How Seculert Discovered the Shamoon Malware

Slides:



Advertisements
Similar presentations
ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.
Advertisements

By Hiranmayi Pai Neeraj Jain
Genie-Soft Product Profile. Copyright© Genie-Soft Corporation All rights reserved. What We Do? Storage Software  Secure, Access & Manage Data.
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
Protecting Your Computer & Your Information
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Synchronized Security Revolutionizing Advanced Threat Protection
Sky Advanced Threat Prevention
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Barracuda Essentials for Office 365 Barracuda Essentials combines three proven cloud-based solutions enhance Office 365 deployments, making it easy to.
Advanced Persistent Threat Protection For Dummies Special Edition 1 © 2013 Seculert Company, All Rights Reserved.
Introducing Dell SonicWALL Capture Advanced Threat Protection Service
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Protect your Digital Enterprise
Botnets A collection of compromised machines
MALWARE.
Microsoft Azure Virtual Machines
Managing Windows Security
Deployment Planning Services
Sophos Intercept Next-Gen Endpoint Protection
Threat Scan (ETS) for Office 365
“Introduction to Azure Security Center”
The next frontier in Endpoint security
Journey to Microsoft Secure Cloud
SaaS Application Deep Dive
Security managed from the cloud.
Malware, Anti-malware & Rats
Botnets A collection of compromised machines
Prevent Costly Data Leaks from Microsoft Office 365
Valid And Updated CS0-001 Exam Certifications Dumps Questions
cyberopsalliance.com |
Forensics Week 12.
Panda Adaptive Defense Platform and Services
Secure once, run anywhere Simplify your security with Sophos
Information Protection
Business-class solution
IASP 470 PROJECT PROPOSAL MALWARE DETECTION
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Information Protection
Cybersecurity Simplified: Phishing
Cybersecurity Simplified: Ransomware
Presentation transcript:

How Seculert Discovered the Shamoon Malware © 2013 Seculert Company, All Rights Reserved

Shamoon is a 2-stage attack targeting Oil & Energy companies Shamoon Targeted Attack Shamoon is a 2-stage attack targeting Oil & Energy companies Comprised of 3 modules Dropper Reporter Wiper Extracting data via an internal infected machine proxy Shamoon stages Data extraction Wiping machines Internal proxy used for both Dropper and Reporter. Worm capabilities to spread itself, by trying to create a scheduled task on remote LAN machines. © 2013 Seculert Company, All Rights Reserved #seculertjuly2013

Spreading itself on the local network via Scheduled Tasks Shamoon Targeted Attack Spreading itself on the local network via Scheduled Tasks Abuse a legitimate & signed RawDisk driver to wipe MBR Wiper module Time Bomb Wipe drive and MBR at specified dates and times Others copycat this capability Creating scheduled tasks on remote machines on the local network Eldos signed Internal proxy used for both Dropper and Reporter. Worm capabilities to spread itself, by trying to create a scheduled task on remote LAN machines. © 2013 Seculert Company, All Rights Reserved #seculertjuly2013

Initial attack vector is still unknown Shamoon – Why It Wasn’t Prevented Initial attack vector is still unknown Physical access / Insider Partner Spear phishing Time based attack (time bomb) Worm spreading in local network Using local machine as a proxy Most of the victim companies were using solutions which are focused on prevention © 2013 Seculert Company, All Rights Reserved #seculertjuly2013 4

A customer uploaded a suspicious file to the Seculert Elastic Sandbox How Seculert Identified Shamoon A customer uploaded a suspicious file to the Seculert Elastic Sandbox Malware behavioral profile was automatically created Shamoon was detected on another customer using Big Data analysis of their gateway traffic logs Customers use Seculert API to enhance their on-premises security devices to protect against Shamoon © 2013 Seculert Company, All Rights Reserved #seculertjuly2013 5

From Prevention to Protection Persistent attacks require a new approach Big Data analytics Long-term analysis Advanced malware profiling Automated expertise © 2013 Seculert Company, All Rights Reserved #seculertjuly2013 6

© 2013 Seculert Company, All Rights Reserved Let Seculert Detect Unknown Malware on Your Network Sign-up Now Immediate Results – No Credit Card Required – Initial Results are FREE! © 2013 Seculert Company, All Rights Reserved

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.