Emerging Threats and TrendsMichael McKinnon, Security Advisor

An Avalanche Technology Group Company

AVG.COM.AUAVG.CO.NZ

2

Emerging Threats & Trends - Overview

• Current Threats

• Toolkits, Spam, Mobile, Printed Malware,Fake Anti-Virus, Ransomware

• Trends & Emerging

• Facebook, Mobile security, DNSSEC, Anonymous

• Dispel some common myths along the way

3

Current Threats• Compiled from our local support team; and• AVG Community Powered Threat Report, Q4 2011

4

Blackhole Toolkit – What is it?

• Web based, distribution system for exploits and malware; runs on a private or compromised server

5

Blackhole Toolkit – Targets many platforms

• Allows them to target many platforms, including Mac!

6

Blackhole Toolkit – Features & facts

• Other key “features”:

• Analytics network

• Built-in anti-virus scanning to avoid detection

• Does many complex tasks very easily

• Facts:

• In the last ¼ of 2011 it accounted for 80.2% of all known toolkits being used

• Exploit toolkits account for 58% of threat activity on malicious websites

7

Blackhole Toolkit – Mitigation

• Always keep computers updated with latest patches to avoid 0day vulnerabilities

• Run up to date Internet Security solutions – but you already know that!

8

Spam – SNAP POLL

• In Q4 of 2011, which country sent the most spam?

• China

• Romania

• United States

• Israel

9

Spam – Top countries

10

Spam – Top domains

11

Spam – Mitigation

• Run an anti-spam solution on servers & desktops

• Be proactive and know basic email handling tips

• We’ll be providing some tips and resources on how to spot email scams in the near future…

12

Mobile Threats – Rogue apps

• Affecting mostly Android phone and tablet users

13

Mobile Threats – Rogue apps

• In Q4 we reported the emergence of rogue “signed” applications available in the Android Marketplace

• Signed with stolen/leaked digital certificates

• Permission prompts on Android is weak – doesn’t make the user think at all

• Risks are mostly around spying and premium SMS

• Google has recently announced they are scanning apps in the Marketplace with “bouncer”

14

Mobile Threats – Mitigation

• Update your Android device – if you cannot upgrade past Android 2.2 then BUY A NEW PHONE! (Same can be said of older iPhones stuck on iOS 4.3)

• ONLY install applications from the Android Marketplace – nowhere else

• Have a look at AVG Mobilation for scanning

15

Printed Malware – QR codes

16

Printed Malware – QR codes

Just like URL shorteners (like bit.ly for example), QR codes don’t reveal too much about themselves until you use them

In Q4 2011 we observed a QR code being used in a Russian forum website that linked to a malicious mobile app

These are something to keep your eye on, especially with large, well-known, trusted brands starting to use them for marketing

17

Fake AV – What is it?

• Our support team has been helping clean up the following Fake AV’s for customers:

• Security Shield

• System Fix

• XP Antivirus 2012

• Internet Security 2012

• Let’s have a look at what they can do…

18

Fake AV – Fake “Blue Screen of Death”

19

Fake AV – Nag screens and pop-ups

20

Fake AV – Mitigation & removal

• Can be very tricky to remove completely, usually involves reverting to safe-mode and removing files manually

• Some tricks for removal have, in some cases, been to enter the fake AV licence key to get rid of it!

• Preventing fake AV from being installed usually involves keeping the PC up to date, in combination with some user awareness

21

Ransomware – What is it?

• Has been observed being served up by Blackhole toolkits

• Unlike fake AV – this malicious code just locks up your computer and demands money!

• Usually pretends to befrom the government ora law enforcement agency

22

Ransomware – Your PC has been seized!

23

Ransomware – Mitigation

• Update, update, update!

• Since the vector for this is 0day vulnerabilities, usually exploited by a toolkit (like Blackhole) – staying updated is the first line of defence

• And, of course, AVG 2012 Internet Security

• Browsing questionable websites (i.e. user habit) could also be a contributory factor in these examples

24

Trends & Emerging Threats• Predictions for 2012• And some overall stats and trends

25

Top 10 Web Threats – Q4 2011

26

Trends & Emerging – Facebook or Scambook?

• Global spam levels are decreasing

• Scammers are now using Facebook, which provides:

• Instant access to 850+ million users

• Built-in word of mouth provides viral spread

• Default “trust” with Facebook is still high

27

Trends & Emerging – Mobile Security

• Did you know?

• Lost/stolen smartphones & tablets can be located using GPS tracking

• Mobile devices can be remote wiped if fallen into the wrong hands

• PIN number should always be used, but alsothese can be activated remotely

28

Trends & Emerging – DNSSEC

• The Domain Name System (DNS) is vulnerable, so DNSSEC promises to cryptographically secure it

• We should see improvements over time with true verification of legitimate sites, good for eCommerce and consumer confidence online

• Will make stolen SSL certificates much harder to exploit in the wild

• Should start to have some impacts onreducing spam levels further, in conjunctionwith DMARC

29

Trends & Emerging – #opGlobalBlackout

• “Anonymous” announced that it is attempting to bring down the Internet on 31st March 2012

• http://pastebin.com/NKbnh8q8

• Will be interesting to see what happens, if anything, I suspect the Internet will be just fine

• No doubt it will hit the news

Thank You!

30

Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved.

Connect with us to stay up to date with the latest news and information about online threats and scams. We also provide simple and useful security tips, designed to keep out community safe.

Come and say hello!

twitter.com/avgaunz facebook.com/avgaunz