saumil shah evolvement of iprs and its management seminar february 9, 2008 - ahmedabad
DESCRIPTION
Threats in Cyberspace - 2008. Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad. About me. Founder & CEO Net-Square Solutions. Speaker at Blackhat, RSA, and many international security conferences. Author: Web Hacking – Attacks and Defense (2002) - PowerPoint PPT PresentationTRANSCRIPT
Threats in Cyberspace - 2008
Saumil Shah
Evolvement of IPRs and its management seminarFebruary 9, 2008 - Ahmedabad
© n e t - s q u a r e
About me
• Founder & CEO Net-Square Solutions.
• Speaker at Blackhat, RSA, and many international security conferences.
• Author:• Web Hacking – Attacks and Defense (2002)• The Anti-virus book (1996)
• MS Computer Science – Purdue University.
© n e t - s q u a r e
Attack trends since 2000 AD
• 2000: Networks and OS
• 2001: HTTP, DDoS, Worms
• 2002: Web apps, email, Worms, Databases
• 2003: Apps, Bruteforcing
• 2004: Apps, IE, Spyware, Phishing
• 2005: Apps, ID thefts, Phishing, Malware
• 2006: Large data stores, apps, IDs, etc.
• 2007: App worms, Botnets, Pharming
© n e t - s q u a r e
Spam in 2007
• 90-95% of all emails sent were spam.
• 13% of users >50 spam emails per day.
© n e t - s q u a r e
Spam in 2007
• Pump-and-dump stock scam.
• Image and attachment spam.• surged but died towards the end of 2007.
• News topics as subject lines.
• Generated through botnets.
• Fraud and Phishing.
© n e t - s q u a r e
Breaches in 2007
• TD Ameritrade: 6.3 million customer records.
• Monster.com: 1.6 million job seekers' records.
• Western Union: 20,000 credit card records.
• Illinois Dept of Financial and Professional regulation: 3,00,000 records.
• T J Maxx: 45.7 million credit card records.
• Moneygram: 79,000 records.
© n e t - s q u a r e
We’ve all been victims of fraud
• “I’ve never been to Japan!”
© n e t - s q u a r e
Hacking the Human Mind
• Citibank “phishing” scamThe email:
http://antiphishing.org
© n e t - s q u a r e
Faking a bank
• http://www.mycitibank.net/
http://antiphishing.org
© n e t - s q u a r e
Faking a bank
• Who is mycitibank.net?
Domain Name.......... mycitibank.netCreation Date........ 2004-06-22Registration Date.... 2004-06-22Expiry Date.......... 2005-06-22Organisation Name.... Sharon J WarrOrganisation Address. 4 Knotty Pine PlaceOrganisation Address. Texarkana 75503, TX, UNITED STATES
© n e t - s q u a r e
Spyware
• “Marketing delivered to your desktops”.
• Advertisers pay for targeted advertising.
• Adware companies:• 100-200 employees, $50-$200M revenues
• How to get into desktops?…
© n e t - s q u a r e
A typical user's desktop
© n e t - s q u a r e
Spyware
• Digital Gluttony• “I want to download it all!”
• Cater to users’ greed.
• MP3s, Videos, Ringtones, Wallpapers, Smileys, Screensavers, Calendars, …
• …as long as it is free.
© n e t - s q u a r e
The Spyware/Adware eco-system
© n e t - s q u a r e
Malware example
© n e t - s q u a r e
How do you know what NOT to click?
© n e t - s q u a r e
Malware on the rise
• 2005-2006: 172% increase.
• 2006-2007: 800% increase.
• MPack.
• RBN.
• Fast-flux Networks.
• The Storm Botnet.
© n e t - s q u a r e
MPack
• Exploit delivery mechanism.
• Updated regularly with 0-day exploits.• IE VML bug.• IE Animated Cursor vulnerability.• QuickTime overflow.• Winzip ActiveX overflow. etc.
• PHP based automatic website generator.
• Sold for $500-$1000, with auto-exploit-updates.
© n e t - s q u a r e
Botnets
• Large number of compromised systems.
• Centrally controlled.
• Spam marketing.
• Identity theft, password theft.
• DDoS threats.
• Espionage.
© n e t - s q u a r e
Botnet control
© n e t - s q u a r e
The Storm Botnet
• P2P controlled – no central "mother ship".
• Event based campaigns• 2008 greetings, Thanksgiving/Xmas/Valentines
• Operated by the RBN.
• Purchase expired domains.
• Domains resolve to fast-flux networks.• Continuously changing DNS records.• Point to infected hosts.
© n e t - s q u a r e
The Storm Botnet
• A few infected hosts are special• P2P control relays.• DNS servers.• HTTP servers.
• Rootkits, malware, hacked sites, etc.• various delivery mechanisms.
• Running for more than a year.
• We have NOT been able to shut it down.
© n e t - s q u a r e
Growth of the Storm Botnet
© n e t - s q u a r e
Cyber warfare / terrorism?
© n e t - s q u a r e
Cyber warfare / terrorism?
• China penetrated key US databases.
• Dec 07/Jan 08 power blackouts in Central and South America.
• 14 year old boy takes control of Tram network in Poland.
© n e t - s q u a r e
Effectiveness of Anti-Virus software
• Makes computers sluggish.
• False alarms.
• "Most popular brands have an 80% miss rate" – AusCERT.
• Heuristic recognition fell from 40-50% (2006) to 20-30% (2007) – HeiseOnline.
• Signature based scanning does not work.
• AI techniques can be easily beaten.
© n e t - s q u a r e
Security by pop-ups
© n e t - s q u a r e
Web 2.0 attacks
• MySpace worm – XSS goes the virus way.
• Cross Site Request Forgery.
• Predicted rise in Web 2.0 attacks in 2008.• as more generic APIs become popular.
© n e t - s q u a r e
Pharming
• Hijacking DNS entries.
• www.hsbc.com resolves to fraud site.
• DNS server specified in broadband router.
• Broadband routers have web administration interfaces.• and are typically on 192.168.1.1• and have weak passwords: admin/admin.
• Malicious sites contain an IFRAME to access web admin interface.
© n e t - s q u a r e
Pharming – Hijacking DNS entries
© n e t - s q u a r e
Resources
• 20 Reasons the world hates Norton Antivirus
http://www.dtgeeks.com/index.php/blogs/comment/20_reasons_the_world_hates_norton_anti_virus
• Antivirus protection worse than a year ago
http://www.heise-security.co.uk/news/print/100900
• Teen tram hack
http://www.theregister.co.uk/2008/01/11/tram_hack/print.html
• China has penetrated key US databases
http://www.securecomputing.net.au/print.aspx?CIID=101491
• Trojan to attack bank sites
http://www.symantec.com/enterprise/security_response/weblog/2008/01/banking_in_silence.html
• The Russian Business Network
http://rbnexploit.blogspot.com/
Evolvement of IPRs and its management seminarFebruary 9, 2008 - Ahmedabad