trends in malware
play

Trends in Malware DRAFT OUTLINE Wednesday, October 10, 12 - PowerPoint PPT Presentation

Dec 30, 2022 •145 likes •316 views

Trends in Malware DRAFT OUTLINE Wednesday, October 10, 12 Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

  1. Trends in Malware DRAFT OUTLINE Wednesday, October 10, 12

  2. Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance, attackers are developing ever more sophisticated malware exploits. Modern malware increasingly preys on human naivety, burrows deep within operating systems, and is even able to change its own software code to evade detection. In this session we will examine the current malware landscape, looking at who is behind the attacks, how it works, and, most importantly, what we can do to counter the threat. Wednesday, October 10, 12

  3. Recent, High Profile Attacks Attack Strategic Target Facility Adversary Means Result Significance Goal Goal Penetrated security defenses Steal intellectual and obtained Telvent Canada Ltd Electricity Chinese hackers Malware Unknown Undetermined property software and blueprints related to SCADA system First publicly Stated: End Information known case of government Aramco, Saudi Malware destruction, steal hacktivist group Oil Hacktivist Erased hard drives oppression, Arabia (Shamoon) intellectual using state particularly in property developed middle east malware Speculation: Compromised RSA Speculation: Steal Malware (Excel Steal intellectual Acceleration of RSA IT Chinese hackers SecureID token US jet fighter Spreadsheet) property Chinese military generation blueprints from LM capability First publicly known, attributed Halt or delay Delay Iran from Natanz Nuclear US & Israeli Destroyed use of cyber Nuclear Malware (Stuxnet) uranium obtaining nuclear Facility, Iran Government centrifuges weapon by enrichment material national government Wednesday, October 10, 12

  4. Malware Track Record • 2010: On average, only 53% of malware detected on download * • 2011: 250% Increase in unique malware domains ** • 2011: 49% of breaches used malware *** • 2012: On average, 2 new, unique pieces of malware per day **** * 2010 NSS Labs study (www. nsslabs.com) ** 2011 Cisco Global Threat report (www.cisco.com) *** 2011 Verizon Data Breach Investigations Report **** 2012 ZDNET http://www.zdnet.com/blog/bott/the-malware-numbers-game-how-many-viruses-are-out-there/4783 Wednesday, October 10, 12

  5. What is Malware Malware, short for malicious software, is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer system. - Wikipedia Wednesday, October 10, 12

  6. Characteristics • Proliferate (spread) • Infect (infiltrate) • Conceal (hide) • Compromise (disrupt, exfiltrate) Wednesday, October 10, 12

  7. Malware Types • Virus (self replicates by attaching to another program or file) • Worms (replicates independent of another program) • Trojan Horses (masquerades as legitimate file or program) • Rootkits (gain privileged access to a machine while concealing itself) • Spyware (collect information from target system) • Adware (delivers advertisements with or without consent) Wednesday, October 10, 12

  8. Actors • Government & Military • Organized Crime • Terrorists • Activists • Opportunists (just for kicks, profit, show-off skills) Wednesday, October 10, 12

  9. Early Malware • 1988 - Morris Worm (remotely connect to a UNIX process, overwrite memory (buffer overflow) and gain access to the machine) • 2001 - NIMDA (spread through email or webs. Would modify or replace legitimate files on system and open remote access with admin privileges.) • 2005 - Sony BMG rootkit (Installed by inserting SONY music CD into PC. Designed to prevent copying of CD - XCP . Software hid itself and opened vulnerabilities that subsequent malware exploited) Wednesday, October 10, 12

  10. Traditional Defense • Manual Inspection & Removal (use tools to look for files or settings and remove or restore) • Anti-Virus (look for file or settings signature and remove or restore) • Intrusion Detection / Protection (look for packet types, formats, patterns and block or redirect) • Firewall (filter, permit or deny traffic) • Sandboxing (limit behavior - restrict application rights/ access, lock-down systems, segment networks, etc.) Wednesday, October 10, 12

  11. Modern Malware • Customized & Targeted • Polymorphic (pieces of code in the malware change for each distribution - e.g. shifting encryption, data insertion, changing code run order) • Remotely controlled with encrypted communications (botnets - provide agility and flexibility) • Persistent and intelligent (probe network to find more vulnerabilities, adjust tactics, blend in, low and slow) • Beyond computers (mobile, industrial) Wednesday, October 10, 12

  12. Integrated Attacks 1. Infiltrate: spam, phishing, P2P networks, web browsing, social media, social engineering, 2. Infect: trojan horse, virus, worm 3. Persist & Spread: worm, botnet, rootkit 4. Attack: Steal, SPAM, DDoS Wednesday, October 10, 12

  13. Modern Defense • Architecture (policy, governance, operations, capabilities) • Intelligence-led threat defense, not just vulnerability elimination • Contextual & anomaly-based threat detection • Automated, policy-based enforcement Wednesday, October 10, 12

  14. Security Architecture • Security starts with goals (i.e. what’s important to the business) • Requires policy and governance that aligns with goals • Leverages cyber defense operations that implement policy and governance • Builds on an infrastructure platform that provides trust, visibility & resilience Wednesday, October 10, 12

  15. Intelligence-led Threat Defense • Assess target, adversary, risk, means as a basis for developing defenses • Balance across prevention, preparation, response, and recovery • Build sources of local and global intelligence Wednesday, October 10, 12

  16. Context & Anomaly- based Threat detection • Complexity of modern malware means static, signature-based systems alone do not work • Monitor a broad scope of behaviors to fingerprint attacks • Correlate with risk of compromise Wednesday, October 10, 12

  17. Automated, Policy- Based Enforcement • User, device, location, and resources are no longer fixed • Identity is the new perimeter • Infrastructure must leverage policy to dynamically enforce access as user, device, location, and resources shift Wednesday, October 10, 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Command and Control Mechanism Trends in Exploit Kits, RATs, APTs, and Other Malware January 13,

Command and Control Mechanism Trends in Exploit Kits, RATs, APTs, and Other Malware January 13,

Command and Control Mechanism Trends in Exploit Kits, RATs, APTs, and Other Malware January 13, 2016 Mark Mager US-CERT Code Analysis Team Homeland National Cybersecurity and Communications Integration Center Security Agenda About Me

348 views • 22 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

568 views • 22 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer

Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer

Trends in Malware Enabled Identity Theft Matthew McGlashan - matthew@auscert.org.au Computer Security Analyst, AusCERT Outline About AusCERT What AusCERT is doing to combat ID theft The Threat: Trojan Horse software

535 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND & CONTROL QUESTIONS & ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
Database Security Catalin Bidian University of Toronto November 10, 2010 November 10, 2010

Database Security Catalin Bidian University of Toronto November 10, 2010 November 10, 2010

CCT395, Week 10 Database Security Catalin Bidian University of Toronto November 10, 2010 November 10, 2010 CCT395F 1 Database Security Main Objectives 1. Confidentiality (aka Secrecy): a. Data must be kept private b. Information

460 views • 45 slides
Spam Prevention using Spam Prevention using Access Code (AC) Access Code (AC) Akhtar H Khalil,

Spam Prevention using Spam Prevention using Access Code (AC) Access Code (AC) Akhtar H Khalil,

Spam Prevention using Spam Prevention using Access Code (AC) Access Code (AC) Akhtar H Khalil, David J. Parish Akhtar H Khalil, David J. Parish a.h.khalil@lboro.ac.uk , , d.j.parish@lboro.ac.uk d.j.parish@lboro.ac.uk a.h.khalil@lboro.ac.uk

630 views • 18 slides
Luke Valenta Gabbi Fisher @lukevalenta @gabbifish Systems Engineer, Cloudflare Systems

Luke Valenta Gabbi Fisher @lukevalenta @gabbifish Systems Engineer, Cloudflare Systems

Luke Valenta Gabbi Fisher @lukevalenta @gabbifish Systems Engineer, Cloudflare Systems Engineer, Cloudflare Outline 1. HTTPS Interceptors and How to Find Them: Common sources of MITM (Monsters in the Middle). 2. A technique for

701 views • 37 slides
dirtbox, a x86/Windows Emulator Georg Wicherski Virus Analyst, Global Research and Analysis Team

dirtbox, a x86/Windows Emulator Georg Wicherski Virus Analyst, Global Research and Analysis Team

dirtbox, a x86/Windows Emulator Georg Wicherski Virus Analyst, Global Research and Analysis Team Motivation & System Overview Why not just use CWSandbox, Anubis, Normans , JoeBox , Malware are Analys lysis is Sandbox Solutions

604 views • 24 slides
RansomwareDefense Follow us on Twitter : @AlphaKOR Visit our Blog: www.AlphaKOR.com/blog The

RansomwareDefense Follow us on Twitter : @AlphaKOR Visit our Blog: www.AlphaKOR.com/blog The

Header of slide goeshere AlphaKOR RansomwareDefense Follow us on Twitter : @AlphaKOR Visit our Blog: www.AlphaKOR.com/blog The Facts of the Presentation The 2019 AlphaKOR Ransomware Report is comprised of statistics pulled from a survey of

513 views • 23 slides
ANTIALIASING Based on slides by Kurt Akeley ALIASING Aliases are low frequencies in a rendered

ANTIALIASING Based on slides by Kurt Akeley ALIASING Aliases are low frequencies in a rendered

ANTIALIASING Based on slides by Kurt Akeley ALIASING Aliases are low frequencies in a rendered image that are due to higher frequencies in the original image. 2 JAGGIES Original: Rendered: 3 CONVOLUTION THEOREM Let f and g be the

672 views • 19 slides
Sampling Theory The world is continuous Like it or not, images are discrete. Intro to

Sampling Theory The world is continuous Like it or not, images are discrete. Intro to

Sampling Theory The world is continuous Like it or not, images are discrete. Intro to Sampling Theory We work using a discrete array of pixels We use discrete values for color We use discrete arrays and subdivisions for

316 views • 7 slides
CS 4495 Computer Vision Frequency and Fourier Transforms Aaron Bobick School of Interactive

CS 4495 Computer Vision Frequency and Fourier Transforms Aaron Bobick School of Interactive

Frequency and Fourier Transform CS 4495 Computer Vision A. Bobick CS 4495 Computer Vision Frequency and Fourier Transforms Aaron Bobick School of Interactive Computing Frequency and Fourier Transform CS 4495 Computer Vision A. Bobick

1.19k views • 91 slides

More recommend