Presentation is loading. Please wait.

Presentation is loading. Please wait.

2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist.

Published byBriana Hampton Modified over 8 years ago

Similar presentations

Presentation on theme: "2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist."— Presentation transcript:

1 2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist

2 2 © Blue Coat Systems, Inc. 2011

3 3 Stage 1: Build the Infrastructure

4 4 © Blue Coat Systems, Inc. 2011

5 5 BUILD THE MALNET INFRASTRUCTURE STALK USERS LAUNCH ATTACKS INFECT SYSTEMS INFECT SYSTEMS BECOME PART OF MALNET INFRASTRUCTURE & LAUNCH NEW ATTACKS

6 6 © Blue Coat Systems, Inc. 2011

7 7 SHNAKULETRICKIRUBOLRASKATRONGDAC 5,005 MAX HOSTS 1,717 AVG. HOSTS 50 MIN. HOSTS 547 MAX HOSTS 106 AVG. HOSTS 4 MIN. HOSTS 476 MAX HOSTS 76 AVG. HOSTS 1 MIN. HOSTS 163 MAX HOSTS 50 AVG. HOSTS 5 MIN. HOSTS 105 MAX HOSTS 50 AVG. HOSTS 1 MIN. HOSTS Drive-by downloads; Fake AV, codecs, Flash and Firefox updates; Botnet C&C controls; pornography; gambling; work-at-home scams Search Engine Poisoning & Relays Spam Ecosystem Search Engine Poisoning & Relays Spam Ecosystem Malnets Scale to Support Attacks

8 8 © Blue Coat Systems, Inc. 2011 Internet Watering Holes

9 9 © Blue Coat Systems, Inc. 2011 35.5% Search Engine 11.1% Email 10.9% Unrated 4.2% Pornography 4.2% Computers/Internet XXX ? Top Malnet Entry Points

10 10 © Blue Coat Systems, Inc. 2011 17 days after Apple issues patch

11 11 © Blue Coat Systems, Inc. 2011 Zeus 47% Aleuron 517% One Botnet Falls, Others Rise

12 12 © Blue Coat Systems, Inc. 2011

13 13 © Blue Coat Systems, Inc. 2011

14 14 © Blue Coat Systems, Inc. 2011 AMERICAS 1% +1% 90% -2% 67% +58% 40% +37% 37% +32% PORN SEP / RELAY COMMAND & CONTROL SCAMS MALEWARE SERVERS WESTERN EUROPE 98% +4% 6% +3% 33% +6% 37% +17% 42% -22% CENTRAL ASIA 0% -54% 0% -1% 3% -57% 5% -4% EASTERN EUROPE & MIDDLE EAST 1% -5% 1% -2% 0% -9% 18% +1% 17% -1% 3% +3% 2% +2% 0% -2% EAST/SE ASIA Geographic Distribution of Shnakule

15 15 © Blue Coat Systems, Inc. 2011 Mapping Malnets

16 16 © Blue Coat Systems, Inc. 2011 Active Threat Phase Infrastructure Phase Negative Day Defense Negative Day Defense Continues to Block Malnet Infrastructure Negative Day Defense Identifies and Blocks New Components AV Engines Begin Detection UTM Policy applied -30 Days Dynamic Payload Changes Domain Attack Begins Exploit Server 0 Day+1 Days+30 Days Attack Ends New Subnet, IP Address and Host Name

17 17 © Blue Coat Systems, Inc. 2011 2012 Jan -225 Days April -120 Days Aug 26 0 Day Aug 26 0 Day New exploit site named ok.aa24.net becomes active New C&C site comes online ok.aa24.net actively distributes malicious executable that uses zero-day Java exploit Infected systems begin communicating with command and control domain WebPulse rates as malware source & begins blocking WebPulse rates IP address as suspicious and begins blocking WebPulse automatically blocks all requests to site WebPulse automatically blocks all requests to domain Blocking a Zero-Day Java Exploit

18 18 © Blue Coat Systems, Inc. 2011 Block malnet infrastructures to limit employee exposure to botnet-producing Trojans Block communications from infected end-user systems to command and control servers x Update Web usage policies and keep network/firewall rules current Use a reporting solution that can identify potentially infected end-user systems for quarantine Set and enforce policies that require employees to update browsers and applications with the latest patches and security updates Best Practices for Protecting Businesses

19 19 © Blue Coat Systems, Inc. 2011 Download at http://www.bluecoat.com/security/reports

20 Thank You! Grant Asplund 206-612-8652 grant.asplund@bluecoat.com Twitter: @gasplund

Download ppt "2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist."

Similar presentations

Intrusion Prevention anno 2012: Widening the IPS concept.

Intrusion Prevention anno 2012: Widening the IPS concept.
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
© Blue Coat Systems, Inc. 2011. All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Threat infrastructure: proxies, botnets, fast-flux

Threat infrastructure: proxies, botnets, fast-flux
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
© Blue Coat Systems, Inc. 2012. John Yun Director, Product Marketing.

© Blue Coat Systems, Inc John Yun Director, Product Marketing.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Similar presentations

Ads by Google