AVG (AU/NZ)'s Security Advisor, Michael McKinnon, details the latest emerging threats and trends in online security: toolkits, spam, rogue apps, printed malware, fake anti-virus, ransomware and mobile security.
- 1. AVG.COM.AUAVG.CO.NZEmerging Threats and TrendsMichael McKinnon, Security Advisor An Avalanche Technology Group Company
2. Emerging Threats & Trends - Overview Current Threats Toolkits, Spam, Mobile, Printed Malware, Fake Anti-Virus, Ransomware Trends & Emerging Facebook, Mobile security, DNSSEC, Anonymous Dispel some common myths along the way 2 3. Current Threats Compiled from our local support team; and AVG Community Powered Threat Report, Q4 2011 3 4. Blackhole Toolkit What is it? Web based, distribution system for exploits andmalware; runs on a private or compromised server 4 5. Blackhole Toolkit Targets many platforms Allows them to target many platforms, including Mac! 5 6. Blackhole Toolkit Features & facts Other key features: Analytics network Built-in anti-virus scanning to avoid detection Does many complex tasks very easily Facts: In the last of 2011 it accounted for 80.2% of all known toolkitsbeing used Exploit toolkits account for 58% of threat activity on maliciouswebsites 6 7. Blackhole Toolkit Mitigation Always keep computers updated with latest patches toavoid 0day vulnerabilities Run up to date Internet Security solutions but youalready know that! 7 8. Spam SNAP POLL In Q4 of 2011, which country sent the most spam? China Romania United States Israel 8 9. Spam Top countries 9 10. Spam Top domains 10 11. Spam Mitigation Run an anti-spam solution on servers & desktops Be proactive and know basic email handling tips Well be providing some tips and resources on how tospot email scams in the near future 11 12. Mobile Threats Rogue apps Affecting mostly Android phone and tablet users12 13. Mobile Threats Rogue apps In Q4 we reported the emergence of rogue signedapplications available in the Android Marketplace Signed with stolen/leaked digital certificates Permission prompts on Android is weak doesnt makethe user think at all Risks are mostly around spying and premium SMS Google has recently announced they are scanning appsin the Marketplace with bouncer 13 14. Mobile Threats Mitigation Update your Android device if you cannot upgradepast Android 2.2 then BUY A NEW PHONE! (Same canbe said of older iPhones stuck on iOS 4.3) ONLY install applications from the Android Marketplace nowhere else Have a look at AVG Mobilation for scanning 14 15. Printed Malware QR codes 15 16. Printed Malware QR codesJust like URL shorteners (like bit.ly forexample), QR codes dont reveal too much aboutthemselves until you use themIn Q4 2011 we observed a QR code being usedin a Russian forum website that linked to amalicious mobile appThese are something to keep your eyeon, especially with large, well-known, trustedbrands starting to use them for marketing 16 17. Fake AV What is it? Our support team has been helping clean up thefollowing Fake AVs for customers: Security Shield System Fix XP Antivirus 2012 Internet Security 2012 Lets have a look at what they can do 17 18. Fake AV Fake Blue Screen of Death18 19. Fake AV Nag screens and pop-ups19 20. Fake AV Mitigation & removal Can be very tricky to remove completely, usuallyinvolves reverting to safe-mode and removing filesmanually Some tricks for removal have, in some cases, been toenter the fake AV licence key to get rid of it! Preventing fake AV from being installed usually involveskeeping the PC up to date, in combination with someuser awareness 20 21. Ransomware What is it? Has been observed being served up by Blackholetoolkits Unlike fake AV this malicious code just locks up yourcomputer and demands money! Usually pretends to befrom the government ora law enforcementagency21 22. Ransomware Your PC has been seized!22 23. Ransomware Mitigation Update, update, update! Since the vector for this is 0day vulnerabilities, usuallyexploited by a toolkit (like Blackhole) staying updatedis the first line of defence And, of course, AVG 2012 Internet Security Browsing questionable websites (i.e. user habit) couldalso be a contributory factor in these examples 23 24. Trends & Emerging Threats Predictions for 2012 And some overall stats and trends24 25. Top 10 Web Threats Q4 2011 25 26. Trends & Emerging Facebook or Scambook? Global spam levels are decreasing Scammers are now using Facebook, which provides: Instant access to 850+ million users Built-in word of mouth provides viral spread Default trust with Facebook is still high 26 27. Trends & Emerging Mobile Security Did you know? Lost/stolen smartphones & tablets can be located using GPS tracking Mobile devices can be remote wiped if fallen into the wrong hands PIN number should always be used, but also these can be activated remotely27 28. Trends & Emerging DNSSEC The Domain Name System (DNS) is vulnerable, soDNSSEC promises to cryptographically secure it We should see improvements over time with trueverification of legitimate sites, good for eCommerce andconsumer confidence online Will make stolen SSL certificates much harder to exploitin the wild Should start to have some impacts onreducing spam levels further, in conjunctionwith DMARC 28 29. Trends & Emerging #opGlobalBlackout Anonymous announced that it is attempting to bringdown the Internet on 31st March 2012 http://pastebin.com/NKbnh8q8 Will be interesting to see what happens, if anything, Isuspect the Internet will be just fine No doubt it will hit the news29 30. Thank You!Connect with us to stay up to date with the latest news and informationabout online threats and scams. We also provide simple and usefulsecurity tips, designed to keep out community safe.Come and say hello! twitter.com/avgaunz facebook.com/avgaunzCopyright 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved.30