1. Laptops, smartphones, and social media have created new security risks for enterprises by blurring the lines between personal and corporate devices and enabling more remote access points. 2. Social networks like Facebook and Twitter have become major targets for cybercriminals due to the large number of users and prevalence of user-generated content, allowing automated social engineering at scale. 3. Barracuda's threat intelligence research crawls the web and social media to analyze malware, compromised search results, and suspicious Twitter accounts in order to identify emerging threats and build reputation systems and signatures to protect enterprises.

1. The Dangers Of Laptops, Smartphones & Social Media To Enterprise Security Dr. Paul Judge Chief Research Officer

3. Half of The Spam Disappeared 3 52 Billion 26 Billion 2010

4. Five Innovations That Created Security Risks

6. 196 million domain names

7. 47 million new sites last yearSource:Verisign

8. 2. Dynamic Web Apps: AJAX Rich site-to-browser interaction Browser is the new operating system Browser is active in the application, not simply a passive display tool

10. 1 in 11 organizations had remote workers infected

11. 46% of remote infections come from infected Web sites3. Remote Employees

12. Smartphone and tablet computing blur the line between personal and business computing Companies must reconsider policies for devices that are not owned by the company 4. New Devices

14. Need the right delivery model for each location and user

15. Centralized management, forensics, and reporting is difficult

16. Remote users and branch offices often not covered because of difficulty or cost

17. Compromises in security because of the complexity or costInternet Headquarters Teleworkers Problem: Many Locations and Remote Users Roaming Users

18. Cloud-based Web Security Cloud-based content filtering and malware protection Centralized multi-site management and reporting Simple policy-based Web security Protects remote and mobile employees Massively scalable infrastructure eliminates latency Rapid response to new and emerging threats Internet Policy Management Security Protection Consolidated Reporting Workplace Users Mobile Users Roaming Users

20. 500 million users on Facebook

21. 100 million accounts on Twitter

22. 2.5 billion photos uploaded each month to Facebook

24. Then Came Along… User Generated Content

25. With 100s of millions of users behind a single domain, we need to understand user level reputation Is this account good or bad? Is this account even real? Need for User Reputation

26. Facebook Social Attacks

27. Photo ‘Tags’ Up To 50 People

28. Website Selling Fake Illegal Shoes

29. Likejacking

31. Malicious Facebook Apps

33. “Hidden Truth” Photos

37. Automated Social Engineering

39. Load samples into Maltrace

40. Maltrace allows the malware to run on a virtual PC

41. Maltrace collects the network traffic generated

42. Maltrace creates signatures based on malicious traffic

44. ‘Funniest Video Ever’ Banking Trojan

45. Rogue A/V + Trending Topics (step 1 of 3)

46. Rogue A/V + Trending Topics (Step 2 of 3) hxxp://securityland.cn/?uid=144&pid=3&ttl=31c48520c54 which acts as a traffic distribution system for a Rogue AV operation; the chain of redirections ends at one of the following Rogue AV distribution points: hxxp://my-systemscan.com/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2qeNm 6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2ZuZ2tnaWyVYYrJlG0%3D hxxp://my-newprotection.net/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2qeNm 6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2ZuZ2tnaWyVYYrJlG0%3D hxxp://trustsystem-protection.com/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2 qeNm6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2ZuZ2tnaWyVYYrJlG0%3D

47. Rogue A/V + Trending Topics (step 3 of 3)

49. Query Twitter User Database for Other Users

50. Analyze Users’ Activities

51. Analyze Web Links

53. True Twitter Users ≥10 Followers, Friends, & Tweets Compared to 21% in Jan 2010

54. Friends(Following): For every 100 Twitter users… 16 have 27 have 40 have 17 have 0 1-9 10-99 100+ friends friends friends friends

55. Friend-Follower Delta: For every 100 Twitter users… 43 have same (+/- 5) amount 23 have more friends 34 have more followers

56. Crime Rate twitter crime rate is the percentage of accounts created per month that are eventually suspended by Twitter

58. Twitter growth rate went from 2.02% in Nov 08 to 21.17% in April 09.Twitter Account Creation Red Carpet Era (11/08-04/09) Barracuda Networks Confidential

60. 2007 = 1.7%

62. This more than tripled over the following four months, escalating to 12% in October 2009.Twitter Crime Rate 2006-2009 Barracuda Networks Confidential

63. Twitter Crime Rate 2010

65. In the 2500 range, we start to see some scammers.

66. Other direction, you really get the scammers coming out.

67. Friend/Follower Ratio: 0.002 Friend/Follower Delta: -444 Tweet Number 144.9

71. Search Malware

73. Search for Those Terms

74. Retrieve the Set of Search Results

75. Retrieve the Web Sites for the results

76. Analyze the Sites for Malicious Code

78. 34,627 malware samples found 1 in 1000 search results lead to malware 1 in 5 search topics lead to malware Frequency of Search Engine Malware

79. Total Malware by Search Engine

80. Lebron James

81. Lebron James (1 of 4) 56

82. Lebron James (2 of 4) 57

83. Lebron James (3 of 4)

84. Lebron James (4 of 4)

85. Who Is Behind This?

86. The Worlds Greatest Spammers:Where are they now?

87. The Worlds Greatest Spammers:Where are they now?

88. The Worlds Greatest Spammers:Where are they now?

89. Barracuda Labs Threat Intelligence

90. Summary Laptops and Mobile Devices Need The Same Level of Security As Computers Inside The Perimeter Attackers are Focused on Social Networking Sites To Reach Users Enterprises Need To Provide Web Security That Understands Social Threats @Barracuda @BarracudaLabs