1 / 34

Viewing Malware Management as a Business Practice

Viewing Malware Management as a Business Practice. The Prophecy. Computer viruses are the first and only form of artificial life to have had a measurable impact on society. Jeffrey Kephart, 1994. Evolution of Malware. Species of Malware. Boot sector File Macro Hybrids Worm Script worm

lluvia
Download Presentation

Viewing Malware Management as a Business Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Viewing Malware Management as a Business Practice

  2. The Prophecy Computer viruses are the first and only form of artificial life to have had a measurable impact on society. Jeffrey Kephart, 1994

  3. Evolution of Malware

  4. Species of Malware • Boot sector • File • Macro • Hybrids • Worm • Script worm • Internet worm • Trojans

  5. Active Malware

  6. Overview of Attack Trends • Speed of attack tools • Sophistication of attack tools • Faster discovery of vulnerabilities • Asymmetric threat

  7. Infection Points of Entry

  8. Common Infection Pattern • Scans for vulnerable IIS Servers • Infects web browsers • Searches for network shares • Emails copies to other users (ISS)

  9. Managing Infection Points • Home computers • Laptops used in travel • PDAs • Cell phones • Internet appliances • Printers

  10. The Problem with Malware • Virus writer • Manager-business side • Security Administrator • User

  11. Virus Perpetrator Characteristics • Challenge and curiosity • Fame and power • Protest and anarchy • Proof of concept • Political motives

  12. Infecting Machines by Hacking Humans • Email • IM • Software downloads • Remote access • AV patches • Loss of hardware

  13. Why Attack a PC? • E-mail client and address book • Potential zombie host • Container for stolen information • Staging ground for attack

  14. Virus Risk Assessment • Does the company provide Internet and email access for all employees? • Does the company scan email attachments for viruses? • Is there an in-house specialist or department responsible for virus protection? • Is there a way to automatically propagate updates throughout the network? • Is virus protection centrally managed? • Do you know the number of viruses detected on the network each year?

  15. Risk Analysis = Vulnerability Management Threat ? Risk Value to the business in terms of the confidentiality, integrity, availability $ Asset Value x Vulnerability Potential points of attack x Entity or event that could exploit a vulnerability - Controls Safeguards to reduce the risk = Residual risk - level of risk remaining after controls are implemented (ISS)

  16. Integrated Management Approach • Each organization has a unique set of risks • Threats should be tied to an organization’s mission and business objectives • Tradeoffs will be required between business and security issues when creating policy

  17. Payload Damage is the Business Risk • Attacks on availability • Deletion • Renaming • Encryption • Unauthorized calls to system software • Attacks on integrity • Corruption of system files and areas • Data diddling • Corruption of application files • Attacks on confidentiality • Capturing and forwarding passwords • Forwarding personal and confidential files

  18. Analysis Per Incident Year Code  Name Worldwide Economic Impact  ($ U.S.) Cyber  Attack Index 2001 Nimda $635 Million 0.73 2001 Code Red(s) $2.62 Billion 2.99 2001 SirCam $1.15 Billion 1.31 2000 Love Bug $8.75 Billion 10.00 1999 Melissa $1.10 Billion 1.26 1999 Explorer $1.02 Billion 1.17 Computer Economics Survey 2000

  19. Malware Management Solution Categories • Technological • Educational • Political

  20. Managing Malware with Technology • Current AV model is reactive • Attack-response cycle places a business at risk • Virus released vendors get samples vendors analyze generate detection and disinfection distribute fix • Helpless against fast-burners • Desktop is defacto defense • Multiple network solutions have a high cost

  21. Anti-Virus Software MissedGoner, Nimda, SirCam, MyParty

  22. How Anti-Virus Programs Work GENERIC ANTIVIRAL PROGRAM flags activities--such as the alteration of critical sites in RAM or particular files on disk--that are likely to arise from a virus in action. SIGNATURE SCANNER searches a user's disks looking for fragments of program code that appear in known viruses. BEHAVIOR BLOCKING Monitors real-time execution of program code and blocks actions if a delete, modification, format, initiate network connections.

  23. Delivering the Payload

  24. The ability of an organization to achieve its mission and meet its business objectives is directly and strategically linked to the state of the computing infrastructure and to the manner in which people interact with that infrastructure. Christopher Alberts, Viewing Security Management as a Business Practice

  25. Managing Malware with Education • Social engineering • Spam techniques • User cooperation

  26. Assessing the Threat

  27. From: sdekih@iteoka.i> Social Engineering To: Patricia LOGAN Date: Tuesday - May 28, 2002 10:44 PM Subject: Worm Klez.E immunity Mime.822 (1639 bytes)   [View][Save As] <HTML><HEAD></HEAD><BODY><FONT>KLEZ.E files.<br>Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.<br>We developed this free immunity tool to defeat the malicious virus.<br>You only need to run this tool once,and then Klez will never come into your PC.<br>NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.<br>If so,Ignore the warning,and select 'continue'.<br>If you have any question,please <a href=3Dmailto:sdekih@iteoka.i>mail to me</a>.</FONT></BODY></HTML>bat attachment detected and blocked YOU JUST DODGED A BULLETYour computer has just been saved from a possible virus infection.  This message contained attachments that have been blocked.  Please contact Computing Support at 626-7777 if you have questions  WSU Systems / Network Management

  28. Invitation to a Trojan

  29. Payload

  30. Oops…Your Machine is Toast!

  31. Political Issues and Malware • Legislation • Prosecution • Multiple jurisdictions • Downstream liability

  32. Goals of Malware Management • Detection of incident • Initial response • Response strategy formulation • Investigation • Isolate and contain • Recovery • Report • Lessons learned

  33. Costs of Malware Management • Procurement • Initial implementation • Maintenance • Impact (negative) to systems performance • Ongoing postural reassessment cycle

  34. Infection Response Lessons Recovery Actions Elimination Preparation Containment Procedures Communication Policy Analysis T0 T1 T n+1

More Related