mr. roland abi najem - security
TRANSCRIPT
SecurityPrepared & Presented by Roland Abi Najem
The process of attempting to gain or successfully gaining, unauthorized access to computer resources
is called Hacking.
What Is Hacking ?
4/22/2015Roland Abi Najem 2
Just for fun.
Show off.
Hack other systems secretly.
Notify many people their thought.
Steal important information.
Destroy enemy’s computer network during the war.
4/22/2015Roland Abi Najem 3
Reasons for Hacking
Website Hacking
Network Hacking
Ethical Hacking
Email Hacking
Password Hacking
Online Banking Hacking
Computer Hacking
Types Of Hacking
4/22/2015Roland Abi Najem 4
Evolution Of Malware
4/22/2015Roland Abi Najem 5
APTs
Data Loss Filtering
URLFiltering
1990s
Anti-spam,Anti-spyware
2000s
Anti-malware
Trojans
Worms,Bots
Spyware
Spam
Grey-listing
BehavioralAnalysis
Heuristics
Whitelisting
Rootkits
PhishingZero-days
1980s 2010s
Offense
Defe
nse
CodeRed
Melissa
Birth of Anti-Virus
Mobile Threats
4/22/2015Roland Abi Najem 6
Statistics Tell A Story
More than 5 billion downloads of
Google Play apps are vulnerable
to remote attacks
The Android platform has the most mobile malware, around 96%
About 60% popular Google Play apps have crypto weakness
4/22/2015Roland Abi Najem 7
Anatomy Of A Multi-Staged CyberAttack
Exploit Detection is Critical All Subsequent Stages can be Hidden or Obfuscated
IP
S
File
Share 2
File Share 1
5. Data Exfiltration
3. Callbacks and Control Established
4.Horizontal Spread
Callback ServerExploit Server
1.Exploitation of System
2.Malware Executable Download
Firewall
4/22/2015Roland Abi Najem 8
Structure Of A Multi-Flow Attack
Exploit injects code in Web browser1
Exploit code downloads encrypted malware (not SSL!)2
3 Exploit code decrypts malware
Target end point connects to C&C server4
CallbackExploit in compromised Web page
Encrypted
Malware
Command and Control Server
Embedded
Exploit Alters
EndpointCallback
Encrypted
malware
downloads
Callback
and data
exfiltration1 2 3 4
4/22/2015Roland Abi Najem 9
Structure Of A Multi-Flow Attack
Email with weaponized document, opened by user, causing exploit1
Client endpoint calls back to infection server2
3 Backdoor DLL dropped
Encrypted callback over HTTP to command and control server4
Callback Server
Weaponized Email (2011 Recruitment Plan.xls) Backdoor C&C Server
1 2 3 4
4/22/2015Roland Abi Najem 10
Anatomy Of A Mobile Threat
Benign Access
1 Calendar Access 2 Microphone Access 3 Exfiltration 4 The tip of the iceberg
Exfiltration
Server
10AM CIA – FBI
sync on Cuba
Hidden Malicious Behavior
4/22/2015Roland Abi Najem 11
Traditional “Defense In Depth” IsFailing
Firewalls/NGFW
Secure Web Gateways
IPSAnti-Spam Gateways
DesktopAV
The New Breed of Attacks Evade Signature-Based Defenses
4/22/2015Roland Abi Najem 12
The High Cost Of Being Unprepared
229 DaysMedian # of days attackers are present on
a victim network before detection.
3 Months 6 Months 9 Months
InitialBreach of Companies Learned
They Were Breached from an External Entity
of Victims Had
Up-To-Date Anti-Virus Signatures
THREAT UNDETECTED REMEDIATION
Source: M-Trends Report
4/22/2015Roland Abi Najem 13
The High Cost Of Being Unprepared
3 Months 6 Months 9 Months
InitialBreach of Companies Learned
They Were Breached from an External Entity
of Victims Had
Up-To-Date Anti-Virus Signatures
THREAT UNDETECTED REMEDIATION
Source: M-Trends Report, Ponemon
32 DaysAverage Time to Resolve an Attack
4/22/2015Roland Abi Najem 14
Thank You