prevalence of malicious dns and proposed solutions
play

Prevalence of Malicious DNS and Proposed Solutions Christopher - PowerPoint PPT Presentation

Aug 22, 2023 •8 likes •158 views

Prevalence of Malicious DNS and Proposed Solutions Christopher Davis and Zachary Hanif Sunday, March 11, 12 Introduction Chris Davis Emerging Threats & University of Toronto Fellow IPTrust, DefIntel, Damballa... Mariposa, Conficker,

  1. Prevalence of Malicious DNS and Proposed Solutions Christopher Davis and Zachary Hanif Sunday, March 11, 12

  2. Introduction Chris Davis Emerging Threats & University of Toronto Fellow IPTrust, DefIntel, Damballa... Mariposa, Conficker, Storm... Sunday, March 11, 12

  3. Introduction Zach Hanif IPTrust, Georgia Tech, GTRI Mariposa, Zeus, many other APTs Machine Learning, Big Data (Hadoop, Cassandra...) Many additional Botnet takedowns and sinkholes Sunday, March 11, 12

  4. What Are We Doing Now 60-80k malware samples processed daily 5 separate malware analysis systems 10’s of thousands of bad domains per day Tracking > 20k active Botnets Sunday, March 11, 12

  5. The Problem Malware is custom designed to evade detection, stay resident, and display coordinated action Anti-virus solutions are generally ineffective “...8 out of 10 pieces of malicious code are going to get in.” -Graham Ingram, AUSCERT “Every second, 14 adults become the victim of cyber crime.” -Symantec via theregister.co.uk Sunday, March 11, 12

  6. Scope of the Problem Majority of banks Fortune500 Many international government departments Airlines Hotel chains Oil and gas companies Utilities and infrastructure Sunday, March 11, 12

  7. High Profile Botnet Compromises Sony RSA Google Nasdaq Dalai Lama Mitsubishi Heavy Industries UN, International Olympic Committee Sunday, March 11, 12

  8. Current Response Anti-virus IDS/IPS - not designed to detect compromises Court ordered domain takedowns - too many bad domains, and other issues. See “Guidance for preparing domain name orders, seizures, and take downs” - Dave Piscitello (ICANN) NXD mailing list - good but small scale Sunday, March 11, 12

  9. Proposed Solution 100% public benefit non-profit - Malicious domain clearing house / registrar ICANN backed Emerging Threats sponsored Community support (ISC, Dagon, Wesson, etc...) Sunday, March 11, 12

  10. Goals/Mission Analyze immense amounts of malware to identify malicious domains Identify, analyze, validate, confirm Sinkhole C2s & identify victims Notify victims & provide free remediation assistance Remove, in a coordinated fashion, malicious domains from registrars Sunday, March 11, 12

  11. Clearing House Offerings Daily bad domain feed (zero error) EPP/RPP bad domain transfers/sinkholing Bad actor DB with credential and login data for LEO Peer reviewed analysis Move the bad traffic off your pipe Sunday, March 11, 12

  12. Technical Challenges Identify malicious domains with zero error C2 / Compromised domain Bad domain transfer mechanism and fees Sinkhole robustness and victim identification Victim notification and remediation Must maintain victim privacy while being able to work towards resolution Sunday, March 11, 12

  13. Social Challenges Registrar/registry buy-in Simply cannot work without this support Requires substantial support from the community Needs ISPs, NGOs, CERTs, etc for remediation and customer notification Large industry partners (Google, Microsoft, etc) Sunday, March 11, 12

  14. First Steps Provide a per-registrar feed of C2 domains and evidence of their maliciousness Support the Snort/Suricata projects through custom rulesets New TLD monitoring Easier to prevent an issue then root it out after the fact Sunday, March 11, 12

  15. Q&A Sunday, March 11, 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

THE PROBLEM 1 SOLUTIONS What do you think the solutions are? 2 PROPOSED SOLUTIONS

THE PROBLEM 1 SOLUTIONS What do you think the solutions are? 2 PROPOSED SOLUTIONS

THE PROBLEM 1 SOLUTIONS What do you think the solutions are? 2 PROPOSED SOLUTIONS Increase need-based federal aid, like Pell Grants, which now cover less than one-third of the cost of attendance at public four-year universities;

184 views • 15 slides
Malicious Overjoining in Multicast Problem and proposed solution draft-jholland-cb-assisted-cc

Malicious Overjoining in Multicast Problem and proposed solution draft-jholland-cb-assisted-cc

Malicious Overjoining in Multicast Problem and proposed solution draft-jholland-cb-assisted-cc Jake Holland, Akamai Technologies Multicast Utopia Requirements Multicast Bulk Rate applications: MUST tolerate a wide range of Internet path

349 views • 15 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1

Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1

Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1 Heejo Lee 1 Korea University, 2 Microsoft Research Asia USENIX WebApps 2011 2011-06-21 Outline Introduction Existing solutions

470 views • 25 slides
Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

ITS335 Malicious Software Malicious Software Propagation Payload Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October

673 views • 30 slides
Differences in TBI Prevalence, Outcomes, and Symptoms in Colorado CB Eagye TBI Prevalence

Differences in TBI Prevalence, Outcomes, and Symptoms in Colorado CB Eagye TBI Prevalence

Differences in TBI Prevalence, Outcomes, and Symptoms in Colorado CB Eagye TBI Prevalence Research Studies Initial Research Project Colorado Study of TBI Prevalence and Associated Outcomes - 2007 Funded by the CDC Statewide

1.1k views • 81 slides
An Analysis of Wireless Security at U of M Dearborn: Found Problems and Proposed Solutions

An Analysis of Wireless Security at U of M Dearborn: Found Problems and Proposed Solutions

An Analysis of Wireless Security at U of M Dearborn: Found Problems and Proposed Solutions (CASL Only) Summary Basic Networking Concepts Description of vulnerabilities Demonstration Possible solutions Networking Addresses 3

288 views • 24 slides
Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci

OWASP T urkey - Uygulama Gvenlii Gn Introduction to Malicious Web Sites Ktcl Web Sitelerine Bir lk Bak Ali Ikinci Siber Gvenlik Dernei ali@ikinci.info 9 June 2012 Turkey About Me Working on Malicious Web Sites

505 views • 31 slides
Greying of MS Prevalence: 32% between 55-64 years; 14% over 65 years; peak prevalence is 55-

Greying of MS Prevalence: 32% between 55-64 years; 14% over 65 years; peak prevalence is 55-

Physical function in older adults with MS: An application of the Short Physical Perform ance Battery Robert W. Motl, Gioella Chaparro, Manuel E. Hernandez, Julia M. Balto, Brian M. Sandroff Greying of MS Prevalence: 32% between 55-64

464 views • 11 slides
Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer

Lines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer Vienna University of Technology Alessandro Di Federico Politecnico di Milano Federico Maggi Politecnico di Milano Paolo Milani Comparetti Vienna

566 views • 27 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 29 March 2007 SYN Cookies (contd) SYN Cookies (contd) SYN cookies are particular choices of initial TCP sequence numbers

868 views • 62 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain TPMPC 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

925 views • 69 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain EUROCRYPT 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

1.11k views • 57 slides
Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First

Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First

Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First Conference, Vienna Agenda Background Previous work Information leakage by malicious insider Our Research How to prevent 2 Insider

335 views • 30 slides
Smoking Cessation Support 2006/2013 Census Smoker Prevalence 2006/2013 Census Prevalence by

Smoking Cessation Support 2006/2013 Census Smoker Prevalence 2006/2013 Census Prevalence by

Connecting Patients to Smoking Cessation Support 2006/2013 Census Smoker Prevalence 2006/2013 Census Prevalence by ethnicity Mori drop 10% Smoking Prevalence by DHB Region 20.7% Now 15.1% Less than 5% In 2012 Government

354 views • 19 slides
CC - Elisa Azzali CC - Tim Morgan CC - Quinn Dombrowski Public domain - Theodore C. Marceau CC

CC - Elisa Azzali CC - Tim Morgan CC - Quinn Dombrowski Public domain - Theodore C. Marceau CC

THE cloud data feed CC - Elisa Azzali CC - Tim Morgan CC - Quinn Dombrowski Public domain - Theodore C. Marceau CC - Erik Christensen Damn-fast and effective malware info sharing with MISP by Christophe Vandeplas http://misp-project.org

692 views • 47 slides
Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com <http://www.cymru.com> Network Forensics what does it mean? network forensics is the analysis of network events in order to discover the source of problem

997 views • 43 slides
Evaluation of Intrusion Detection Systems in Clouds Thibaut Probst , E. Alata, M. Ka aniche, V.

Evaluation of Intrusion Detection Systems in Clouds Thibaut Probst , E. Alata, M. Ka aniche, V.

Problem statement Methodology Testbed and Experimental Results Conclusion Evaluation of Intrusion Detection Systems in Clouds Thibaut Probst , E. Alata, M. Ka aniche, V. Nicomette LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF)

719 views • 22 slides
Find Joy in the Journey Guarding Yourself Against 5 Joy Robbers Be joyful always; pray

Find Joy in the Journey Guarding Yourself Against 5 Joy Robbers Be joyful always; pray

Find Joy in the Journey Guarding Yourself Against 5 Joy Robbers Be joyful always; pray continually; give thanks in all circumstances, for this is Gods will for you in Christ Jesus. I Thessalonians 5:16-18 For the kingdom of God is

332 views • 19 slides
Prepare, Present, Assess Presented By: Charlie Rizzuto 2016 Nassau Zone Secondary PE

Prepare, Present, Assess Presented By: Charlie Rizzuto 2016 Nassau Zone Secondary PE

Prepare, Present, Assess Presented By: Charlie Rizzuto 2016 Nassau Zone Secondary PE Teacher of the Year 2017 NYS Health Education Amazing Person of the Year IGOR ELEVANCE ELATIONSHIPS Snack Time What was most memorable? Why are

863 views • 85 slides
River Runners Citizen Science Training Workshop with support and funding from New Hampshire

River Runners Citizen Science Training Workshop with support and funding from New Hampshire

River Runners Citizen Science Training Workshop with support and funding from New Hampshire Rivers Council members like you Exotic Species EXOTIC and INVASIVE: A species that is not native and is introduced to an area either purposely

1.01k views • 71 slides
Geometry Euclid of Alexandria The Founder of Geometry. He was a Greek mathematician, often

Geometry Euclid of Alexandria The Founder of Geometry. He was a Greek mathematician, often

Geometry Euclid of Alexandria The Founder of Geometry. He was a Greek mathematician, often referred to as the "Father of Geometry". He was active in Alexandria during the reign of Ptolemy I (323283 BC) Pythagorean theorem Geometry

807 views • 66 slides
Results & Commentary May 7, 2020 Always Secure. Always Available. Cautionary Statements

Results & Commentary May 7, 2020 Always Secure. Always Available. Cautionary Statements

Q1 2020 Financial Results & Commentary May 7, 2020 Always Secure. Always Available. Cautionary Statements & Disclosures This presentation and the accompanying oral presentation contain forward - looking statements that are based on

537 views • 21 slides

More recommend