed in the mid to late 1990s and Data-stealing Malware today, are virtually Malware fly under the radar not by mistake but by clever design. Rather than damaging systems or data for the purpose of bravado, today’s malware are stealthy and created to extinct. evade detection. Although phishing attacks, spam, online scams, and web-based threats all possess visible components, the malware lurking behind is invisible on purpose. Keyloggers, botnet code, and password stealers are built for transparency because their primary goal is infecting a system to quietly steal valuable data. Data Stealing Malware 1H09 (source: TrendLabs) 100% Trojan Spyw are Trojan 75% Spyw are Hacktool Exploit Dialer 50% Backdoor Adw are 25% 0% Global N America S America Europe Africa Asia AUNZ Although invisible, data-stealing malware poses a serious threat to today’s organizations. As one of the most dangerous categories of web threats today, data-stealing malware showed tremendous growth in 2008 and is therefore an area of concern for consumer and business audiences alike. In 2009, virtually all malware tracked by Trend Micro experts has been observed to have information stealing as one of their primary goals. According to Anti-Phishing Working Group (APWG) statistics, the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008—an 827 percent increase from January of the same year.[2] Cybercriminals are responsible for creating most of the malware that exists today with the sole intention of making money. Most malware are used to gather and steal data such as banking logins and credit card numbers, intellectual property, confidential data, administrative passwords, and address books—for example. Malware authors are usually professional criminals and credit card details are the most common item bought and sold in the underground. Criminals either use the numbers on their own to exploit victims or sell the numbers on the online 3 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS Black Market for two to five percent of their remaining balances. For example, if the average card on the list had remaining credit of $1,000, each set of details would be worth approximately $25. [3] Some invisible malware are specifically designed to assimilate PCs into botnets. For example, botnet services cost about $10 for a million emails.[4] Botnets can also be rented and used for spamming, hacking, and denial of service attacks. An hour of usage on a network of 8,000 to 10,000 computers costs approximately $200. [5] Underground Economy 2009 (source: TrendLabs) ASSET GOING RATE 30 cents in the United States, 20 cents in Payout for each unique adware Canada, 10 cents in the UK, 2 cents installation elsewhere Malware package, basic version $1,000 - $2,000 Malware package with add-on services Varying prices starting at $20 Exploit kit rental – 1 hour $0.99 to $1 Exploit kit rental – 2.5 hours $1.60 to $2 Exploit kit rental – 5 hours $4, may vary Undetected copy of an information $80, may vary stealing Trojan Distributed Denial of Service attack $100 per day 10,000 compromised PCs $1,000 Stolen bank account credentials Varying prices starting at $50 1 million freshly-harvested emails $8 up, depending on quality (unverified) One Hundred Million Compromised IP Addresses In addition to being invisible, today’s threats are more pervasive than security experts ever imagined. Trend Micro recently analyzed 100 million compromised IP addresses. The number 100 million is staggering enough until one considers that NAT (network address translation) devices allow multiple computers to be connected to one IP address. For this reason, experts theorize that the number of compromised machines is probably much higher. Many of these machines are unknowingly infected and often being kept as bots—a term used to describe PCs that have been assimilated into part of a botnet. Botnets are an organized collection of zombie computers that enable cybercriminals to commit large-scale fraud and distribute pornography, spam, and other malicious content. Cybercriminals also upload hidden keylogging software to the bots, enabling access to personal data on affected machines, including usernames, passwords, bank account information, and social security numbers. The software then passes this data to the criminal organization running the botnet, which sells it on the Black Market. From a cyber scammer’s perspective, botnets are extremely efficient because as bots increase in size, the central 4 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS command console grows ever more powerful. Today’s botnets range from small networks of a thousand drones to enormous networks with hundreds of thousands of infected PCs, placing computing power and high network bandwidth in criminals’ hands. New Trend Micro data suggests that the peak number of infected machines have been Machines Infected Longer infected (or repeatedly In addition to threats being more prevalent than ever imagined, today’s threats infected) for more than two are also infecting systems for longer time durations. Unlike the generally accepted belief by the security industry that machines are infected for years, with a pronounced approximately a six-week time period before being discovered and disinfected, spike at three years and with new Trend Micro data suggests that the peak number of infected machines have 23 million addresses “active” been infected (or repeatedly infected) for more than two years, with a at any one time. pronounced spike at three years and with 23 million addresses “active” at any one time. Of these, 80 percent are infected for longer than one month, indicating that malware infection is a long-term problem and machines are either being continuously infected—becoming reinfected as soon as they are cleaned—or that machines are not being cleaned at all. One might wonder—if threats are this prevalent and long-lasting, why doesn’t the public perceive malware infections to be a bigger problem? The reality is that malware poses a huge problem but because of its invisible and stealthy nature, it goes unnoticed for long periods of time. Many infected machines are in fact dormant bots that are waiting to be activated or called into service. So, although they do not exhibit signs of infection, they may instead act as silent “sleeper bots,” waiting for instructions from a botnet command and control server. China Country Infections over Time USA Brazil Germany Korea Italy Spain Russia 4000000 Turkey 3500000 France 3000000 GBR 2500000 India 2000000 Poland Poland 1500000 France 1000000 500000 Spain 0 Germany 1 day 3 5 7 21 60 120 180 240 300 1 year 3 5 years years China 5 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS Insider Threats In addition to invisible external network threats, many organizations face security breaches that originate from the inside. Just as hard to detect and often just an insidious, internal security leaks can occur either through deliberate policy breaches, such as planting malware to steal data for financial gain, or by accident, such as an employee bringing in malware through an infected USB stick or music player, or by unknowingly using an infected laptop to logon to a company’s network. For example, experts believe that the well-known Hannaford Brothers grocery chain breach that occurred in March 2008 may have been an inside job. Data from 4.2 million credit cards was stolen in transmission as a result of malware installed on all Hannaford’s servers in 300 stores. Investigators discovered that the captured data was then being sent overseas. The methodologies used to install the malware and extract the data led to speculation that the Hannaford breach was an inside job as it is unlikely an outsider could have successfully distributed the correct malware to all the appropriate systems, as observed in the attack. In addition, the sophistication of the credit card interception software led investigators to believe that the criminals used prototypes to develop and test the malware prior to deployment, which would have been readily accessible to an employee.[6] Hannaford suffered greatly in the attack—both in terms of damages paid out in consumer law suits and in a tarnished brand image. According to a recently released study by the Ponemon Institute that polled 845 U.S. IT and IT security professionals, malicious insiders—described as employees with a specific purpose for stealing organizational data—accounted for 9 percent of agents likely to infect an organization with malware while another 39 percent of systems were infected by well meaning insiders—probably caused by employees unknowingly introducing malware into networks and systems. [7] Who do you see as the agent most likely to infect your organization’s computer systems with malware? Malicious outsiders – hackers directly breaking into network and systems 52% Well meaning insiders – infected employees unknowingly introducing 39% malware into network and systems Malicious insiders – employees with a specific purpose of stealing 9% organizational data Source: Ponemon Institute, “Anatomy of Data-Stealing Malware” Aug 2009 Invisible malware can infiltrate the corporate network in any number of ways. The explosion of potentially vulnerable technologies, such as P2P file sharing, streaming media, instant messaging, wireless networking, and USB storage devices has made it increasingly difficult to protect corporate data from invisible malware. The interactive nature of Web 2.0 technologies provides an additional threat vector. Web 2.0-based sites, such as Facebook.com, act as a platform for third-party developers to create powerful, scripted applications that can access user account details and execute within a browser window. Users can add additional applications and grant access permissions with a few clicks, and when they do, on-site messaging encourages the user’s friends to do the same. This viral networking pattern opens the door for fast-spreading malware. For example in March 2008, TrendLabs 6 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS received notice that over 400 phishing kits designed to generate phishing sites were targeting top Web 2.0 sites (i.e., social networking, video sharing, and VoIP sites), free email service providers, banks, and popular e-commerce Web sites. This creates a huge challenge to most organizations as they struggle to manage how, when, and even if these web sites will be allowed in the workplace. Additionally, greater numbers of telecommuting and traveling employees and the blurring between home and work offices have increased mobile device use and the tendency to transmit sensitive information back and forth by email, which increases the chance of infection. This creates a challenge for today’s companies to protect against the loss or theft of corporate data assets—either by accident or on purpose. Invisible Threat du Jour—Conficker A current example of an invisible and dangerous threat is the Conficker worm (also known as Downup, Downadup and Kido), which gained notoriety in April 2009 when an update via a peer-to-peer communication network through one of Conficker’s latest variants exposed connections between Conficker and Waledac (a notorious botnet) and between Conficker and a FakeAV variant called Spyware Protector 2009. The significance of these discoveries is Conficker’s connection to the world of cybercrime. Waldec is an immense botnet due to its association with another bot giant, Storm—a notorious spammer—and injects information stealing code. Waldec also downloads FakeAV, which scares users into buying “security” products by faking infection symptoms and employing crimeware routines. The size of the worm and subsequent damage was large enough to motivate security researchers to form Figure 1: Fake AV screen generated by the Conficker Working Group. The Conficker Working Conficker Group is a collaborative effort between technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm. According to the Conficker Working Group, recent estimates place the worm’s top three variants as affecting well over five million unique IP addresses. Even considering the group’s disclaimer of estimating the number of actually infected systems at only 25 to 75 percent of that number, a minimum of 1.25 million infected systems is considerable. [8] Experts say Conficker is the worst infection since the SQL Slammer worm in 2003. Conficker exploits a known buffer overflow vulnerability in the Server Service on Windows computers to spread to other machines, linking them to a virtual computer system that can be commanded remotely by its authors. In this manner, the Conficker worm has been used to amass an extremely large botnet, which is now believed to command up to 20 million computers. A single unpatched machine in a business network can become infected with Conficker and subsequently infect the entire network. The potential scale of infection is large because about 30 percent of Windows computers lack the Microsoft Windows patch released in October 2008 to block this vulnerability. Microsoft deemed Conficker important enough to offer a $250,000 reward for information leading to the arrest and conviction of the criminals behind its creation and/or distribution. 7 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS III. Inadequacies of Today’s Solutions Traditional antivirus solutions are no longer effective against today’s invisible threats. In addition to becoming increasingly invisible to users, today's threats are complex, multi- User behavior makes a dimensional, coordinated attacks that are difficult to detect and prevent. The sheer bad situation worse. number of new threats is an additional concern. A recent estimate places the number of Even when users unique new malware samples introduced in a single day at greater than 60,000 unique samples—a new piece of malware is created every 1.5 seconds. Although, the security encounter a warning industry issues more frequent pattern updates in an attempt to keep up, the massive from their desktop volume of updates can overload system resources resulting in critical performance issues. security systems, many As the number of threats multiplies, this approach becomes difficult to sustain. choose to ignore it. Although many organizations are protected by security software, user behavior makes a bad situation worse. Even when users encounter a warning from desktop security systems, many choose to ignore it. Others fail to update security software or to download recommended security patches. Internal employee mistakes or carelessness (rather than external threats) provide an additional entry point for malware. Lack of visibility into the exact location and cause of infections presents an additional challenge. To achieve comprehensive coverage, more information is needed to better understand where infections originate. For example, if most threats occur at the Internet gateway, appropriate gateway protections can be installed. In essence, an “early warning system” would help immediately identify invisible malware. Companies need to gain a more comprehensive understanding of security vulnerabilities. Additionally, compliance does not ensure security and too many companies are distracted by complying with a checkbox set of policies rather than on the bigger picture of overall security. Large-scale data breaches continue to occur in large firms that are fully compliant. For example, in the case of the Hannaford Brothers breach discussed earlier in this paper, the company was supposedly PCI-certified the previous year and had just received recertification. (The Payment Card Industry, or PCI, sponsors certification to protect consumers from identity theft with established controls to regulate data security.) As threats become more stealthy, more sophisticated, and more numerous than ever before, today’s security solutions struggle to keep up. Conventional technologies like firewalls and IDS hardware appliances provide some level of protection but may fail to catch “inside threats” from employees who accidentally infect the network or who plant malware from the inside. The increasing use of virtualization also provides new threat vectors that require additional protections. To be adequately protected, both consumers and business require a comprehensive approach to security that can detect and stop threats before they reach users and data. IV. New Layers of Security Risk assessment tools help increase overall threat intelligence so organizations can gain a bird’s eye view of their security posture to ensure adequate protections are in place. The Trend Micro Security Threat Assessment was designed for organizations seeking a more effective way to discover, mitigate, and manage network level threats. The solution helps organizations respond to malware quickly and efficiently, throughout the network, significantly reducing damage containment costs and improving the overall security posture. The Security Threat Assessment includes the following three tiers: Threat Discovery—uncovers internal security threats within the network. This would alert users to a phishing attack, for example. 8 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS Threat Management—advanced correlation and collaboration with the Smart Protection Network identifies the attack’s root cause and provides customized threat reports and threat response recommendations. Threat Mitigation—acts on information provided by a monitoring device to perform clean-up, policy enforcement, and remediation. V. Blocking Threats in the Cloud The Trend Micro Smart Protection Network is a next-generation cloud-client content security infrastructure that blocks invisible threats before they reach a user’s PC or a company’s network. Leveraged across Trend Micro’s solutions and services, the Smart Protection Network combines unique Internet-based—or “in-the-cloud”—technologies with lighter- weight clients. By checking URLs, emails, and files against continuously updated and correlated threat databases in the cloud, customers always have immediate access to the latest protection wherever they connect—from home, within the company network, or on the go. The Trend Micro Smart Protection Network comprises a global network of threat intelligence technologies and sensors that provide comprehensive protection against all types of invisible threats—from malicious files, phishing, and web threats, to denial of service attacks, web vulnerabilities, and even data loss. By incorporating in-the-cloud reputation, scanning, and correlation technologies, the Smart Protection Network reduces reliance on conventional pattern file downloads and eliminates the delays commonly associated with desktop updates. The Smart Protection Network is composed of technology components that encompass web reputation, email reputation, file reputation, correlation with behavior analysis, feedback loops, and threat collection and analysis. Processing over 5 billion customer queries per day, the Smart Protection Network is a next generation cloud-client content security infrastructure designed to block threats before they reach a network. The Smart Protection Network prevents over 1 billion threats from infecting its customers daily. VI. Server Security To protect servers from attack from invisible threats, Trend Micro Deep Security solutions provide advanced protection for servers—whether physical, virtual, or in-the-cloud. Deep Security combines intrusion detection and prevention, firewall, integrity monitoring and log inspection capabilities in a single, centrally managed software agent to help companies prevent malware from infiltrating web servers. Deep Security protects confidential data and critical applications to help prevent data breaches and ensure business continuity, while enabling compliance with important standards and regulations such as PCI, FISMA, and HIPAA. The solution helps enterprises to identify suspicious activity and behavior, and to take proactive or preventive measures to ensure server security. Protection for Virtual Machines Trend Micro Deep Security, combined with Trend Micro Core Protection for Virtual Machines, stops invisible threats from malware before they impact critical data, applications, and resources situated on virtual servers. Deep Security provides server and application protection that enables virtual machines to become self-defending. Core Protection for Virtual Machines is a solution that leverages the VMware VMsafe™ APIs to secure both active and dormant virtual machines. 9 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS VII. Free Tools RUBotted Trend Micro’s RUBotted monitors computers for suspicious activities and regularly checks with an online service to identify behavior associated with bots. Upon discovering a potential infection, RUBotted prompts users to execute a scan and clean their computers. Both business users and consumers can benefit from running RUBotted. HouseCall Trend Micro’s HouseCall is an online application that scans and detects for possible infection by viruses, spyware, or other malware then cleans the infected computer. Powered by Trend Micro’s’ Smart Protection Network, HouseCall delivers up-to-date detection against the latest threats. This free tool provides a quick and easy check for threats regardless of the protection status of existing security applications. VIII. Conclusion Because today’s threats are created to boost the underground economy, most malware are invisible, designed to work quietly and reside on users’ PCs undetected for months or years at a time. Because of their stealthy nature, there is no need for today’s threats to slow down PCs, destroy files, or show any evidence of their existence. The pervasiveness of today’s threats and the fact that they infect machines for far longer than originally imagined creates a compelling need for new, more robust security solutions that can stay a step ahead of the thousands of unique, new malware samples introduced daily. Additionally, these solutions must guard against accidental or on-purpose threats that enter the corporate network from inside. Trend Micro advocates multiple layers of protection through its Threat Management Solution to cover every part of the network and identify, manage, and mitigate threats. Additionally, the Smart Protection Network powers all Trend Micro solutions, blocking invisible threats in the Internet cloud through a combined effort of Web, Email, and File Reputation technologies. Server security is an additional area of concern and solutions like Trend Micro’s Deep Security help companies stop invisible threats before they can infiltrate physical or virtual servers. 10 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS IX: References 1 “Global HIV/AIDS estimates, end of 2007,” Avert.com, July 2008, http://www.avert.org/worldstats.htm 2 Anti Phishing Working Group website, http://www.antiphishing.org. 3 Sarah Arnott, “How Cybercrime Went Professional,” The Independent,” August 13, 2008. http://www.independent.co.uk/news/business/analysis-and-features/how-cyber-crime- went-professional-892882.html. 4 Ibid. 5 Ibid. 6 Richard Koman, “Grocery Chain Data Breach Offers Lessons for CIOs,” Newsfactor.com, March 31, 2008, http://www.newsfactor.com/story.xhtml?story_id=59056 7 Dr. Larry Ponemon, “Anatomy of Data-Stealing Malware,” research report, August 11, 2009. 8 http://www.confickerworkinggroup.org 11 Focus Report | Ghosts in the Machine: Today’s Invisible Threats

Recommended

Avg community powered threat report q2 2011
Avg community powered threat report q2 2011Avg community powered threat report q2 2011
Avg community powered threat report q2 2011AVG Technologies
 
Countermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsCountermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsDarwish Ahmad
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
Malware
MalwareMalware
Malwarezelkan19
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 

Recommended

Avg community powered threat report q2 2011
Avg community powered threat report q2 2011Avg community powered threat report q2 2011
Avg community powered threat report q2 2011AVG Technologies
 
Countermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsCountermeasures To Ransomware Threats
Countermeasures To Ransomware ThreatsDarwish Ahmad
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
Malware
MalwareMalware
Malwarezelkan19
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Balancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and SecurityBalancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and Securityevolutionaryit
 
Stormy Weather
Stormy WeatherStormy Weather
Stormy WeatherAnthony Arrott
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_Directorate of Information Security | Ditjen Aptika
 
Information-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxInformation-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxanbersattar
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Technologies AU
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013Комсс Файквэе
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
computer security
computer securitycomputer security
computer securityAzhar Akhtar
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Esam Abulkhirat
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021tsevier
 
The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolutionITrust - Cybersecurity as a Service
 
Hacking And Virus.pptx
Hacking And Virus.pptxHacking And Virus.pptx
Hacking And Virus.pptxsahilshah476001
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z Cheng Olayvar
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 

More Related Content

What's hot

Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Balancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and SecurityBalancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and Securityevolutionaryit
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Information-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxInformation-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxanbersattar
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Esam Abulkhirat
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021tsevier
 

What's hot (18)

Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Balancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and SecurityBalancing Your Internet Cyber-Life with Privacy and Security
Balancing Your Internet Cyber-Life with Privacy and Security
 
Stormy Weather
Stormy WeatherStormy Weather
Stormy Weather
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
 
Information-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxInformation-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptx
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
computer security
computer securitycomputer security
computer security
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021
 

Similar to Ghosts In The Machine Today's Invisible Threats Oct 2009

Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docxSarahReese14
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!ISSA LA
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar reportNamanKikani
 
How To Identify Popular Spyware
How To Identify Popular SpywareHow To Identify Popular Spyware
How To Identify Popular SpywareSysvoot Antivirus
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 

Similar to Ghosts In The Machine Today's Invisible Threats Oct 2009 (20)

The malware (r)evolution
The malware (r)evolutionThe malware (r)evolution
The malware (r)evolution
 
Hacking And Virus.pptx
Hacking And Virus.pptxHacking And Virus.pptx
Hacking And Virus.pptx
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
MALWARE
MALWAREMALWARE
MALWARE
 
Malware
MalwareMalware
Malware
 
Malware
MalwareMalware
Malware
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docx
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
trojon horse Seminar report
trojon horse Seminar report trojon horse Seminar report
trojon horse Seminar report
 
Network Security.pptx
Network Security.pptxNetwork Security.pptx
Network Security.pptx
 
How To Identify Popular Spyware
How To Identify Popular SpywareHow To Identify Popular Spyware
How To Identify Popular Spyware
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
cyber crime
cyber crime cyber crime
cyber crime
 
Rp threat-predictions-2013
Rp threat-predictions-2013Rp threat-predictions-2013
Rp threat-predictions-2013
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)
 
Computers Diseases
Computers DiseasesComputers Diseases
Computers Diseases
 

More from Trend Micro

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesTrend Micro
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaTrend Micro
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest TexasTrend Micro
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 

More from Trend Micro (20)

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, Vulnerabilities
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 

Recently uploaded

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 

Recently uploaded (20)

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 

Ghosts In The Machine Today's Invisible Threats Oct 2009

  • 1. Ghosts in the Machine Today’s Invisible Threats Focus Report Series September 2009 A Trend Micro White Paper | September 2009
  • 2. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS I. Executive Summary Viruses are invisible without a microscope, yet remain one of the most deadly organisms that exist in nature. The term “computer virus” is aptly named to describe one of the greatest challenges of our online world. Yesterday’s computer viruses were not invisible and were instead created by “showoff” hackers out to demonstrate skill and daring. Today’s viruses, or malware, are more like their biological namesake and are today created to be invisible to users to evade detection. Current malware are usually part of an infection chain whose sole purpose is making money for cybercriminals. In addition to being invisible, today’s malware are also As part of their invisible pervasive. Current research of approximately 100 million compromised IP’s indicates that nature, today’s threats computers are also infected (or frequently and quickly reinfected) for longer time do not typically damage periods — often with malware that keep the machine captive as a sleeper bot, ready to the computer systems be activated for eventual, criminal purposes. they infect. Rather—like In addition to external threats, many of today’s organizations are similarly worried about parasites—these threats internal threats—either malware placed inside maliciously or accidental introduction of exploit their hosts to malware due to employee accident or error. The Conficker worm is probably the best, stay alive.. current example of invisible malware in action, with estimates ranging from 1.25 to five million infected computers. Most security software solutions are woefully ineffective at fighting the invisible malware enemy because of the sheer number that exist and because today’s viruses are so difficult to detect. Trend Micro advocates a new approach toward chasing down invisible infections—an approach that involves several tiers of protection, rather than simply trying to protect the desktop. Additionally, all Trend Micro solutions are based upon a revolutionary, cloud-content security infrastructure that stops invisible threats in the Internet cloud before they can reach a user’s desktop or server platform. The following white paper explores the evolution of threats—from highly visible to unseen—and offers several unique technology solutions to expose and eradicate the “ghosts in the machine.” II. Challenges of Today’s Invisible Threats Which is scarier—a tiger or a microbe? Most people would agree that the large teeth and extreme hunting instinct of tigers pose a more formidable enemy. Yet tigers do not wipe out entire villages like an aggressive virus. More than 25 million people have died of AIDS infections related to the HIV virus since 1981 [1] while tigers claim less than 100 victims per year. Viruses are not visibly dangerous—one cannot see a virus without a microscope–yet experience tells us that viruses can indeed be deadly. Viruses that threaten computers are for the most part invisible. Of course an IT guru or security expert can identify errant code but most of today’s dangerous web threats are largely invisible to users. Computer viruses that are written to gain attention are largely passé. Actually, viruses that command attention comprise less than one percent of the total malware population. Some PC users may remember the “cascade virus,” which dropped all the letters on the screen to the bottom of the page or “Yankee Doodle,” which played the famous song every day at 5pm on infected computers. These show-off viruses were largely written by college students and amateur hackers and have always totaled less than one tenth of a percent of viruses in circulation—and even less of infected systems. 2 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 3. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS As part of their invisible nature, today’s threats do not typically damage the computer systems they infect. Rather—like parasites—these threats exploit their hosts to stay alive. According to David Perry, Global Director of Education for Trend Micro, in his more than 20 years spent researching viruses, he has yet to find a computer that has been damaged by malware. Almost all reported damages due to malware, including disk drives, monitors, RAM chips, motherboards and processors, etc. are bogus. Today’s threats live on their host evading detection not to cause damage or disruption, but to steal Most data-destroying information from the host and to be used for the purpose of compromising and stealing malware were built information from others. and distributed in the mid to late 1990s and Data-stealing Malware today, are virtually Malware fly under the radar not by mistake but by clever design. Rather than damaging systems or data for the purpose of bravado, today’s malware are stealthy and created to extinct. evade detection. Although phishing attacks, spam, online scams, and web-based threats all possess visible components, the malware lurking behind is invisible on purpose. Keyloggers, botnet code, and password stealers are built for transparency because their primary goal is infecting a system to quietly steal valuable data. Data Stealing Malware 1H09 (source: TrendLabs) 100% Trojan Spyw are Trojan 75% Spyw are Hacktool Exploit Dialer 50% Backdoor Adw are 25% 0% Global N America S America Europe Africa Asia AUNZ Although invisible, data-stealing malware poses a serious threat to today’s organizations. As one of the most dangerous categories of web threats today, data-stealing malware showed tremendous growth in 2008 and is therefore an area of concern for consumer and business audiences alike. In 2009, virtually all malware tracked by Trend Micro experts has been observed to have information stealing as one of their primary goals. According to Anti-Phishing Working Group (APWG) statistics, the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008—an 827 percent increase from January of the same year.[2] Cybercriminals are responsible for creating most of the malware that exists today with the sole intention of making money. Most malware are used to gather and steal data such as banking logins and credit card numbers, intellectual property, confidential data, administrative passwords, and address books—for example. Malware authors are usually professional criminals and credit card details are the most common item bought and sold in the underground. Criminals either use the numbers on their own to exploit victims or sell the numbers on the online 3 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 4. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS Black Market for two to five percent of their remaining balances. For example, if the average card on the list had remaining credit of $1,000, each set of details would be worth approximately $25. [3] Some invisible malware are specifically designed to assimilate PCs into botnets. For example, botnet services cost about $10 for a million emails.[4] Botnets can also be rented and used for spamming, hacking, and denial of service attacks. An hour of usage on a network of 8,000 to 10,000 computers costs approximately $200. [5] Underground Economy 2009 (source: TrendLabs) ASSET GOING RATE 30 cents in the United States, 20 cents in Payout for each unique adware Canada, 10 cents in the UK, 2 cents installation elsewhere Malware package, basic version $1,000 - $2,000 Malware package with add-on services Varying prices starting at $20 Exploit kit rental – 1 hour $0.99 to $1 Exploit kit rental – 2.5 hours $1.60 to $2 Exploit kit rental – 5 hours $4, may vary Undetected copy of an information $80, may vary stealing Trojan Distributed Denial of Service attack $100 per day 10,000 compromised PCs $1,000 Stolen bank account credentials Varying prices starting at $50 1 million freshly-harvested emails $8 up, depending on quality (unverified) One Hundred Million Compromised IP Addresses In addition to being invisible, today’s threats are more pervasive than security experts ever imagined. Trend Micro recently analyzed 100 million compromised IP addresses. The number 100 million is staggering enough until one considers that NAT (network address translation) devices allow multiple computers to be connected to one IP address. For this reason, experts theorize that the number of compromised machines is probably much higher. Many of these machines are unknowingly infected and often being kept as bots—a term used to describe PCs that have been assimilated into part of a botnet. Botnets are an organized collection of zombie computers that enable cybercriminals to commit large-scale fraud and distribute pornography, spam, and other malicious content. Cybercriminals also upload hidden keylogging software to the bots, enabling access to personal data on affected machines, including usernames, passwords, bank account information, and social security numbers. The software then passes this data to the criminal organization running the botnet, which sells it on the Black Market. From a cyber scammer’s perspective, botnets are extremely efficient because as bots increase in size, the central 4 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 5. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS command console grows ever more powerful. Today’s botnets range from small networks of a thousand drones to enormous networks with hundreds of thousands of infected PCs, placing computing power and high network bandwidth in criminals’ hands. New Trend Micro data suggests that the peak number of infected machines have been Machines Infected Longer infected (or repeatedly In addition to threats being more prevalent than ever imagined, today’s threats infected) for more than two are also infecting systems for longer time durations. Unlike the generally accepted belief by the security industry that machines are infected for years, with a pronounced approximately a six-week time period before being discovered and disinfected, spike at three years and with new Trend Micro data suggests that the peak number of infected machines have 23 million addresses “active” been infected (or repeatedly infected) for more than two years, with a at any one time. pronounced spike at three years and with 23 million addresses “active” at any one time. Of these, 80 percent are infected for longer than one month, indicating that malware infection is a long-term problem and machines are either being continuously infected—becoming reinfected as soon as they are cleaned—or that machines are not being cleaned at all. One might wonder—if threats are this prevalent and long-lasting, why doesn’t the public perceive malware infections to be a bigger problem? The reality is that malware poses a huge problem but because of its invisible and stealthy nature, it goes unnoticed for long periods of time. Many infected machines are in fact dormant bots that are waiting to be activated or called into service. So, although they do not exhibit signs of infection, they may instead act as silent “sleeper bots,” waiting for instructions from a botnet command and control server. China Country Infections over Time USA Brazil Germany Korea Italy Spain Russia 4000000 Turkey 3500000 France 3000000 GBR 2500000 India 2000000 Poland Poland 1500000 France 1000000 500000 Spain 0 Germany 1 day 3 5 7 21 60 120 180 240 300 1 year 3 5 years years China 5 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 6. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS Insider Threats In addition to invisible external network threats, many organizations face security breaches that originate from the inside. Just as hard to detect and often just an insidious, internal security leaks can occur either through deliberate policy breaches, such as planting malware to steal data for financial gain, or by accident, such as an employee bringing in malware through an infected USB stick or music player, or by unknowingly using an infected laptop to logon to a company’s network. For example, experts believe that the well-known Hannaford Brothers grocery chain breach that occurred in March 2008 may have been an inside job. Data from 4.2 million credit cards was stolen in transmission as a result of malware installed on all Hannaford’s servers in 300 stores. Investigators discovered that the captured data was then being sent overseas. The methodologies used to install the malware and extract the data led to speculation that the Hannaford breach was an inside job as it is unlikely an outsider could have successfully distributed the correct malware to all the appropriate systems, as observed in the attack. In addition, the sophistication of the credit card interception software led investigators to believe that the criminals used prototypes to develop and test the malware prior to deployment, which would have been readily accessible to an employee.[6] Hannaford suffered greatly in the attack—both in terms of damages paid out in consumer law suits and in a tarnished brand image. According to a recently released study by the Ponemon Institute that polled 845 U.S. IT and IT security professionals, malicious insiders—described as employees with a specific purpose for stealing organizational data—accounted for 9 percent of agents likely to infect an organization with malware while another 39 percent of systems were infected by well meaning insiders—probably caused by employees unknowingly introducing malware into networks and systems. [7] Who do you see as the agent most likely to infect your organization’s computer systems with malware? Malicious outsiders – hackers directly breaking into network and systems 52% Well meaning insiders – infected employees unknowingly introducing 39% malware into network and systems Malicious insiders – employees with a specific purpose of stealing 9% organizational data Source: Ponemon Institute, “Anatomy of Data-Stealing Malware” Aug 2009 Invisible malware can infiltrate the corporate network in any number of ways. The explosion of potentially vulnerable technologies, such as P2P file sharing, streaming media, instant messaging, wireless networking, and USB storage devices has made it increasingly difficult to protect corporate data from invisible malware. The interactive nature of Web 2.0 technologies provides an additional threat vector. Web 2.0-based sites, such as Facebook.com, act as a platform for third-party developers to create powerful, scripted applications that can access user account details and execute within a browser window. Users can add additional applications and grant access permissions with a few clicks, and when they do, on-site messaging encourages the user’s friends to do the same. This viral networking pattern opens the door for fast-spreading malware. For example in March 2008, TrendLabs 6 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 7. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS received notice that over 400 phishing kits designed to generate phishing sites were targeting top Web 2.0 sites (i.e., social networking, video sharing, and VoIP sites), free email service providers, banks, and popular e-commerce Web sites. This creates a huge challenge to most organizations as they struggle to manage how, when, and even if these web sites will be allowed in the workplace. Additionally, greater numbers of telecommuting and traveling employees and the blurring between home and work offices have increased mobile device use and the tendency to transmit sensitive information back and forth by email, which increases the chance of infection. This creates a challenge for today’s companies to protect against the loss or theft of corporate data assets—either by accident or on purpose. Invisible Threat du Jour—Conficker A current example of an invisible and dangerous threat is the Conficker worm (also known as Downup, Downadup and Kido), which gained notoriety in April 2009 when an update via a peer-to-peer communication network through one of Conficker’s latest variants exposed connections between Conficker and Waledac (a notorious botnet) and between Conficker and a FakeAV variant called Spyware Protector 2009. The significance of these discoveries is Conficker’s connection to the world of cybercrime. Waldec is an immense botnet due to its association with another bot giant, Storm—a notorious spammer—and injects information stealing code. Waldec also downloads FakeAV, which scares users into buying “security” products by faking infection symptoms and employing crimeware routines. The size of the worm and subsequent damage was large enough to motivate security researchers to form Figure 1: Fake AV screen generated by the Conficker Working Group. The Conficker Working Conficker Group is a collaborative effort between technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm. According to the Conficker Working Group, recent estimates place the worm’s top three variants as affecting well over five million unique IP addresses. Even considering the group’s disclaimer of estimating the number of actually infected systems at only 25 to 75 percent of that number, a minimum of 1.25 million infected systems is considerable. [8] Experts say Conficker is the worst infection since the SQL Slammer worm in 2003. Conficker exploits a known buffer overflow vulnerability in the Server Service on Windows computers to spread to other machines, linking them to a virtual computer system that can be commanded remotely by its authors. In this manner, the Conficker worm has been used to amass an extremely large botnet, which is now believed to command up to 20 million computers. A single unpatched machine in a business network can become infected with Conficker and subsequently infect the entire network. The potential scale of infection is large because about 30 percent of Windows computers lack the Microsoft Windows patch released in October 2008 to block this vulnerability. Microsoft deemed Conficker important enough to offer a $250,000 reward for information leading to the arrest and conviction of the criminals behind its creation and/or distribution. 7 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 8. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS III. Inadequacies of Today’s Solutions Traditional antivirus solutions are no longer effective against today’s invisible threats. In addition to becoming increasingly invisible to users, today's threats are complex, multi- User behavior makes a dimensional, coordinated attacks that are difficult to detect and prevent. The sheer bad situation worse. number of new threats is an additional concern. A recent estimate places the number of Even when users unique new malware samples introduced in a single day at greater than 60,000 unique samples—a new piece of malware is created every 1.5 seconds. Although, the security encounter a warning industry issues more frequent pattern updates in an attempt to keep up, the massive from their desktop volume of updates can overload system resources resulting in critical performance issues. security systems, many As the number of threats multiplies, this approach becomes difficult to sustain. choose to ignore it. Although many organizations are protected by security software, user behavior makes a bad situation worse. Even when users encounter a warning from desktop security systems, many choose to ignore it. Others fail to update security software or to download recommended security patches. Internal employee mistakes or carelessness (rather than external threats) provide an additional entry point for malware. Lack of visibility into the exact location and cause of infections presents an additional challenge. To achieve comprehensive coverage, more information is needed to better understand where infections originate. For example, if most threats occur at the Internet gateway, appropriate gateway protections can be installed. In essence, an “early warning system” would help immediately identify invisible malware. Companies need to gain a more comprehensive understanding of security vulnerabilities. Additionally, compliance does not ensure security and too many companies are distracted by complying with a checkbox set of policies rather than on the bigger picture of overall security. Large-scale data breaches continue to occur in large firms that are fully compliant. For example, in the case of the Hannaford Brothers breach discussed earlier in this paper, the company was supposedly PCI-certified the previous year and had just received recertification. (The Payment Card Industry, or PCI, sponsors certification to protect consumers from identity theft with established controls to regulate data security.) As threats become more stealthy, more sophisticated, and more numerous than ever before, today’s security solutions struggle to keep up. Conventional technologies like firewalls and IDS hardware appliances provide some level of protection but may fail to catch “inside threats” from employees who accidentally infect the network or who plant malware from the inside. The increasing use of virtualization also provides new threat vectors that require additional protections. To be adequately protected, both consumers and business require a comprehensive approach to security that can detect and stop threats before they reach users and data. IV. New Layers of Security Risk assessment tools help increase overall threat intelligence so organizations can gain a bird’s eye view of their security posture to ensure adequate protections are in place. The Trend Micro Security Threat Assessment was designed for organizations seeking a more effective way to discover, mitigate, and manage network level threats. The solution helps organizations respond to malware quickly and efficiently, throughout the network, significantly reducing damage containment costs and improving the overall security posture. The Security Threat Assessment includes the following three tiers: Threat Discovery—uncovers internal security threats within the network. This would alert users to a phishing attack, for example. 8 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 9. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS Threat Management—advanced correlation and collaboration with the Smart Protection Network identifies the attack’s root cause and provides customized threat reports and threat response recommendations. Threat Mitigation—acts on information provided by a monitoring device to perform clean-up, policy enforcement, and remediation. V. Blocking Threats in the Cloud The Trend Micro Smart Protection Network is a next-generation cloud-client content security infrastructure that blocks invisible threats before they reach a user’s PC or a company’s network. Leveraged across Trend Micro’s solutions and services, the Smart Protection Network combines unique Internet-based—or “in-the-cloud”—technologies with lighter- weight clients. By checking URLs, emails, and files against continuously updated and correlated threat databases in the cloud, customers always have immediate access to the latest protection wherever they connect—from home, within the company network, or on the go. The Trend Micro Smart Protection Network comprises a global network of threat intelligence technologies and sensors that provide comprehensive protection against all types of invisible threats—from malicious files, phishing, and web threats, to denial of service attacks, web vulnerabilities, and even data loss. By incorporating in-the-cloud reputation, scanning, and correlation technologies, the Smart Protection Network reduces reliance on conventional pattern file downloads and eliminates the delays commonly associated with desktop updates. The Smart Protection Network is composed of technology components that encompass web reputation, email reputation, file reputation, correlation with behavior analysis, feedback loops, and threat collection and analysis. Processing over 5 billion customer queries per day, the Smart Protection Network is a next generation cloud-client content security infrastructure designed to block threats before they reach a network. The Smart Protection Network prevents over 1 billion threats from infecting its customers daily. VI. Server Security To protect servers from attack from invisible threats, Trend Micro Deep Security solutions provide advanced protection for servers—whether physical, virtual, or in-the-cloud. Deep Security combines intrusion detection and prevention, firewall, integrity monitoring and log inspection capabilities in a single, centrally managed software agent to help companies prevent malware from infiltrating web servers. Deep Security protects confidential data and critical applications to help prevent data breaches and ensure business continuity, while enabling compliance with important standards and regulations such as PCI, FISMA, and HIPAA. The solution helps enterprises to identify suspicious activity and behavior, and to take proactive or preventive measures to ensure server security. Protection for Virtual Machines Trend Micro Deep Security, combined with Trend Micro Core Protection for Virtual Machines, stops invisible threats from malware before they impact critical data, applications, and resources situated on virtual servers. Deep Security provides server and application protection that enables virtual machines to become self-defending. Core Protection for Virtual Machines is a solution that leverages the VMware VMsafe™ APIs to secure both active and dormant virtual machines. 9 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 10. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS VII. Free Tools RUBotted Trend Micro’s RUBotted monitors computers for suspicious activities and regularly checks with an online service to identify behavior associated with bots. Upon discovering a potential infection, RUBotted prompts users to execute a scan and clean their computers. Both business users and consumers can benefit from running RUBotted. HouseCall Trend Micro’s HouseCall is an online application that scans and detects for possible infection by viruses, spyware, or other malware then cleans the infected computer. Powered by Trend Micro’s’ Smart Protection Network, HouseCall delivers up-to-date detection against the latest threats. This free tool provides a quick and easy check for threats regardless of the protection status of existing security applications. VIII. Conclusion Because today’s threats are created to boost the underground economy, most malware are invisible, designed to work quietly and reside on users’ PCs undetected for months or years at a time. Because of their stealthy nature, there is no need for today’s threats to slow down PCs, destroy files, or show any evidence of their existence. The pervasiveness of today’s threats and the fact that they infect machines for far longer than originally imagined creates a compelling need for new, more robust security solutions that can stay a step ahead of the thousands of unique, new malware samples introduced daily. Additionally, these solutions must guard against accidental or on-purpose threats that enter the corporate network from inside. Trend Micro advocates multiple layers of protection through its Threat Management Solution to cover every part of the network and identify, manage, and mitigate threats. Additionally, the Smart Protection Network powers all Trend Micro solutions, blocking invisible threats in the Internet cloud through a combined effort of Web, Email, and File Reputation technologies. Server security is an additional area of concern and solutions like Trend Micro’s Deep Security help companies stop invisible threats before they can infiltrate physical or virtual servers. 10 Focus Report | Ghosts in the Machine: Today’s Invisible Threats
  • 11. GHOSTS IN THE MACHINE: TODAY’S INVISIBLE THREATS IX: References 1 “Global HIV/AIDS estimates, end of 2007,” Avert.com, July 2008, http://www.avert.org/worldstats.htm 2 Anti Phishing Working Group website, http://www.antiphishing.org. 3 Sarah Arnott, “How Cybercrime Went Professional,” The Independent,” August 13, 2008. http://www.independent.co.uk/news/business/analysis-and-features/how-cyber-crime- went-professional-892882.html. 4 Ibid. 5 Ibid. 6 Richard Koman, “Grocery Chain Data Breach Offers Lessons for CIOs,” Newsfactor.com, March 31, 2008, http://www.newsfactor.com/story.xhtml?story_id=59056 7 Dr. Larry Ponemon, “Anatomy of Data-Stealing Malware,” research report, August 11, 2009. 8 http://www.confickerworkinggroup.org 11 Focus Report | Ghosts in the Machine: Today’s Invisible Threats