Prevent Malware attacks with F5 WebSafe and MobileSafe
Transcription
Prevent Malware attacks with F5 WebSafe and MobileSafe
Prevent Malware attacks with F5 WebSafe and MobileSafe Alfredo Vistola Security Solution Architect, EMEA Malware Threat Landscape – Growth and Targets % 25 % 50 % 79 % 82 Of real-world malware is caught by anti-virus Malware Of malware code is logic to bypass defenses Existing malware strains are Trojans Of Institutions learned about fraud incidents from their customers PandaLabs Q1 Report http://press.pandasecurity.com/usa/news/pandalabs -q1-report-trojans-account-for-80-of-malwareinfections-set-new-record/ Data sources: Dark Reading, PandaLabs, & ISMG F5 Agility 2014 2 Malware Threat Landscape – Phishing by Number of Attacks Phishing Attacks by Industry • Finance, Government, Shopping, Online Auctions, and Multiplayer Games. United States Amazon Blizzard Entertainment eBay Internal Revenue Service J.P. Morgan Chase PayPal Wells Fargo United Kingdom Barclays HM Revenue & Customs HSBC Lloyds TSB Natwest Royal Bank of Scotland Brazil Banco Bradesco Banco do Brasil Banco Itau Italy Intesa Sanpaolo Posteitaliane UniCredit Australia ANZ (Australia and New Zealand Banking Group) Westpac Bank McAfee Threats Report 2013 http://www.mcafee.com/us/resources/reports/rpquarterly-threat-q1-2013.pdf F5 Agility 2014 3 F5’s Security Services and Solutions One Platform Network Firewall Traffic Management Application Security Access Control DDoS Protection SSL DNS Security Anti-Fraud, Anti-Malware, Anti-Phishing EAL2+ EAL4+ (in process) F5 Agility 2014 4 Our unique solution Offers protection to cover the gaps with most security solutions Site Visit Device Fingerprinting Phishing Threats © F5 Networks, Inc Site Log In • Geo-location • Brute Force Detection • Behavioral Analysis Credential Grabbing User Navigation Transactions Transaction Execution Behavioral and Click Analysis Abnormal Money Movement Analysis Customer Fraud Alerts Malware Injections PII and CC Grabbing Automatic Transactions 5 F5 Web Fraud Protection Fraud, phishing & malware protection Simple deployment & supports any device Application level encryption Healthcare Retail Device and behavioral analysis Bank 24x7 SOC research, investigation & site take down End-user and application transparency “The knowledge that our online users are protected from fraudsters, wherever they are and at any time, enables our team to focus on developing new products and services.” Anti-Fraud Manager , Leumi Bank F5 Agility 2014 6 WebSafe™ in Action WebSafe – Clientless and Transparent Anti-Fraud Solution Only fully transparent Anti-Fraud solution that reduces banking fraud loss Fraud Detection and Protection • • • Detection of targeted malware, BOTs, MITM/B, form grabbing, Zero-day, … Monitors and alerts when website is copied and uploaded to a spoofed domain (phishing) Clientless application-layer encryption of sensitive user data with sessioninitiated randomly rotating keys F5 Agility 2014 Transaction Protection • • • Real-time transaction analysis for automated or human behavior Transaction integrity Comprehensive request analysis Security Operations Research Center • • • • • 24X7 security reports and alerts Identifies and investigates attacks in real-time Researches and investigates new global fraud technology & schemes Provides detailed incident reports Optional site take-down 8 WebSafe Implementation Options Online Customers A Local alert server and/or SIEM Man-in-theBrowser Attacks Copied Pages and Phishing Web Fraud Protection Online Customers B Application Network Firewall C F5 Security Operations Center Account Automated Transactions and Transaction integrity Amount Transfer Funds Online Customers Customer Scenarios Easily deployed Deploys with no change to applications Leverages existing F5 resources & knowledge Enables IT consolidation Integrated into BIG-IP GUI in 11.6 A Malware Detection and Protection B Anti-Phishing Strategic Point of Control C Transaction Analysis F5 Agility 2014 9 Advanced Phishing Attack Detection and Prevention Identifies phishing threats early-on and stops attacks before emails are sent Alerts upon usage of copy site on local computer 1. Copy website 4. Test spoofed site Alerts upon login and testing of phishing site Web Application Phished user names are sent to the SOC F5 SOC shuts down identified phishing websites Internet 3. Upload image to spoofed site 2. Save image to computer © F5 Networks, Inc Alerts at all stages of phishing site development 10 Generic and Targeted Malware Detection With real-time analysis and a variety of checks WebSafe identifies compromised sessions, malicious scripts, phishing attacks and malware including MITM/B, BOTs, fraudulent transactions • Analyzes browser for traces of common malware (i.e., Zeus, citadel, Carberp, etc) • Detects browser redressing • Performs checks on domain and other components © F5 Networks, Inc 11 Malware Detection – Web Injection Examples F5 Agility 2014 12 Malware Detection – Web Injection Examples Targeted malware web injection F5 Agility 2014 13 Malware Detection – Web Injection Examples Targeted malware web injection F5 Agility 2014 14 Malware Detection – Web Injection Examples F5 Agility 2014 15 Malware Detection – Web Injection Examples F5 Agility 2014 16 Clientless Application-Level Encryption WebSafe secures credentials and other valuable data submitted on web forms © F5 Networks, Inc 17 Clientless Application-Layer Encryption WebSafe secures credentials and other valuable data submitted on web forms • Any sensitive information can be encrypted at the message level • User credentials & information is submitted & encrypted with public key • Data is decrypted on BIG-IP WebSafe using the private key • Intercepted information rendered useless to attacker © F5 Networks, Inc 18 WebSafe™ BIG-IP GUI Integration WebSafe : BIG-IP Integration 11.6 Easily turn on WebSafe anti-fraud protection from BIG-IP • Define anti-fraud profile for each domain • Configure alert server • Enable and disable individual detection/protection modules o o o o © F5 Networks, Inc Phishing detection Malware detection Application layer encryption Automated transaction protection 20 Anti-Fraud Profiles F5 Agility 2014 21 Virtual Server Security Policy Configuration F5 Agility 2014 22 MobileSafe™ In Action Attack Mitigations (1 of 2) • Man in the middle • DNS spoofing • The target domain is checked against a pre-loaded list of known IPs • Certificate forging • The target certificate is compared against a pre-loaded certificate • Jailbreak / rooted devices • Detection of a jailbreak and rooted device F5 Agility 2014 24 Attack Mitigations (2 of 2) • OS security • Unpatched version with known vulnerabilities will raise the device risk score (sent when the app is loaded) • App integrity • Android - MobileSafe will check the application signature (Checksum) • IOS – this check is disabled • Keyloggers – virtual keyboard • Network sniffing at the OS level (before the SSL) vCrypt F5 Agility 2014 25 MobileSafe Architecture / Data Flow Download app F5 SOC (Cloud) F5 Configuration Server Device to application User communication F5 SOC Data Center Alerts BIG-IP (message encryption) F5 Agility 2014 servers 26 F5 Security Operations Center F5 Security Operations Center Always on the watch 24x7x365 fraud analysis team that extends your security team Researches and investigates new global fraud technology & schemes Detailed incident reports Provides detailed threat analysis & incident reports Real-time alerts activated by phone, sms and email Optional site take-down: Phishing sites © F5 Networks, Inc 28 F5 SOC: Phishing Site Take-Down Service Quickly identify and shut down brand abuse websites Always available F5 monitoring and response team Complete attack assessment & postpartum attack report Leverage relationships with ISPs, anti-phishing groups and key international agencies Malicious site take-down in minimal time Recommendations for counter security measures © F5 Networks, Inc 29 Real-Time Alerts Dashboard F5 Agility 2014 30 F5’s Anti-Fraud Solutions Prevent Fraud Targeted malware, MITB, zero-days, MITM, phishing, automated transactions… Protect Online User On All Devices Full Transparency In Real Time Clientless solution, enabling 100% coverage Desktop, tablets & mobile devices No software or user involvement required Alerts and customizable rules If I can be of further assistance please contact me: a.vistola@f5.com Demo Demo of Clientless Application-Level Encryption Web application Login Information Username + password Infected PC Login Information Username + password Internet Dropzone and C&C on the server at the ISP F5 Agility 2014 33 Questions? F5 Agility 2014 34