webinar: insights from cyren's q3 trend report
DESCRIPTION
CYREN's quarterly Internet Threats Trend Report is a MUST READ for Internet security stakeholders around the globe. The Q3 report highlights growing abuse of Apple’s iCloud, insight into the Bash Bug vulnerability, the misuse of tragic news items to spread malware and adware, and much more.TRANSCRIPT
April 12, 2023 © 2014 CYREN Confidential and Proprietary
INSIGHTS FROM CYREN'S NEW Q3 TREND REPORT
© 2014 CYREN Confidential and Proprietary2
IN TODAY’S WEBINAR
Apple users targeted
Shellshock
Exploiting tragedy
DNS abuse
Diet spam is good for you
© 2014 CYREN Confidential and Proprietary3
CELEBRITY PHOTO HACK – HOW?
1) Vulnerability in iCloud2) Vulnerability in Find My iPhone3) Phishing4) Brute force password5) Answering password questions6) Using other account data7) 3-6 combined8) One hacker9) A whole bunch of hackers10) Anyone who was at the Golden Globes
© 2014 CYREN Confidential and Proprietary4
MOST LIKELY….
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find My iPhone.”
Chris Chaney
© 2014 CYREN Confidential and Proprietary5
APPLE PHISHING
ssl.apple.com.update-id…….
© 2014 CYREN Confidential and Proprietary6
POLL – APPLE PHISHING
Have you received an Apple phishing email in the last 2 months?
© 2014 CYREN Confidential and Proprietary7
APPLE LEGITIMATE EMAIL CONFUSION
…. And “free” iPhone 6 offers
....And: OS X bash Update 1.0.....
© 2014 CYREN Confidential and Proprietary8
Shellshock
• Disclosed publicly in late September• Deemed by many as the “world’s most dangerous
Internet security bug.”• Security hole in the Unix/Linux “Bash” Shell,
version 1.0.3.• Completely unnoticed for 21 years• Leaves hundreds of millions of Internet-
connected devices (including servers and computers) vulnerable to hackers
• Hackers began exploiting it almost immediately upon the announcement
• Could have been going on for years
© 2014 CYREN Confidential and Proprietary9
BASH? ENVIRONMENT VARIABLES?
© 2014 CYREN Confidential and Proprietary10
EXAMPLES AND USES
• “Getting shell” on a box has always been a major win for an attacker • Control over the target environment
• Access to internal data• Reconfiguration of environments• Publication of malicious code etc.
• Almost limitless• Readily automatable
Thanks to: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test
http-header = Cookie:() { :; }; ping -c 3 209.xx.230.74
CYREN: Unix/Flooder.AN (CGI attack)
© 2014 CYREN Confidential and Proprietary11
POLL: SHELLSHOCK
What do you think about Shellshock?
© 2014 CYREN Confidential and Proprietary12
EXPLOITING TRAGEDY
© 2014 CYREN Confidential and Proprietary13
MALWARE DOWNLOAD
© 2014 CYREN Confidential and Proprietary14
ADWARE, PUA
…And IS (ISIS)
© 2014 CYREN Confidential and Proprietary15
419
© 2014 CYREN Confidential and Proprietary
MALWARE TRENDS
© 2014 CYREN Confidential and Proprietary17
DUNIHI RAT
• Dunihi is a RAT (Remote Access Tool)• Provides backdoor access to the infected system
• Run a command instructions in command shell• Download and execute files which may include other malware• Update or uninstall a copy of itself• Send a local file for upload• Delete a local file or folder
© 2014 CYREN Confidential and Proprietary18
MICROSOFT VS. HOUDINI
• Microsoft filed civil lawsuit against: • Mohamed Benabdellah• Naser Al Mutairi• U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com)• …”for their roles in creating, controlling, and assisting in infecting millions of
computers with malicious software—harming Microsoft, its customers and the public at large.”
• Bladabindi (NJrat) and Jenxcus (NJw0rm)• Distributed using No-IP domains 93 percent of the time.• Over 8 million infections
© 2014 CYREN Confidential and Proprietary19
DYNAMIC DNS
• For good:• Remote access your computer, DVR,
webcam, security camera or any internet connected device easily
• Dynamic DNS points an easy to remember hostname to your dynamic IP address
• For bad:• Agile evasion technique against IP
blacklisting• Deliver malicious payloads from
constantly-changing hosting IPs• Use randomly-generated disposable
subdomains under the dynamic DNS domain
© 2014 CYREN Confidential and Proprietary20
DNS POISONING
• Attacker exploits a flaw in the DNS software• Data is introduced into a DNS cache database• Causes the DNS to return an incorrect IP address
• Diverting traffic to malicious computer
Customers of ISP redirected to phony banking site
© 2014 CYREN Confidential and Proprietary21
DNS POISONING
You
Hacked DNS (ISP)
Good DNS
Fake site
Real site
www.bdo.com.ph
www.bdo.com.ph
203.177.92.16
87.236.210.114
© 2014 CYREN Confidential and Proprietary22
YOUR DNS PROVIDER
Who do you use as your DNS provider? Google OpenDNS Your ISP Another provider Not sure…
© 2014 CYREN Confidential and Proprietary
SPAM TRENDS
© 2014 CYREN Confidential and Proprietary24
SPAM LEVELS
Daily average of 55 billion, averaged 68%
© 2014 CYREN Confidential and Proprietary25
ZOMBIE COUNTRIES
Russian Federation11.5%
Vietnam11.4%
China9.9%
India9.4%
Iran5.6%Taiwan
4.7%Argentina
3.1%Ukraine
3.0%
United States3.0%
Brazil2.4%
Germany1.8%
Saudi Arabia1.8%
Korea1.6%
Italy1.4%
Thailand1.3%
Others28.0%
© 2014 CYREN Confidential and Proprietary26
SPAM TOPICS
© 2014 CYREN Confidential and Proprietary27
EATING LOW CALORIE SALADS WILL MAKE YOU GAIN WEIGHT…
© 2014 CYREN Confidential and Proprietary
GLOBALVIEW
© 2014 CYREN Confidential and Proprietary29
GLOBALVIEW CLOUD AND PRODUCT FAMILIES
WEB EMAILANTIMALWARECYREN WebSecurityURL-Filtering
MobileSecurityAntiVirus
CYREN EmailSecurityEmail Messaging SuiteAntiSpamOutbound AntiSpamIP ReputationAntiVirus for Email
GlobalViewTM Cloud
© 2014 CYREN Confidential and Proprietary30
We focus on our core competencies so our partners can focus on theirs.
Technical Account ManagersPartner Success Program
COMMITTED TO PARTNER SUCCESS
WHAT MAKES US DIFFERENT
© 2014 CYREN Confidential and Proprietary
© 2014 CYREN Confidential and Proprietary
ANY QUESTIONS?
Test your knowledge on Internet security in our quiz!
http://pages.cyren.com/2014-Q4_Internet-Threats-Quiz.html