evolution of malware and the next
play

Evolution of Malware and the Next Generation Endpoint Protection - PowerPoint PPT Presentation

Oct 19, 2022 •173 likes •661 views

Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4.

  1. Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks

  2. Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4. Successs Story Malware Evolution 02/07/2015 2

  3. Malware samples evolution Malware Evolution 02/07/2015 3

  4. Malware volume evolution Malware Evolution 02/07/2015 4

  5. Malware Eras Malware Evolution 02/07/2015 5

  6. 1 st Era Very little samples and Malware • families Virus created for fun, some very • harmful, others harmless, but no ultimate goal Slow propagation (months, years) • through floppy disks. Some virus are named after the city where it was created or discovered All samples are analysed by • technicians Sample static analysis and • disassembling (reversing) Malware Evolution 02/07/2015 6

  7. W32.Kriz Jerusalem Malware Evolution 02/07/2015 7

  8. 2 nd Era Volume of samples starts growing • Internet slowly grows popular, macro • viruses appears , mail worm, etc… In general terms, low complexity • viruses, using social engineering via email, limited distribution, they are not massively distributed Heuristic Techniques • Increased update frequency • Malware Evolution 02/07/2015 8

  9. Melissa Happy 99 Malware Evolution 02/07/2015 9

  10. 3 rd Era • Massive worms apparition overloads the internet • Via mail: I Love You • Via exploits: Blaster, Sasser, SqlSlammer • Proactive Technologies • Dynamic: Proteus • Static: KRE & Heuristics Machine Learning • Malware process identification by events analysis of the process: • Access to mail contact list • Internet connection through non-standard port • Multiple connections through port 25 • Auto run key addition • Web browsers hook Malware Evolution 02/07/2015 10

  11. I love you Blaster Malware Evolution 02/07/2015 11

  12. Sasser Malware Evolution 02/07/2015 12

  13. Static proactive technologies Response times reduced to 0 detecting unknown malware Machine Learning algorithms applied to classic classification problems Ours is ALSO a “class” problem: malware vs goodware. Malware Evolution 02/07/2015 13

  14. 4 th Era • Hackers switched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks. • Generalization of droppers/downloaders/EK • The move to Collective Intelligence • Massive file classification. • Knowledge is delivered from the cloud Malware Evolution 02/07/2015 14

  15. Banbra Tinba Malware Evolution 02/07/2015 15

  16. El salto a la La entrega del conocimiento desde la Inteligencia nube como alternativa al fichero de Colectiva firmas. Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección). Malware Evolution 02/07/2015 16

  17. Big Data arrival Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies.  Current working set of 12 TB  400K million registries  600 GB of samples per day  400 million samples stored Malware Evolution 02/07/2015 17

  18. 5 th Era First massive cyber-attack against a country, • Estonia from Russia. Anonymous starts a campaign against • several organizations (RIAA, MPAA, SGAE, and others) Malware professionalization • Use of marketing techniques in spam • campaigns Country/Time based malware variant • distribution Ransomware • APTs • Detection by context • Apart from analysing what a process does, • the context of execution is also taken into account… Malware Evolution 02/07/2015 18

  19. Reveton Ransomware Malware Evolution 02/07/2015 19

  20. Malware Evolution 02/07/2015 20

  21. APTs … Malware Evolution 02/07/2015 21

  22. Sony Pictures computer system down after reported hack Hackers threaten to release 'secrets' onto web - Unknown author - November / December 2013 - Information deletion - 40 millions credit/debit cards stolen - TB of information stolen - Attack made through the A/C maintenance company - POS Malware Evolution 02/07/2015 22

  23. Carbanak - Year 2013/2014 - ATMs: 7.300.000 US$ - 100 affected entities - Transfer: 10.000.000 US$ - Countries affected: Russia, Ukraine, - Total estimated: 1.000.000.000 US$ USA, Germany, China Malware Evolution 02/07/2015 23

  24. What is Panda Adaptive Defense? The Next Generation Endpoint Protection Adaptive Defense 02/07/2015 24

  25. PREVENTION… and blockage of applications Panda Adaptive Defense is a new security model and isolation of systems to prevent future attacks which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout DETECTION… RESPONSE… and blockage and forensic the organization and monitoring and controlling of Zero-day and information their behavior. targeted to analyze attacks in real- each time without the attempted More than 1.2 billion applications already classified. need for attack in signature files detail Adaptive Defense new version (1.5) also includes VISIBILITY… and traceability of each AV engine, adding the disinfection capability. action taken by the Adaptive Defense could even replace the applications running on a system company antivirus. Adaptive Defense 02/07/2015 25

  26. Features and benefits Adaptive Defense 02/07/2015 26

  27. Management Protection Detailed and configurable monitoring Daily and on-demand reports of running applications Simple, centralized Protection of vulnerable systems administration from a Web console Protection of intellectual assets against targeted attacks Better service, simpler management Forensic report Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution

  28. Key Differentiators - Categorizes all running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products. - Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware. - Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity. - Minimal endpoint performance impact (<3%) Adaptive Defense 02/07/2015 28

  29. Adaptive Defense vs Traditional Antivirus Traditional New malware detection capability* Antivirus (25) Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Universal File Classification Agent** Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files ** Universal Agent technology is included as endpoint protection in all Panda Security solutions Adaptive Defense 02/07/2015 29

  30. Adaptive Defense vs Other Approaches AV vendors WL vendors* New ATD vendors** Detection gap Not all infection vectors covered Management of WLs required Do not classify all applications (i.e. USB drives) No transparent to end-users and admin (false Monitoring sandboxes is not as effective as Complex deployments required positives, quarantine administration,… ) monitoring real environments Expensive work overhead involved ATD vendors do not prevent/block attacks * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc Adaptive Defense 02/07/2015 30

  31. How does Adaptive Defense work? Adaptive Defense 02/07/2015 31

  32. A brand-new three phased cloud-based security model 2nd Phase: 3rd Phase: 1st Phase: Analysis and correlation of all Endpoint hardening & Comprehensive monitoring of all actions monitored on customers' enforcement: Blocking of all the actions triggered by systems thanks to Data Mining suspicious or dangerous programs on endpoints and Big Data Analytics processes, with notifications to techniques alert network administrators Adaptive Defense 02/07/2015 32

  33. Panda Adaptive Defense Architecture Adaptive Defense 02/07/2015 33

  34. Success Story Adaptive Defense 02/07/2015 34

  35. Adaptive Defense +1,2 billion applications already categorized in figures +100 deployments. Malware detected in 100% of scenarios +100,000 endpoints and servers protected +200,000 security breaches mitigated in the past year +230,000 hours of IT resources saved  estimated cost reduction of 14,2M € Lest’s see an example… Adaptive Defense 02/07/2015 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dissecting Android Malware: Characterization and Evolution 1 Problems to solve 18 Requirement

Dissecting Android Malware: Characterization and Evolution 1 Problems to solve 18 Requirement

Dissecting Android Malware: Characterization and Evolution 1 Problems to solve 18 Requirement 1: Sufficient Malware data set Anti Virus Communities or Researchers are hampered by the lack of malware data set. Req equires a a suf

648 views • 34 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

568 views • 22 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
SELF-PROPAGATING MALWARE Ben Livshits, Microsoft Research Overview of Todays Lecture 2

SELF-PROPAGATING MALWARE Ben Livshits, Microsoft Research Overview of Todays Lecture 2

WORMS AND SELF-PROPAGATING MALWARE Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Malware: taxonomy JavaScript worms History, evolution, and Spectator : JavaScript progression of worms: worm detection and an

643 views • 51 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND &amp; CONTROL QUESTIONS &amp; ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
Machine Detectable Network Behavioural Commonalities for Exploits &amp; Malware University of

Machine Detectable Network Behavioural Commonalities for Exploits &amp; Malware University of

Machine Detectable Network Behavioural Commonalities for Exploits &amp; Malware University of Amsterdam Alexandros Stavroulakis MSc System &amp; Network Engineering Research Project II What is this about? Automatic generation of malicious

248 views • 22 slides
Dynamic Binary Instrumentation-based Framework for Malware Defense Najwa Aaraj , Anand

Dynamic Binary Instrumentation-based Framework for Malware Defense Najwa Aaraj , Anand

Dynamic Binary Instrumentation-based Framework for Malware Defense Najwa Aaraj , Anand Raghunathan , and Niraj K. Jha Department of Electrical Engineering, Princeton University, Princeton, NJ 08544, USA NEC Labs America,

410 views • 25 slides
simplify. the. dream. AND. execute. a panel &amp; workshop discussion on how to simplify BIG

simplify. the. dream. AND. execute. a panel &amp; workshop discussion on how to simplify BIG

simplify. the. dream. AND. execute. a panel &amp; workshop discussion on how to simplify BIG dreams into actionable steps and executable goals that win! SCOPE Four dynamic women in the digital and content creation space come together to share

387 views • 15 slides
CALCULIX LAUNCHER VERSION 0.32 http://calculix.de/ http://calculixforwin.blogspot.com/

CALCULIX LAUNCHER VERSION 0.32 http://calculix.de/ http://calculixforwin.blogspot.com/

CALCULIX LAUNCHER VERSION 0.32 http://calculix.de/ http://calculixforwin.blogspot.com/ http://www.calculixforwin.com/ Table of Contents Installation

391 views • 19 slides
CYBER SECURITY PART 1 Keeping you safe in an electronic age David Gibb, Cyber Protect

CYBER SECURITY PART 1 Keeping you safe in an electronic age David Gibb, Cyber Protect

CYBER SECURITY PART 1 Keeping you safe in an electronic age David Gibb, Cyber Protect Officer, Essex Police Barry Linton, Thorpe Bay U3A Thorpe Bay U3A Criminal insight - why commit cybercrime? Scale Nationally 1.6 million cyber

429 views • 25 slides
st t t

st t t

st tts trt Prtt strt tt tt ts ts

1.47k views • 125 slides
MANAGEMENT INFORMATION SYSTEM VIRAJ SHINDE : 16-H-15 RUCHI THAKKAR : 16-H-16

MANAGEMENT INFORMATION SYSTEM VIRAJ SHINDE : 16-H-15 RUCHI THAKKAR : 16-H-16

MANAGEMENT INFORMATION SYSTEM VIRAJ SHINDE : 16-H-15 RUCHI THAKKAR : 16-H-16 PADMA KAMBLE : 16-H-31 SALMA VADHAVANIA : 16-H-37 1 SHRADDHA JOSHI : 16-H-38 OUTLINE 1. Introduction to MIS and Definition 2.

468 views • 31 slides
ERP &amp; SIS Update Tuesday, May 23, 2017 0 ERP Progress Implementation Negotiations

ERP &amp; SIS Update Tuesday, May 23, 2017 0 ERP Progress Implementation Negotiations

Pam Willingham, NBCT Dr. John Phillipo ERP &amp; SIS Update Tuesday, May 23, 2017 0 ERP Progress Implementation Negotiations Selection/ Proposal Review Demonstrations Discovery RFP Future Design &amp; Requirements Business Case/

467 views • 24 slides

More recommend