Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Published byGerman Carby Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,"— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore, BCOMM Territory Manager, Eastern Canada Frank.salvatore@FireEye.com

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2 "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28 th 2012

3 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3 "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28 th 2012

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 Modern times… call for modern measures...

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Top CISO Priorities – 2013 Secure Data and Policy Controls Data exfiltration through the use of multi-protocol outbound channels challenges traditional controls Enable Secure Mobility Mobile devices and policies pose major issues as organizations need to enable secure access to data Advanced Attacks Targeting Data Ensuring security of data-at-rest and data-in-motion continues to be challenged with multi-vectored attacks

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Top 5 Global Risks Source: World Economic Forum

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Technological Risks

8 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 High Profile APT Attacks Are Increasingly Common

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Attacks Increasingly Sophisticated Dynamic Web Attacks Malicious Exploits Spear Phishing Emails Multi-Vector Delivered via Web or email Blended attacks with email containing malicious URLs Uses application/OS exploits Multi-Stage Initial exploit stage followed by malware executable download, callbacks and exfiltration Lateral movement to infect other network assets

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Top 5 Modern Malware Trends

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 Trend #1: Motivation is Data “Capitalization” Political, Financial, Intellectual Nature of threats changing –From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating –High profile victims common (e.g., RSA, Symantec, Google) –Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012 20042006200820102012 Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Worms Viruses Disruption Spyware/ Bots Cybercrime Cyber-espionage and Cybercrime Damage of Attacks

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 Trend #2: Modern Malware Targets the Application

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 Hacking? Not so much…

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Polymorphism on demand

16 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 Blog Post?

17 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 RSS Feed?

18 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 Trend #3: Socialized Attack Vectors Spear-Phishing is a social attack –No real technical countermeasure –Users un(der)trained –Effective way to drive malicious traffic –“Whaling” for high return 83% of spam uses URLs –URL shorteners –Social engineering URLs –Still on the decline Browser/App Infection Vectors –Browser itself –ActiveX / Java –Plug-ins (PDF, QuickTime) –Adobe Flash –JavaScript/AJAX Percent of Spam Containing Links Source: Cisco Systems 18

19 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 LinkedIn is a Gold Mine…

20 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 Successful Spear Phish

21 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 Trend #4: It’s not just about files anymore Modern Malware is about a sequence of protocol flows which serve to exploit an application A file may be invoked or transported, but usually after a successful exploit The new reality of Modern Malware or APT is that file- based analysis is inadequate Exploit Downloads Callback ServerInfection Server Data Exfiltration Binary Download Callbacks

22 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 The Attack Life Cycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware executable download Compromised Web Server, or Web 2.0 Site 1 Callback Server IPS 3 2 Malware spreads laterally 4 Data exfiltration 5 File Share 2 File Share 1 5 4

23 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 Exploit Detection is Critical Malware exploits take a similar form: –Write data to memory –Trick the system to execute that code in memory Exploitation of the system is the first stage –Subsequent stages can be hidden –You will miss attacks if relying on object/file analysis Only FireEye detects the exploit stage –Captures resulting stages –Shares globally

24 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Timed Malware

25 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Ho, Ho, Ho… Timed Malware: December 25 th. Where is the IT staff? ;) FireEye works 24/7/365 so you don’t have to. 2000 + events on Xmas.

26 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 Trend #5: Mobile Device Malware

27 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Trend #5: Mobile Malware Incremental (See Timestamp)

28 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 BYOD = Bring Your own DOOM! Source: www.bgr.com “Boy Genius”www.bgr.com

29 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 FBI Warning (October 15, 2012) Source: www.bgr.comwww.bgr.com

30 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Thank You! Frank Salvatore, BCOMM Territory Manager, Eastern Canada Frank.salvatore@FireEye.com

Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,"

Similar presentations

Next Generation Threat Protection

Next Generation Threat Protection
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.

Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 200 300 400 500 100 BlueRedGreenPurpleOrange.

BlueRedGreenPurpleOrange.
Tim Davidson System Engineer

Tim Davidson System Engineer
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
Next Generation Threat Protection

Next Generation Threat Protection
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.

1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Herbert Bos Erik van der Kouwe Remco Vermeulen Andrei Bacs

Herbert Bos Erik van der Kouwe Remco Vermeulen Andrei Bacs

Similar presentations

Ads by Google