國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Evidence of Advanced Persistent Threat: A Case Study of Malware for Political Espionage.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

Monnappa KA  Info Security Cisco  Core Member of SecurityXploded  Focus on Threat Intelligence  Reverse Engineering, Malware Analysis,

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Trojan Horse Program Presented by : Lori Agrawal.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

Threats To A Computer Network

PDS 無線網路概論 Introduction to Wireless Networks 王國禎國立交通大學資訊工程系行動計算與寬頻網路實驗室

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

After this session, you should be able to:

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Advanced Persistent Threats CS461/ECE422 Spring 2012.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

APT29 HAMMERTOSS Jayakrishnan M.

Online Game Trojan SecurityLabs.websense.com Hermes Li.

Lecture 14 Page 1 CS 236 Online Worms Programs that seek to move from system to system –Making use of various vulnerabilities Other performs other malicious.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Software Security Testing Vinay Srinivasan cell:

2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.

Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

Copyright © 2011, Resource allocation for MMOG based on AFK players in the cloud 指導教授：王國禎博士學生：陳治豪國立交通大學網路工程研究所行動計算與寬頻網路實驗室.

Security+ Guide to Network Security Fundamentals, Fourth Edition

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

Grid Programming on Taiwan Unigrid Platform. Outline Introduction to Taiwan Unigrid How to use Taiwan Unigrid.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Studying Spamming Botnets Using Botlab 台灣科技大學資工所楊馨豪 2009/10/201 Machine Learning And Bioinformatics Laboratory.

AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

Electronic Packaging/CAE Labs National Tsing Hua University. Electronic Packaging/CAE Labs National Tsing Hua University. Electronic Packaging/CAE Labs.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Integration Framework: QRadar 7.2 MR1.

Studying Spamming Botnets Using Botlab

Advanced Persistent Threats (APT) Sasha Browning.

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Optimal Provisioning for Elastic Service Oriented Virtual Network Request in Cloud.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Copyright © 2010, Install OpenFlow Mininet 指導教授：王國禎學生：洪維藩國立交通大學資訊科學與工程研究所行動計算與寬頻網路實驗室.

NTHU CS ISLAB 國立清華大學資訊工程研究所資訊安全實驗室 Semantically Rich Application- Centric Security in Android Machigar Ongtang, Stephen McLaughlin, William Enck and.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain

TMG Client Protection 6NPS – Session 7.

A lustrum of malware network communication: Evolution & insights

Instructor Materials Chapter 7 Network Security

TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊

To Catch a Ratter: Monitoring the Behavior of

ADVANCED PERSISTENT THREATS (APTs) - Simulation

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

SPRING DRAGON APT - A CASE STUDY OF TARGETED ATTACKS IN APAC COUNTRIES

Spear Phishing Ways to Minimize its Risks

ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.

An overview over Botnets

Presentation transcript:

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Evidence of Advanced Persistent Threat: A Case Study of Malware for Political Espionage Frankie Li, Anthony Lai, Ddl Ddl Valkyrie-X Security Research Group th International Conference on Malicious and Unwanted Software Presenter: 劉力瑋 1/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Outline APT A case in Hong Kong Analysis Conclusion 2/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Advanced Persistent Threats (APT) This paper consider an APT as a cyber attack launched by a group of sophisticated, determined, and coordinated attackers who systematically compromise the network of a specific target machine or entity for a prolonged period. 3/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory A case in Hong Kong A well design (2011/7/7) Title : Democracy Depot meeting Sender : Attachments : Democracy Depot meeting Second was received on 2011/7/14 It is sent by a political group about the news of a riot in 廣州 4/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Analysis The attachments(malware) which you download will be a dropper, its “Property” field contains the command. Then it creates a Malicious DLL (droppee)to inject your explorer.exe. It also creates a mutex to avoid duplication of malware installation on the victim’s machine. 5/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Analysis First,it tries several non- resolved DNS names and a non-routed IP address. The droppee triggers the download of additional binaries that act as core modules performing the actual malicious functions. After several trails, it contact the single valid IP address, using TCP port number Then it run into an infinite loop and waited for the response from the C&C 6/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Analysis Additional binaries downloaded by droppee perform the actual malicious functions. All passwords from “foxmail,” “outlook,” “outlook express,” “IE Form Storage,” “MSN,” “Passport DotNet,” and “protected storage,” were collected from the infected machine. The screen captures will also be collected and uploaded to the C&C. 7/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Analysis Filtered information is collected, compressed and then uploaded through encrypted HTTP traffic. Afterwards, the information is removed to hide its temporary presence. 8/9

國立清華大學高速通訊與計算實驗室 NTHU High-Speed Communication & Computing Laboratory Discussion and Conclusion APT-type malware does not carry obvious malicious functions. Unlike the other malware it seldom changes the infected system as a zombie machine. How to avoid it 9/9