the changing threat landscape: 2010 and beyond
DESCRIPTION
The changing threat landscape: 2010 and beyond. Chester Wisniewski – Sophos Eamonn Medlar - WPP Moderator: Angela Moscaritolo. Threat landscape splitting in two. Opportunistic. Targeted. 2. What is an opportunistic attack?. Affiliate marketing Conficker Fake-AV Spam Phishing - PowerPoint PPT PresentationTRANSCRIPT
The changing threat landscape: 2010 and beyond
Chester Wisniewski – Sophos Eamonn Medlar - WPP Moderator: Angela Moscaritolo
Threat landscape splitting in two
2
Opportunistic Targeted
What is an opportunistic attack?
Affiliate marketing Conficker Fake-AV Spam Phishing Social media SEO poisoning
Fake anti-virus: Latest tricks
ДОРВЕЙ (Doorway)
“A web page that is designed to attract traffic from a search engine and then redirect it to another site or page.”
Black hat SEO
Social network malware
Koobface - Multilingual
Koobface – What can it do?
Steal software keys Upload stored passwords Web server Search hijacking Captcha busting PPC fraud Fake AV Soc Net Spambot
Screenshot courtesy of abuse.ch
Targeted attacks have diverged
Unknown exploit(s) Unknown malware Nearly silent Used for
espionage/cyberwarfare
How do we react to this new branch of attack?
MS Advisory for “Aurora” exploit
MS10-046 Shortcut exploit
15 year old bug Stuxnet, Chymin, etc Multiple rootkits
Signatures Tiny P2P Comms Exploits
(RCE and EoP) Small (without packers)
Silent, but deadly
The new blended threat – Step 1
The new blended threat – Step 2
Sample Zeus commands
Sethomepage [URL] resetgrab
getmff getcerts
Bc_add [service] [ip] [port] kos
Block_url shutdown
Rexec [url] [args] reboot
Lexec [file] [args] Upcfg [url]
Addsf [filemask] Block_fake
Zeus takes the 3rd step
Law enforcement crackdown Widely decentralized
Image courtesy of krebsonsecurity,com
“It’s mine” Portability Regulation Chain of trust Legacy increases
attacksurface
Challenges to the protector
Creative Commons image courtesy of thetechbuzz's Flickr photostream.
Evolving with the threat
AV good for basic threat Behavior is key Collective intelligence Event correlation Defense in depth Data protection is key
Discussion with Eamonn Medlar, WPP
Q&A
19
Summary
Contact:
Proven:25+ years of experience
Integratedthreat detection
SophosLabs24/7/365
Anti-MalwareEmail Protection
Web FilteringEncryption
Email: [email protected] Twitter: @chetwisniewskiBlog: http://nakedsecurity.sophos.com
Device/App ControlNAC