SlideShare uma empresa Scribd logo

Declaration of Mal(WAR)e

NetSPI
NetSPI
Tecnologia
1 de 50
DECLARATION of MAL(WAR)E The good, the bad, and the ugly
Who are we? IT Security Consultants @ NetSPI We help organizations: • Identify vulnerabilities • Determine impact • Develop remediation plans • Reduce risk
• What is malware? • Who creates malware? • Why do they create malware? • What skill level is required? • The malware lifecycle ‒The “good” guy’s role ‒The “bad” guy’s role • The “ugly” truth Presentation Overview?
What is Malware?
Wikipedia definition: …“software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems”… Our definition: …“software created to do bad things and is generally a pain in the butt”… What is Malware?
Types of Malware • Remote Exploits • Local Exploits • Trojans • Backdoors • Rootkits • Viruses • Worms
Malware Kit
Who would do such a thing?
Who is Creating Malware? • Organized crime • Governments • Political activist “hacktivists” • Evil developers • Bored teenagers • You?
Why would they do that?
Why are they Creating Malware? • Sell, sell, sell • Steal money • Steal information • Strategic position • Denial of Service • Political gain • Hacking as a hobby • Internal employees . .. . . .. . .
Who’s got the skills?
What skill level is required? • Malware Developers = Programmers ‒ More advanced programming skillset ‒ Create custom malware • Less likely to be noticed • Personal use or sold to specific group ‒ Commoditized malware kits • More likely to be noticed • Free and commercial • Malware Kit Users ‒ Don’t require advanced skillset ‒ Much more likely to cause damage by mistake
The Malware Lifecycle
The Malware Lifecycle Malware Development Malware Deployment Malware Detection Malware Correction Malware Protection Bad Guys Good Guys
Developers! Developers! Developers!
Malware Development • Professional Malware Development ‒ Often work like software companies ‒ Often produce very secure malware • Create different types of malware ‒ Remote exploits ‒ Local exploits ‒ Backdoors, “bots”, and/or rootkits ‒ Worms or viruses ‒ Command and control ‒ Update functions
Deploy! Deploy! Deploy!
Malware Deployment 69%Of all breaches incorporate malware As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
Malware Deployment 79%Of all breaches were targets of opportunity As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
Malware Deployment • Malware is often deployed via: ‒ Social engineering – email, phone, physical ‒ Default passwords on management applications ‒ Web application issues ‒ “Water holing” web applications • Web Browser Issues etc Email Users Apps PassMalware Package
Detect! Correct! Protect!
“…the median number of days advanced attackers are on the network before being detected is…” 416 Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
94% Of organizations learn they are victims of targeted attacks from an external entity Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
Detecting Malware! • Where threats being detected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are threats being detected: ‒ Behavioral / Anomaly based analysis ‒ Signature based analysis ‒ SIEM / Statistics based analysis ‒ Canaries / Honey pots !Detect
Detecting Malware! • Challenges: ‒Identify signatures related to • undocumented malware • encrypted traffic ‒Keeping up with the amount of malware being released ‒Creating dependable behavioral based profiles ‒Creating useful statistical rules ‒Identifying malware in memory!Detect
Detect! Correct! Protect!
Correcting Affected Assets! • Where does correction occur: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How does correction occur: ‒ Incident response ‒ Patch systems and applications ‒ Code applications securely ‒ Securely configure • Firewalls • Servers • Applications • User accounts • Training XCorrect
Correcting Affected Assets! • Challenges: ‒Creating patches for exploits before they are widely used ‒Patching 3rd party software ‒Creating and managing secure code ‒Legacy and unsupported applications ‒Vendor contracts ‒Providing adequate training XCorrect
Detect! Correct! Protect!
Protecting Assets! • Where are assets protected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are assets being protected: ‒ Build/manage secure configurations ‒ Build/manage secure applications ‒ Network Access Control & Intrusion Prevention Systems ‒ Proactive exploit development ‒ Proactive vulnerability identification ‒ Development of signatures ‒ 3rd Party Risk assessments PProtect
Protecting Assets! • Challenges: ‒Security vs. usability ‒Asset inventory ‒Managing secure configurations ‒Communication/risk related to partners, contractors, and vendors ‒Cost / Time / Skills ‒Education and training PProtect
Putting it All Together
The Malware Deployment Cycle
The Malware Deployment Cycle Example Time
Simplified Network Diagram
Gain Access via Exploit
Escalate Privileges via Exploit
Install Backdoor or Bot
Propagate via Worm or Virus
Command and Control: Phone Home
Command and Control: Get Orders
Good Guys Detect
Good Guys Correct
Good Guys Protect
The Ugly Truth
The Ugly Truth: Bad Guys Bad guys are creating Malware that is: • Not going away • Getting more advanced • Getting harder to detect • Getting easier to use • Getting used by more people
The Ugly Truth: Good Guys Good guys need to: • Continue to fight the good fight! • Continue to develop new methods of detection, correction, and prevention • Develop better security policies that make attacks: • Harder to execute • Easier to detect • Easier to respond to and contain • Focus on proactive vulnerability identification • Get rid of unnecessary sensitive data • Encrypt remaining sensitive data • Educate more users more often That can start with you…
What’s Next? What can I do? • Don’t visit sketchy web sites • Don’t open mail from unknown senders • Review links before clicking them in emails • Patch your systems and software • Validate website before providing sensitive information Click the “little lock” in your browser • Don’t create and/or use malware ... …unless it’s for the good guys 
Questions? Questions? Comments? Quarrels?

Recomendados

What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 

Recomendados

What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment TechniquesDenim Group
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWAReScott Sutherland
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 

Mais conteúdo relacionado

Mais procurados

Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment TechniquesDenim Group
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testingAdrian Munteanu
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 

Mais procurados (20)

Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testing
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through Injections
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular users
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
 

Semelhante a Declaration of Mal(WAR)e

How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.pptErAdityaSingh1
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks revetonMumbere Joab
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementMuhammad FAHAD
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 

Semelhante a Declaration of Mal(WAR)e (20)

How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.ppt
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Malware Infections
Malware InfectionsMalware Infections
Malware Infections
 
C3
C3C3
C3
 
Ransomware attacks reveton
Ransomware attacks revetonRansomware attacks reveton
Ransomware attacks reveton
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 

Mais de NetSPI

Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerNetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingNetSPI
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
GPU Cracking - On the Cheap
GPU Cracking - On the CheapGPU Cracking - On the Cheap
GPU Cracking - On the CheapNetSPI
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingNetSPI
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksNetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingNetSPI
 

Mais de NetSPI (11)

Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL ServerBeyond XP_CMDSHELL: Owning the Empire Through SQL Server
Beyond XP_CMDSHELL: Owning the Empire Through SQL Server
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
GPU Cracking - On the Cheap
GPU Cracking - On the CheapGPU Cracking - On the Cheap
GPU Cracking - On the Cheap
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Declaration of Mal(WAR)e

  • 1. DECLARATION of MAL(WAR)E The good, the bad, and the ugly
  • 2. Who are we? IT Security Consultants @ NetSPI We help organizations: • Identify vulnerabilities • Determine impact • Develop remediation plans • Reduce risk
  • 3. • What is malware? • Who creates malware? • Why do they create malware? • What skill level is required? • The malware lifecycle ‒The “good” guy’s role ‒The “bad” guy’s role • The “ugly” truth Presentation Overview?
  • 5. Wikipedia definition: …“software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems”… Our definition: …“software created to do bad things and is generally a pain in the butt”… What is Malware?
  • 6. Types of Malware • Remote Exploits • Local Exploits • Trojans • Backdoors • Rootkits • Viruses • Worms
  • 8. Who would do such a thing?
  • 9. Who is Creating Malware? • Organized crime • Governments • Political activist “hacktivists” • Evil developers • Bored teenagers • You?
  • 11. Why are they Creating Malware? • Sell, sell, sell • Steal money • Steal information • Strategic position • Denial of Service • Political gain • Hacking as a hobby • Internal employees . .. . . .. . .
  • 12. Who’s got the skills?
  • 13. What skill level is required? • Malware Developers = Programmers ‒ More advanced programming skillset ‒ Create custom malware • Less likely to be noticed • Personal use or sold to specific group ‒ Commoditized malware kits • More likely to be noticed • Free and commercial • Malware Kit Users ‒ Don’t require advanced skillset ‒ Much more likely to cause damage by mistake
  • 15. The Malware Lifecycle Malware Development Malware Deployment Malware Detection Malware Correction Malware Protection Bad Guys Good Guys
  • 17. Malware Development • Professional Malware Development ‒ Often work like software companies ‒ Often produce very secure malware • Create different types of malware ‒ Remote exploits ‒ Local exploits ‒ Backdoors, “bots”, and/or rootkits ‒ Worms or viruses ‒ Command and control ‒ Update functions
  • 19. Malware Deployment 69%Of all breaches incorporate malware As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
  • 20. Malware Deployment 79%Of all breaches were targets of opportunity As reported in the Verizon Business – 2012 Data Breach Investigations Report Available at www.verizonenterprise.com
  • 21. Malware Deployment • Malware is often deployed via: ‒ Social engineering – email, phone, physical ‒ Default passwords on management applications ‒ Web application issues ‒ “Water holing” web applications • Web Browser Issues etc Email Users Apps PassMalware Package
  • 23. “…the median number of days advanced attackers are on the network before being detected is…” 416 Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
  • 24. 94% Of organizations learn they are victims of targeted attacks from an external entity Detecting Malware? As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
  • 25. Detecting Malware! • Where threats being detected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are threats being detected: ‒ Behavioral / Anomaly based analysis ‒ Signature based analysis ‒ SIEM / Statistics based analysis ‒ Canaries / Honey pots !Detect
  • 26. Detecting Malware! • Challenges: ‒Identify signatures related to • undocumented malware • encrypted traffic ‒Keeping up with the amount of malware being released ‒Creating dependable behavioral based profiles ‒Creating useful statistical rules ‒Identifying malware in memory!Detect
  • 28. Correcting Affected Assets! • Where does correction occur: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How does correction occur: ‒ Incident response ‒ Patch systems and applications ‒ Code applications securely ‒ Securely configure • Firewalls • Servers • Applications • User accounts • Training XCorrect
  • 29. Correcting Affected Assets! • Challenges: ‒Creating patches for exploits before they are widely used ‒Patching 3rd party software ‒Creating and managing secure code ‒Legacy and unsupported applications ‒Vendor contracts ‒Providing adequate training XCorrect
  • 31. Protecting Assets! • Where are assets protected: ‒ Networks ‒ Servers ‒ Workstations ‒ Applications / Databases ‒ People • How are assets being protected: ‒ Build/manage secure configurations ‒ Build/manage secure applications ‒ Network Access Control & Intrusion Prevention Systems ‒ Proactive exploit development ‒ Proactive vulnerability identification ‒ Development of signatures ‒ 3rd Party Risk assessments PProtect
  • 32. Protecting Assets! • Challenges: ‒Security vs. usability ‒Asset inventory ‒Managing secure configurations ‒Communication/risk related to partners, contractors, and vendors ‒Cost / Time / Skills ‒Education and training PProtect
  • 35. The Malware Deployment Cycle Example Time
  • 37. Gain Access via Exploit
  • 40. Propagate via Worm or Virus
  • 41. Command and Control: Phone Home
  • 42. Command and Control: Get Orders
  • 47. The Ugly Truth: Bad Guys Bad guys are creating Malware that is: • Not going away • Getting more advanced • Getting harder to detect • Getting easier to use • Getting used by more people
  • 48. The Ugly Truth: Good Guys Good guys need to: • Continue to fight the good fight! • Continue to develop new methods of detection, correction, and prevention • Develop better security policies that make attacks: • Harder to execute • Easier to detect • Easier to respond to and contain • Focus on proactive vulnerability identification • Get rid of unnecessary sensitive data • Encrypt remaining sensitive data • Educate more users more often That can start with you…
  • 49. What’s Next? What can I do? • Don’t visit sketchy web sites • Don’t open mail from unknown senders • Review links before clicking them in emails • Patch your systems and software • Validate website before providing sensitive information Click the “little lock” in your browser • Don’t create and/or use malware ... …unless it’s for the good guys 