A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Advertisements

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)
Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
How It Applies In A Virtual World
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Bypassing malware detection mechanisms in online banking Jakub Kałużny Mateusz Olejarka CONFidence,
“Stronger” Web Authentication: A Security Review Cory Scott.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Codes & Ciphers Ltd 12 Duncan Road Richmond, Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX Impersonation.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
1 ECE 4112 Internetwork Security: Web Application Security 28 April 2005 John Owens Shantan Pesaru.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Wireless and Mobile Security
 How we should structure our checkout and order process?  Checkout and Order Process of our framework  Stages of Checkout and Order Process.
Cybersecurity Test Review Introduction to Digital Technology.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
World Wide Web 16 World Wide Web 16. World Wide Web 16 Everyone also talks about the Web But people don’t really understand how it works You need to know.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Information Systems Design and Development Security Precautions Computing Science.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
Client-Side Malware Protection for your site
Secure Cloud Based Listening Devices
Web Programming Language
Group 18: Chris Hood Brett Poche
Tonga Institute of Higher Education IT 141: Information Systems
Exe Related 2FA Functionality.
Challenge/Response Authentication
Ad-blocker circumvention System
Authentication 2.0: User Generated Security
Conveying Trust Serge Egelman.
SQL Injection Attacks Many web servers have backing databases
Jerrell Jackson
Dangerous Types Of Malware. What is Malware Malware is a term used to denote the different types of intrusive software that are installed with the intent.
Database Driven Websites
Tonga Institute of Higher Education IT 141: Information Systems
Unit# 5: Internet and Worldwide Web
Tonga Institute of Higher Education IT 141: Information Systems
Technical Integration Guide
Client-Server Model: Requesting a Web Page
Week 7 - Wednesday CS363.
Presentation transcript:

A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer

Commercial – in - Confidence  One of the most successful rootkits  Features  It steals user private and confidential information (form grabber)  can inject arbitrary HTML code into any website (also encrypted websites)  can steal certificates  will take screenshots to defeat virtual keyboards  backconnect feature (SOCKS, BackConnect, VNC)  Everything is encrypted

Commercial – in - Confidence  Enhanced Zeus v2 core engine  Able to infect Mozilla Firefox  Able to infect Windows Vista and Windows 7 ▪ They do everything in user-mode (!)  New Encryption method  Details in the TrustDefender Labs report

Commercial – in - Confidence  Zeus supports a plugin style infrastructure  New BackConnect mechanism ▪ E.g. Real-time notification via IM once a victim is online ▪ SOCKS / VNC works even behind NAT  Extensive Javascript engine that can be plugged into Zeus v1 or Zeus v2

Commercial – in - Confidence  Dramatically increased functionality with javascript code where they can  harvest any challenge/response and/or token values in real-time and in a more interactive way.  Allows bypass of nearly all challenge mechanisms  (e.g. SMS/ /VRU OOB, token, secret questions/answers, elaborate challenge/response)

Commercial – in - Confidence  Observations  No “static” HTML injections anymore  Nothing happens until after the login  Dynamic connection to C&C server ▪ Send/receive data within one webpage ▪ transparent to the Webbrowser  Dynamic content delivery ▪ E.g. After compromise, they return “24h maintenance” page  But let’s have a look

Commercial – in - Confidence

 As well as manipulating user-supplied content, they can also access system supplied content.  Bad news if you “encrypt” the password on the client side  Zeus can just inject code into your JavaScript files (!)

Commercial – in - Confidence  Watch the download of the loginPin.js  And once it’s downloaded...

Commercial – in - Confidence

 BackConnect feature via SOCKS or VNC  Undermines any device fingerprinting

Commercial – in - Confidence  Drive-by attacks  PDF, Flash or any other software  Phishing attacks  Heavily geo based distribution  This is done via a flash object that calls URLMON.DLL.URLDownloadToFileA to save >/l.php?i=18 locally to pdfupd.exe and then execute it with WinExec  More details in the next TrustDefender Labs Report

Commercial – in - Confidence  Mebroot is by far the most successful rootkit that is able to stay under the radar  Technically sophisticated, but also very clever  We know that they could infect much more machines, but don’t do so  Bad news: They have a comprehensive javascript engine as well  However not used yet (AFAWK)

Commercial – in - Confidence  Sizzler CSS Selector Engine  If it looks scary, it is scary  Watch out for simple device authentication

Commercial – in - Confidence  Phishing still works (!)  Real world example  Bank uses transactional 2FA hardware tokens  Phishing site asks for login credentials + private phone number  Fraudsters ring the customer and tell him that his account got compromised (which is true!) and tell him that in order to get it reconnected, they should enter the following number into their token and confirm the reply!

Commercial – in - Confidence ... is the R&D arm of TrustDefender  TrustDefender is a online-transaction security solution providing  Real-time customer endpoint risk-assessment & protection for online transactions  More info 

Commercial – in - Confidence  Bad guys adopt heavily  Protect all parts of the chain.  If one breaks, the chain is broken

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.