Defending strategies against new age Threats
Transcription
Defending strategies against new age Threats
Expecting the unexpected: Defending strategies against new age Threats 04 March 2015 Baburaj Varma – Technical Director, SEA and INDIA Trend Micro Indonesian CIO Network High Profile Attacks Copyright 2015 Trend Micro Inc. 2 Who’s committing attacks - Verizon 92% perpetrated by outsiders 14% committed by insiders 1% implicated business partners 7% involved multiple parties 19% attributed to state-affiliated actors Source: http://www.verizonenterprise.com/DBIR/ Copyright 2015 Trend Micro Inc. 3 Crime Syndicate (Simplified) Data Fencing Victim The Captain Garant Mercenary Attackers The Boss Bullet Proof Hoster Copyright 2015 Trend Micro Inc. 4 Crime Syndicate (Detailed) $1 Exploit Kit Worm Bot Reseller $1 $1 $4 Carder $1 Droppers $4 Money Mule $2 Card Creator $10 Garant Keywords (Botherder) $2 Victim Blackhat SEO Attacker $3 $6 SQL Injection Kit $10 Traffic Direction System Attacker $10 $5 Compromised Sites (Hacker) $5 Bullet Proof Hoster Virtest Cryptor Programmer $5 $10 $10 Copyright 2015 Trend Micro Inc. 5 Vulnerabilities Data Y 2014 • Average 19 vulnerabilities/day • 24% critical vulnerabilities • 83% related to application • Apple & Linux tops the list for OS • 44% of breaches constitutes old vulnerabilities Source: http://www.theregister.co.uk/2015/02/23/hp_hack_vulnerable_threat_study/ Source: NVD and http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/ Copyright 2015 Trend Micro Inc. 6 Today’s Attacks: Social, Sophisticated, Stealthy! Extracts data of interest – can go undetected for months! Gathers intelligence about organization and individuals Attackers Targets individuals using social engineering $$$$ Establishes link to Command & Control server Moves laterally across network seeking valuable data Employees Copyright 2013 Trend Micro Inc. Taregted Attack Techniques Spearphishing 8 Copyright 2015 Trend Micro Inc. Island Hopping Trusted Partner Customers Attackers Island Hopping Copyright 2015 Trend Micro Inc. 9 Watering Hole Attacks Source: Trend Micro Q3’14 Threat Roundup Report Copyright 2015 Trend Micro Inc. 10 Evade detection with customized malware Victimized Business Unix/Linux Server Farm Attacker wipe out files Windows endpoints Malicious C&C websites A total of 76 tailor-made malware were used, in which 9 were destructive, while the other 67 were used for penetration and monitoring. Destroy MBR Destroy MBR wipe out files Ahnlab's Update Servers 11 Copyright 2015 Trend Micro Inc. Code for Sale LIST OF SOFTWARE INCLUDED IN THIS PACKAGE: Cracking Tools 1.VNC Crack DoSers, DDoSers, Flooders and Nukers 2.Access Driver 1. rDoS 3.Attack Toolkit v4.1 & source code included 2. zDoS 4.Ares 3. Site Hog v1 5.Brutus 4. Panther Mode 2 Analysis : 5. Final Fortune 2.4 · OllyDbg 1.10 & Plugins - Modified by SLV *NEW* · W32Dasm 8.93 - Patched *NEW* · PEiD 0.93 + Plugins *NEW* · RDG Packer Detector v0.5.6 Beta - English *NEW* Rebuilding : Tools/Trojans Remote Administration Host Booters · ImpRec 1.6 - Fixed by MaRKuS_TH-DJM/SnD *NEW* 1. Cerberus 1.03.4 BETA 1. MeTuS Delphi 2.8 2. Turkojan 4· Revirgin GOLD 1.5 - Fixed *NEW* 2. XR Host Booter 2.1 3. Beast 2.07· LordPE De Luxe B *NEW* 3. Metus 2.0 GB Edition Scanners 4. Shark v3.0.0 Packers : 4. BioZombie v1.5 1. DD7 Port Scanner 5. Archelaus Beta · FSG 2.0 5. Host Booter and Spammer HEX Editor : 2. SuperScan 4.0 · MEW 11 1.2 SE Stealers 3. Trojan Hunter v1.5 Binders: · Biew v5.6.2 · UPX 1.25 & GUI *NEW* 1. Dark Screen Stealer V2 4. ProPort v2.2 1. Albertino Binder · Hiew v7.10 *NEW* 2. Dark IP Stealer 5. Bitching Threads v3.1 2. BlackHole Binder · SLVc0deProtector 0.61 *NEW* · WinHex v12.5 *NEW* · ARM Protector v0.3 *NEW* 3. Lab Stealer 3. F.B.I. Binder Decompilers : · WinUpack v0.31 Beta *NEW* 4. 1337 Steam Stealer 4. Predator 1.6 · DeDe 3.50.04 Patchers : 5. Multi Password Stealer v1.6· VB ?Decompiler? Lite v0.4 *NEW* 5. PureBiND3R by d3will · dUP 2 *NEW* · Flasm · CodeFusion 3.0 Unpackers : · Universal Patcher Pro v2.0 · ACProtect - ACStripper · Universal Patcher v1.7 *NEW* Fake Programs · ASPack - ASPackDie · Universal Loader Creator v1.2 *NEW* 1. PayPal Money Hack · ASProtect >Ultra Stripper 2.07 Final Stripper Hackers Tools&for sale 2. Windows 7 Serial Generator 2.11 RC2 *NEW* Price is 0.0797 BTC (bitcoin) = $25 Virus Builders 3. COD MW2 Keygen · DBPE > UnDBPE 1. Nathan's Image Worm 4. COD MW2 Key Generator Keygenning : *NEW* 2. Dr. VBS Virus Maker 5. DDoSeR 3.6 · TMG Ripper Studio 0.02 *NEW* 3. p0ke's WormGen v2.0 4. Vbswg 2 Beta 5. Virus-O-Matic Virus Maker Crypters 1. Carb0n Crypter v1.8 2. Fly Crypter v2.2 3. JCrypter 4. Triloko Crypter 5. Halloween Crypter 6. Deh Crypter 7. Hatrex Crypter 8. Octrix Crypter 9. NewHacks Crypter 10. Refruncy Crypter 100’s of Items 12 Copyright 2015 Trend Micro Inc. Today’s Reality – One & Done! 99 ? 80 % of malware infect < 10 victims % of malware infect = victim 1 13 Copyright 2015 Trend Micro Inc. Command & Control Communications Ensure continued communication between the compromised target and the attackers. Common Traits • Uses typical protocols (HTTP) • Uses legitimate sites as C&C • Uses 3rd party apps as C&C • May also use compromised internal systems as C&C Advantages • Maintains persistence • Avoids detection Threat Actor C&C Server 14 Copyright 2015 Trend Micro Inc. Trend Micro C&C Research 54% of C&C Lifespan < 1 Day Copyright 2015 Trend Micro Inc. 15 Exfiltration Stage Transmit data to a location that the threat actors control. Common Traits • Built-in file transfer (RATs) • FTP, HTTP • Tor network/Encryption • Public File Sharing sites 16 Copyright 2015 Trend Micro Inc. Customers Attackers FTP C&C Server 17 Copyright 2015 Trend Micro Inc. Social Media Accounts 18 Copyright 2015 Trend Micro Inc. Maintenance Stage (Anti-Forensics) Maintain persistence within network for future attacks 19 Copyright 2015 Trend Micro Inc. Smart Protection begins with Global Threat Intelligence… • Email reputation • File reputation • Web reputation • • • • • • • Whitelisting Network traffic rules Mobile app reputation Vulnerabilities/Exploits Threat Actor Research Enhanced File Reputation Enhanced Web Reputation BIG DATA ANALYTICS-DRIVEN GLOBAL THREAT INTELLIGENCE NOW! CLOUD BASED GLOBAL THREAT INTELLIGENCE 2008 SIGNATURE BASED ANTI-MALWARE 1988 - 2007 20 Global Sensor Network Collects More Information in More Places • 100s millions of sensors • Billions of threat queries daily • Files, IPs, URL’s, apps, vulnerabilities, network traffic rules… Copyright 2015 Trend Micro Inc. 21 *NSS Labs Consumer EPP 2014 Test 150 Million + Worldwide Sensors Researcher Intelligence CDN / xSP Honeypot Web Crawler Trend Micro Solutions Test Labs 3rd Party Feeds 22 Copyright 2015 Trend Micro Inc. Global Threat Intelligence Global Sensor Network Accurately Analyzes and Identifies Threats Faster • 50X faster time-to-protect than average* • 100TB analyzed, 300,000 new threats identified daily • Big data analytics and threat expertise Collects More Information in More Places • 100s millions of sensors • Billions of threat queries daily • Files, IPs, URL’s, apps, vulnerabilities, network traffic rules… Copyright 2015 Trend Micro Inc. 23 *NSS Labs Consumer EPP 2014 Test Global Threat Intelligence Global Sensor Network Accurately Analyzes and Identifies Threats Faster • 50X faster time-to-protect than average* • 100TB analyzed, 300,000 new threats identified daily • Big data analytics and threat expertise Collects More Information in More Places • 100s millions of sensors • Billions of threat queries daily • Files, IPs, URL’s, apps, vulnerabilities, network traffic rules… Proactive Protection Blocks Real-World Threats Sooner • 500,000+ businesses • Millions of consumers • 250M threats blocked daily Copyright 2015 Trend Micro Inc. 24 *NSS Labs Consumer EPP 2014 Test Use our Threat Intelligence to Fight the Bad Guys “Cyber Criminal Pleads Guilty to Developing and Distributing Notorious Spyeye Malware” -- January, 2014 ++ Copyright 2014 Trend Micro Inc. Empower the business: Improve business agility by providing quick and intuitive access to the right information, tools and applications CIO Mitigate risk: Protect sensitive information to maintain brand and comply with regulations, while controlling costs Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 26 Empowering the Business… Copyright 2015 Trend Micro Inc. 27 Cyber Threats Attackers Cloud & Virtualization Consumerization IT Employees Copyright 2015 Trend Micro Inc. 28 Then… Email & Messaging Web Access File/Folder & Removable Media Employees IT Admin Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 29 Now! Email & Messaging Web Access Device Hopping Cloud Sync & Sharing Collaboration Social Networking File/Folder & Removable Media Employees IT Admin Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 30 Web Access Email & Messaging Device Hopping Cloud Sync & Sharing Collaboration Social Networking File/Folder & Removable Media Employees Anti-Malware Content Filtering Data Loss Prevention Encryption Device Management Application Control Complete User Protection Security IT Admin Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 31 Cyber Threats Attackers Cloud & Virtualization IT Copyright 2015 Trend Micro Inc. 32 Partners Employees Customers Productivity CRM Supply Chain HR Commerce Finance Customer Support Business App Owners Data Center Ops Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 33 Data Center Productivity CRM Supply Chain HR Commerce Finance Customer Support Data Center Ops Copyright 2015 Trend Micro Inc. 34 Data Center Virtual Physical Anti-Malware Application Scanning Intrusion Prevention Private Cloud Integrity Monitoring SSL Public Cloud Encryption Cloud and Data Center Security Security Data Center Ops Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 35 Cyber Threats Attackers Copyright 2015 Trend Micro Inc. 36 Extracts data of interest – can go undetected for months! Gathers intelligence about organization and individuals Attackers Targets individuals using social engineering $$$$ Establishes link to Command & Control server Malware engineered and tested to evade your standard Moves laterally across network gateway/endpoint defenses seeking valuable data It is only a matter of time until you are breached A custom attack needs a custom defense! Security Employees Network Admin Copyright 2015 Trend Micro Inc. Network Ports Communication Protocols Known Threats Unknown Threats Network Traffic Network-wide Detection Evolving Threats Custom Smart Sandboxes Threat Intelligence Advanced Automated Threat Analysis Security Updates Threat Services Custom Defense Security Network Admin Copyright 2013 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 38 Custom Defense with Interconnected Threat Response Inspector Analyzer Email Inspector Endpoint Sensor IOC Open Web Services API CEF / LEEF & more XGS OfficeScan Copyright 2015 Trend Micro Inc. ScanMail InterScan Messaging & Web Security Deep Security Deep Discovery 39 Trend Micro How We Do It What We Do Recognized global leader in server, virtualization and cloud security 1,200 threats experts in 12 TrendLabs locations around the globe; 1,492 R&D engineers Innovative security solutions $400M USD and 500 engineers invested over last 4 years to develop cloud-related solutions Protecting the exchange of digital information for businesses and consumers Global Threat Intelligence Who We Are Eva Chen: CEO and Founder Co-founded: Offices: Global Employees: Revenue: 1988 36 4942 $1.2B USD Cash Assets: $1.65B USD Operating Income: $330M USD Headquarters: Trend Micro is the largest independent security provider Protecting 48 of 50 top global corporations Tokyo Thank You See you in our next event Call us at 0818102085 or talk to us via contact@advancedtechpac.com BBM 7EFD4F3E
Similar documents
Albert Kramer Technical Director Trend Micro
DoSers, DDoSers, Flooders and Nukers 2.Access Driver 1. rDoS 3.Attack Toolkit v4.1 & source code included 2. zDoS 4.Ares 3. Site Hog v1 5.Brutus 4. Panther Mode 2 Analysis : 5. Final Fortune 2.4 · ...
More information