1 / 64

D r. Paul Judge Chief Research Officer Barracuda Networks

The State of Internet Security: Web Attacks Take Over. D r. Paul Judge Chief Research Officer Barracuda Networks. Half of The Spam Disappeared. 52 Billion. 26 Billion. 2010. 5 Innovations That Caused Security Gaps Habits of Effective Hackers. Five Innovations That Created Security Risks.

alvis
Download Presentation

D r. Paul Judge Chief Research Officer Barracuda Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The State of Internet Security: Web Attacks Take Over Dr. Paul JudgeChief Research OfficerBarracuda Networks

  2. Half of The Spam Disappeared 52 Billion 26 Billion 2010

  3. 5 Innovations That Caused Security GapsHabits of Effective Hackers

  4. Five Innovations That Created Security Risks

  5. One new domain each second • 196 million domain names • 47 million new sites last year 1. Rapid Growth Source:Verisign

  6. Rich site-to-browser interaction Browser is the new operating system Browser is active in the application, not simply a passive display tool 2. Dynamic Web Apps: AJAX

  7. 3. User-Generated Content • Half of Top 100 sites based on UGC • 500 million users on Facebook • 100 million accounts on Twitter • 2.5 billion photos uploaded each month to Facebook • 30 million new ads per day on Craigslist

  8. 4. Remote Employees • 20% of the workforce works remotely • 1 in 11 organizations had remote workers infected • 46% of remote infections come from infected Web sites

  9. 5. New Devices Smartphone and tablet computing blur the line between personal and business computing Companies must reconsider policies for devices that are not owned by the company

  10. Habits Of Effective Hackers

  11. 1. Malicious Javascript (Four Habits Of Effective Hackers)

  12. Malvertising • USAToday.com ad network compromised (idatrinity.com) • Visitors served malicious javascript bundled with ad for Roxio Creator 2009 • Automatically directed users to Rogue AV Web site (antivirusquickscanv1.com) through malicious traffic distribution system (liveavantbrowser2.cn)

  13. Exploited Site (1 of 4)

  14. Exploited Site (2 of 4) hxxp://dipsy.pbs.org/parents/ptframe/images/bground-leaderboard.jpg instead of: hxxp://www.pbs.org/parents/ptframe/images/bground-leaderboard.jpg

  15. Exploited Site (3 of 4)

  16. Exploited Site (4 of 4) hxxp://qxfcuc.info/f.cgi?jzo The above URL serves exploits that target a variety of software vulnerabilities, including those in Acrobat Reader (CVE-2008-2992, CVE-2009-0927, and CVE-2007-5659), AOL Radio AmpX (CVE-2007-6250), AOL SuperBuddy (CVE-2006-5820) and Apple QuickTime (CVE-2007-0015). The domain qxfcuc.info is part of a malware campaign that includes tens of similar websites hosted off of a handful of common IP addresses. Similar exploit code was served from most of these domains, although a handful (e.g., yyoqny.info) display a message that suggests the criminal behind this campaign is compromising systems to build a botnet he will likely later lease. Translated from Russian, that message tells prospective leasers to "Send a message to ICQ #559156803; stats available under ststst02."

  17. Barracuda Labs Technology:Malicious Javascript Detector (MJD) • Place content in a virtual browser environment • Perform behavioral analysis of javascript to determine its intentions Proxy

  18. 2. Search Engine Malware (Four Habits Of Effective Hackers)

  19. Search Volumes • 88,000,000,000 Per Month On Google Sites • 24,000,000,000 Per Month On Twitter • 9,400,000,000 Per Month On Yahoo Sites • 4,100,000,000 Per Month On Microsoft Sites Sources: comScore, Twitter

  20. Barracuda Labs Technology:Search Engine Malware Crawler • Get Popular Search Terms Hourly • Search for Those Terms • Retrieve the Set of Search Results • Retrieve the Web Sites for the results • Analyze the Sites for Malicious Code • Add Malicious Sites to Barracuda SPYDEF list

  21. Data Set

  22. Frequency of Search Engine Malware • 34,627 malware samples found • 1 in 1000 search results lead to malware • 1 in 5 search topics lead to malware

  23. Total Malware by Search Engine

  24. Lebron James

  25. Search Engine Malware (1 of 4)

  26. Search Engine Malware (2 of 4)

  27. Search Engine Malware (3 of 4)

  28. Search Engine Malware (4 of 4)

  29. Barracuda Labs Technology:Maltrace: Malware Analysis w. Virtualization • Collect thousands of malware samples daily from honeypot network • Load samples into Maltrace • Maltrace allows the malware to run on a virtual PC • Maltrace collects the network traffic generated • Maltrace creates signatures based on malicious traffic • Adds the signatures to URL, IP and fingerprint databases

  30. 3. Social Attacks (Four Habits Of Effective Hackers)

  31. Facebook Social Attacks

  32. Photo ‘Tags’ Up To 50 People

  33. Website Selling Fake Illegal Shoes

  34. Automated Social Engineering

  35. Malicious Facebook Apps

  36. Likejacking

  37. Twitter – Trending Topics (Step 1 of 3)

  38. Twitter – Trending Topics (Step 2 of 3) hxxp://securityland.cn/?uid=144&pid=3&ttl=31c48520c54 which acts as a traffic distribution system for a Rogue AV operation; the chain of redirections ends at one of the following Rogue AV distribution points: hxxp://my-systemscan.com/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2qeNm 6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2ZuZ2tnaWyVYYrJlG0%3D hxxp://my-newprotection.net/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2qeNm 6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2ZuZ2tnaWyVYYrJlG0%3D hxxp://trustsystem-protection.com/?p=WKmimHVlbG2HjsbIo22EhHV8ipnVbWiMnNah2 qeNm6nZwombm5h2lpd9fXCHodjSbmRelWZxmV6SZGbLU9bYxKWspXOL1dZ2Y2ZuZ2tnaWyVYYrJlG0%3D

  39. Twitter – Trending Topics (step 3 of 3)

  40. Barracuda Labs Technology:Twitter Reputation System • Process Twitter Public Stream • Query Twitter User Database for Other Users • Analyze Users’ Activities • Analyze Web Links • Add Malicious Sites to Barracuda SPYDEF list

  41. Twitter Growth • Red Carpet Era • November 2008 – April 2009 • 54% of the Top 50 Twitter users joined • Growth rate increased tenfold from 2% in Nov 08 to 21% in April 09 Barracuda Networks Confidential

  42. Twitter Crime Rate • 2006 = 1.2% • 2007 = 1.7% • 2008 = 2.2% • Red Carpet Era: • During: Increased 66% • 2.0% to 3.4% Crime Rate • Four months later: Increased 350% • 12% Crime Rate in Oct 2009 Twitter Crime Rate: the number of accounts per hundred created during a particular period of time that are suspended Barracuda Networks Confidential

More Related