Upload
cisco-security
View
1.418
Download
0
Embed Size (px)
Citation preview
Data Access
IDSNGIPS
UTM Application Control
VulnerabilityManagement
NBA
NAC
VPN
MalwareSandbox
AntivirusEmail
NGFW
Firewall
IAM
AMP
Speeding Ahead of the Sensors
Agility is Its Strength Destructive if Modi�ed
40% userpenetration
©2015 Cisco and or its a�liates. Other company, product and service names may be trademarks or service marks of others.
Combination Attacks Evade Point Solutions In the �rst half of 2015, malicious actors demonstrated an elevated level of attack sophistication that leveraged agility, destruction, adaptability, and speed to achieve their objectives. Angler, Rombertik, Adware MultiPlug, and Dridex are the top four most well-known examples of how these combination attacks evade detection, in�ltrate defenses, and destroy systems.
The security industry needs to move toward an integrated threat defense to keep pace with combination attacks. To learn more, download the 2015 Midyear Security Report.www.cisco.com/go/msr2015
Cisco 2015 Midyear Security Report
Continually throws di�erent
‘hooks’ to increasee�ectiveness
to complete campaign, before traditional
antivirus tools can react9hours
Dridex
Angler Rombertik
Quickly morphs campaign content such as user agents, attachments,and referrers; and relaunches campaign
Uses Microsoft® O�ce
macros to quicklydeliver banking Trojans
Targets and exploits unpatched software
Up to unique campaigns in time observed850
75%Overof domain shadowing activity leads to AnglerEncrypts payload
for delayed analysis
Obfuscates compromised landing pages
Adapts and Mutates to Evade Detection
Adware MultiPlug
Shifted awayfrom old URL-encoding scheme to increase penetration rate 4,000
add-on variants employed
Bundles malicious add-ons withseemingly useful yet unwanted applications 500
domains used across three month period
Uses spam and phishing to
gain access
instructions to memory,creating a stalling tactic for sandboxes
960M Destroys masterboot record and renders computer inoperable
Performs excessive activity to
�ood tracing tools
Once past sandbox, calls Windows API 335,000 timesas an anti-debugging mechanism