webinar: insights from cyren's q3 trend report

April 12, 2023 © 2014 CYREN Confidential and Proprietary

INSIGHTS FROM CYREN'S NEW Q3 TREND REPORT

© 2014 CYREN Confidential and Proprietary2

IN TODAY’S WEBINAR

Apple users targeted

Shellshock

Exploiting tragedy

DNS abuse

Diet spam is good for you


CELEBRITY PHOTO HACK – HOW?

1) Vulnerability in iCloud2) Vulnerability in Find My iPhone3) Phishing4) Brute force password5) Answering password questions6) Using other account data7) 3-6 combined8) One hacker9) A whole bunch of hackers10) Anyone who was at the Golden Globes


MOST LIKELY….

“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find My iPhone.”

Chris Chaney


APPLE PHISHING

ssl.apple.com.update-id…….


POLL – APPLE PHISHING

Have you received an Apple phishing email in the last 2 months?


APPLE LEGITIMATE EMAIL CONFUSION

…. And “free” iPhone 6 offers

....And: OS X bash Update 1.0.....


Shellshock

• Disclosed publicly in late September• Deemed by many as the “world’s most dangerous

Internet security bug.”• Security hole in the Unix/Linux “Bash” Shell,

version 1.0.3.• Completely unnoticed for 21 years• Leaves hundreds of millions of Internet-

connected devices (including servers and computers) vulnerable to hackers

• Hackers began exploiting it almost immediately upon the announcement

• Could have been going on for years


BASH? ENVIRONMENT VARIABLES?


EXAMPLES AND USES

• “Getting shell” on a box has always been a major win for an attacker • Control over the target environment

• Access to internal data• Reconfiguration of environments• Publication of malicious code etc.

• Almost limitless• Readily automatable

Thanks to: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test

http-header = Cookie:() { :; }; ping -c 3 209.xx.230.74

CYREN: Unix/Flooder.AN (CGI attack)


POLL: SHELLSHOCK

What do you think about Shellshock?


EXPLOITING TRAGEDY


MALWARE DOWNLOAD


ADWARE, PUA

…And IS (ISIS)


419

© 2014 CYREN Confidential and Proprietary

MALWARE TRENDS


DUNIHI RAT

• Dunihi is a RAT (Remote Access Tool)• Provides backdoor access to the infected system

• Run a command instructions in command shell• Download and execute files which may include other malware• Update or uninstall a copy of itself• Send a local file for upload• Delete a local file or folder


MICROSOFT VS. HOUDINI

• Microsoft filed civil lawsuit against: • Mohamed Benabdellah• Naser Al Mutairi• U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com)• …”for their roles in creating, controlling, and assisting in infecting millions of

computers with malicious software—harming Microsoft, its customers and the public at large.”

• Bladabindi (NJrat) and Jenxcus (NJw0rm)• Distributed using No-IP domains 93 percent of the time.• Over 8 million infections


DYNAMIC DNS

• For good:• Remote access your computer, DVR,

webcam, security camera or any internet connected device easily

• Dynamic DNS points an easy to remember hostname to your dynamic IP address

• For bad:• Agile evasion technique against IP

blacklisting• Deliver malicious payloads from

constantly-changing hosting IPs• Use randomly-generated disposable

subdomains under the dynamic DNS domain


DNS POISONING

• Attacker exploits a flaw in the DNS software• Data is introduced into a DNS cache database• Causes the DNS to return an incorrect IP address

• Diverting traffic to malicious computer

Customers of ISP redirected to phony banking site


DNS POISONING

You

Hacked DNS (ISP)

Good DNS

Fake site

Real site

www.bdo.com.ph

www.bdo.com.ph

203.177.92.16

87.236.210.114


YOUR DNS PROVIDER

Who do you use as your DNS provider? Google OpenDNS Your ISP Another provider Not sure…


SPAM TRENDS


SPAM LEVELS

Daily average of 55 billion, averaged 68%


ZOMBIE COUNTRIES

Russian Federation11.5%

Vietnam11.4%

China9.9%

India9.4%

Iran5.6%Taiwan

4.7%Argentina

3.1%Ukraine

3.0%

United States3.0%

Brazil2.4%

Germany1.8%

Saudi Arabia1.8%

Korea1.6%

Italy1.4%

Thailand1.3%

Others28.0%


SPAM TOPICS


EATING LOW CALORIE SALADS WILL MAKE YOU GAIN WEIGHT…


GLOBALVIEW


GLOBALVIEW CLOUD AND PRODUCT FAMILIES

WEB EMAILANTIMALWARECYREN WebSecurityURL-Filtering

MobileSecurityAntiVirus

CYREN EmailSecurityEmail Messaging SuiteAntiSpamOutbound AntiSpamIP ReputationAntiVirus for Email

GlobalViewTM Cloud


We focus on our core competencies so our partners can focus on theirs.

Technical Account ManagersPartner Success Program

COMMITTED TO PARTNER SUCCESS

WHAT MAKES US DIFFERENT



ANY QUESTIONS?

Test your knowledge on Internet security in our quiz!

http://pages.cyren.com/2014-Q4_Internet-Threats-Quiz.html

webinar: insights from cyren's q3 trend report

Technology

you2014 cyren confidential

isis2014 cyren confidential

years2014 cyren confidential

dns softwaredata

dns providerwho

dynamic dns domain

dns poisoning attacker

device easilydynamic