1 / 30

Top 5 Modern Malware Trends Data Connectors – September 12, 2013

Top 5 Modern Malware Trends Data Connectors – September 12, 2013. Frank Salvatore, BCOMM Territory Manager, Eastern Canada Frank.salvatore@FireEye.com.

albany
Download Presentation

Top 5 Modern Malware Trends Data Connectors – September 12, 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Top 5 Modern Malware TrendsData Connectors – September 12, 2013 Frank Salvatore, BCOMM Territory Manager, Eastern Canada Frank.salvatore@FireEye.com

  2. "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28th 2012

  3. "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28th2012

  4. Modern times… call for modern measures...

  5. Top CISO Priorities – 2013 Secure Data and Policy Controls Enable Secure Mobility Advanced Attacks Targeting Data Data exfiltration through the use of multi-protocol outbound channels challenges traditional controls Mobile devices and policies pose major issues as organizations need to enable secure access to data Ensuring security of data-at-rest and data-in-motion continues to be challenged with multi-vectored attacks

  6. Top 5 Global Risks Source: World Economic Forum

  7. Technological Risks

  8. High Profile APT Attacks Are Increasingly Common

  9. We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

  10. Attacks Increasingly Sophisticated Multi-Vector • Delivered via Webor email • Blended attacks with email containing malicious URLs • Uses application/OS exploits Dynamic Web Attacks Multi-Stage • Initial exploit stage followed by malware executable download, callbacks and exfiltration • Lateral movement to infect other network assets Malicious Exploits Spear Phishing Emails

  11. Top 5 Modern Malware Trends

  12. Political, Financial, Intellectual Nature of threats changing From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating High profile victims common (e.g., RSA, Symantec, Google) Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro Trend #1: Motivation is Data “Capitalization” Cyber-espionage and Cybercrime Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Cybercrime Damage of Attacks Spyware/Bots Disruption Worms Viruses 2004 2006 2008 2010 2012 “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012

  13. Trend #2: Modern Malware Targets the Application

  14. Hacking? Not so much…

  15. Polymorphism on demand

  16. Blog Post?

  17. RSS Feed?

  18. Percent of Spam Containing Links Trend #3: Socialized Attack Vectors • Spear-Phishing is a social attack • No real technical countermeasure • Users un(der)trained • Effective way to drive malicious traffic • “Whaling” for high return • 83% of spam uses URLs • URL shorteners • Social engineering URLs • Still on the decline • Browser/App Infection Vectors • Browser itself • ActiveX / Java • Plug-ins (PDF, QuickTime) • Adobe Flash • JavaScript/AJAX Source: Cisco Systems

  19. LinkedIn is a Gold Mine…

  20. Successful Spear Phish

  21. Trend #4: It’s not just about files anymore • Modern Malware is about a sequence of protocol flows which serve to exploit an application • A file may be invoked or transported, but usually after a successful exploit • The new reality of Modern Malware or APT is that file-based analysis is inadequate Infection Server Callback Server Binary Download DataExfiltration Exploit Callbacks Downloads

  22. The Attack Life Cycle – Multiple Stages Compromised Web Server, or Web 2.0 Site 1 Callback Server Exploitation of system 1 4 Malware executable download 2 Callbacks and control established 3 File Share 2 IPS 5 Data exfiltration 4 File Share 1 2 3 Malware spreads laterally 5

  23. Exploit Detection is Critical • Malware exploits take a similar form: • Write data to memory • Trick the system to execute that code in memory • Exploitation of the system is the first stage • Subsequent stages can be hidden • You will miss attacks if relying on object/file analysis • Only FireEye detects the exploit stage • Captures resulting stages • Shares globally

  24. Timed Malware

  25. Ho, Ho, Ho… Timed Malware: December 25th. Where is the IT staff? ;) FireEye works 24/7/365 so you don’t have to. 2000 + events on Xmas.

  26. Trend #5: Mobile Device Malware

  27. Trend #5: Mobile Malware Incremental (See Timestamp)

  28. BYOD = Bring Your own DOOM! Source: www.bgr.com “Boy Genius”

  29. FBI Warning (October 15, 2012) Source: www.bgr.com

  30. Thank You! Frank Salvatore, BCOMM Territory Manager, Eastern Canada Frank.salvatore@FireEye.com

More Related