Fraud is a key--and evolving--challenge facing security teams today. This presentations highlight tactics organizations can deploy to dramatically reduce incidents of fraud, provides a high-level, technical overview of client-side attacks and demonstrates how man-in-the-browser attacks operate, reveals two techniques that can be used by a Web application to detect infected clients, and discusses practical aspects of implementing these two methods and how to use the output of the detection process in the application.
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Fraud is a key--and evolving--challenge facing security teams today. This presentations highlight tactics organizations can deploy to dramatically reduce incidents of fraud, provides a high-level, technical overview of client-side attacks and demonstrates how man-in-the-browser attacks operate, reveals two techniques that can be used by a Web application to detect infected clients, and discusses practical aspects of implementing these two methods and how to use the output of the detection process in the application.
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
An actionable guide for website application developers to successfully ward off threats to vulnerabilities in a range of functionalities: user authentication, payment records, cross-site scripting, search, registration, file loading and privilege escalation.
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Security has been identified as the major concern for the agent paradigm for two reasons. First, foreign code that executes on a site shares that site's services and resources with local processes and other agents. Services can include electronic commerce utilities. Resources include the file system, the GUI and the network server, as well as memory and CPU. It is difficult for a site to ensure that no agent can steal information or corrupt another agent or shared resource. The second security problem is that the agent itself can be circumvented by a malicious site which may steal or corrupt agent data or simply destroy the agent. To solve this problems we build a mini–password manager using a code in language Java. Then we incorporate the mini–password manager into the simple web server to authenticate users that would like to download documents and resources. The goal of this paper is to accentuate the positive aspects that agents bring to Internet security.
It seems like we've been hearing a lot about phishing in the news in recent years, and this threat hasn't abated yet. Why are attacks via phishing -and social engineering in general -so prevalent and so effective? This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
Brute Force Attacks - Finding and Stopping themFlowTraq
A brute force attack is when an attacker or script tries many different password and credential combinations in rapid succession to break into a system. This is how FlowTraq finds and stops them.
Application Security session given as part of the Solvay Executive Master in IT Management.
Explaining application security challenges for web, mobile, cloud and internet of things.
Positioning OWASP SAMM as structural and measurable framework to get application security under control in the complete application lifecycle.
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
An actionable guide for website application developers to successfully ward off threats to vulnerabilities in a range of functionalities: user authentication, payment records, cross-site scripting, search, registration, file loading and privilege escalation.
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Security has been identified as the major concern for the agent paradigm for two reasons. First, foreign code that executes on a site shares that site's services and resources with local processes and other agents. Services can include electronic commerce utilities. Resources include the file system, the GUI and the network server, as well as memory and CPU. It is difficult for a site to ensure that no agent can steal information or corrupt another agent or shared resource. The second security problem is that the agent itself can be circumvented by a malicious site which may steal or corrupt agent data or simply destroy the agent. To solve this problems we build a mini–password manager using a code in language Java. Then we incorporate the mini–password manager into the simple web server to authenticate users that would like to download documents and resources. The goal of this paper is to accentuate the positive aspects that agents bring to Internet security.
It seems like we've been hearing a lot about phishing in the news in recent years, and this threat hasn't abated yet. Why are attacks via phishing -and social engineering in general -so prevalent and so effective? This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
Brute Force Attacks - Finding and Stopping themFlowTraq
A brute force attack is when an attacker or script tries many different password and credential combinations in rapid succession to break into a system. This is how FlowTraq finds and stops them.
Application Security session given as part of the Solvay Executive Master in IT Management.
Explaining application security challenges for web, mobile, cloud and internet of things.
Positioning OWASP SAMM as structural and measurable framework to get application security under control in the complete application lifecycle.
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
A professional guide to reducing the risks of a cyber attack on your business. A professionally written article that would be suitable for a technical IT blog.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
At Cloudflare, we want to share our unique position — with more than 14 million domains interacting with 175 data centres worldwide, we can draw unparalleled insights into attack trends and what these attacks look like.
Join this webinar and learn:
- Three factors that we see are leading customers to a growing exposure to security threats
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent Layer 7 attacks, and bots
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome
DataDome protects all vulnerability endpoints of digital business (website, mobile app, login pages, payment funnels, APIs, form and submit sections, backoffice, RSS feeds) from automated threats driven by bots. The Saas cybersecurity solution integrates seamlessly with 95% of the world's web infrastructure.
Web application vulnerabilities involve a system flaw or weakness in a web-based application. They have been around for years, largely due to not validating or sanitizing form inputs, misconfigured web servers, and application design flaws, and they can be exploited to compromise the application's security.
Matt Johansen, White Hat - Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript -- even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean you have to abide. Absolutely nothing prevents spending $10, $100, or more to create a massive javascript-driven browser botnet instantly. The real-world power is spooky cool. We know, because we tested it… in-the-wild.
Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely controlled over SMS and HTTP. iBanking began life as a simple SMS stealer and call redirector, but has undergone significant development since then. iBanking is available for purchase on a private underground forum for between $4k - $5k, with the next release expected to include a 0-day exploit for the Android operating system. This presentation will discuss iBanking - it's capabilities and the reasons for targeting mobile devices.
Matt Summers, NCC Group - Web technology has changed a lot in the last 25 years but the underlying transport mechanism has stayed the same. The web we have today was not designed for the plethora of new device types and communication methods but things are changing and you probably don’t even know it. You probably don’t even notice the problem because it is so ingrained. In this presentation we are going to delve into the problems with the web and how we use it today. We will also take an in depth look at the proposed solutions for the next generation web and the implications that come with it.
Mathieu Letourneau, Andrei Saygo, Eoin Ward, Microsoft
This talk will present our research project on .Net file clustering based on their respective basic blocks and the parallel that can be made with DNA sequence variation analysis. We implemented a system that extracts the basic blocks on each file and creates clusters based on them. We also developed an IDA plugin to make use of that data and speed up our analysis of .Net files.
Andrei Saygo, Eoin Ward and Mathieu Letourneau all work as Anti-Malware Security Engineers in the AM Scan team of Microsoft’s Product Release & Security Services group in Dublin, Ireland.
Brian Honan, IRISSCERT
Social media networks provide individuals and businesses with exciting opportunities to communicate and collaborate with others throughout the world. But with these opportunities come a number of security challenges and risks. This talk will outline how social media networks can pose various threats to businesses, from information leakage, reputational damage, to social engineering profiling, and vectors for enabling compromise of corporate systems. Social media networks also enable the rapid dissemination of news which in the event of an information security breach could either save or destroy an organisations reputation. Understanding and dealing with these challenges will enable companies to like and favourite social media networks in a secure way.
Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to Europol's Cybercrime Centre (EC3), an adjunct lecturer on Information Security in University College Dublin. He is the author of the book "ISO 27001 in a Windows Environment" and co-author of "The Cloud Security Rules", and regularly speaks at major industry conferences. In 2013 Brian was awarded SC Magazine's Information Security Person of the year for his contribution to the computer security industry.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
4. Imperva Overview
Our mission.
Protect the data that drives business
Our market segment.
Enterprise Data Security
Our global business.
• Public Company, Founded in 2002;
• Global operations; HQ in Redwood Shores, CA
• 350+ employees
• Customers in 50+ countries
Our customers.
1,300+ direct; Thousands cloud-based
• 4 of the top 5 global financial data service firms
• 4 of the top 5 global telecommunications firms
• 4 of the top 5 global computer hardware companies
• 3 of the top 5 US commercial banks
• 150+ government agencies and departments
5. Today’s Presenter
Amichai Shulman – CTO Imperva
Speaker at Industry Events
+ RSA, Sybase Techwave, Info Security UK, Black Hat
Lecturer on Info Security
+ Technion - Israel Institute of Technology
Former security consultant to banks & financial services firms
Leads the Application Defense Center (ADC)
+ Discovered over 20 commercial application vulnerabilities
– Credited by Oracle, MS-SQL, IBM and others
Amichai Shulman one of InfoWorld’s “Top 25 CTOs”
7. Client Side Attacks - Scope of Problem (1)
Major Attack Vectors
Browser code
+ On decline over past 3
years
+ Expected to rise over
next 2 years
Browser plug-ins
(Java, Flash, PDF, Me
dia Player etc.)
OS libraries (graphics
rendering)
8. Client Side Attacks - Scope of Problem (2)
2010 Vulnerability Figures
Client side Server side
+ 77 IE + Only 36 vulnerabilities
vulnerabilites, 106 across IIS, Apache
Firefox and Tomcat
vulnerabilities, 188
Chrome vulnerabilities
+ 73 Adobe Flash, 9
Adobe Reader related
vulnerabilities
+ 72 Various ActiveX
related vulnerabilities
8
9. Client Side Attacks - Scope of Problem (3)
Malware Distribution Methods
Drive-By-Download / Malvertizing
Phishing, “Spear Phishing”
Torrent and P2P
Physical
10. Client Side Attacks - Scope of Problem (4)
2009 / 2010 Attack Figures
A 2010 report by Kaspersky
+ ~600M attempts reported to KSN, more than 5 times increase
over 2009
Number of Zeus infected computers estimated at 10M
Rustock spanned 1M computers
40K new infections a day (with some being cleaned up)
Consumers cannot be expected
to cope with the technical
problem on their own
11. From Consumer Attack to a Business Problem
The threat to consumers is constantly growing
+ Number of vulnerabilities
+ Number of attacks
+ Types of attacks
+ Sophistication
Usage is expanding beyond banking and popular retail
applications
We are passed the point of no return
+ Cannot expect average consumers to avoid infection and
mitigate attacks alone
+ We cannot deny service to infected consumers
+ We cannot let the consumer bear the consequences of a
compromise
12. From Consumer Attack to a Business Problem
Potential consequences (of failing to do so):
+ Reduced on boarding rate
+ Reduced activity
+ Increased refunds
+ Increased insurance rates
Consumer facing malware
threatens online commerce*
Forrester Feb 2011: Malware And Trojans And Bots, Oh My!
13. From Consumer Attack to a Business Problem
Car User Safety Online User Safety
15. Client Side Trouble – Types of Interaction
Key loggers
+ No interaction between malware and application
+ Offline interaction between attacker and application using stolen
credentials
Phishing
+ Some interaction between browser and actual application during
attack
– Could be used for detection of some Phishing campaigns
+ Offline interaction between attacker and application using stolen
credentials
Man in the Browser
+ Extensive interaction between malware and application during
attack
+ Offline interaction between attacker and application using stolen
credentials
16. Man in the Browser Attacks
Attacker code running in context of victim’s browser
AKA Proxy Trojan
Original motivation
+ No need to attack infrastructure (DNS, tap into
router, etc.)
+ Defeat SSL
Additional benefits
+ Access to local resources
+ Access to application session data
Prominent Actors
+ ZeuS, Gozi, URLZone, Sinowal, Limbo and SpyEye
+ Silentbanker
16
17. MitB Attacks - The Evolution of Proxy Trojans
Key Record Inject Manipulate
logger HTML HTML and inject
data elements transactions
17
27. Typical Changes by Trojan
Encoding related headers
+ Enforce use of traffic that is easily tampered by the Trojan
+ Avoid HTTP/1.1 connections, compressed data
Client type identification
+ Ensure identification by drop server and other attacker
controlled components
Additional parameters
+ Extra data provided by an unfortunate victim
+ Could represent client identification for attacker controlled
components
Parameter order
+ Expected from fake transactions
27
28. Shape Based Tests
The application (or a device protecting the application)
inspects the shape of incoming messages for changes
typical to Trojans
If a Trojan pattern is detect mark the client (IP address /
session / request) as “infected”
28
29. Shape Based Tests in Action
Drop Server
Apply Shape Tests
Inject Fake
Transaction
Extract Data
Tamper Page
Web Application
Client Machine
Apply Shape Tests
Tamper Request
29
30. Challenges – Tracking Trojan Discrepancies
Each Trojan may Need to keep track of
display a different Trojans
change Create a framework
Changes may be for shape based rules
reflected in specific Create a framework
request types for constructing shape
tests
30
31. Challenges – Avoiding False Positives
Some real client HTTP/1.1 200 OK
.
devices do not .
.
support (or choose Content-Encoding: gzip
not to support) Refresh: 2;url=infection_test.html?infected=no
HTTP/1.1 or <html>
...........V*//W...Qzi...I...z...J:`.......T$......d.y.%@.^f.R,...(
<head>
..y.:.J....9.V......%%...JV.J~.a...!..~@.Dqbkc...%6....
compressed data <script>window.navigate('infection_test.html?inf
ected=yes')</script>
Engage the browser </head>
<body></body>
in a challenge </html>
response protocol
31
33. Content Based Tests
Current malware tampers HTML at the network layer
(before it is interpreted by browser)
+ This is due to simplicity and robustness considerations
Use client side code to verify integrity of HTML page
content in coordination with the server
Some solutions try to “provoke” the MitB into making
changes. Then compare the HTML content to known
Trojan behaviors
+ This can be avoided by careful configuration of the MitB
+ Requires constant chase after MitB configuration files
– Construct an up-to-date database of “known behaviors”
34. Client / Server Content Verification
Server computes a digest of the delivered HTML page
+ Random (invisible) elements are injected into the page before
computation
Server appends a page digest computation function to
the HTML page
+ Computation function code includes a random salt
When page is loaded into the browser, the computation
function is invoked, computes the digest and sends it to
the server for verification
If the browser does not send back a digest then
infection is assumed
34
35. Content Based Tests in Action
Drop Server Compute Digest and Inject
Digest Computation Function
Inject Fake
Transaction
Extract Data
Tamper Page
Web Application
Client Machine
Compare Digests
Tamper Request
Compute Digest
35
36. Model Strengths (1)
Digest cannot be pre-computed by malware due to the
random HTML elements
Digest cannot be computed by malware without
executing the digest computation function
+ Requires malware to implement / invoke Javascript engine
Computation function can be extended to explicitly
reference the randomly injected HTML elements through
DOM functions
+ Requires the malware to implement / fake DOM
Malware cannot dismiss test
36
37. Model Strengths (2)
Does not depend on specific MitB configuration and the
expected changes
+ Only depends on protected application page
+ Some configuration options should be available to restrict the
parts of the page that are digested
– Avoid elements produced by client side code
Breaking the tie with attackers
+ Complexity of the computation process can be increased with
small effort
+ Resulting changes to malware code are complex and
painful, increasing its footprint
37
39. Look at the Complete Picture
Apply shape based tests and content based tests to
identify infected client devices
Interact with Infected Clients
+ Provide clear visual warnings
+ Contact customer offline
+ Apply business access policies
– Example 1: Allow data extraction but deny transaction
– Example 2: Limit transaction size
+ Automatically employ extra validation through side channels
– Adaptive authentication
+ Keep a more comprehensive audit trail for the user / session
40. MitB is Only Part of the Landscape
Identifying account takeover
+ Server side fraud detection
+ Device profiling and reputation
+ Advanced authentication
Defeat Phishing Campaigns
+ Detect and takedown campaigns
+ Detect victims in real time
40
41. Flexible Deployment Framework
Cannot change application code whenever capabilities
change or threats morph
Be able to protect legacy applications
Create consistency across all applications and flexibility
in choosing vendors
41
43. Summary
Threat to consumer is constantly growing and is past the
point where we can expect most of our consumers to
avoid infection
Consumer infection has become a business problem
While providers should urge consumers to be prudent
they MUST learn how to interact with infected
Some car safety mechanisms are
consumers and create a safe business environment for
them regardless of the general threat
already regulated. We can expect
the same from business IT
security
44. Summary (cont.)
Enterprise IT is failing to properly tackle client based
attacks within enterprise
The growing number of so called “APT” attacks on
organizations demonstrate the effect of “compromised
insider”
Failures stem from the same reason: try to avoid
infection rather than learn to interact with infected
clients
44
Client side software is much more susceptible to “generic” attacks than server side. Less custom code Introduction of HTML 5.0 which takes a lot of plug-in functionality into browser code and new technologies that allow execution of native code in browser context are probably going to invoke a rise in browser code vulnerabilities- While the 10 IIS vulnerabilities are handled by professional IT staff, the 77 IE vulnerabilities are handled by my mother and my kids.
2010 Figures collected from the webServer side vulnerabilities are handled by top IT people (I chose pictures of 2011 CIO of the year).Client side vulnerabilities are handled by my kids and their grandmother.
Mention my interview in CNN in November 2010Traditional methods such as AV updates, Search engine “warning signs” and consumer prudence are no longer a viable defense. This is not a technology issue but a human nature / skill issue.Mention the December 2010 press about Macy’s and Nordstrom being targeted. http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=228800040&cid=RSSfeed_IWK_AllExpansion into other domain is reflected also in VDBIRCounting on consumers to avoid detection is like counting on drivers to avoid car crashes (hint hint)
All these have an impact on the financial bottom line of organizations.
We learned to expect Seat belt, air bags, ABS, ESP, energy absorbing chassis and more
Attackers realized that it is easier to install an agent on the victim’s machine than to tap into communications channel in the InternetDiscuss the commonality of Zeus regardless of its age and tenure.
Today they defeat two factor authentication and anti-CSRF
Tamper the request to invoke a failed login Tamper the incoming page to include additional fields Intercept the outgoing response and send data to malicious server