Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ©2014 Check Point Software Technologies Ltd. Modern Threats and Malware Kierk Sanderlin Regional Engineering Manager.

Published bySilvester Elwin Norman Modified over 10 years ago

Similar presentations

Presentation on theme: "1 ©2014 Check Point Software Technologies Ltd. Modern Threats and Malware Kierk Sanderlin Regional Engineering Manager."— Presentation transcript:

1 1 ©2014 Check Point Software Technologies Ltd. Modern Threats and Malware Kierk Sanderlin Regional Engineering Manager

2 2 ©2014 Check Point Software Technologies Ltd. 2 We are surrounded by buzzwords but what do they all mean?

3 3 ©2014 Check Point Software Technologies Ltd. A Little History

4 4 ©2014 Check Point Software Technologies Ltd. Behind The Scenes Who would write a virus? A Why would they write it? B

5 5 ©2014 Check Point Software Technologies Ltd. Behind The Scenes ‘80s and ‘90s Nerds Show Off Cause Damage Who Why

6 6 ©2014 Check Point Software Technologies Ltd. Examples Ping Pong Video http://www.youtube.com/w atch?v=yxHalzuPyi8 http://www.youtube.com/w atch?v=yxHalzuPyi8 Cascade Video http://www.youtube.com/w atch?v=z7g-v3d7-Gk http://www.youtube.com/w atch?v=z7g-v3d7-Gk Other Celebrities: CIH Melissa ILOVEYOU

7 7 ©2014 Check Point Software Technologies Ltd. Behind the Scenes ‘80s and ‘90s21 st Century Nerds Criminals Nation-State Steal Money Steal Data Show Off Cause Damage Who Why Cause Damage

8 8 ©2014 Check Point Software Technologies Ltd. Examples CriminalsNation-State Zeus Spy-Eye ZeroAccess/Sirefef Carberp Cridex [more to come] Stuxnet Duqu Flame Gauss Shamoon APT1 [more to come]

9 9 ©2014 Check Point Software Technologies Ltd. One Ware to Rule Them All StealDamage SpywareRansomware Harass Adware Scareware Fake AV Generic Names Virus Trojan Worm Malware M A L W A R E

10 10 ©2014 Check Point Software Technologies Ltd. Someone else’s code running on your server without your permission or knowledge is bad Malware can change functionality, based on collected information Malware can download other malware Bot-herders rent out parts of their network Bot-herders can change their mind Why Do That?

11 11 ©2014 Check Point Software Technologies Ltd. Was trademarked by Describes the phases of an attack Has become an industry standard We’ll get back to this later… Cyber Kill Chain™

12 12 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Malware-bearing Spam 2 Link-bearing Spam 3 Pirated Software 4 Drive-By Download 5 Infected Media 6

13 13 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Malware-bearing Spam 2 Link-bearing Spam 3 Pirated Software 4 Drive-By Download 5 Infected Media 6

14 14 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 Phishing Example #1: Completely Generic

15 15 ©2014 Check Point Software Technologies Ltd. Spearphishing 1

16 16 ©2014 Check Point Software Technologies Ltd. Spearphishing 1

17 17 ©2014 Check Point Software Technologies Ltd. Spearphishing 1

18 18 ©2014 Check Point Software Technologies Ltd. Spearphishing 1

19 19 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 A Phishing email aimed at a particular victim. The email is crafted using information that the victim is most likely to respond to. Might contain actual actionable content. Examples: CV’s sent to HR personnel A business proposal based on the victim’s previous work A request for opinion, decision or help

20 20 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 Most of the times, the email will contain a malicious document. The document, in turn, contains an Exploit targeting a vulnerability, whether Disclosed or Undisclosed (also known as a 0-Day Vulnerability)

21 21 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 Most of the times, the email will contain a malicious document. Actual Content

22 22 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 Most of the times, the email will contain a malicious document. The document, in turn, contains an Exploit targeting a vulnerability, whether Disclosed or Undisclosed (also known as a 0-Day Vulnerability), Exploit Actual Content

23 23 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 Most of the times, the email will contain a malicious document. The document, in turn, contains an Exploit targeting a vulnerability, whether Disclosed or Undisclosed (also known as a 0-Day Vulnerability), and a Payload, Exploit Actual Content Payload

24 24 ©2014 Check Point Software Technologies Ltd. Spearphishing 1 Most of the times, the email will contain a malicious document. The document, in turn, contains an Exploit targeting a vulnerability, whether Disclosed or Undisclosed (also known as a 0-Day Vulnerability), and a Payload, which installs a Malware on the computer. Exploit Actual Content Payload Malware

25 25 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Link-bearing Spam 3 Pirated Software 4 Drive-By Download 5 Infected Media 6 Malware-bearing Spam 2

26 26 ©2014 Check Point Software Technologies Ltd. Malware-bearing Spam 2

27 27 ©2014 Check Point Software Technologies Ltd. Malware-bearing Spam 2 0-Day Vulnerability When a vulnerability is published or disclosed, the days until it’s patched are counted. This is the age of the vulnerability. If the vulnerability was never disclosed, it is still unpatched. 0 days have passed since its disclosure. An Exploit is a piece of code and data that takes advantage of an unpatched vulnerability, in order to gain Code Execution or Privilege Escalation.

28 28 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Pirated Software 4 Drive-By Download 5 Infected Media 6 Malware-bearing Spam 2 Link-bearing Spam 3

29 29 ©2014 Check Point Software Technologies Ltd. Link-bearing Spam 3

30 30 ©2014 Check Point Software Technologies Ltd. Link-bearing Spam 3 Exploit Kit A collection of Exploits, usually Web-oriented, that are used to infect a computer through its browser or associated plugins. The exploits will usually target JavaScript, Java or Flash vulnerabilities. An Exploit Kit is a good example for CaaS – Crime as a Service.

31 31 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Drive-By Download 5 Infected Media 6 Malware-bearing Spam 2 Link-bearing Spam 3 Pirated Software 4

32 32 ©2014 Check Point Software Technologies Ltd. Pirated Software 4

33 33 ©2014 Check Point Software Technologies Ltd. Pirated Software 4 Bundled Malware A lot of today’s software is not free. If you don’t pay, you can’t use it properly. People try to bypass this protection by looking for a Cracked Copy of the software, or a KeyGen (Key Generator). When you use cracked software, it is actually a modified software. You may think that the only change is the removal of the protection, but nothing prevents the attacker from including whatever additional functionality they desire.

34 34 ©2014 Check Point Software Technologies Ltd. Pirated Software 4 Bundled Malware The same applies to KeyGens. They really do generate a valid serial number, but at the same time they install a malware in the background. The most famous example is Android Apps. Hackers take a software that costs money, repackage it with malware and put it back on the store, under the same name, for free.

35 35 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Infected Media 6 Malware-bearing Spam 2 Link-bearing Spam 3 Pirated Software 4 Drive-By Download 5

36 36 ©2014 Check Point Software Technologies Ltd. Drive-By Download 5

37 37 ©2014 Check Point Software Technologies Ltd. Drive-By Download 5

38 38 ©2014 Check Point Software Technologies Ltd. Drive-By Download 5

39 39 ©2014 Check Point Software Technologies Ltd. Drive-By Download 5

40 40 ©2014 Check Point Software Technologies Ltd. Drive-By Download 5 Watering Hole Attack Borrowed from the Wild Life world, it describes an attack on a website that attracts many visitors, just like the watering hole. Instead of spending a great deal of resources in order to attack many victims, the attacker only has to attack one victim – the popular website.

41 41 ©2014 Check Point Software Technologies Ltd. Attack Scenario Spearphishing 1 Malware-bearing Spam 2 Link-bearing Spam 3 Pirated Software 4 Drive-By Download 5 Infected Media 6

42 42 ©2014 Check Point Software Technologies Ltd. Infected Media 6

43 43 ©2014 Check Point Software Technologies Ltd. Infected Media 6

44 44 ©2014 Check Point Software Technologies Ltd. Infected Media 6

45 45 ©2014 Check Point Software Technologies Ltd. Infected Media 6

46 46 ©2014 Check Point Software Technologies Ltd. Back to the Cyber Kill Chain™ Code Execution Privilege Escalation Exploit Kit Spam Spearphishing Pirated Software Bundled Malware KeyGen Cracked Software Watering Hole Attack Drive-By Download 0-Day Vulnerability Payload Malware

47 47 ©2014 Check Point Software Technologies Ltd. 47 ©2014 Check Point Software Technologies Ltd.

48 48 ©2014 Check Point Software Technologies Ltd. Why Would Anyone Attack Me? © Brian Krebs

49 49 ©2014 Check Point Software Technologies Ltd. Alternate Topic Advanced Persistent Threat Another Pointless Term? OR

50 50 ©2014 Check Point Software Technologies Ltd. Advanced Persistent Threat Nation-State Targeted Attack 0-Day Vulnerability Unknown Tools Spearphishing Compromised PC

51 51 ©2014 Check Point Software Technologies Ltd. Random Attack Hacker / Criminal Wide Campaign 0-Day / Unpatched New / Existing Tool Spam / Drive-By Compromised PC

52 52 ©2014 Check Point Software Technologies Ltd. Nation-State Targeted Attack Unknown Vulnerability Unknown Tools Spearphishing Compromised PC Hacker / Criminal Wide Campaign 0-Day / Unpatched New / Existing Tool Spam / Drive-By Compromised PC Now Let’s Compare…

53 53 ©2014 Check Point Software Technologies Ltd. And…on October 21 st, 2012

54 54 ©2014 Check Point Software Technologies Ltd. What it looks like…

55 55 ©2014 Check Point Software Technologies Ltd. Summary “I’m not interesting, no one will attack me” and “It’s too complicated” are irrelevant responses. A

56 56 ©2014 Check Point Software Technologies Ltd. Summary “I’m not interesting, no one will attack me” and “It’s too complicated” are irrelevant responses. A The balance is shifting from Prevention to Detection. B

57 57 ©2014 Check Point Software Technologies Ltd. Summary “I’m not interesting, no one will attack me” and “It’s too complicated” are irrelevant responses. A The balance is shifting from Prevention to Detection. B There is no silver bullet. You must have layered security covering all fronts. C

Download ppt "1 ©2014 Check Point Software Technologies Ltd. Modern Threats and Malware Kierk Sanderlin Regional Engineering Manager."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Computer Viruses.

Computer Viruses.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Quiz Review.

Quiz Review.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Similar presentations

Ads by Google