1 / 29

Evolving Threats

Evolving Threats. Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida PI Agency License A2900048. Welcome To My World. Conficker update Risk of banking via cell phone rising Backdoor in a box

ziva
Download Presentation

Evolving Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Evolving Threats Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE Florida PI License C2800597 Forensics & Recovery LLC Florida PI Agency License A2900048

  2. Welcome To My World • Conficker update • Risk of banking via cell phone rising • Backdoor in a box • Covert channels on a budget • Obfuscation wins again • Adobe issues not going away • Wireless network tap • Sniffing a network from 300 meters • What’s that light at the end of the tunnel • Patch that Mac • Old Malware never dies

  3. Conficker Update • Upgrades • No longer limited to 250 domains for updates • 50,000 domains • Peer to peer updates • Blocks access to larger range of security sites • First nefarious use of conficker bot net detected • More sure to come

  4. Conficker Update

  5. Conficker Update

  6. Conficker Update

  7. Big Money • 1.8M unique users were redirected to the rogue Anti-Virus software during 16 consecutive days • Members of the affiliate network were rewarded for each successful redirection with 9.6 cents “a piece”, which totals $ 172,800 or $ 10,800 per day

  8. Introducing Gumblar - Son of Conficker • In 2008 one website was compromised every 5 sec • Now it is one every 4.5 sec • End game is the same – deliver malware • Gumblar is building two botnets • First botnet is made up of compromised web servers and is used to distribute “drive-by” malware across web servers • Second botnet is made up of PCs that visit the web sites and become infected • These PCs become part of a spam spewing botnet

  9. Introducing Gumblar - Son of Conficker • Gumblar is now found on 42% of all discovered compromised websites

  10. Root Cause… • Really drives home the underlying problem with network security today.. • One of the most successful vulnerabilities being exploited today is RDS (MDAC) • This one vulnerability is responsible for over 70% of compromises from automated toolkits • Did I mention that the vulnerability was patched 3 years ago……

  11. Most Popular Toolkit

  12. Pinch Lives On… • Even while the authors sit in prison Pinch continues to infect users

  13. It’s Not Rocket Science… • It is common knowledge that you can eliminate 90% of your risk by applying patches in a timely manner • It was recently reported by IBM that over 70% of Microsoft vulnerabilities in 2008 could be mitigated by simply enforcing the “rule of least privilege”

  14. Now This Is Interesting… • For Sale Used Nokia 1100 $30,000 • A software issue in the Nokia 1100 makes is easily re-programmable • Assume any identity • Actively being used in UK to capture banking PIN sent via SMS

  15. Pogo Plug – Backdoor in a box • Allows anything connected via USB to be easily shared across the Internet • Hard drive • Ethernet adapter • Wireless adapter

  16. Pogo Plug – Backdoor in a box • Yes there are a few good uses but….

  17. Signatures Are Obsolete

  18. Signatures Are Obsolete

  19. Obfuscation wins again

  20. Obfuscation wins again

  21. Well it started as a good idea

  22. Well it started as a good idea

  23. Well it started as a good idea

  24. 20,000 Illegal Downloads…. • Pirated copy of iWorks contained malware

  25. First Mac BotNet • First use of iBotnet was a DDoS Attack

  26. First Mac BotNet • Apple is currently associated with 57 different software products and numerous hardware platforms • A search on reported vulnerabilities of OSX shows 128 Secunia Advisories and 866 reported Vulnerabilities • http://secunia.com/advisories/product/96/ That light at the end of the tunnel is an on coming train…

  27. Windows RC7 – Botnet

  28. Summary • We have yet to feel the impact of Conficker – more to come • Cell phones are becoming a viable target • Pogo Plug demonstrates the need to re evaluate access to 80/443 outbound • We need to rethink signatures the current model is doomed to fail • Wireless network taps will play a part in data leakage • Security by obscurity is over for Mac • Obfuscation brings new life to old malware

  29. Forensics • & Recovery LLC • Florida PI License A 29004 • www.forensicsandrecovery.com • Paul A. Henry • MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE • Florida PI License C2800597 • 25 SE 69th Place Ocala, Fl 34480 Telephone (954) 854 9143 phenry@forensicsandrecovery.com

More Related