©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

Slides:

Advertisements

Similar presentations

Reuel A. Morales (Sr. Security Analyst, APAC-RTL) APAC RTL Clean Tool v5.0 Solution.

Advertisements

Computer Security set of slides 10 Dr Alexei Vernitski.

The Threat Landscape Jan Threat Report 2.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

By Hiranmayi Pai Neeraj Jain

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

Security for Today’s Threat Landscape Kat Pelak 1.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Computer Security and Penetration Testing

Norman SecureSurf Protect your users when surfing the Internet.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

APT29 HAMMERTOSS Jayakrishnan M.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

Honeypot and Intrusion Detection System

Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University,

©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Types of Electronic Infection

A Basic Introduction to Computer Security John H. Porter University of Virginia Department of Environmental Sciences.

A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

The Changing World of Endpoint Protection

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Computer Security By Duncan Hall.

January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Computer Security Sample security policy Dr Alexei Vernitski.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

CDAC ITS Security Awareness How to help your daily computer activities remain safe and sane.

R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,

©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.

Ransomware 12:00 Juwan harris.

Lesson Objectives Aims You should be able to:

Trends in Ransomware Distribution

Jon Peppler, Menlo Security Channels

Ransomware: What is it, How to avoid it and How to protect your data

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Panda Adaptive Defense Platform and Services

Information Security Awareness

Ransomware in Web Apps OWASP Singapore.

Threat Landscape Update

Presentation transcript:

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE

©2016 Check Point Software Technologies Ltd. 2 m/wp- content/uploads/2016/04/ 4-pic.png Lawrence Abrams – Bleeping Computer

©2016 Check Point Software Technologies Ltd. 3 Agenda New Attack of Choice Locky Ransomware Samsam What to do?

©2016 Check Point Software Technologies Ltd. NEW ATTACK OF CHOICE 01

©2016 Check Point Software Technologies Ltd. 5 Shift to Ransomware Banker malware was most prominent threat in recent years. Ransomware attacks surged in past 6 months.

©2016 Check Point Software Technologies Ltd. 6 Broader Audience No need to localize or target infections

©2016 Check Point Software Technologies Ltd. 7 Easy Access to funds Bank fraud alerts increase risk of banker attacks Use of bitcoins ̶ Allows transaction to remain untraceable via Tor.

©2016 Check Point Software Technologies Ltd. LOCKY RANSOMWARE 02

©2016 Check Point Software Technologies Ltd. 9 Initial Attacks First reported on February 16, 2016 according to Check Point Analysts. Over 50k attempts per day.

©2016 Check Point Software Technologies Ltd. 10 Initial Attacks Cont’d [Restricted] ONLY for designated groups and individuals Once Macro activated – Payload is downloaded DOC, DOCM, XLS or Javascript Connection to C&C to get encryption keys Data collected: ̶ Whether the targeted machine is part of a corporate network. ̶ Server / workstation. ̶ OS UI language ̶ OS version. ̶ Statistics on each encrypted drive: number of encrypted files, failed file encryptions, and amount of encrypted raw data. Any mounted drive encrypted. (usb, local, network share)

©2016 Check Point Software Technologies Ltd. 11 Evolution of Locky Change in communication pattern. Changes Domain Generation Algorithm (DGA). ̶ New top level domain list (.ru,.info,.biz,.click…) ̶ DGA value calculation more complex Change in payment and decryption instructions file name. ̶ _Lock_recover_instructions ̶ HELP_instructions.txt New Attack Vector via browser exploits Evasion Techniques

©2016 Check Point Software Technologies Ltd. 12 C&C communication – IPS, Anti-Bot AV signatures Sandboxing Locky Detection

©2016 Check Point Software Technologies Ltd. SAMSAM 03

©2016 Check Point Software Technologies Ltd. 14 Targeted Attack Maryland’s MedStar Health hospital network ̶ Jboss Exploit used to breach environment ̶ Install tools: ̶ Credential stealing ̶ Network scanning ̶ RDP ̶ Perform Reconnaissance ̶ Gather administrative passwords ̶ Use scripts to automate Samsam installation

©2016 Check Point Software Technologies Ltd. 15 Expected Evolution Use other exploits besides Jboss ̶ Web Applications most vulnerable ̶ Found via Google search Access to company servers via Mobile Apps Automation ̶ Worm Viruses Target additional industries ̶ Schools are now being targeted ̶ Certain IT departments more vulnerable than others

©2016 Check Point Software Technologies Ltd. WHAT TO DO? 05

©2016 Check Point Software Technologies Ltd. 17 Prevention Backup important files periodically In Windows, enable automatic backups ̶ Worth a shot….. Update AV signatures ̶ Endpoint and Gateways General best practices for avoiding malware infections. ̶ User education ̶ Do you trust sender? ̶ Keep software updated

©2016 Check Point Software Technologies Ltd. 18 Mitigation Forensics Analysis ̶ Obtain malware sample and check against intelligence pools ̶ Proper forensics investigation may uncover encryption key ̶ Network logs and Endpoint Logs ̶ Analyze encrypted files ̶ Get Expert Help – Incident Response Services Stay up to date ̶ ̶ blog.checkpoint.com blog.checkpoint.com ̶ ̶

©2016 Check Point Software Technologies Ltd. 19 Prevention Pays Off….. Should you pay up? −Fahmida Y. Rashid - Infoworld 4 reasons not to pay in a ransomware attack Should you pay up?

©2016 Check Point Software Technologies Ltd. 20 ©2016 Check Point Software Technologies Ltd.