sophos introduces the threat landscape
TRANSCRIPT
![Page 1: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/1.jpg)
Threat Landscape
John ShierSr. Security Advisor@john_shierMarch 2017, Infosec BE
![Page 2: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/2.jpg)
The Problem
![Page 3: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/3.jpg)
![Page 4: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/4.jpg)
Symptoms and Causes
ANNUAL NEW MALWARE
SAMPLES100,000,000’s
ANNUAL KNOWN EXPLOITS (CVE’S) 1,000’s
CUMULATIVE KNOWN EXPLOIT TECHNIQUES 10’s
![Page 5: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/5.jpg)
5
Top 10 detections: BelgiumMalformed doc
Infected archive
Conficker
Browser hijacker
Jenxcus botnet
Shortcut trojan
IRC bot
Bundpil worm
Dropper
Phishing
![Page 6: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/6.jpg)
6
What are we facing?
![Page 7: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/7.jpg)
The Tools
7
![Page 8: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/8.jpg)
Phishing
![Page 9: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/9.jpg)
9
How not to phish
![Page 10: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/10.jpg)
10
Modern phishing
![Page 11: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/11.jpg)
11
Modern phishing
http://www.kbc.be.vvsmbk.info/bestellen
![Page 12: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/12.jpg)
12
HD phishing
![Page 13: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/13.jpg)
13
Paypal
![Page 14: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/14.jpg)
14
Amazon
![Page 15: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/15.jpg)
15
Apple
![Page 16: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/16.jpg)
Document malware
16
![Page 17: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/17.jpg)
17
Curiosity infected the cat
![Page 18: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/18.jpg)
18
Curiosity infected the cat
![Page 19: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/19.jpg)
19
Curiosity infected the cat
![Page 20: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/20.jpg)
20
It’s guaranteed!
![Page 21: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/21.jpg)
21
Build Your Own 2.0
![Page 22: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/22.jpg)
The Infrastructure
![Page 23: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/23.jpg)
Malvertising
![Page 24: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/24.jpg)
![Page 25: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/25.jpg)
Exploit kits
25
![Page 26: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/26.jpg)
26
A decade of misery
2006 2013 2016
![Page 27: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/27.jpg)
27
Angler EK
![Page 28: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/28.jpg)
28
Lurk banking trojan
![Page 29: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/29.jpg)
Exploit Kits (2016)1H2016
Angler Nuclear NeutrinoMagnitude RIG Other
2H2016
RIG Neutrino Other
![Page 30: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/30.jpg)
Exploits (January 2017)• Magnitude• Neutrino-v
• RIG, RIG-E
• Sundown
• Bizarro Sundown
CVE-2016-0189
CVE-2014-6332
CVE-2016-4117
CVE-2016-1019
CVE-2015-8651
CVE-2016-4117
CVE-2016-0189
CVE-2016-7200
CVE-2016-7201
CVE-2016-0189
CVE-2015-8651
CVE-2015-5122
CVE-2013-2551
CVE-2014-6332
CVE-2015-2419
CVE-2016-4117
CVE-2015-5119
CVE-2016-0034
CVE-2016-7200
CVE-2016-7201
CVE-2016-0189 CVE-2016-4117
CVE-2015-5119
Flash Edge Silverlight IE Windows LPE
![Page 31: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/31.jpg)
The Payloads
31
![Page 32: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/32.jpg)
32
Remote access trojans
![Page 33: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/33.jpg)
33
Honour amongst thieves
![Page 34: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/34.jpg)
34
Dridex
![Page 35: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/35.jpg)
BetaBot
![Page 36: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/36.jpg)
Ransomware
36
![Page 37: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/37.jpg)
37
Ransomware
</>
Command andControl Server
Malware Distribution
Server
![Page 38: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/38.jpg)
38
Ransomware
abc exe abc
abc abc dll
Private Key Public Key
RAM
Malware Distribution
Server
Command andControl Server
0100101011010110101010
![Page 39: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/39.jpg)
39
Ransomware
abc exe abc
abc abc dll
Private Key Public Key
Malware Distribution
ServerRAM
#$! exe #$!
#$! #$! dllCommand andControl Server
![Page 40: Sophos introduces the Threat Landscape](https://reader035.vdocuments.site/reader035/viewer/2022070520/58f1e0781a28ab71568b4603/html5/thumbnails/40.jpg)