Download - Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware Trends
Today’s Speaker
2
Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCESANS Institute Instructor
Today’s Agenda
Shift in IT Risk and Threat Landscape
2011 Malware Trends
Practical Steps to Prevent Malware
Q&A
Ask a Question Via Twitter
In addition to asking questions via the Webcast interface, you can also ask
questions via the Twitter hashtag:
#malware2011
4
The Shifting IT Risk and Threat Landscape… and the Impact to Your Information
Shift in Information that is Targeted
•Market for stolen data is saturated» Then - Stolen personally identifiable information sold on the black market for up
to $15 per record
» Now - Credit card data has dropped to about 20 cents per record
•New, more valuable target is now intellectual property (IP)» Revenue-generating information» Much larger impact and value – organization versus individuals
6
Web Applications are the Leading Attack Path
The applications we use today for productivityCollaborative / Browser-based / Open Source
Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.
7
Source: Verizon, 2010 Data Breach Investigations Report
Endpoint Security Today
Organizations do not feel more secure than they did last year.
This is mainly due to the use of ineffective technology solutions when better, more effective and efficient
technologies exist but are not heavily implemented.
8
2011 Malware Trends
1. Social Media is Top Delivery Vehicle
2. Improved Hacking Tools Available in the Wild
3. Malware Continues to Be Ahead of Traditional Defenses
4. DDoS Attacks and Fake AV Continue to Increase
5. Stuxnet is a Game Changer5
Trend #1: Social Media as a Delivery Vehicle for Malware
Q. What do click jacking, spear phishing and passwords sent in the clear all have in common?
R. You will find them daily on Facebook
» Focus on the end game and not the delivery vehicle
» Prevent the malware from running and you are good to go
Source: Verizon, 2010 Data Breach Investigations Report
11
Click Jacking On Facebook
12
Spear Phishing On Facebook
13
Sniffing Passwords On Facebook
14
Be Sure to Change to HTTPS
Account>Account Settings>Account Security and select the secure browsing / HTTPS checkbox and your FB visit including your login will be encrypted
15
Trend 2: Better Tools For The Bad Guys
16
Trend 3: Traditional Defenses are Not Keeping Up
17
Trend 4: DDoS and Fake AV Attacks on the Rise
•DDoS Continues to Evolve
18
Trend 4: DDoS and Fake AV Attacks on the Rise
19
•Increase in Fake AV Attacks
Why Question Big Money In Fake AV?
Over 500,000 Unique Fake AV Binaries in the last Q of 2010
20
Trend 5: Stuxnet – A Game Changer
21
It Is Not Over Yet
22
Summary of Trends
•Greater volume of personal information and intellectual property – greater chance of success
•Social Media is today’s vector of choice
•Removable devices are an often under-rated threat
•It is cheaper and easier to produce a threat than a defense, so it is not going to get any better in the foreseeable future
•New threats on the horizon include increases in ad injection and site redirection – implied trust on the Internet is long gone…
23
Practical Steps to Prevent Malware
Focus on the Endgame, Not the Delivery Method
•Every threat we discussed today requires a bad guy to execute code on the user’s PC
•The bad guys regularly outsmart defenders with new innovative delivery methods – It’s an arms race you cannot win
•If the application is not explicitly authorized and proven to be trusted, then why would you let it execute?
25
Rethink Your Patch Strategy
Source:
1 - SANS Institute
26
•The top security priority is “patching client-side software”1
» Streamline patch management and reporting across OS’s AND applications
•Patch and defend is not just a Microsoft issue» More than 2/3 of today’s
vulnerabilities come from non-Microsoft applications
26
Ensure Depth-in-Defense with Application Whitelisting
27
Learned(Adaptive)
Allow Known Good; Block Everything Else
Block Known Bad; Allow Everything Else
•Approach to endpoint security must be based on Defense-In-Depth
» Antivirus shifts to after-the-fact cleanup» Application whitelisting provides more effective
endpoint security » And it is evolving in its flexibility and manageability
to ensure improved productivity
Gartner Research
27
Manage the Removable Devices in Your Environment
*Worldwide State of The Endpoint Report 2009
Without Enforcement, Your Policy has No Teeth!
2828
Consolidate Your Endpoint Security Technologies
•Multiple Consoles•3-6 different management consoles on average
•Agent Bloat•3-10 agents* installed per endpoint•Decreased network performance
•Lack of Control•54% of IT security professionals cite managing the complexity of security as their #1 challenge•Decreasing visibility-disparate data•Ad-hoc monitoring of security posture
•43% of existing access rights were either excessive or should have been retired
•Increasing TCO of Point Technologies•Integration & MaintenanceLumension Global State of The Worldwide Endpoint 2009
29
Q&A
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828