Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

Published byHester Baldwin Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr."— Presentation transcript:

1 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

2 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2

3 3 "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28 th 2012

4 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 High Profile APT Attacks Are Increasingly Common

5 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 The Attack Lifecycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware binary download Compromised Web server, or Web 2.0 site 1 Callback Server IPS 3 2 DMZ File Share 2 File Share 1

6 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Crimeware == for the $

7 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Advanced Persistent Threat == Human

8 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 This is Alex == FireEye Research

9 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 The Usual Suspects

10 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Organized…Persistent…

11 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Reconnaissance made easy…

12 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 The Exploit

13 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 LaserMotive

14 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 CEOs are targeted

15 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Could you stop this?

16 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 The Callback

17 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 Hidden in plain view…

18 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 Blog Post?

19 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 RSS Feed?

20 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 We’re Only Human

21 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 HR make for easy targets

22 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 Just doing my job…

23 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 NATO is a frequent spearphish target

24 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Global Unrest

25 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Who’s Oil is it?

26 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 The curious case of Trojan.Bisonal Targets 100% Japanese organizations Delivered via weaponized doc/xls files Embeds the target name into the command and control traffic

27 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Custom “Flag” and c2 domain GET /j/news.asp?id=* HTTP/1.1 User-Agent: flag:khi host:Business IP:10.0.0.43 OS:XPSP3 vm: �� proxy: �� Host: online.cleansite.us Cache-Control: no-cache GET /a.asp?id=* HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;.NET CLR 2.0.50727;.NET CLR 3.0.04506.648;.NET CLR 3.5.21022) Host: khi.acmetoy.com Connection: Keep-Alive

28 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 Other “Flag”s seen flag:410maff <-- ministry of agriculture, forestry, and fisheries flag:1223 Flag:712mhi<-- mitsubishi heavy industries Flag:727x Flag:8080 Flag:84d flag:boat Flag:d2 Flag:dick flag:jsexe flag:jyt Flag:m615 flag:toray Flag:MARK 1 flag:nec01<-- nec corporation Flag:qqq flag:nids<-- national institute for defense studies (nids.go.jp) flag:nsc516<-- nippon steel corp flag:ihi<-- ihi corp

29 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 China is not the only threat

30 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware binary analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: E-MAIL MPS Email Attachments URL Analysis

31 Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 31 Thank You! FireEye - Modern Malware Protection System

Download ppt "Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr."

Similar presentations

Next Generation Threat Protection

Next Generation Threat Protection
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
Tim Davidson System Engineer

Tim Davidson System Engineer
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
Next Generation Threat Protection

Next Generation Threat Protection
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

Similar presentations

Ads by Google