Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evolving Threats Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida.

Published byDerick Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "Evolving Threats Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida."— Presentation transcript:

1 Evolving Threats Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida PI Agency License A2900048 Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida PI Agency License A2900048

2 Welcome To My World Conficker update Risk of banking via cell phone rising Backdoor in a box –Covert channels on a budget Obfuscation wins again –Adobe issues not going away Wireless network tap –Sniffing a network from 300 meters What’s that light at the end of the tunnel –Patch that Mac Old Malware never dies

3 Conficker Update Upgrades –No longer limited to 250 domains for updates 50,000 domains Peer to peer updates Blocks access to larger range of security sites –First nefarious use of conficker bot net detected More sure to come

4 Conficker Update

5

6

7 Big Money 1.8M unique users were redirected to the rogue Anti-Virus software during 16 consecutive days Members of the affiliate network were rewarded for each successful redirection with 9.6 cents “a piece”, which totals $ 172,800 or $ 10,800 per day

8 Introducing Gumblar - Son of Conficker In 2008 one website was compromised every 5 sec –Now it is one every 4.5 sec End game is the same – deliver malware Gumblar is building two botnets –First botnet is made up of compromised web servers and is used to distribute “drive-by” malware across web servers –Second botnet is made up of PCs that visit the web sites and become infected These PCs become part of a spam spewing botnet

9 Introducing Gumblar - Son of Conficker Gumblar is now found on 42% of all discovered compromised websites

10 Root Cause… Really drives home the underlying problem with network security today.. One of the most successful vulnerabilities being exploited today is RDS (MDAC) This one vulnerability is responsible for over 70% of compromises from automated toolkits Did I mention that the vulnerability was patched 3 years ago……

11 Most Popular Toolkit

12 Pinch Lives On… Even while the authors sit in prison Pinch continues to infect users

13 It’s Not Rocket Science… It is common knowledge that you can eliminate 90% of your risk by applying patches in a timely manner It was recently reported by IBM that over 70% of Microsoft vulnerabilities in 2008 could be mitigated by simply enforcing the “rule of least privilege”

14 Now This Is Interesting… For Sale Used Nokia 1100 $30,000 A software issue in the Nokia 1100 makes is easily re-programmable –Assume any identity –Actively being used in UK to capture banking PIN sent via SMS

15 Pogo Plug – Backdoor in a box Allows anything connected via USB to be easily shared across the Internet –Hard drive –Ethernet adapter –Wireless adapter

16 Pogo Plug – Backdoor in a box Yes there are a few good uses but….

17 Signatures Are Obsolete

18

19 Obfuscation wins again

20

21 Well it started as a good idea

22

23

24 20,000 Illegal Downloads…. Pirated copy of iWorks contained malware

25 First Mac BotNet First use of iBotnet was a DDoS Attack

26 First Mac BotNet Apple is currently associated with 57 different software products and numerous hardware platforms A search on reported vulnerabilities of OSX shows 128 Secunia Advisories and 866 reported Vulnerabilities –http://secunia.com/advisories/product/96/http://secunia.com/advisories/product/96/ That light at the end of the tunnel is an on coming train…

27 Windows RC7 – Botnet

28 Summary We have yet to feel the impact of Conficker – more to come Cell phones are becoming a viable target Pogo Plug demonstrates the need to re evaluate access to 80/443 outbound We need to rethink signatures the current model is doomed to fail Wireless network taps will play a part in data leakage Security by obscurity is over for Mac Obfuscation brings new life to old malware

29 Forensics & Recovery LLC Florida PI License A 29004 www.forensicsandrecovery.com Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 25 SE 69 th Place Ocala, Fl 34480 Telephone (954) 854 9143 phenry@forensicsandrecovery.com

Download ppt "Evolving Threats Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida."

Similar presentations

7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
SPAM/BOTNETS and Malware  Neil Warner, CIO, GoDaddy.com  Moderator: Dan Kaplan, deputy editor, SC Magazine.

SPAM/BOTNETS and Malware  Neil Warner, CIO, GoDaddy.com  Moderator: Dan Kaplan, deputy editor, SC Magazine.
Security for Internet Every Day Use Standard Security Practices and New Threats.

Security for Internet Every Day Use Standard Security Practices and New Threats.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.

1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google