320 likes | 333 Views
Explore the evolution of cyber threats and their impact on various sectors, including spam, phishing, spyware, malware, botnets, and web 2.0 attacks. Understand the challenges faced by antivirus software and the rise of cyber warfare. Gain insights into effective cybersecurity strategies and protection measures.
E N D
Threats in Cyberspace - 2008 Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad
About me • Founder & CEO Net-Square Solutions. • Speaker at Blackhat, RSA, and many international security conferences. • Author: • Web Hacking – Attacks and Defense (2002) • The Anti-virus book (1996) • MS Computer Science – Purdue University.
Attack trends since 2000 AD • 2000: Networks and OS • 2001: HTTP, DDoS, Worms • 2002: Web apps, email, Worms, Databases • 2003: Apps, Bruteforcing • 2004: Apps, IE, Spyware, Phishing • 2005: Apps, ID thefts, Phishing, Malware • 2006: Large data stores, apps, IDs, etc. • 2007: App worms, Botnets, Pharming
Spam in 2007 • 90-95% of all emails sent were spam. • 13% of users >50 spam emails per day.
Spam in 2007 • Pump-and-dump stock scam. • Image and attachment spam. • surged but died towards the end of 2007. • News topics as subject lines. • Generated through botnets. • Fraud and Phishing.
Breaches in 2007 • TD Ameritrade: 6.3 million customer records. • Monster.com: 1.6 million job seekers' records. • Western Union: 20,000 credit card records. • Illinois Dept of Financial and Professional regulation: 3,00,000 records. • T J Maxx: 45.7 million credit card records. • Moneygram: 79,000 records.
We’ve all been victims of fraud • “I’ve never been to Japan!”
Hacking the Human Mind • Citibank “phishing” scam The email: http://antiphishing.org
Faking a bank • http://www.mycitibank.net/ http://antiphishing.org
Faking a bank • Who is mycitibank.net? Domain Name.......... mycitibank.net Creation Date........ 2004-06-22 Registration Date.... 2004-06-22 Expiry Date.......... 2005-06-22 Organisation Name.... Sharon J Warr Organisation Address. 4 Knotty Pine Place Organisation Address. Texarkana 75503, TX, UNITED STATES
Spyware • “Marketing delivered to your desktops”. • Advertisers pay for targeted advertising. • Adware companies: • 100-200 employees, $50-$200M revenues • How to get into desktops?…
Spyware • Digital Gluttony • “I want to download it all!” • Cater to users’ greed. • MP3s, Videos, Ringtones, Wallpapers, Smileys, Screensavers, Calendars, … • …as long as it is free.
Malware on the rise • 2005-2006: 172% increase. • 2006-2007: 800% increase. • MPack. • RBN. • Fast-flux Networks. • The Storm Botnet.
MPack • Exploit delivery mechanism. • Updated regularly with 0-day exploits. • IE VML bug. • IE Animated Cursor vulnerability. • QuickTime overflow. • Winzip ActiveX overflow. etc. • PHP based automatic website generator. • Sold for $500-$1000, with auto-exploit-updates.
Botnets • Large number of compromised systems. • Centrally controlled. • Spam marketing. • Identity theft, password theft. • DDoS threats. • Espionage.
The Storm Botnet • P2P controlled – no central "mother ship". • Event based campaigns • 2008 greetings, Thanksgiving/Xmas/Valentines • Operated by the RBN. • Purchase expired domains. • Domains resolve to fast-flux networks. • Continuously changing DNS records. • Point to infected hosts.
The Storm Botnet • A few infected hosts are special • P2P control relays. • DNS servers. • HTTP servers. • Rootkits, malware, hacked sites, etc. • various delivery mechanisms. • Running for more than a year. • We have NOT been able to shut it down.
Cyber warfare / terrorism? • China penetrated key US databases. • Dec 07/Jan 08 power blackouts in Central and South America. • 14 year old boy takes control of Tram network in Poland.
Effectiveness of Anti-Virus software • Makes computers sluggish. • False alarms. • "Most popular brands have an 80% miss rate" – AusCERT. • Heuristic recognition fell from 40-50% (2006) to 20-30% (2007) – HeiseOnline. • Signature based scanning does not work. • AI techniques can be easily beaten.
Web 2.0 attacks • MySpace worm – XSS goes the virus way. • Cross Site Request Forgery. • Predicted rise in Web 2.0 attacks in 2008. • as more generic APIs become popular.
Pharming • Hijacking DNS entries. • www.hsbc.com resolves to fraud site. • DNS server specified in broadband router. • Broadband routers have web administration interfaces. • and are typically on 192.168.1.1 • and have weak passwords: admin/admin. • Malicious sites contain an IFRAME to access web admin interface.
Resources • 20 Reasons the world hates Norton Antivirus http://www.dtgeeks.com/index.php/blogs/comment/20_reasons_the_world_hates_norton_anti_virus • Antivirus protection worse than a year ago http://www.heise-security.co.uk/news/print/100900 • Teen tram hack http://www.theregister.co.uk/2008/01/11/tram_hack/print.html • China has penetrated key US databases http://www.securecomputing.net.au/print.aspx?CIID=101491 • Trojan to attack bank sites http://www.symantec.com/enterprise/security_response/weblog/2008/01/banking_in_silence.html • The Russian Business Network http://rbnexploit.blogspot.com/
saumil@net-square.com Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad