The document provides an overview and analysis of ransomware, including its history, technical details, trends, and mitigation techniques. It discusses how ransomware has evolved from early variants like AIDS to modern cryptoware like CryptoLocker and Locky. The document also analyzes the infection process, command and control infrastructure, and outlines strategies organizations can take to help prevent and recover from ransomware attacks, such as backups, patching, and isolation of critical systems.
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
How can we avoid\prevent a ransomware attack Please check https://firewall.firm.in/preventing-ransomware/ , Use Sophos Antivirus & Firewall
Sophos Central Platform Manage all your Sophos Antivirus & Firewall from a single, cloud-based console.
Synchronized Security
Next-gen security with real-time intelligence sharing between your endpoints and firewall.
“No other company is close to delivering this type of communication between endpoint and network security products.” Please contact us on sales@itmonteur.net
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
Cryptolocker and other ransomware brought crisis to thousands of businesses last year. The malware made millions by encrypting victims’ files and demanding ransoms to unlock them. Some companies lost everything. Others, including local police departments, had to pay a hefty ransom to recover their data.
Today, Cryptolocker is gone, but ransomware is growing stronger. New variants such as CryptoWall and Critroni are infecting users, locking their files, and demanding higher ransoms. How can you protect your IT business and clients from this growing threat?
Join Calyptix Security for a conversation on crypto-ransomware, where it’s headed, and how to avoid a ‘crypto crisis’ at your office. You’ll get straight-forward advice on how to stop this threat from impacting your business network security and clients.
Video recording of this webinar took place on March 12, 2015
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
How can we avoid\prevent a ransomware attack Please check https://firewall.firm.in/preventing-ransomware/ , Use Sophos Antivirus & Firewall
Sophos Central Platform Manage all your Sophos Antivirus & Firewall from a single, cloud-based console.
Synchronized Security
Next-gen security with real-time intelligence sharing between your endpoints and firewall.
“No other company is close to delivering this type of communication between endpoint and network security products.” Please contact us on sales@itmonteur.net
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
Cryptolocker and other ransomware brought crisis to thousands of businesses last year. The malware made millions by encrypting victims’ files and demanding ransoms to unlock them. Some companies lost everything. Others, including local police departments, had to pay a hefty ransom to recover their data.
Today, Cryptolocker is gone, but ransomware is growing stronger. New variants such as CryptoWall and Critroni are infecting users, locking their files, and demanding higher ransoms. How can you protect your IT business and clients from this growing threat?
Join Calyptix Security for a conversation on crypto-ransomware, where it’s headed, and how to avoid a ‘crypto crisis’ at your office. You’ll get straight-forward advice on how to stop this threat from impacting your business network security and clients.
Video recording of this webinar took place on March 12, 2015
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
The CryptoLocker Malware encrypts certain files with a private key and demands payment to regain access to the files. Nick Bilogorskiy, Director of Security Research, presents this deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of malicious software in existence. (The other being Gameover Zeus.)
Malware’s Most Wanted is a monthly series to inform IT security professionals on the details of the most dangerous advanced persistent threats. Attendees receive a special edition t-shirt.
Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today. In recent years, personal use of computers and the internet has exploded and, along with this massive growth, cybercriminals have emerged to feed off this burgeoning market, targeting innocent users with a wide range of malware. The vast majority of these threats are aimed at directly or indirectly making money from the victims. Today, ransomware has emerged as one of the most troublesome malware categories of our time.
There are two basic types of ransomware in circulation. The most common type today is crypto ransomware, which aims to encrypt personal data and files. The other, known as locker ransomware, is designed to lock the computer, preventing victims from using it. In this research, we will take a look at how the ransomware types work, not just from a technological point of view but also from a psychological viewpoint. We will also look at how these threats evolved, what factors are at play to make ransomware the major problem that it is today, and where ransomware is likely to surface next.
CryptoLocker is a persistent, ubiquitous and ever advancing threat to your business’ Intellectual Property (IP) and customer data which requires professional skill and a high level of effort to prevent, detect and remediate.
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
Ransomware: Prevention, privacy and your options post-breachGowling WLG
Ransomware (cyber attack software that holds its targets’ data for ransom) has become an increasing danger to businesses and institutions this year.
This presentation will explore the nature and extent of the problem, legal options for and regulatory obligations of victims of ransomware, and emergent insurance options for dealing with the fallout from ransomware attacks.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
Secretary Johnson called the attack on Sony Pictures Entertainment “an attack on our freedom of expression and way of life.” In this MMW session, we dissect Destover malware, responsible for more than 100 terabytes of stolen data from Sony Pictures Entertainment.
Added bonus: MMW Watch List of 2014
We will summarize the “most wanted” of the year 2014, including Backoff, the POS malware, and Zberp, the financial Trojan.
Ransomware continues to be a major threat. This slidedeck looks at the first six months of 2017, examines why enterprises are being increasingly impacted by ransomware, and reviews the effect of high-profile incidents such as WannaCry and Petya.
For more on this area, read Symantec Security Response's blog and whitepaper: https://www.symantec.com/connect/blogs/businesses-most-risk-new-breed-ransomware
EverSec + Cyphort: Big Trends in CybersecurityCyphort
Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. In this webinar, we will discuss at a high-level some of biggest cybersecurity threats happening right now, including:
--The Resurgence of Ransomware - Locky and other new cryptolockers
--Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors
--I have RATs - How to defend against Remote Access Trojans stealing your data
How to Protect Your Organization from the Ransomware EpidemicTripwire
Join Steve Sletten, senior field systems engineer for Tripwire, for a short, information packed webinar that will focus on how to leverage basic security controls to protect and detect ransomware attacks before significant damage is done. Steve will cover:
• The evolutions of ransomware and how the most common vectors for the “ransomware on steroids” now attacking organizations.
• How to layer three basic security controls to make your organization harder to target, regardless of the infection vector.
• The top three ransomware mistakes most organizations make and what to do about them.
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort Labs has reported an uptick in drive-by-infection through malvertising in 2014 and sounded alarms for the web property owners regarding this emerging trend. We believe that this trend presents a significant cybersecurity challenge in 2015. In this session, we will discuss this increasing trend of drive-by attacks by dissecting examples of recent web infections, as well as share observed, sophisticated behavior of modern exploit pack and the challenges for research and discovery. As we present exploit kit information, trends and statistics from research derived from our Cyphort Crawler, you will gain an awareness and an understanding of these malvertising threats to better protect your site visitors from malware infection.
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
Sophisticated ransomware attacks on healthcare organizations by ruthless cybercriminals are on the rise. Savvy HIT leaders are taking immediate action to protect their IT systems and data. During this webinar you’ll gain insight into the 5 most important precautions that healthcare providers should take and what steps should be followed in event your system is compromised to minimize the impact on patient care and restore your systems as quickly as possible.
In this presentation you’ll learn:
- 5 most important ways to protect your organizations from a ransomware attack
- What steps to take in the event your system is compromised by a ransomware attack
Link to On-Demand Webinar: https://www.cleardata.com/knowledge-hub/5-ways-to-protect-your-healthcare-organization-from-a-ransomware-attack/
The WannaCry ransomware outbreak shook the world when it occured in May 2017.
This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack.
For more information on this outbreak, take a look at these additional resources:
What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3
WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
IT Security landscape and the latest threats and trendsSophos Benelux
Senior Security Advisor at Sophos, John Shier provided a very informative session during Infosecurity 2016 in the Netherlands in which he discussed the latest threats and trends in the digital world.
Demys&fying
Cloud
Security
J o u r n e y
f r o m
P r o j e c t
t o
P a t e n t
t o
P u b l i c
C o n s u m p & o n
Platform as a Service
Software as a Service Database as a Service Load Balancing as a Service
Monitoring as a Service
Central Access Control as a Service
Infrastructure as a Service
Notification as a Service
Validation as a Service
Health Information Exchange as a Service
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
The CryptoLocker Malware encrypts certain files with a private key and demands payment to regain access to the files. Nick Bilogorskiy, Director of Security Research, presents this deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of malicious software in existence. (The other being Gameover Zeus.)
Malware’s Most Wanted is a monthly series to inform IT security professionals on the details of the most dangerous advanced persistent threats. Attendees receive a special edition t-shirt.
Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today. In recent years, personal use of computers and the internet has exploded and, along with this massive growth, cybercriminals have emerged to feed off this burgeoning market, targeting innocent users with a wide range of malware. The vast majority of these threats are aimed at directly or indirectly making money from the victims. Today, ransomware has emerged as one of the most troublesome malware categories of our time.
There are two basic types of ransomware in circulation. The most common type today is crypto ransomware, which aims to encrypt personal data and files. The other, known as locker ransomware, is designed to lock the computer, preventing victims from using it. In this research, we will take a look at how the ransomware types work, not just from a technological point of view but also from a psychological viewpoint. We will also look at how these threats evolved, what factors are at play to make ransomware the major problem that it is today, and where ransomware is likely to surface next.
CryptoLocker is a persistent, ubiquitous and ever advancing threat to your business’ Intellectual Property (IP) and customer data which requires professional skill and a high level of effort to prevent, detect and remediate.
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
Ransomware: Prevention, privacy and your options post-breachGowling WLG
Ransomware (cyber attack software that holds its targets’ data for ransom) has become an increasing danger to businesses and institutions this year.
This presentation will explore the nature and extent of the problem, legal options for and regulatory obligations of victims of ransomware, and emergent insurance options for dealing with the fallout from ransomware attacks.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
Secretary Johnson called the attack on Sony Pictures Entertainment “an attack on our freedom of expression and way of life.” In this MMW session, we dissect Destover malware, responsible for more than 100 terabytes of stolen data from Sony Pictures Entertainment.
Added bonus: MMW Watch List of 2014
We will summarize the “most wanted” of the year 2014, including Backoff, the POS malware, and Zberp, the financial Trojan.
Ransomware continues to be a major threat. This slidedeck looks at the first six months of 2017, examines why enterprises are being increasingly impacted by ransomware, and reviews the effect of high-profile incidents such as WannaCry and Petya.
For more on this area, read Symantec Security Response's blog and whitepaper: https://www.symantec.com/connect/blogs/businesses-most-risk-new-breed-ransomware
EverSec + Cyphort: Big Trends in CybersecurityCyphort
Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. In this webinar, we will discuss at a high-level some of biggest cybersecurity threats happening right now, including:
--The Resurgence of Ransomware - Locky and other new cryptolockers
--Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors
--I have RATs - How to defend against Remote Access Trojans stealing your data
How to Protect Your Organization from the Ransomware EpidemicTripwire
Join Steve Sletten, senior field systems engineer for Tripwire, for a short, information packed webinar that will focus on how to leverage basic security controls to protect and detect ransomware attacks before significant damage is done. Steve will cover:
• The evolutions of ransomware and how the most common vectors for the “ransomware on steroids” now attacking organizations.
• How to layer three basic security controls to make your organization harder to target, regardless of the infection vector.
• The top three ransomware mistakes most organizations make and what to do about them.
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort Labs has reported an uptick in drive-by-infection through malvertising in 2014 and sounded alarms for the web property owners regarding this emerging trend. We believe that this trend presents a significant cybersecurity challenge in 2015. In this session, we will discuss this increasing trend of drive-by attacks by dissecting examples of recent web infections, as well as share observed, sophisticated behavior of modern exploit pack and the challenges for research and discovery. As we present exploit kit information, trends and statistics from research derived from our Cyphort Crawler, you will gain an awareness and an understanding of these malvertising threats to better protect your site visitors from malware infection.
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
Sophisticated ransomware attacks on healthcare organizations by ruthless cybercriminals are on the rise. Savvy HIT leaders are taking immediate action to protect their IT systems and data. During this webinar you’ll gain insight into the 5 most important precautions that healthcare providers should take and what steps should be followed in event your system is compromised to minimize the impact on patient care and restore your systems as quickly as possible.
In this presentation you’ll learn:
- 5 most important ways to protect your organizations from a ransomware attack
- What steps to take in the event your system is compromised by a ransomware attack
Link to On-Demand Webinar: https://www.cleardata.com/knowledge-hub/5-ways-to-protect-your-healthcare-organization-from-a-ransomware-attack/
The WannaCry ransomware outbreak shook the world when it occured in May 2017.
This slidedeck looks at the attack, how it was carried out, and its success rate. It also attempts to figure out who was likely to have been behind this devastating cyber attack.
For more information on this outbreak, take a look at these additional resources:
What you need to know about the WannaCry Ransomware: https://www.symantec.com/connect/blogs/wannacry-3
WannaCry: Ransomware attacks show strong links to Lazarus group: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
Can files locked by WannaCry be decrypted: A technical analysis: https://medium.com/threat-intel/wannacry-ransomware-decryption-821c7e3f0a2b
IT Security landscape and the latest threats and trendsSophos Benelux
Senior Security Advisor at Sophos, John Shier provided a very informative session during Infosecurity 2016 in the Netherlands in which he discussed the latest threats and trends in the digital world.
Demys&fying
Cloud
Security
J o u r n e y
f r o m
P r o j e c t
t o
P a t e n t
t o
P u b l i c
C o n s u m p & o n
Platform as a Service
Software as a Service Database as a Service Load Balancing as a Service
Monitoring as a Service
Central Access Control as a Service
Infrastructure as a Service
Notification as a Service
Validation as a Service
Health Information Exchange as a Service
2013 CodeEngn Conference 08
안드로이드 악성앱 필터링을 위한 시스템을 주로 다루려고 하고, 특히 요새 큰 관심이 쏠리는 스미싱 앱을 위주로 내용을 진행하면서 안드로이드 어플리케이션의 정적분석 및 동적분석 방법 그리고 해당 분석으로 얻을 수 있는 내용들이 어떤 것이 있는지를 예시를 통해 알아본다.
http://codeengn.com/conference/08
[2012 CodeEngn Conference 07] nesk - Defcon 20th : 본선 CTF 문제풀이GangSeok Lee
2012 CodeEngn Conference 07
데프콘은 매년 라스베이거스에서 열리는 세계적으로 가장 권위 있는 보안 컨퍼런스 중 하나로 CTF 대회를 진행하고 있다. 올해 데프콘은 특히 20주년을 맞아서 20개팀이 본선에 참가하였으며, 다양한 문제들이 출제되었다. 보통 해킹대회에서의 예선전 풀이는 많지만 본선문제에 관한 정보는 많이 부족하기 때문에 CTF에 출제된 문제중 몇문제를 선정하여 풀이한다.
http://codeengn.com/conference/07
2014 CodeEngn Conference 11
웹브라우저 구조에 따른 자바스크립트 난독화 알아보기
이제는 인터넷 없이 생활조차 하기 힘든 세상으로 킬러 어플리케이션로 자리잡았다. 이러한 인터넷 환경에서 웹 사이트 방문만으로 악성코드에 감염 될 수 있다. 이 공격을 드라이브-바이 다운로드 (Drive-By Download)로 불리며, 웹 해킹, 소프트웨어 취약점, 악성코드를 같이 사용하는 공격 기술이다. 그리고 공격에 사용되는 별개의 기술들을 하나로 묶어 주는 것이 자바스크립트로 탐지와 분석을 어렵게 하기위해 난독화를 사용한다. 그러면, 왜 자바스크립트 난독화가 생길 수 있는지 브라우저 컴포넌트 구조를 통해 알아보고, 종류에 대해 알아본다. 그리고 자바스크립트 난독화를 해제하기 위한 방법론에 대해서도 알아본다.
http://codeengn.com/conference/11
http://codeengn.com/conference/archive
[2012 CodeEngn Conference 07] manGoo - Exploit Writing Technique의 발전과 최신 트랜드GangSeok Lee
2012 CodeEngn Conference 07
Secuinside는 코스콤에서 주최, 연합해킹그룹 HARU, 고려대 정보보호대학원에서 주관하는 국제 해킹대회 및 보안컨퍼런스로써 얼마전 개최된 해킹대회 예선전 문제들을 풀기위해 사용한 분석기술과 ASLR과 NX를 우회하는 새로운 익스플로잇 기술에 대해서 소개한다.
http://codeengn.com/conference/07
2014 CodeEngn Conference 11
안드로이드에서의 부트킷 동작방식 알아보기
부트킷 악성코드는 부팅 과정에서 악성코드를 감염시켜 악성코드가 실행 시 자신의 존재를 숨겨 백신에서 악성코드의 탐지와 치료를 어렵게 하기위해 사용되는 방식이다. 이러한 Oldboot 부트킷 악성코드가 올해초 2014년 1월에 안드로이드에서 발견되었다. 따라서 본 발표에서는 이 안드로이드 상에서 사용된 부트킷의 동작 방식과 특이점에 대해서 다룰 예정이다.
http://codeengn.com/conference/11
http://codeengn.com/conference/archive
[2013 CodeEngn Conference 09] proneer - Malware TrackerGangSeok Lee
2013 CodeEngn Conference 09
최근 조직의 침해는 조직의 보안 환경이 강화되면서 장기간에 걸쳐 일어난다. 목적을 달성할때까지 지속 매커니즘을 사용하여 시스템에 잠복하거나 다른 시스템으로 이동해간다. 이런 상황에서 악성코드가 사용하는 지속 매커니즘은 무엇이 있는지, 그리고 침해사고를 조기에 인지하여 악성코드의 유입 경로를 찾을 수 있는 방안을 살펴본다.
http://codeengn.com/conference/09
http://codeengn.com/conference/archive
[2014 CodeEngn Conference 11] 박세한 - IE 1DAY Case Study KOGangSeok Lee
2014 CodeEngn Conference 11
IE 원데이로 시작하는 실전 익스플로잇!
BOF, FSB, UAF 등의 메모리 커럽션 취약점을 워게임, CTF 통해서 배우게 되지만 비교적 더 낮은 난이도에도 불구하고 실제 상용 프로그램에 대해서는 막연한 느낌뿐인 학생들이 많은 것 같다. 웹브라우저에서 발견되는 취약점 중 가장 흔한 UAF에 대해 설명하고 비교적 최신에 발견된 CVE-2014-0322, CVE-2014-1776 두가지 전형적인 IE 브라우저 UAF 취약점을 익스플로잇하는 방법을 설명하려고 한다. 추후 사례로 소개되는 두 가지 취약점에 대해 직접 학습이 가능하도록 단계별 튜토리얼을 별도 제공하고자한다.
http://codeengn.com/conference/11
http://codeengn.com/conference/archive
2010 CodeEngn Conference 04
2010년 5월 22~24일, 세계 최대의 해커들의 축제인 DEFCON 18의 CTF 예선이 열렸습니다. Kaist 보안동아리 GoN 팀으로 참여하면서 느낀 이번 DEFCON CTF 예선에 대한 전반적인 리뷰와 함께, 여러 문제 분야들 중 Binary l33tness, Pwtent pwnables 분야의 문제들의 풀이를 해보고자 한다. (Defcon 18 CTF 예선전 전체 529팀에서 6위로 본선진출)
http://codeengn.com/conference/04
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
NormShield is at the forefront of orchestrated cyber security operations and reporting, a transformative new category that Gartner calls SOAR. The NormShield cloud platform automates finding vulnerabilities, prioritizes them and provides actionable intelligence. A key differentiation is the company’s combination of advanced automation and human intelligence for reliability unparalleled in the industry. NormShield CISOs receive letter-grade risk scorecards. Their teams manage risk, not data. The results are measurable: informed decisions and swift action that reduces risk as never before possible and at an affordable price.
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat.
Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack.
In this webinar Professor Wool will discuss:
• The different methods used by cyber criminals to penetrate the network security perimeter
• Best practices for reducing cyber criminals’ lateral movements across the network
• How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack
• Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation
• The impact of a ransomware on regulatory compliance
The vast majority of cloud security threats are from misconfigured IaaS instances, compromised accounts, and insider threats but there's emerging threats on the rise as well. And you’ll need deep visibility into your workloads and containers to fight back.
Join us for a live webinar with James Condon, Director of Research at Lacework on the current and emerging threats to public cloud and how best to automate security and compliance across AWS, Azure, and GCP, including:
Current and emerging threats to AWS, Azure, and Google Cloud environments
Recommendations on how to prevent, detect, analyze, and respond to cloud cyber attacks
How to move away from a network-centric mindset and adopt a cloud approach
How Lacework can help you automate security and compliance across AWS, Azure, GCP, and private clouds
Compliance made easy. Pass your audits stress-free.AlgoSec
Don’t fail an audit ever again. Yes, it’s possible.
It doesn’t matter what regulation you are talking about, whether your own internal compliance standard or a common global framework such as PCI DSS, SOX, HIPPA, SWIFT, or even HKMA.
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
David Emm from Kaspersky Lab is delivering an insightful presentation on The What, How, Who and Why of Computer Malware Midlands Cyber Security Expo #midscybersecurity10
cyber crime & information security is most famous in the world..day by day increase cyber crime in internet world. that see. the detail about of cyber security.
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
In his presentation at Merit Member Conference 2016, Bill Balmer demonstrated that a layered encryption strategy is the ultimate way to combat the latest cyberthreat: polymorphous attacks.
SolarWinds Federal User Group 2016 - SolarWinds Enterprise Scalability, Integ...SolarWinds
In this 2016 online Federal User Group presentation Jeff Stewart, Product Strategist, SolarWinds, gives an update for federal customers on scalability, including rough scalability limits, deployments basics, automation features, and integration options.
Also, Ed Bender, Head Federal Systems Engineer, SolarWinds, provides details on multi-domain deployments, and discusses IT consolidation initiatives in the Federal market.
Similar to Ransomware: History, Analysis, & Mitigation (20)
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
2. • CUSTOMER SUCCESS TECHNICAL ADVISOR – CYBERARK SOFTWARE
• B.S. MIS – UNIVERSITY OF TEXAS
• COMPTIA A+ & SEC+
• VMWARE VCA-DCV
• (ISC)2 SSCP & CISSP
• MARRIED, FATHER OF 2 GIRLS.
• MEMBER OF SHADOW SYSTEMS HACKER COLLECTIVE
• MEMBER OF DALLAS HACKERS ASSOCIATION
WHOAMI – RAINMAKER
3. AGENDA
• OVERVIEW
• IN THE NEWS
• TIMELINE
• TECHNICAL ANALYSIS
• ANALYSIS OF CLIENT INFECTION
• COMMAND & CONTROL (C2) ARCHITECTURE SETUP/DESIGN
• EVOLVED RANSOMWARE
• MITIGATION TECHNIQUES
• FINAL THOUGHTS
4.
5. RANSOMWARE DEFINED…
• LEVERAGING SOFTWARE TO INHIBITS USE OF
THE SYSTEM.
• APPLIES EXTORTION ON THE ASSUMPTION
THAT THE DATA IS IMPORTANT ENOUGH TO
THE USER THEY ARE WILLING TO PAY FOR
RECOVERY.
• THERE IS NO GUARANTEE OF ACTUAL
RECOVERY, EVEN AFTER PAYMENT IS MADE.
6. RANSOMWARE VICTIMS
• ONLY A QUARTER OF AMERICAN HOMES BACK
UP THEIR DATA ON A REGULAR BASIS.
• ACCORDING TO TRIPWIRE.COM, HALF OF ALL
AMERICAN RANSOMWARE VICTIMS HAVE PAID
THE RANSOM.
• ACCORDING TO TREND MICRO AROUND 30%
OF BUSINESSES END UP PAYING THE RANSOM.
Much larger ransoms have been demanded into the millions. Some
organizations refuse to pay and suffer the consequences. Others do
not disclose they have actually paid the ransom.
7. RANSOMS PAID
• HOLLYWOOD PRESBYTERIAN MEDICAL
CENTER
• 40 BTC (~$17,000 USD) RANSOM PAID.
• HORRY COUNTY SCHOOL DISTRICT, SOUTH
CAROLINA
• 20 BTC (~$8,000 USD)
• TEWKSBURY POLICE DEPARTMENT
• 1 BTC (~$500 USD)
• SWANSEA POLICE DEPARTMENT
• 2 BTC (~$750 USD)
• VILLAGE OF ILION, NEW YORK
• $800 USD
8. RECENT RANSOMWARE NEWS
• METHODIST HOSPITAL KENTUCKY
• MARCH 22
• DECLARES ‘INTERNAL STATE OF EMERGENCY’
AFTER RANSOMWARE INFECTION
• MEDSTAR HEALTH SYSTEMS COMPLETELY
SHUT DOWN
• MARCH 28TH
• 10 HOSPITALS, 250 OUTPATIENT FACILITIES.
• 45 BTC ~ $19,000 RANSOM.
• APRIL 7TH – ADOBE ISSUES EMERGENCY
UPDATE.
• FLASH 0-DAY USED TO DISTRIBUTE
RANSOMWARE
9. MALVERTISING VICTIMS
• UP 325% FROM 2014-2015
• RECENTLY AS OF MARCH 15TH, 2016
• COMPANIES OUTSOURCE THEIR ADVERTISING
THROUGH ADVERTISING NETWORKS
• TAINTED ADS WITH THE ANGLER TOOLKIT.
• NYTIMES, BBC, MSN, AOL, ANSWERS.COM,
ZEROHEDGE, INFOLINKS, MY.XFINITY, NFL,
REALTOR.COM, THEWEATHERNETWORK, THEHILL, AND
NEWSWEEKALL SERVED UP RANSOMWARE.
• OTHER VICTIMS INCLUDE:
• SPOTIFY, TMZ, SKYPE, EBAY, DRUDGE REPORT,
AND MANY MANY MANY OTHERS.
11. THE FIRST RANSOMWARE:
THE AIDS VIRUS
• DISCOVERED IN 1989
• REPLACED AUTOEXEC.BAT
• AFTER 90 DAYS, ENCRYPTED FILE
NAMES ON C:/
• ASKED TO ‘RENEW THE LICENSE’
• $189 TO A PO BOX IN PANAMA
• DR. JOSEPH POPP WAS ARRESTED BY
SCOTLAND YARD LATER THAT YEAR
AND CHARGED WITH BLACKMAIL
13. INTERNET ERA RANSOMWARE: FBI LOCKSCREEN
• CIRCA 2011
• REVETON TROJAN FAMILY
• IMPERSONATES NATIONAL LAW
ENFORCEMENT
• LOCKS OUT OF PC
• EASILY REMOVED
• BOOT TO SAFEMODE
• REMOVE REGISTRY KEY
16. CRYPTOLOCKER
• STARTED TO APPEAR AROUND
SEPTEMBER 2013
• DELIVERED MAINLY THOUGH
THE GAMOVERZEUS (GOZ) P2P
BOTNET
• USED DOMAIN GENERATED
ALGORYTHMS (DGA)
• PRODUCE THOUSANDS OF
DOMAINS
• ONLY 1 OR 2 WERE REAL
Example: Faoefijawjfaslekf9ejaklja[.]ru
Bitcoin Price
17. CRYPTOLOCKER…A DEEPER LOOK.
• INFECTED LOCAL DRIVES AND
NETWORK STORAGE
• AES-2048 ASYMMETRICAL
ENCRYPTION
• DE-FACTO NAME FOR EVERY
‘CRYPTO’ INFECTION TODAY
18. CRYPTOLOCKER CONTINUED…
• MID 2014 GOZ IS SHUT DOWN.
• DOWN GOES CRYPTOLOCKER
• KEYS RECOVERED FROM C2C
ALLOW FOR DECRYPTION.
• NEW VARIANTS EMERGE SHORTLY
THEREAFTER
23. ALPHA/TESLACRYPT
• INITIALLY
• ATTACKED GAMERS
(GAME RELATED FILE EXTENSIONS)
• DGA BASED DOMAINS FOR C2
• EXAMPLE: ASDFWEF23SDF.COM
• EVOLVED
• EXPANDED FILE EXTENSIONS
• COMPROMISED DOMAINS FOR C2
• EXPLOIT KITS AND NOW SPAM
24. ALPHA/TESLACRYPT
• V1.0 USED SYMMETRIC AES KEYS
• TALOS GROUP RELEASED
TESLADECRYPT
• V2.0+ USED ASYMMETRIC KEYS
• STILL IN THE WILD
• V4.1 DISCOVERED APRIL 22,
2016
29. LOCKY
• HUGE IN 2016.
• SPREADING MOSTLY THOUGH
SPAM
• DAY 1 – OVER 5 MIL.
• SPAM CAMPAIGN SIMILAR TO
DRYDEX FINANCIAL TROJAN.
• APRIL 5TH - V2.0 NOW
LEVERAGING THE NUCLEAR
EXPLOIT KIT AND C2
COMMUNICATION METHOD
32. THE DR WILL SEE YOU NOW…AFTER PAYING THE RANSOM
• TO DATE, ONLY HOSPITALS HAVE
BEEN TARGETED WITH THESE
TWO MALWARE SAMPLES.
• EXPLOITS KNOWN
VULNERABILITIES IN UNPATCHED
SERVERS.
• SPECIFICALLY JBOSS.
• 3.2 MILLION SERVERS
VULNERABLE.
• ONCE IN, LATERALLY MOVES TO
CAUSE THE MOST AMOUNT OF
DESTRUCTION
Samas/Samsam/MSIL.B/C
34. • DISCLOSED MARCH 23, 2016
• MASQUERADES AS A JOB APPLICATION
• LINKS TO A SHARED DROPBOX FOLDER CONTAINING SELF
EXTRACTING ARCHIVE CONTAINING APPLICANT RESUME AND
FAKE PHOTO
• REWRITES SYSTEMS MBR AND FORCES BSOD.
• FAKE “CHECK DISK” RUNS AND ENCRYPTS MASTER FILE TABLE.
LATEST TRENDS
Petya – The MBR Encryptor
35. • DISCLOSED MARCH 25TH, 2016
• DISGUISED IN SPAM AS AN “INVOICE”
• LEVERAGES MS WORD AND NATIVE
POWERSHELL.
• DOES NOT PULL DOWN ANY ADDITIONAL
BINARIES, AND LEVERAGES POWERSHELL
(ALREADY ON THE SYSTEM AND APPROVED
TO BE THERE) TO DO THE DIRTY WORK.
LATEST TRENDS
PowerWare – Using your own tools against you.
36. • DISCLOSED MARCH 23, 2016
• RANSOM PAYMENT OF $150
• SERIOUS ABOUT ITS THREATS
• EVERY HOUR IT DELETES 100 FILES
PERMANENTLY.
• EVERY REBOOT IT DELETES 1000 FILES.
• DECRYPTER AVAILABLE NOW.
LATEST TRENDS
Jigsaw – I want to play a game.
40. CHAIN OF EVENTS - A.K.A PATH OF PAIN
• ANY ATTACK VECTORS
INITIATES CHAIN
• PHISHING
• COMPROMISED SERVER
• MALVERTISING
41. THE RAW IP ADDRESS
• USED FOR GEOLOCATION
• EXCLUDE CODE EXECUTION OR PERFORM
DIFFERENT OPERATION BASED ON GLOBAL
POSITION
• CHINA, RUSSIA, IRAN, TYPICALLY IGNORED
• ATTEMPT TO DISPLAY MESSAGE IN NATIVE LANGUAGE
• UNIQUE IDENTIFIER
• ADDED HASH WITH OTHER SYSTEM INFO.
• (<REQUEST ID>|CAMPAIGN|<MD5>|<OS INFO>|IP ADDRESS)
• CAN RESTRICT ONE INFECTION PER IP ADDRESS
• IDENTIFY POSSIBLE ANALYSIS ATTEMPTS
43. LINUX.ENCODER RANSOMWARE
• TARGETS LINUX POWERED WEB SERVERS BY ENCRYPTING
MYSQL, APACHE, AND HOME/ROOT
FOLDERS ASSOCIATED WITH THE TARGET
• ASKS FOR 1 BITCOIN TO DECRYPT
CRUCIAL FILES.
• 3 VERSIONS CURRENTLY. ALL HAVE BEEN
ALREADY DECRYPTED
• WRITTEN BY THIS GUY.
44. OSX KERANGER
• DISCOVERED MARCH 4, 2016
• DOWNLOADED 6000 TIMES BEFORE IT WAS SHUT DOWN.
• VARIANT OF LINUX.ENCODER & “EDUCATIONAL” HIDDEN TEAR RANSOMWARE
• RECOMPILED INTO THE OPEN SOURCE BIT TORRENT CLIENT TRANSMISSION.
• PUBLISHED ON THEIR SITE WITH UPDATED MD5 HASH.
• TURKISH DEVELOPER KEY WAS USED TO BYPASS APPLE’S GATEKEEPER SECURITY
FEATURE
45. IOS “RANSOMWARE”
• MAY 2014 AUSTRALIAN IPHONE USERS
WERE VICTIMS OF RANSOMWARE ATTACK.
• ACTUALLY VICTIMS ICLOUD ACCOUNTS
WERE PHISHED.
• DEVICES WERE PUT IN LOST (LOCKED)
MODE W/ RANSOM MESSAGE.
• FAILURE TO PAY RESULTED IN WIPED DEVICE.
• RUSSIAN OFFICIALS ARRESTED 2 PEOPLE
A MONTH LATER.
46. SIPLOCKR – 1ST ANDROID ENCRYPTING RANSOMWARE
• DETECTED JUNE 1ST, 2014
• LOTS OF ANDROID SCREEN LOCKERS, BUT
THIS WAS THE FIRST FILE ENCRYPTER.
• ENCRYPTS *.JPG, *.JPEG, & *.PNG
TO *.ENC
• COMMUNICATES TO C2 VIA TOR
NETWORK
• DECRYPTER IS CURRENTLY AVAILABLE.
47. ADULT PLAYER – EXTORTION AT ITS FINEST
• MASQUERADES AS A PORN MOVIE PLAYER.
• TAKES PHOTOS USING THE FRONT FACING
CAMERA WHILE IN USE.
• INITIATE LOCK SCREEN WITH PHOTOS AND
RANSOM MESSAGE.
• IF RANSOM IS NOT PAID, SEND MESSAGE AND
PHOTOS TO ALL CONTACTS ON PHONE.
• EASY TO FIX
49. INTERNET OF THINGS
• INSTITUTE FOR CRITICAL
INFRASTRUCTURE TECHNOLOGY –
“IOT PRESENTS AN INFINITE ATTACK
SURFACE”.
• WHAT’S NEXT?
• PACEMAKERS
• AUTOMOBILES
• YOUR HOUSE?
51. MITIGATION TECHNIQUES
• BACKUP OFTEN
• KEEP DISCONNECTED WHEN NOT IN USE
• REVIEW AND RESTRICT ACCESS TO SHARED
RESOURCES
• DISCONNECT FROM NETWORK SHARES WHEN
NOT IN USE.
• TRAIN END-USERS ABOUT SOCIAL ENGINEERING
TECHNIQUES.
• PHISHING
• PHISHING
• PHISHING!
52. MORE MITIGATION TECHNIQUES
• ANTIVIRUS
• ACTUALLY KEEP IT UPDATED.
• PATCH THE OS AND SOFTWARE.
• CAN’T EXPLOIT VULNERABILITIES THAT
HAVE BEEN PATCHED.
• PREVENT MALVERTISING/INJECTION
• ADBLOCK/UBLOCK ORGIN/ADFENDER
• NOSCRIPT
• SANDBOXIE
• END OF LIFE – IT’S CALLED THAT FOR A
REASON
53. EVEN MORE MITIGATION TECHNIQUES
• ONLY INSTALL SOFTWARE FROM
TRUSTED SOURCES
• FOLLOW THE PACK
• APPLE STORE IS SAFE
• BAD CODE STILL FALLS THROUGH
• ANDROID MARKETPLACE STILL IFFY
• YOU HAVE TO TRUST THE DEVELOPER
• AVOID OPEN SOURCE SOFTWARE
• VALIDATE HASHES FROM EXTERNAL
SITES
54. WILL THIS GUY EVER STOP?
• INTRUSION PREVENTION SYSTEMS
• ACTUALLY IMPLEMENT BLOCK MODE.
• WEB CONTENT PROVIDERS HOST THEIR
OWN AD CONTENT
• PROBABLY UNREALISTIC, BUT IT’S A
REAL POSSIBILITY FOR SMALL/MEDIUM
BUSINESSES.
• MACROS.
• DO I REALLY HAVE TO SAY IT?
55. ADVANCED MITIGATION TECHNIQUES
• PREVENT LATERAL MOVEMENT IN YOUR
ENVIRONMENT.
• NO PASSWORD REUSE.
• FREQUENT PASSWORD ROTATION.
• ENABLE LEAST PRIVILEGE
• NOT EVERYONE NEEDS ADMINISTRATIVE RIGHTS.
• EVEN BETTER, IMPLEMENT APPLICATION CONTROL
• RESTRICT THE BINARIES FROM EVER EXECUTING
• AC CAN PREVENT RANSOMWARE ENTIRELY
• ISOLATE YOUR CRITICAL RESOURCES
Ransomware no longer wants to infect a single machine. Isolate the infection.
57. REASONS WHY YOU SHOULD PAY.
• FBI SAYS, “EASIEST PATH IS TO PAY”.
• IT’S IN THEIR BEST INTEREST TO DELIVER.
• IT MIGHT BE CHEAPER.
58. REASONS WHY YOU SHOULDN'T PAY.
• IT MIGHT BE CHEAPER, BUT IT’S
REALLY NOT.
• DISCLOSURE IS NOT CHEAP.
• THERE’S A TARGET ON YOUR BACK.
• COPYCAT ATTACKS ARE REAL.
• US-CERT SAYS SO.
• THE CRIMINALS WIN.
In July 2013, a 21-year-old man from Virginia, whose computer coincidentally did contain pornographic photographs of underaged girls with whom he had conducted sexualized communications, turned himself in to police after receiving and being deceived by ransomware purporting to be an FBI message accusing him of possessing child pornography. An investigation discovered the incriminating files, and the man was charged with child sexual abuse and possession of child pornography
January 2015, A 17 year old boy from Windsor, Berkshire hanged himself after having been locked out of his system, thinking the police were pursuing him.
Cisco/Talos security stated on Friday April 15th, that 4.2 million servers were still vulnerable to the jboss exploit responsible for the sam.sam string of ransomware.
The Federal Financial Institutions Examination Council’s CyberSecurity Assessment Tool actually rates organizations with large amounts of open source software in their organizations.
Directly from the CERT Advisory:
Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
On October 21, 2015 at the Cyber Security Summit at Boston’s Back Bay Events Center, Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in Boston stated, “The ransomware is that good. To be honest, we often advise people just to pay the ransom.”
The United States Computer Emergency Readiness Team seems to disagree with the FBI in their March 31st Alert on Ransomware.
“Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information,” the advisory says. “In addition, decrypting files does not mean the malware infection itself has been removed.”