SlideShare a Scribd company logo

Using Massively Distributed Malware in APT-Style Attacks

IBM Security
IBM Security

APTs are often associated with highly-customized malware, specifically tailored for the target of the attack. But in 2014, several APT-Style attacks involved the use of massively distributed malware to gain access to enterprise systems and corporate data. The use of massively distributed malware provides significant advantages to the attackers who no longer need to spear phish targets or design custom malware. Instead, they use mass-distribution techniques to infect as many PCs as possible. According to IBM Trusteer research, 1:500 PCs in the world is already infected with Citadel, Zeus, or similar malware. Once a machine is infected with the malware, a new instruction set can be provided to turn the malware against different targets, or work with different command and controls (C&C) servers. In this webinar, Dana Tamir, Director of Enterprise Security Product Marketing, examines the use of massively distributed malware in recent APT-Style attacks and discusses the impact of this emerging trend on enterprise IT security paradigms. You will learn: • Which types of malware used in these attacks • How evasion techniques are used to bypass detection solutions • What kind of information is most targeted • How Trusteer Apex addresses these threats with a new approach to endpoint security View the on-demand recording: https://attendee.gotowebinar.com/recording/4288360696484026881

Technology
1 of 38
Download to read offline
Using Massively Distributed Malware in APT-Style Attacks Dana Tamir IBM Trusteer Dir. Enterprise Security
© 2014 IBM Corporation IBM Security 2 2 What do you think about when you hear the term APT?
© 2014 IBM Corporation IBM Security 3 Flame Stuxnet Security Virus Trojan RAT Threat Data Credentials Malware Internet Wild Cyber WAR Discovery Alert! Breach Dangerous Detection Research $$$
© 2014 IBM Corporation IBM Security 4 Stuxnet * Designed to attack Siemens industrial systems * Caused fast- spinning centrifuges to tear themselves apart * Exploited four zero-day vulnerabilities Duqu * Looks for info to target industrial control systems * Not destructive * Uses jpeg files and encrypted dummy files as containers to exfiltrate data to C&C Gauss * A complex Cyber- espionage toolkit * Steals various kinds of data from infected machines * Includes an encrypted payload which is activated on certain specific system configs APTs => Highly Targeted Malware Flame • A sophisticated cyber-espionage malware • Infected target machines in Middle Eastern countries • Receives instructions via C&C servers
© 2014 IBM Corporation IBM Security 5 New Emerging Trend 5
© 2014 IBM Corporation IBM Security 6 Trojans Used in Financial Fraud Trojans Used in APT-Style Attacks • Targets Consumers • Used for stealing • Bank account credentials • Personal information • Sophisticated • Targets Employees • Used for stealing • Corporate credentials • Business and operational data • Sophisticated
© 2014 IBM Corporation IBM Security 7 Typical functions available with these malware families Capability Description Keylogging Captures user keystrokes and sends data to attacker Screenshot capturing record browser session, including data displayed to user Video capturing record a video stream of a browser session Form grabbing (HTTP POST grabbing) method used to capture user input from a web data form. HTML injection a method used for injecting HTML content into legitimate web pages in order to modify it. Remote execution of command line instructions enables the operator to collect data and change settings on one or more remote computers. Remote control of the infected machine allows complete control over the PC and full access to the corporate network. Evasion techniques designed to evade anti-virus and other security controls. Anti-research techniques a variety of sophisticated features designed to prevent researchers from analyzing the malware 7
© 2014 IBM Corporation IBM Security 8 Using Massive Distribution Campaigns 8 Not Targeted! Infecting Millions of Machines!
© 2014 IBM Corporation IBM Security 9 9 Massively Distributed Malware Massive Distribution Campaigns use techniques like Spear- Phishing, Drive-By Downloads, Malvertising, Watering hole attacks…
© 2014 IBM Corporation IBM Security 10 10 Massively Distributed Malware Command and Control Server Registration Configuration file
© 2014 IBM Corporation IBM Security 11 11 The Configuration Files • Provided by the Command and Control Server • Contain operational information, like: • Targets and Operational Triggers • Information requested • Alternative Command and Controls • Can be Updated! • New operational triggers and targets • New information requested • Alternative Command and Controls • Software upgrades
Examples?
© 2014 IBM Corporation IBM Security 13 Example: The Citadel Trojan 13 Citadel Configuration File
© 2014 IBM Corporation IBM Security 14 Available for sale on the Russian Underground  New version offers “classic” Zeus and new capabilities  Enables the attacker to run shell commands off the infected device  Can map the network on which the infected device is  Obviously not added for financial fraud…  Built-in VNC (the VNCfox)  is a valuable tool  “Crowd-sourcing”  Will not work on devices that use a Cyrillic keyboard layout (do not wish to target Russian or Ukrainian systems) 14
© 2014 IBM Corporation IBM Security 15 Constantly under development 15 Malware
© 2014 IBM Corporation IBM Security 16
© 2014 IBM Corporation IBM Security 17 From The Citadel Configuration File  Instructed to look for user access to certain URL addresses  Form Grabbing/ “HTTP POST”: grab all the information submitted by the user  The relevant section from the configuration file (shown in a Trusteer proprietary format) 17
© 2014 IBM Corporation IBM Security 18 Grabbing webmail login credentials  http://mail.target-company.com/* 18
© 2014 IBM Corporation IBM Security 19 19
© 2014 IBM Corporation IBM Security 20 Citadel triggered by specific processes  Citadel instructed to start keylogging (capturing user keystrokes) when specific processes are running.  The relevant part of the configuration is shown below (in IBM Trusteer’s proprietary format): 20
© 2014 IBM Corporation IBM Security 21 Examples of Citadel Evasion Techniques  Designed to evade anti-virus and other traditional security controls  Anti-research techniques: won’t execute if env settings are set to ‘debug’ mode  Using “AutoCMD” functionality (run shell commands on infected device): – The variant creates a new user on the infected device – New user added to native windows remote desktop protocol (RDP) group. – So, if the malware is removed from the infected device, the operator still has a backdoor into it using Windows RDP. 21
© 2014 IBM Corporation IBM Security 22 AlienSpy RAT used to deliver the popular Citadel Trojan  Similar to other RATs, AlienSpy RAT provides the attacker with full control over the compromised system.  Network traffic encryption is performed to obfuscate the malicious network traffic with the command and control server (CnC)  AlienSpy receives commands to download and execute a file in the victim system – At least one variant received commands to infect the victim system with Citadel C&C AlienSpy (PayslipDetails.jar) Citadel C&C Dropper
© 2014 IBM Corporation IBM Security 23 Using Trojans to Massively Distribute Trojans …so far managed to infect over 770,000 machines around the world. …designed primarily to disseminate other kinds of malware and has been operating since at least 2012 somewhat under the radar of researchers…
© 2014 IBM Corporation IBM Security 24 The Dyre Trojan  First appeared in June 2014  Distributed through massive spear-phishing campaigns  Initially targeted customers of large financial institutions  Targets include: Bank of America, Citigroup, and Royal Bank of Scotland Group Plc, and JP Morgan Chase customers.  Undergone many changes in a very short period  Uses some noteworthy propagation and evasion techniques. 24
© 2014 IBM Corporation IBM Security 25 The target is business data!
© 2014 IBM Corporation IBM Security 26 Dyre compromises MS-Outlook to spread out 26 Spear-phishing email with weaponized attachment Uptare downloader C&C Dyre Trojan C&C WORM_MAILSPAM.XDP Hijacks MS-Outlook Client to send out more spear-phising emails Worm deletes itself so no evidence is left
© 2014 IBM Corporation IBM Security 27 Dyre Evasion Techniques  Fast evolution: a new binary code version can be released every three days.  Uses Secure Socket Layers (SSL) to protect C&C communications  Has a mechanism that enables the Trojan to find an alternate C&C (in case the hard coded C&Cs aren’t available) – Uses a domain generation algorithm (DGA) to generate URLs on various top- level domains (cc, ws, to, in, hk, cn, tk, and so) – Similar to the mechanism used by Downad/Conficker malware. 27
© 2014 IBM Corporation IBM Security 28 The Latest News on Dyre: Dyre Wolf
© 2014 IBM Corporation IBM Security 29 The Carbanak attack 29
© 2014 IBM Corporation IBM Security 30 The Carbanak Malware  Distributed through drive-by downloads and spear-phishing  Designed for espionage, data exfiltration and providing remote access  Once the system is infected, Carbanak logs keystrokes and takes screenshots every 20 seconds (intercepts ResumeThread call)  Can install additional malware like the Ammyy RAT 30
© 2014 IBM Corporation IBM Security 31 Carbanak Evasion Techniques  Carbanak copies itself into “%system32%com” with the name “svchost.exe” and then deletes the original exploit payload  Carbanak injects its code into svchost.exe. Most of the actions described below happen within this process.  To communicate with the C&C it uses the HTTP protocol with RC2+Base64 encryption, adding characters not included in Base64.  Latest Carbanak samples are digitally signed (seem trusted)
© 2014 IBM Corporation IBM Security 32 Characteristics of Massively Distributed APT malware 32
© 2014 IBM Corporation IBM Security 33 1:500 PCs infected with MAD APT malware 33
© 2014 IBM Corporation IBM Security 34 Recommendations  Traditional security controls aren’t effective • > New approach needed!  There is no silver bullet!  Multi-layered protection required – Employee Endpoints – Servers – Networks  Security Intelligence  Emergency Response Services 34
© 2014 IBM Corporation IBM Security 35 IBM is uniquely positioned to offer integrated protection 35  A dynamic, integrated system to disrupt the lifecycle of advanced attacks and prevent loss Open Integrations Global Threat Intelligence Ready for IBM Security Intelligence Ecosystem IBM Security Network Protection XGS Smarter Prevention Security Intelligence IBM Emergency Response Services Continuous Response IBM X-Force Threat Intelligence • Leverage threat intelligence from multiple expert sources • Prevent malware installation and disrupt malware communications • Prevent remote network exploits and limit the use of risky web applications • Discover and prioritize vulnerabilities • Correlate enterprise-wide threats and detect suspicious behavior • Retrace full attack activity, Search for breach indicators and guide defense hardening • Assess impact and plan strategically and leverage experts to analyze data and contain threats • Share security context across multiple products • 100+ vendors, 400+ products Trusteer Apex Endpoint Malware Protection IBM Security QRadar Security Intelligence IBM Security QRadar Incident Forensics IBM Guardium Data Activity Monitoring • Prevent remote network exploits and limit the use of risky web applications IBM Endpoint Manager • Automate and manage continuous security configuration policy compliance
© 2014 IBM Corporation IBM Security 36 Trusteer Apex Advanced Malware Protection Multi-layered protection against advanced malware and credentials theft 36 Threat and Risk Reporting Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Exploit Chain Disruption Advanced Malware Detection and Mitigation Malicious Communication Prevention Lockdown for Java Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud • Alert and prevent phishing and reuse on non- corporate sites • Prevent infections via exploits • Zero-day defense by controlling exploit-chain choke point • Mitigates mass- distributed advanced malware infections • Cloud based file inspection for legacy threats • Block malware communication • Disrupt C&C control • Prevent data exfiltration • Prevent high-risk actions by malicious Java applications
© 2014 IBM Corporation IBM Security 37 37 No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Breaking the Threat LifeCycle Pre-exploit 0011100101 1101000010 1111000110 0011001101 Strategic Chokepoint Strategic Chokepoint Strategic Chokepoint Advanced Malware Prevention Endpoint Vulnerability Reporting Credential Protection Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs) Exploit Chain Disruption Lockdown for Java Malicious Communication Blocking
© 2013 IBM Corporation IBM Security Systems 38 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Recommended

Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Making Threat Management More Manageable
Making Threat Management More ManageableMaking Threat Management More Manageable
Making Threat Management More ManageableIBM Security
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2عبودي خلف
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingVi Tính Hoàng Nam
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 

Recommended

Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainIBM Security
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Making Threat Management More Manageable
Making Threat Management More ManageableMaking Threat Management More Manageable
Making Threat Management More ManageableIBM Security
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2عبودي خلف
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingVi Tính Hoàng Nam
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionSYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionDsunte Wilson
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?William hendric
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!MSHOWTO Bilisim Toplulugu
 
ESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEET
ESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEETESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEET
ESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEETESET Belgique & Luxembourg
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of RansomwareUnitrends
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsIRJET Journal
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
ESET_ENDPOINT_PROTECTION_STANDARD_DATASHEET
ESET_ENDPOINT_PROTECTION_STANDARD_DATASHEETESET_ENDPOINT_PROTECTION_STANDARD_DATASHEET
ESET_ENDPOINT_PROTECTION_STANDARD_DATASHEETESET Belgique & Luxembourg
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Keyloggers
KeyloggersKeyloggers
Keyloggerskdore
 

More Related Content

What's hot

Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionSYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionDsunte Wilson
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?William hendric
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!MSHOWTO Bilisim Toplulugu
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of RansomwareUnitrends
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsIRJET Journal
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 

What's hot (20)

Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injection
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionSYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration Introduction
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacion
 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2
 
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
 
ESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEET
ESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEETESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEET
ESET_ENDPOINT_PROTECTION_ADVANCED_DATASHEET
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
ESET_ENDPOINT_PROTECTION_STANDARD_DATASHEET
ESET_ENDPOINT_PROTECTION_STANDARD_DATASHEETESET_ENDPOINT_PROTECTION_STANDARD_DATASHEET
ESET_ENDPOINT_PROTECTION_STANDARD_DATASHEET
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
 

Viewers also liked

Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Keyloggers
KeyloggersKeyloggers
Keyloggerskdore
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahnullowaspmumbai
 
Static analysis for security
Static analysis for securityStatic analysis for security
Static analysis for securityFadi Abdulwahab
 
Introduction to burp suite
Introduction to burp suiteIntroduction to burp suite
Introduction to burp suiteUtkarsh Bhargava
 
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You ThinkWebinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You ThinkStorage Switzerland
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Scénarios d'exploitation Metasploit - FR : Scénario 1
Scénarios d'exploitation Metasploit - FR : Scénario 1Scénarios d'exploitation Metasploit - FR : Scénario 1
Scénarios d'exploitation Metasploit - FR : Scénario 1Eric Romang
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
 
The old is new, again. CVE-2011-2461 is back!
The old is new, again. CVE-2011-2461 is back!The old is new, again. CVE-2011-2461 is back!
The old is new, again. CVE-2011-2461 is back!Luca Carettoni
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Attaque metasploite
Attaque metasploiteAttaque metasploite
Attaque metasploiteMajid CHADAD
 
Scénarios d'exploitation Metasploit - FR : Scénario 3
Scénarios d'exploitation Metasploit - FR : Scénario 3Scénarios d'exploitation Metasploit - FR : Scénario 3
Scénarios d'exploitation Metasploit - FR : Scénario 3Eric Romang
 
Fuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 JuneFuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 Junenullowaspmumbai
 

Viewers also liked (20)

Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
Keylogger
KeyloggerKeylogger
Keylogger
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
 
Static analysis for security
Static analysis for securityStatic analysis for security
Static analysis for security
 
Introduction to burp suite
Introduction to burp suiteIntroduction to burp suite
Introduction to burp suite
 
OWASP Zed Attack Proxy
OWASP Zed Attack ProxyOWASP Zed Attack Proxy
OWASP Zed Attack Proxy
 
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You ThinkWebinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Base64 Encoding
Base64 EncodingBase64 Encoding
Base64 Encoding
 
Scénarios d'exploitation Metasploit - FR : Scénario 1
Scénarios d'exploitation Metasploit - FR : Scénario 1Scénarios d'exploitation Metasploit - FR : Scénario 1
Scénarios d'exploitation Metasploit - FR : Scénario 1
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
Hack like a pro with burp suite - nullhyd
Hack like a pro with burp suite - nullhydHack like a pro with burp suite - nullhyd
Hack like a pro with burp suite - nullhyd
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
The old is new, again. CVE-2011-2461 is back!
The old is new, again. CVE-2011-2461 is back!The old is new, again. CVE-2011-2461 is back!
The old is new, again. CVE-2011-2461 is back!
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Attaque metasploite
Attaque metasploiteAttaque metasploite
Attaque metasploite
 
Scénarios d'exploitation Metasploit - FR : Scénario 3
Scénarios d'exploitation Metasploit - FR : Scénario 3Scénarios d'exploitation Metasploit - FR : Scénario 3
Scénarios d'exploitation Metasploit - FR : Scénario 3
 
Fuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 JuneFuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 June
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 

Similar to Using Massively Distributed Malware in APT-Style Attacks

WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM Security
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against MalwarePrecisely
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
StandGuard Anti-Virus Tech Pack
StandGuard Anti-Virus Tech PackStandGuard Anti-Virus Tech Pack
StandGuard Anti-Virus Tech PackHelpSystems
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
Cyber security
Cyber securityCyber security
Cyber securityRahul Dey
 

Similar to Using Massively Distributed Malware in APT-Style Attacks (20)

WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail Breach
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
 
StandGuard Anti-Virus Tech Pack
StandGuard Anti-Virus Tech PackStandGuard Anti-Virus Tech Pack
StandGuard Anti-Virus Tech Pack
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
 
Cloud security
Cloud securityCloud security
Cloud security
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Using Massively Distributed Malware in APT-Style Attacks

  • 1. Using Massively Distributed Malware in APT-Style Attacks Dana Tamir IBM Trusteer Dir. Enterprise Security
  • 2. © 2014 IBM Corporation IBM Security 2 2 What do you think about when you hear the term APT?
  • 3. © 2014 IBM Corporation IBM Security 3 Flame Stuxnet Security Virus Trojan RAT Threat Data Credentials Malware Internet Wild Cyber WAR Discovery Alert! Breach Dangerous Detection Research $$$
  • 4. © 2014 IBM Corporation IBM Security 4 Stuxnet * Designed to attack Siemens industrial systems * Caused fast- spinning centrifuges to tear themselves apart * Exploited four zero-day vulnerabilities Duqu * Looks for info to target industrial control systems * Not destructive * Uses jpeg files and encrypted dummy files as containers to exfiltrate data to C&C Gauss * A complex Cyber- espionage toolkit * Steals various kinds of data from infected machines * Includes an encrypted payload which is activated on certain specific system configs APTs => Highly Targeted Malware Flame • A sophisticated cyber-espionage malware • Infected target machines in Middle Eastern countries • Receives instructions via C&C servers
  • 5. © 2014 IBM Corporation IBM Security 5 New Emerging Trend 5
  • 6. © 2014 IBM Corporation IBM Security 6 Trojans Used in Financial Fraud Trojans Used in APT-Style Attacks • Targets Consumers • Used for stealing • Bank account credentials • Personal information • Sophisticated • Targets Employees • Used for stealing • Corporate credentials • Business and operational data • Sophisticated
  • 7. © 2014 IBM Corporation IBM Security 7 Typical functions available with these malware families Capability Description Keylogging Captures user keystrokes and sends data to attacker Screenshot capturing record browser session, including data displayed to user Video capturing record a video stream of a browser session Form grabbing (HTTP POST grabbing) method used to capture user input from a web data form. HTML injection a method used for injecting HTML content into legitimate web pages in order to modify it. Remote execution of command line instructions enables the operator to collect data and change settings on one or more remote computers. Remote control of the infected machine allows complete control over the PC and full access to the corporate network. Evasion techniques designed to evade anti-virus and other security controls. Anti-research techniques a variety of sophisticated features designed to prevent researchers from analyzing the malware 7
  • 8. © 2014 IBM Corporation IBM Security 8 Using Massive Distribution Campaigns 8 Not Targeted! Infecting Millions of Machines!
  • 9. © 2014 IBM Corporation IBM Security 9 9 Massively Distributed Malware Massive Distribution Campaigns use techniques like Spear- Phishing, Drive-By Downloads, Malvertising, Watering hole attacks…
  • 10. © 2014 IBM Corporation IBM Security 10 10 Massively Distributed Malware Command and Control Server Registration Configuration file
  • 11. © 2014 IBM Corporation IBM Security 11 11 The Configuration Files • Provided by the Command and Control Server • Contain operational information, like: • Targets and Operational Triggers • Information requested • Alternative Command and Controls • Can be Updated! • New operational triggers and targets • New information requested • Alternative Command and Controls • Software upgrades
  • 13. © 2014 IBM Corporation IBM Security 13 Example: The Citadel Trojan 13 Citadel Configuration File
  • 14. © 2014 IBM Corporation IBM Security 14 Available for sale on the Russian Underground  New version offers “classic” Zeus and new capabilities  Enables the attacker to run shell commands off the infected device  Can map the network on which the infected device is  Obviously not added for financial fraud…  Built-in VNC (the VNCfox)  is a valuable tool  “Crowd-sourcing”  Will not work on devices that use a Cyrillic keyboard layout (do not wish to target Russian or Ukrainian systems) 14
  • 15. © 2014 IBM Corporation IBM Security 15 Constantly under development 15 Malware
  • 16. © 2014 IBM Corporation IBM Security 16
  • 17. © 2014 IBM Corporation IBM Security 17 From The Citadel Configuration File  Instructed to look for user access to certain URL addresses  Form Grabbing/ “HTTP POST”: grab all the information submitted by the user  The relevant section from the configuration file (shown in a Trusteer proprietary format) 17
  • 18. © 2014 IBM Corporation IBM Security 18 Grabbing webmail login credentials  http://mail.target-company.com/* 18
  • 19. © 2014 IBM Corporation IBM Security 19 19
  • 20. © 2014 IBM Corporation IBM Security 20 Citadel triggered by specific processes  Citadel instructed to start keylogging (capturing user keystrokes) when specific processes are running.  The relevant part of the configuration is shown below (in IBM Trusteer’s proprietary format): 20
  • 21. © 2014 IBM Corporation IBM Security 21 Examples of Citadel Evasion Techniques  Designed to evade anti-virus and other traditional security controls  Anti-research techniques: won’t execute if env settings are set to ‘debug’ mode  Using “AutoCMD” functionality (run shell commands on infected device): – The variant creates a new user on the infected device – New user added to native windows remote desktop protocol (RDP) group. – So, if the malware is removed from the infected device, the operator still has a backdoor into it using Windows RDP. 21
  • 22. © 2014 IBM Corporation IBM Security 22 AlienSpy RAT used to deliver the popular Citadel Trojan  Similar to other RATs, AlienSpy RAT provides the attacker with full control over the compromised system.  Network traffic encryption is performed to obfuscate the malicious network traffic with the command and control server (CnC)  AlienSpy receives commands to download and execute a file in the victim system – At least one variant received commands to infect the victim system with Citadel C&C AlienSpy (PayslipDetails.jar) Citadel C&C Dropper
  • 23. © 2014 IBM Corporation IBM Security 23 Using Trojans to Massively Distribute Trojans …so far managed to infect over 770,000 machines around the world. …designed primarily to disseminate other kinds of malware and has been operating since at least 2012 somewhat under the radar of researchers…
  • 24. © 2014 IBM Corporation IBM Security 24 The Dyre Trojan  First appeared in June 2014  Distributed through massive spear-phishing campaigns  Initially targeted customers of large financial institutions  Targets include: Bank of America, Citigroup, and Royal Bank of Scotland Group Plc, and JP Morgan Chase customers.  Undergone many changes in a very short period  Uses some noteworthy propagation and evasion techniques. 24
  • 25. © 2014 IBM Corporation IBM Security 25 The target is business data!
  • 26. © 2014 IBM Corporation IBM Security 26 Dyre compromises MS-Outlook to spread out 26 Spear-phishing email with weaponized attachment Uptare downloader C&C Dyre Trojan C&C WORM_MAILSPAM.XDP Hijacks MS-Outlook Client to send out more spear-phising emails Worm deletes itself so no evidence is left
  • 27. © 2014 IBM Corporation IBM Security 27 Dyre Evasion Techniques  Fast evolution: a new binary code version can be released every three days.  Uses Secure Socket Layers (SSL) to protect C&C communications  Has a mechanism that enables the Trojan to find an alternate C&C (in case the hard coded C&Cs aren’t available) – Uses a domain generation algorithm (DGA) to generate URLs on various top- level domains (cc, ws, to, in, hk, cn, tk, and so) – Similar to the mechanism used by Downad/Conficker malware. 27
  • 28. © 2014 IBM Corporation IBM Security 28 The Latest News on Dyre: Dyre Wolf
  • 29. © 2014 IBM Corporation IBM Security 29 The Carbanak attack 29
  • 30. © 2014 IBM Corporation IBM Security 30 The Carbanak Malware  Distributed through drive-by downloads and spear-phishing  Designed for espionage, data exfiltration and providing remote access  Once the system is infected, Carbanak logs keystrokes and takes screenshots every 20 seconds (intercepts ResumeThread call)  Can install additional malware like the Ammyy RAT 30
  • 31. © 2014 IBM Corporation IBM Security 31 Carbanak Evasion Techniques  Carbanak copies itself into “%system32%com” with the name “svchost.exe” and then deletes the original exploit payload  Carbanak injects its code into svchost.exe. Most of the actions described below happen within this process.  To communicate with the C&C it uses the HTTP protocol with RC2+Base64 encryption, adding characters not included in Base64.  Latest Carbanak samples are digitally signed (seem trusted)
  • 32. © 2014 IBM Corporation IBM Security 32 Characteristics of Massively Distributed APT malware 32
  • 33. © 2014 IBM Corporation IBM Security 33 1:500 PCs infected with MAD APT malware 33
  • 34. © 2014 IBM Corporation IBM Security 34 Recommendations  Traditional security controls aren’t effective • > New approach needed!  There is no silver bullet!  Multi-layered protection required – Employee Endpoints – Servers – Networks  Security Intelligence  Emergency Response Services 34
  • 35. © 2014 IBM Corporation IBM Security 35 IBM is uniquely positioned to offer integrated protection 35  A dynamic, integrated system to disrupt the lifecycle of advanced attacks and prevent loss Open Integrations Global Threat Intelligence Ready for IBM Security Intelligence Ecosystem IBM Security Network Protection XGS Smarter Prevention Security Intelligence IBM Emergency Response Services Continuous Response IBM X-Force Threat Intelligence • Leverage threat intelligence from multiple expert sources • Prevent malware installation and disrupt malware communications • Prevent remote network exploits and limit the use of risky web applications • Discover and prioritize vulnerabilities • Correlate enterprise-wide threats and detect suspicious behavior • Retrace full attack activity, Search for breach indicators and guide defense hardening • Assess impact and plan strategically and leverage experts to analyze data and contain threats • Share security context across multiple products • 100+ vendors, 400+ products Trusteer Apex Endpoint Malware Protection IBM Security QRadar Security Intelligence IBM Security QRadar Incident Forensics IBM Guardium Data Activity Monitoring • Prevent remote network exploits and limit the use of risky web applications IBM Endpoint Manager • Automate and manage continuous security configuration policy compliance
  • 36. © 2014 IBM Corporation IBM Security 36 Trusteer Apex Advanced Malware Protection Multi-layered protection against advanced malware and credentials theft 36 Threat and Risk Reporting Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Exploit Chain Disruption Advanced Malware Detection and Mitigation Malicious Communication Prevention Lockdown for Java Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud • Alert and prevent phishing and reuse on non- corporate sites • Prevent infections via exploits • Zero-day defense by controlling exploit-chain choke point • Mitigates mass- distributed advanced malware infections • Cloud based file inspection for legacy threats • Block malware communication • Disrupt C&C control • Prevent data exfiltration • Prevent high-risk actions by malicious Java applications
  • 37. © 2014 IBM Corporation IBM Security 37 37 No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Breaking the Threat LifeCycle Pre-exploit 0011100101 1101000010 1111000110 0011001101 Strategic Chokepoint Strategic Chokepoint Strategic Chokepoint Advanced Malware Prevention Endpoint Vulnerability Reporting Credential Protection Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs) Exploit Chain Disruption Lockdown for Java Malicious Communication Blocking
  • 38. © 2013 IBM Corporation IBM Security Systems 38 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.