Jon Noble's (Trend Micro) slides from his talk

1. Securing your Cloud Environment
1
Confidential | Copyright 2012 Trend Micro Inc.
Jon Noble
Director, Strategic Alliances & Partnerships
Jon_Noble@trendmicro.co.uk

2. Agenda
• Securing your cloud environment
– (The boring half)
• Why, Who and What…
– (Hopefully the less boring half!)
Source: https://www.flickr.com/photos/flissphil/

3. Traditional Defences
Source: https://www.flickr.com/photos/flissphil/

4. DC Secure Zone
Software agent based, multiple
solutions required.
4
Network Security
Physical Appliance based
Physical Segregation with Multiple Solutions
for :- Datacentre, Internal, Hosted Svc, Security
FW
DPI
web
Firewall
IDS/IPS
Web Reputation
FW
DPI
web
FW
DPI
web
FW
DPI
web
FW
DPI
web
FW
DPI
web
FW
DPI
web
Traditional Security
Internal trust model
Dynamic Virtual Security
Self defending whatever location
Security Controls specific to the workload:- IDS/IPS, AV, FW,
Log Inspection, File Integrity and web reputation.

5. Traditional security has little meaning in a borderless
Software Defined Data Center
Insufficient visibility into East-West traffic & inter-VM attacks Static policies cannot keep up with dynamic workloads
Service provisioning is slow, complex & error-prone
Disparate security solutions and lack of uniform policies across
clouds creates an operational nightmare

6. Security for the Cloud World..
Copyright 2014 Trend Micro Inc. 6Source: https://www.flickr.com/photos/fdecomite/

7. Any Hypervisor or Cloud Environment
Agent Based Protection
Physical Machines
Single Console & Policy Set across all
physical, virtual and cloud environments

8. Agentless Protection
8
Leverage
VMWare APIs to
provide agentless
security
Reduced
CPU/Memory/Storage
Usage
Deep Security
Virtual Appliance
scans network /
file access at
Hypervisor Level
Instant-On
Protection
ESX/
NSX
SAN

9. Ideals for Cloud Security
• Build a protection ‘bubble’ around every machine
– Use same controls that used to be done at the perimeter
– AV / Firewall / IDS&IPS / Virtual Patching / Web Reputation
– Linux is just as vulnerable as windows!
• Supplement with host based technologies
– Log Inspection, Integrity Monitoring, Data Encryption
• Utilize Hypervisor features if possible (ESX / NSX)
• Utilize Cloud context awareness if possible (AWS / Azure etc)
• Utilize any in built security controls (access groups, firewalls, 2
factor authentication etc)
• Feed all logs and events to a SIEM

10. Challenges for Cloud Security
• Context Awareness
– Where is my workload? Which DC / Zone / Public Cloud
Provider? Does it have the right policy?
• Management
– Multiple solutions can require multiple consoles
– Many ‘traditional’ security solutions don’t fit in a virtualised /
cloud environment
– Consider a single solution that offers multiple functionalities
– Ensuring Security components are auto-configured in on-
demand environments

11. Payment Card Industry (PCI)
Protected Health Information (PHI)
Personally Identifiable Information (PII)
Intellectual Property (IP)
NEW THREATS CREATED EVERY
SECOND
90% ORGANIZATIONS HAVE
ACTIVE MALWARE
55%2 NOT EVEN AWARE OF
INTRUSIONS
COMMERCIAL EXPLOIT KITS
USED BY VIRTUALLY ALL
EASTERN EUROPEAN CYBERCRIMINALS
AVERAGE
INSURANCE PAYOUT
FROM DATA BREACH
$3.7M
Why you need to care….

12. Some High Profile Breaches…
Source: http://www.databreachtoday.com/

13. So I got compromised… What Happens
Next?
• It depends on the attacker…
• Individuals will probably just poke around / cause
havoc / launch attacks from your machine...
• Hacktivists will probably release details and go
public...
• Organised Criminals will steal as much data as
possible to sell on the ‘Deep Web’…

14. What they are looking for…
Confidential | Copyright 2015 Trend Micro Inc.
Source:
http://krebsonsecurity.com/2012/10/the-
scrap-value-of-a-hacked-pc-revisited/

15. Organised Crime?

16. Victim
The Boss
Mercenary
Attackers
Data Fencing
The Captain
Garant
Bullet Proof Hoster
Crime Syndicate (Simplified)
Yes…. This is a ‘channel model’..

17. $4
Victim Blackhat
SEO
Attacker
$10
Attacker
Keywords
(Botherder)
$2
Compromised
Sites (Hacker)
$6
$10
Programmer
$10
Cryptor
$10
Virtest
$5
Worm
Exploit Kit
Bot Reseller
$1 $1
$1
Traffic
Direction
System
$5
Garant
$10
SQL Injection
Kit
$3
Carder
$4
Money Mule
Droppers
$1
Card Creator
$2
Bullet Proof
Hoster
$5
Crime Syndicate (Detailed)
SLAs… Guarantees of non-detection... Support Contracts!!!

18. Confidential | Copyright 2015 Trend Micro Inc.Confidential | Copyright 2015 Trend Micro Inc.
Surface Web
• i.e. Clearnet
• What conventional
search engines can
index
• What Standard Web
browsers can access
Surface
Web

19. Confidential | Copyright 2015 Trend Micro Inc. 19
Deep Web 101

20. Confidential | Copyright 2015 Trend Micro Inc. 20
Connections
between Trusted
Peers
Dark Web

21. Confidential | Copyright 2015 Trend Micro Inc.
Malware For Sale
Crypto-Ransomware
Vawtrak

22. Code for Sale
Confidential | Copyright 2015 Trend Micro Inc.
Ultra Hackers Tools for sale
Price is 0.0797 BTC (bitcoin) = $25Virus Builders
1. Nathan's Image
Worm
2. Dr. VBS Virus Maker
3. p0ke's WormGen
v2.0
4. Vbswg 2 Beta
5. Virus-O-Matic Virus
Maker
Scanners
1. DD7 Port
Scanner
2. SuperScan 4.0
3. Trojan Hunter
v1.5
4. ProPort v2.2
5. Bitching Threads
v3.1
DoSers, DDoSers, Flooders and
Nukers
1. rDoS
2. zDoS
3. Site Hog v1
4. Panther Mode 2
5. Final Fortune 2.4
Fake Programs
1. PayPal Money Hack
2. Windows 7 Serial
Generator
3. COD MW2 Keygen
4. COD MW2 Key
Generator
5. DDoSeR 3.6
Cracking Tools
1.VNC Crack
2.Access Driver
3.Attack Toolkit v4.1 & source code
included
4.Ares
5.Brutus
Analysis :
· OllyDbg 1.10 & Plugins - Modified by
SLV *NEW*
· W32Dasm 8.93 - Patched *NEW*
· PEiD 0.93 + Plugins *NEW*
· RDG Packer Detector v0.5.6 Beta -
English *NEW*
Rebuilding :
· ImpRec 1.6 - Fixed by MaRKuS_TH-
DJM/SnD *NEW*
· Revirgin 1.5 - Fixed *NEW*
· LordPE De Luxe B *NEW*
LIST OF SOFTWARE INCLUDED IN THIS PACKAGE:
Host Booters
1. MeTuS Delphi 2.8
2. XR Host Booter 2.1
3. Metus 2.0 GB Edition
4. BioZombie v1.5
5. Host Booter and
Spammer
Stealers
1. Dark Screen Stealer
V2
2. Dark IP Stealer
3. Lab Stealer
4. 1337 Steam Stealer
5. Multi Password
Stealer v1.6
Remote Administration
Tools/Trojans
1. Cerberus 1.03.4 BETA
2. Turkojan 4 GOLD
3. Beast 2.07
4. Shark v3.0.0
5. Archelaus Beta
Binders:
1. Albertino Binder
2. BlackHole Binder
3. F.B.I. Binder
4. Predator 1.6
5. PureBiND3R by d3will
HEX Editor :
· Biew v5.6.2
· Hiew v7.10 *NEW*
· WinHex v12.5 *NEW*
Decompilers :
· DeDe 3.50.04
· VB ?Decompiler? Lite v0.4
*NEW*
· Flasm
Unpackers :
· ACProtect - ACStripper
· ASPack - ASPackDie
· ASProtect > Stripper 2.07
Final & Stripper 2.11 RC2
*NEW*
· DBPE > UnDBPE
Keygenning : *NEW*
· TMG Ripper Studio 0.02
Packers :
· FSG 2.0
· MEW 11 1.2 SE
· UPX 1.25 & GUI *NEW*
· SLVc0deProtector 0.61
*NEW*
· ARM Protector v0.3 *NEW*
· WinUpack v0.31 Beta
*NEW*
Patchers :
· dUP 2 *NEW*
· CodeFusion 3.0
· Universal Patcher Pro v2.0
· Universal Patcher v1.7
*NEW*
· Universal Loader Creator
v1.2 *NEW*
Crypters
1. Carb0n Crypter v1.8
2. Fly Crypter v2.2
3. JCrypter
4. Triloko Crypter
5. Halloween Crypter
6. Deh Crypter
7. Hatrex Crypter
8. Octrix Crypter
9. NewHacks Crypter
10. Refruncy Crypter
100’s of Items…

23. What else you can buy on the dark web…
Copyright 2014 Trend Micro Inc. 23
Stolen RDP Access…

24. Stolen Credit Cards..
Copyright 2014 Trend Micro Inc. 24

25. Stolen Credit Cards..
Copyright 2014 Trend Micro Inc. 25

26. Confidential | Copyright 2015 Trend Micro Inc.
Drugs…

27. Bitcoin and money-laundering services
Confidential | Copyright 2015 Trend Micro Inc.

28. Confidential | Copyright 2015 Trend Micro Inc.
Passports and citizenships for sale

29. Confidential | Copyright 2015 Trend Micro Inc.
Assassination services

30. Further Reading
• http://blog.trendmicro.com/
• http://blog.trendmicro.com/trendlabs-security-
intelligence/
• http://countermeasures.trendmicro.eu/
• http://www.trendmicro.com/cloud-
content/us/pdfs/security-intelligence/wp-russian-
underground-2.0.pdf
• https://www.youtube.com/watch?v=zt0ojsOMNgs
‘The Internet of Thingies’ – Pen Test Partners
Copyright 2014 Trend Micro Inc. 30

31. Thank You