Malwares in Cyber Space Threat landscape, Emerging trends, - - PowerPoint PPT Presentation

malwares in cyber space threat landscape emerging trends
SMART_READER_LITE
LIVE PREVIEW

Malwares in Cyber Space Threat landscape, Emerging trends, - - PowerPoint PPT Presentation

Feb 15, 2024 130 likes •257 views

Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul Kabra, Solutions Architect CyberSpace The good, the bad and the ugly Internet is an unsafe neighborhood right in your office space

slide-1
SLIDE 1

Malwares in Cyber Space – Threat landscape, Emerging trends, Solutions and Challenges

Atul Kabra, Solutions Architect

slide-2
SLIDE 2

CyberSpace – The good, the bad and the ugly

  • Internet is an unsafe neighborhood

– right in your office space – your living room, cell phones – And god knows where all

  • Plenty of bad guys out there to steal your

data, money, identity and anything else they can by infecting your devices

  • Some bad guys have turned ugly and they

don’t care about your money anymore. don’t care about your money anymore. – They are out to spread cyber destruction/warfare

  • Lucky for you – There are some “good”

guys out there too, working to keep you safe

slide-3
SLIDE 3

Zero-Day attacks – Rise of the ‘Malwares’

  • Quarter-On-Quarter growth in Malware Samples

– We now have more than 80 million samples.

  • Population of Bangalore ~ 8 million
slide-4
SLIDE 4

Malware growth

  • Growth in ‘New’ Malware
slide-5
SLIDE 5

Security Measures by OS vendors

  • Widen the adoption of ‘digital signatures’

– ‘Digital Signature/Certificate’ is a means of establishing ‘trust’

  • ‘trust’ = “You are who you claim to be you are”
  • Windows is by and large the biggest target of PC based malwares
  • Microsoft’s response to tighten security in the OS

– Enforce digital signature

  • Mandatory on all 64 bit platforms. 32 bit is excluded for legacy reasons
  • Mandatory on all 64 bit platforms. 32 bit is excluded for legacy reasons

– Enhanced security in Windows 8

  • UEFI boot

– Ensures a secure boot through digital signatures

  • Early Launch of Anti Malware (ELAM)

– Allows Anti-Malware driver to get launched ahead of any other kernel driver. – AM driver can allow/deny load of subsequent kernel modules based on their digital signature

slide-6
SLIDE 6

Now and interesting new trend – Digitally Signed Malwares

slide-7
SLIDE 7

Digitally signed malwares

  • How the ‘heck’ do the malwares get signed?

– Doesn’t the digital signing process involve a trusted root? – What exactly is a ‘digital signature’?

  • A primer on digital signature might help

– Technology built on asymmetric cryptography

  • Public + private key
  • Signed document contains

– hash (md5) » Encrypted using private key » Encrypted using private key – Public Key of the signer

  • Decrypted at run time using public key

– Verify the entity.

  • Malwares get signed using

– Stolen certificates (Social Engineering) – Algorithmic Weaknesses (MD5) – Package a genuinely signed binary

  • Misuse it
slide-8
SLIDE 8

Example – Stolen certificates

  • Have you heard of ‘StuxNet’??

– Arguably the most sensational virus attack of the recent times

  • Seems like right from a Hollywood Sci-Fi Movie
  • Indication of change in motivation for malware authors (or their sponsors)
  • Here is what ‘Wikipedia’ has to say
  • Stealing Certificates happens all the time

– Recent breach at security firm ‘bit9’ (https://blog.bit9.com/2013/02/08/bit9-and-our-customers- security/)

slide-9
SLIDE 9

Example – Algorithm Weaknesses

  • Flame

– Also known as SkyWiper – Designed for cyber espionage, it could record audio, capture key strokes, screen shots and even skype traffic – Another malware discovered in Middle eastern geographies (largely Iran)

  • Main module of flame

– A signed rootkit driver – The signature exploited a weakness (collision) in MD5 algorithm

  • Inserted specially computed blocks in a file to produce two

files with different contents and matching MD5 hashes – Used this weakness to generate dummy keys that matched the certificate of Microsoft Terminal Services – Roughly speaking, to generate this collision it would take about $20K of computing power on Amazon EC2

Image Src: http://www.wired.com

slide-10
SLIDE 10

Example – Mis(ab)using commercial drivers

  • Shamoon

– Also known as Disttrack – Another Targeted attack

  • Energy companies in Mid-East

– Corrupts files, MBR, and destroys the data so that it can't be recovered – Does it with the help of a signed driver called ‘drdisk.sys’ – Drdisk.sys is a commercially available, legitimately signed driver by ElDos Corp (http://eldos.com/rawdisk/)

slide-11
SLIDE 11

End Notes – Future of security and challenges ahead

  • Malwares are getting increasingly smarter

– With access to digital signatures, they have broken a strong fort of security

  • Traditional black-listing based detection

solutions alone may not be sufficient anymore

– Especially for zero-day attacks

  • Need for futuristic solutions
  • Challenges the Industry faces

– Risk of high false positives – Difficult to run in a virtual environment that uses offloaded engines

  • Performance penalties

– Newer attacks – ROP (Return

  • Need for futuristic solutions

– Heuristic/behavior based detection – Sandboxing based solutions – Hardware assisted solutions

  • W Or X memory pages

– DEP (Data Execution Prevention)

  • Hypervisor based security

– SecVisor/MicroVisor – White Listing based solutions

Oriented Programming) – WhiteListing can be too restrictive for end users

slide-12
SLIDE 12

THANK YOU