Upload
solomon-stewart
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
The changing threat landscape: 2010 and beyond
Chester Wisniewski – Sophos Eamonn Medlar - WPP Moderator: Angela Moscaritolo
What is an opportunistic attack?
Affiliate marketing
Conficker
Fake-AV
Spam
Phishing
Social media
SEO poisoning
ДОРВЕЙ (Doorway)
“A web page that is designed to attract traffic from a search
engine and then redirect it to another site or page.”
Koobface – What can it do?
Steal software keys Upload stored passwords Web server Search hijacking Captcha busting PPC fraud Fake AV Soc Net Spambot
Screenshot courtesy of abuse.ch
Targeted attacks have diverged
Unknown exploit(s)
Unknown malware
Nearly silent
Used for
espionage/cyberwa
rfare
How do we react to this new branch of attack?
MS Advisory for “Aurora” exploit
The new blended threat – Step 2
Sample Zeus commands
Sethomepage [URL] resetgrab
getmff getcerts
Bc_add [service] [ip] [port] kos
Block_url shutdown
Rexec [url] [args] reboot
Lexec [file] [args] Upcfg [url]
Addsf [filemask] Block_fake
Zeus takes the 3rd step
Law enforcement crackdown Widely decentralized
Image courtesy of krebsonsecurity,com
“It’s mine” Portability Regulation Chain of trust Legacy increases
attacksurface
Challenges to the protector
Creative Commons image courtesy of thetechbuzz's Flickr photostream.
Evolving with the threat
AV good for basic threat
Behavior is key
Collective intelligence
Event correlation
Defense in depth
Data protection is key
19
Summary
Contact:
Proven:25+ years of experience
Integratedthreat detection
SophosLabs
24/7/365
Anti-Malware
Email Protection
Web Filtering
Encryption
Email: [email protected]
Twitter: @chetwisniewski
Blog: http://nakedsecurity.sophos.com
Device/App Control
NAC