copyright (c) 2012, fireeye, inc. all rights reserved. | confidential 1 top 5 modern malware trends...
TRANSCRIPT
![Page 1: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/1.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1
Top 5 Modern Malware TrendsData Connectors – September
12, 2013
Frank Salvatore, BCOMMTerritory Manager, Eastern
![Page 2: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/2.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2
"We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security
Tech Week Europe, September 28th 2012
![Page 3: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/3.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3
"We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security
Tech Week Europe, September 28th 2012
![Page 4: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/4.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4
Modern times… call for modern measures...
![Page 5: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/5.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5
Top CISO Priorities – 2013
Secure Data and Policy Controls
Data exfiltration through the use of
multi-protocol outbound channels
challenges traditional controls
Enable Secure Mobility
Mobile devices and policies pose major issues as
organizations need to enable secure access to data
Advanced Attacks
Targeting Data
Ensuring security of data-at-rest and
data-in-motion continues to be challenged with multi-vectored
attacks
![Page 6: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/6.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6
Top 5 Global Risks
Source: World Economic Forum
![Page 7: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/7.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7
Technological Risks
![Page 8: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/8.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8
High Profile APT Attacks Are Increasingly Common
![Page 9: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/9.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9
We Are Only Seeing the Tip of the Iceberg
HEADLINE GRABBING ATTACKS
THOUSANDS MORE BELOW THE SURFACEAPT Attacks
Zero-Day AttacksPolymorphic Attacks
Targeted Attacks
![Page 10: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/10.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10
Attacks Increasingly Sophisticated
Dynamic Web Attacks
Malicious Exploits
Spear Phishing Emails
Multi-Vector• Delivered via Web or email
• Blended attacks with email containing malicious URLs
• Uses application/OS exploits
Multi-Stage• Initial exploit stage followed
by malware executable download, callbacks and exfiltration
• Lateral movement to infect other network assets
![Page 11: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/11.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11
Top 5 Modern Malware Trends
![Page 12: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/12.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12
Trend #1: Motivation is Data “Capitalization”
• Political, Financial, Intellectual• Nature of threats changing
– From broad, scattershot to advanced, targeted, persistent
• Advanced attacks accelerating– High profile victims common
(e.g., RSA, Symantec, Google)– Numerous APT attacks like
Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro
“Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.”
Gartner, 2012
2004 2006 2008 2010 2012
Advanced Persistent Threats
Zero-dayTargeted AttacksDynamic Trojans
Stealth Bots
WormsViruses
Disruption Spyware/Bots
Cybercrime
Cyber-espionage and Cybercrime
Dam
age
of A
ttac
ks
![Page 13: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/13.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13
Trend #2: Modern Malware Targets the Application
![Page 14: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/14.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14
Hacking? Not so much…
![Page 15: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/15.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15
Polymorphism on demand
![Page 16: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/16.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16
Blog Post?
![Page 17: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/17.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17
RSS Feed?
![Page 18: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/18.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18
Trend #3: Socialized Attack Vectors
• Spear-Phishing is a social attack– No real technical countermeasure– Users un(der)trained– Effective way to drive malicious traffic– “Whaling” for high return
• 83% of spam uses URLs– URL shorteners– Social engineering URLs– Still on the decline
• Browser/App Infection Vectors– Browser itself– ActiveX / Java– Plug-ins (PDF, QuickTime)– Adobe Flash– JavaScript/AJAX
Percent of Spam Containing Links
Source: Cisco Systems
18
![Page 19: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/19.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19
LinkedIn is a Gold Mine…
![Page 20: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/20.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20
Successful Spear Phish
![Page 21: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/21.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21
Trend #4: It’s not just about files anymore
• Modern Malware is about a sequence of protocol flows which serve to exploit an application
• A file may be invoked or transported, but usually after a successful exploit
• The new reality of Modern Malware or APT is that file-based analysis is inadequate
Exploit
Downloads
Callback ServerInfection Server
DataExfiltration
Binary DownloadCallbacks
![Page 22: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/22.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22
The Attack Life Cycle – Multiple Stages
Exploitation of system1
3 Callbacks and control established
2 Malware executable download
CompromisedWeb Server, or
Web 2.0 Site
1Callback Server
IPS
32Malware spreads laterally
4 Data exfiltration
5
File Share 2
File Share 1
5
4
![Page 23: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/23.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23
Exploit Detection is Critical
• Malware exploits take a similar form:– Write data to memory– Trick the system to execute that code in memory
• Exploitation of the system is the first stage– Subsequent stages can be hidden– You will miss attacks if relying on object/file
analysis
• Only FireEye detects the exploit stage– Captures resulting stages– Shares globally
![Page 24: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/24.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24
Timed Malware
![Page 25: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/25.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25
Ho, Ho, Ho…
Timed Malware: December 25th. Where is the IT staff? ;) FireEye works 24/7/365 so you don’t have to. 2000 + events on Xmas.
![Page 26: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/26.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26
Trend #5: Mobile Device Malware
![Page 27: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/27.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27
Trend #5: Mobile Malware Incremental (See Timestamp)
![Page 28: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/28.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28
BYOD = Bring Your own DOOM!
Source: www.bgr.com “Boy Genius”
![Page 29: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/29.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29
FBI Warning (October 15, 2012)
Source: www.bgr.com
![Page 30: Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,](https://reader037.vdocuments.mx/reader037/viewer/2022110205/56649cae5503460f9497114d/html5/thumbnails/30.jpg)
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30
Thank You!
Frank Salvatore, BCOMM
Territory Manager, Eastern Canada