Modern Malware and Threats discusses the landscape of modern malware threats. It defines malware as software used to disrupt systems or steal information. Modern malware is more stealthy, targeted, and uses distributed infrastructure compared to traditional malware. It can persist through backdoors, rootkits, or bootkits and communicates covertly through various protocols. Defenses include antivirus, firewalls, hardening systems, and monitoring logs. The document provides examples of advanced malware strains and recommendations for detection and mitigation techniques.
Here is brief description of different types of malwares. If you want to learn the latest malware analysis tactics, sign up for CEHv11: https://www.eccouncil.org/programs/certified-ethicalhacker-ceh/
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
Social enigneering (Security) is the new threat and its growing day by day specially in India and its sub contenents. this presentation is all aout social engineering threat and some tips to prevent from this attack.
Here is brief description of different types of malwares. If you want to learn the latest malware analysis tactics, sign up for CEHv11: https://www.eccouncil.org/programs/certified-ethicalhacker-ceh/
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
Social enigneering (Security) is the new threat and its growing day by day specially in India and its sub contenents. this presentation is all aout social engineering threat and some tips to prevent from this attack.
What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
Benny Czarny presented an introduction to malware and anti-malware to computer science students at San Francisco State University. The presentation introduced the concept of malware, types of malware, and methods for detecting malware. Benny provided examples of historical malware and illustrations of the difficulties that security vendors face in detecting threats.
malware, types of malware, virus, trojans, worm, rootkit, ransomware, malware protection, malware protection laws India, how malware works, history of malware
Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery
Training on July 16, 2017.
This training is the compressed version of Malware Engineering & Crafting.
In this training, we will talk about malware as well as crafting the simple working malware. The goal of this session is to understanding malware internal so one can have tactics to combat it.
What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
Benny Czarny presented an introduction to malware and anti-malware to computer science students at San Francisco State University. The presentation introduced the concept of malware, types of malware, and methods for detecting malware. Benny provided examples of historical malware and illustrations of the difficulties that security vendors face in detecting threats.
malware, types of malware, virus, trojans, worm, rootkit, ransomware, malware protection, malware protection laws India, how malware works, history of malware
Symantec propone un'analisi approfondita sui Rogue Security Software. I RSS sono applicazioni fasulle che fingono di fornire servizi di tutela della sicurezza informatica ma che, al contrario, hanno come obiettivo quello di installare dei codici maligni che compromettono la sicurezza generale della macchina.
Panoramica - Rischi - Principali modalità di diffusione e distribuzione.
Il periodo di osservazione va da luglio 2008 a giugno 2009.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery
Training on July 16, 2017.
This training is the compressed version of Malware Engineering & Crafting.
In this training, we will talk about malware as well as crafting the simple working malware. The goal of this session is to understanding malware internal so one can have tactics to combat it.
Given at TRISC 2010, Grapevine, Texas.
http://www.trisc.org/speakers/aditya_sood/#p
The talk sheds light on the new trends of web based malware. Technology and Insecurity goes hand in hand. With the advent of new attacks and techniques the distribution of malware through web has been increased tremendously. Browser based exploits mainly Internet Explorer have given a birth to new world of malware infection. The attackers spread malware elegantly by exploiting the vulnerabilities and drive by downloads. The infection strategies opted by attackers like malware distribution through IFRAME injections and Search Engine Optimization. In order to understand the intrinsic behavior of these web based malware a typical analysis is required to understand the logic concept working behind these web based malwares. It is necessary to dissect these malwares from bottom to top in order to control the devastating behavior. The talk will cover structured methodologies and demonstrate the static, dynamic and behavioral analysis of web malware including PCAP analytics. Demonstrations will prove the fact and necessity of web malware analysis.
2017-07-16
A training for learning the internal of malware.
This version is the compressed version of Malware Engineering & Crafting.
We talk about malware as well as crafting the simple working malware. The goal of this session is to understand malware internal so one can have tactics to combat it.
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
This white paper describes the current advanced threat landscape, shortcomings of anti-virus, and how RSA ECAT fills the gap and helps organizations detect advanced malware.
System hacking is the way hackers get access to individual computers on a network. ... This course explains the main methods of system hacking—password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1. Modern Malware and
Threats
Martin Čmelík
www.security-portal.cz
Moderní malware a možnosti obrany, Hotel Barceló, Praha - 4.11.2014
2. What is malware?
Malware, short for malicious
software, is any software used
to disrupt computer operation,
gather sensitive information, or
gain access to private computer
systems.
'Malware' is a general term used
to refer to a variety of forms of
hostile or intrusive software.
source: wikipedia
4. Threat Landscape
Motivation Actors Targets
CYBER WAR Military/Political Advance Cyber
Nation - States
Critical
Infrastructure
TERRORISM Political Change Terrorist Networks
and Groups
Infrastructure and
Public Assets
ESPIONAGE Intellectual
Property Gain
Nation-States
and Enterprises
Governments,
Companies and
Individuals
ORGANIZED
CRIME Financial Gain Criminals Companies and
Individuals
HACKTIVISM Ego, Curiosity
and Change
Groups and
Individuals
Governments,
Companies and
Individuals
5. Types of malware
Viruses
Worms
Trojan Horses
Spyware
Crimeware
Bankers
Backdoors
Exploits
RAT (Remote Access Toolkit)
Bootkits
Rootkits
Ransomware
Zombie/Bot, Dropper, …
Malware classification tree
source: http://www.kaspersky.com/internet-security-center/malware-tree.jpg
6. Traditional vs Modern malware
Traditional Malware:
- Open channels
- Known detection and patches available
- Broad & Noisy
- Single
- Centralized infrastructure
Modern Malware:
- Stealthy & Covert
- Unknown detection and Zero Day
- Targeted & Personalize
- Persistent
- Distributed infrastructure
7. Sources of infection
Spear phishing & Spam
Social Media
Infected websites (drive-by-download, watering hole, …)
Exploit Kits (Blackhole - not active, Crime Pack, Magnitude, Fiesta, …)
Infected media - USB stick (autorun.inf, BadUSB)
Infected host on network
Dynamic binary patching
Pirated Software & Key Generators
Human error
8. Persistence
Backdoor
- enable an attacker to bypass normal authentication procedure to
gain access to system
Rootkit
- admin-level type of access
- hiding existence in system
- blocking AV/Malware scanners or providing spoofed data
- firmware (network card, disk, BIOS, VGA, …) rootkits are
resistant to OS reinstallation
Bootkit
- kernel-mode type of rootkit
- infect MBR, VBR or boot sector
- can be used to attack full disk encryption
9. Communication
Common (allowed) protocols: HTTP, HTTPS, SSH, DNS
Proprietary protocols and encryption
Communication via proxies, tunnels, IRC
Through public services like Facebook, Reddit, Twitter, Google
Steganography (image EXIF metadata)
TOR hidden services (e.g. Mevade)
P2P network (e.g. Alureon, GameOver)
Computer speakers and microphones to bridge air gaps (badBIOS PoC)
Fast Flux (or DDNS) - combination of P2P, distributed CnC, load
balancing and proxy redirection (e.g. Storm Worm)
10. Single vs Double Fast Flux network
source: http://www.honeynet.org/node/136
12. Anti-Detection techniques
Obfuscation - deliberate act of creating source or machine code that is difficult for humans
to understand.
Packers - comparable to obfuscation. Uses executable data compression algorithm and
combine compressed data with decompression code into single executable. Still could
provide quite good results when you will combine more of them together.
Olygomorphic code - randomly selecting each piece of the decryptor from several
predefined alternatives (+,-,/,XOR). Limited to just a few hundred different decryptors.
Polymorphic code - uses polymorphic engine to mutate while keeping original algorithm
intact. Code changes encryptor/decryptor each time it runs, but the function will remain
same.
Metamorphic code - no part of malware stays the same. Metamorphic viruses often
translate their own binary code into a temporary representation, editing the temporary
representation of themselves and then translate the edited form back to machine code
again.
Steganography - concealment of information within computer files (images, videos, …).
Used sporadically at this time, but seems to be weapon of choice for droppers which can
download and extract from image/youtube video/whatever malware payload.
13. Example of obfuscated PHP script
source: http://ddecode.com/phpdecoder/?results=e0719289a4608ed4ef4efa66375337ef
14. Example of obfuscated JavaScript
Result? Redirect to google.com website
source: http://www.kahusecurity.com/2011/making-wacky-redirect-scripts-part-i/
15. Exploit Kit services
Dashboard - statistics, infected computers, traffic flow summary, infection rate in % by OS,
used exploit, country, browser, affiliate/partner, …
Available exploits to use and exploits which you can buy
AntiVirus evasion techniques + virustotal-like service to verify results
Code obfuscation service (HTML, JavaScript, ActionScript/Flash, PDF, Java, …)
Landing pages and details about used obfuscation, iframes etc. if website is on any kind of
blacklist (URL scanner), …
Random domain generator (changing every X hours)
Tool for sending spams and spear phishing campaigns (mail lists included)
DDoS attacks service
CnC control-like panel
…and much more
24/7 support (!)
18. Malware analysis
Static (code) Analysis - signature (virustotal.com) and string
analysis, reverse engineering performed using disassemblers (e.g. IDA
Pro, OllyDbg), debuggers and decompilers.
RE is time consuming
Dynamic (behavioral) Analysis - executing malware in sandboxed/
virtualized OS environment and looking how malware behaves
(monitoring system/library calls). What has been changed in system,
which connection attempts been made, which files created, etc.
Quick method which can detect APT attacks, spear phishing
campaigns and 0day exploits.
Memory Analysis - simple rule: malware must run, if it runs, it has to
be in memory. Dumping memory and searching for malicious artifacts
(e.g. Volatility Framework, Memoryze).
19. Example of Hybrid Analysis
One of Tor Exit node in Russia has been performing dynamic
binary patching and injecting its own malware to EXE files
downloaded via HTTP protocol. This is report of one file
modified by this exit node.
Regular application downloaded from microsoft.com website (isn't it?)
21. Analyzing Web-Based malware
urlQuery.net is a free online
service for testing and
analyzing URLs, helping with
identification of malicious
content on websites. The
main focus of urlQuery is to
find and detect suspicious
and malicious content on
webpages, to help improve
the security industry and
make the internet a safer
place.
24. General Recommendations
have a good antivirus on computers and servers
have HIPS on computers and servers
IPS on the core of the network with Anti-Malware and Anti-Botnet engine can
help a lot. Even if engine wouldn't be able detect malicious file itself, it can
recognize communication to CnC servers by deep packet inspection or by
monitoring of DNS requests.
If you can use appliances which can recognize specific applications in network
flow. Strict policies allowing communication just from known applications can
mitigate malware infection and communication to CnC as well.
Correlate all security events and audit logs in robust SIEM solution
Invest money in good employees. Someone has to read and understand the
output of logs and SIEM events.
25. General Recommendations
Every piece of network equipment has to be properly setup and
secured. Starting with switches and ending with personal computers.
All systems has to be regularly updated
Strict policies and new technologies for malware detection has to be
enforced in order to avoid contact with malware distribution websites
and mail attachments coming from spear phishing and spam
campaigns.
…in best case uninstall Adobe Reader, Adobe Flash and Java
Consider OS level hardening
Windows - EMET (The Enhanced Mitigation Experience Toolkit)
Linux - SELinux, Grsecurity
26. EMET (The Enhanced Mitigation Experience Toolkit)
EMET force
applications to use key
security defenses
which could potentially
block malware during
its execution.
Defense mechanisms:
ASLR (buffer overflow)
DEP (no-exec memory)
SEHOP (stack overflow)
ROP (DEP bypass)
27. Are you still hungry?
Flame - most complex, sophisticated and interesting piece of malware
(developed by US and Israel)
Dexter - POS malware with ability to search credit card information in
memory (Target data breach - 40 million credit cards)
Gapz - dropper using non-standard technique for code injection, bypassing
security software
The Mask - targets government, diplomatic offices and embassies, oil and
gas companies, research organizations and activists (state sponsored
malware)
Recommended sources
http://blog.kaspersky.com/
http://nakedsecurity.sophos.com/
http://www.welivesecurity.com/