1 / 23

Game of P0WN3Ds: Winter Has Come

Game of P0WN3Ds: Winter Has Come. Game of P0WN3Ds: Winter Has Come. Duncan McAlynn, Principal Security Engineer Follow me: @ infosecwar Follow us: @ GoIvanti Today’s Hashtag: #GameOfP0wn3ds. Game of P0WN3Ds: Winter Has Come.

darrenr
Download Presentation

Game of P0WN3Ds: Winter Has Come

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Game of P0WN3Ds: Winter Has Come

  2. Game of P0WN3Ds: Winter Has Come Duncan McAlynn, Principal Security EngineerFollow me: @infosecwarFollow us: @GoIvanti Today’s Hashtag: #GameOfP0wn3ds

  3. Game of P0WN3Ds: Winter Has Come Jon (Snow) Stark, Civil Wall EngineerFollow me: @infosecwarFollow us: @GoIvanti Today’s Hashtag: #GameOfP0wn3ds

  4. You Have Been Warned!

  5. about us

  6. Our History

  7. Global Offices Headquarters: SLC, UT • USA Corporate Offices Satellite Offices

  8. Agenda • Jon comes to the Night’s Watch • Meant to protect & defend the Wall • Jon warns against the White Walkers • Had firsthand accounts • Knew the families & how to exploit them • Fought & lost • Tried to unify the families • White Walkers are coming • The Wall will fail (fall) • Must unify & use a different battle strategy • WINTER IS HERE!

  9. What is Ransomware? • Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files, and the only way to regain access to the files is to pay a ransom. • Two types of ransomware in circulation: • Encrypting Ransomware - which incorporates advanced encryption algorithms to lock victim out of files. Examples include CryptoLocker, Locky, CrytpoWall and more. • Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files.  • Some locker versions can even infect the Master Boot Record (MBR). • Examples include Satana and Petya families.

  10. Key Characteristics of Ransomware • Unbreakable encryption • Ability to encrypt all kinds of files • Scramble your file names • Add a different extension to your files • An image or a message (ransom note) • Requests payment in Bitcoin • The ransom payments have a time-limit • Uses a complex set of evasion techniques • Often recruits the infected PCs into botnets • Can spread to other PCs connected to a local network • Frequently features data exfiltration capabilities

  11. 8 ways in which JavaScript is used to spread malware • Malicious JavaScript code injections in legitimate websites • Hidden iFrames • Malicious JavaScript code injections in advertising networks • Drive-by downloads • Malicious JavaScript attachments • Infected downloads triggered through compromised JavaScript code injects • Browser add-ons and plugins • Fake software pop-up messages

  12. Protecting Yourself Against JavaScript Malware • Keeping your software updated at all times (your browsers, apps, operating system, etc.) • Using a strong antivirus product with extensive capabilities • Installing a traffic filtering solution that can ensure proactive security (VPN, Proxy, URL Filtering, Personal Firewall) • http://urlblacklist.com/?sec=download • http://www.squidguard.org/blacklists.html • http://www.squidblacklist.org/ • Never clicking on links in unsolicited emails (spam) • Never downloading and opening attachments in spam emails • Keeping away from suspicious websites

  13. What You Can Do Right Now to Protect Yourself • Implement 3-2-1 Backup for Critical Systems • Have your own backup strategy and test often (Veeam Agent for Microsoft Windows FREE v2) • Consider changing your browser security settings, removing old/unused plugins, disabling JavaScript • Ensure proper Windows Update settings for auto-protection, including other Microsoft products • Patch 3rd party applications and consider turning on vendor’s auto update features for continuous protection • Use VPN for public/open WiFi • Install HTTPS Everywhere plug-in from EFF & Tor • Use a TOR browser for complete anonymity

  14. What You Can Do Right Now to Protect Your Organization • Use GPOs to Re-associate dangerous file extension types to notepad.exe or for Software Restriction policy • Programs: .EXE, .PIF, .APPLICATION, .GADGET, .MSI, .COM, .SCR, .HTA, .CPL, .MSC, .JAR • Scripts: .BAT, .CMD, .VB, .VBS, .VBE, .JS, .JSE, .WS, .WSF, .WSC, .WSH, .PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2, .MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML • Office Macros: .DOC, .XLS, .PPT, .DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM • Others: .REG, .INF, .LNK, .SCF, .PDF

  15. What You Can Do Right Now to Protect Your Organization • Removelocal administrator rights from end users • Drive-level Encryption (BITLocker) • File/Folder-level Encryption (7-Zip, WinMagic AES-256) • Deploy Windows 10 NOW! • Device Guard • Credential Guard • Secure Boot • Windows Server Update Services (WSUS) • 3rd Patching Patching Solutions like Ivanti Patch for SCCM • Use Security Compliance Baselines to Identify Drift • Disable SMBv1 Everywhere Possible!

  16. I’m Outta Here!

  17. Questions? • @infosecwar @GoIvanti

  18. THANK YOU!

More Related