Paul Henry’s 2011 Malware Trends

Today’s Speaker

2

Paul HenrySecurity & Forensics AnalystMCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCESANS Institute Instructor

Today’s Agenda

Shift in IT Risk and Threat Landscape

2011 Malware Trends

Practical Steps to Prevent Malware

Q&A

Ask a Question Via Twitter

In addition to asking questions via the Webcast interface, you can also ask

questions via the Twitter hashtag:

#malware2011

4

The Shifting IT Risk and Threat Landscape… and the Impact to Your Information

Shift in Information that is Targeted

•Market for stolen data is saturated» Then - Stolen personally identifiable information sold on the black market for up

to $15 per record

» Now - Credit card data has dropped to about 20 cents per record

•New, more valuable target is now intellectual property (IP)» Revenue-generating information» Much larger impact and value – organization versus individuals

6

Web Applications are the Leading Attack Path

The applications we use today for productivityCollaborative / Browser-based / Open Source

Social Communities, Gadgets, Blogging and Widgets open up our networks to increasing risk everyday.

7

Source: Verizon, 2010 Data Breach Investigations Report

Endpoint Security Today

Organizations do not feel more secure than they did last year.

This is mainly due to the use of ineffective technology solutions when better, more effective and efficient

technologies exist but are not heavily implemented.

8

2011 Malware Trends

1. Social Media is Top Delivery Vehicle

2. Improved Hacking Tools Available in the Wild

3. Malware Continues to Be Ahead of Traditional Defenses

4. DDoS Attacks and Fake AV Continue to Increase

5. Stuxnet is a Game Changer5

Trend #1: Social Media as a Delivery Vehicle for Malware

Q. What do click jacking, spear phishing and passwords sent in the clear all have in common?

R. You will find them daily on Facebook

» Focus on the end game and not the delivery vehicle

» Prevent the malware from running and you are good to go

Source: Verizon, 2010 Data Breach Investigations Report

11

Click Jacking On Facebook

12

Spear Phishing On Facebook

13

Sniffing Passwords On Facebook

14

Be Sure to Change to HTTPS

Account>Account Settings>Account Security and select the secure browsing / HTTPS checkbox and your FB visit including your login will be encrypted

15

Trend 2: Better Tools For The Bad Guys

16

Trend 3: Traditional Defenses are Not Keeping Up

17

Trend 4: DDoS and Fake AV Attacks on the Rise

•DDoS Continues to Evolve

18

Trend 4: DDoS and Fake AV Attacks on the Rise

19

•Increase in Fake AV Attacks

Why Question Big Money In Fake AV?

Over 500,000 Unique Fake AV Binaries in the last Q of 2010

20

Trend 5: Stuxnet – A Game Changer

21

It Is Not Over Yet

22

Summary of Trends

•Greater volume of personal information and intellectual property – greater chance of success

•Social Media is today’s vector of choice

•Removable devices are an often under-rated threat

•It is cheaper and easier to produce a threat than a defense, so it is not going to get any better in the foreseeable future

•New threats on the horizon include increases in ad injection and site redirection – implied trust on the Internet is long gone…

23

Practical Steps to Prevent Malware

Focus on the Endgame, Not the Delivery Method

•Every threat we discussed today requires a bad guy to execute code on the user’s PC

•The bad guys regularly outsmart defenders with new innovative delivery methods – It’s an arms race you cannot win

•If the application is not explicitly authorized and proven to be trusted, then why would you let it execute?

25

Rethink Your Patch Strategy

Source:

1 - SANS Institute

26

•The top security priority is “patching client-side software”1

» Streamline patch management and reporting across OS’s AND applications

•Patch and defend is not just a Microsoft issue» More than 2/3 of today’s

vulnerabilities come from non-Microsoft applications

26

Ensure Depth-in-Defense with Application Whitelisting

27

Learned(Adaptive)

Allow Known Good; Block Everything Else

Block Known Bad; Allow Everything Else

•Approach to endpoint security must be based on Defense-In-Depth

» Antivirus shifts to after-the-fact cleanup» Application whitelisting provides more effective

endpoint security » And it is evolving in its flexibility and manageability

to ensure improved productivity

Gartner Research

27

Manage the Removable Devices in Your Environment

*Worldwide State of The Endpoint Report 2009

Without Enforcement, Your Policy has No Teeth!

2828

Consolidate Your Endpoint Security Technologies

•Multiple Consoles•3-6 different management consoles on average

•Agent Bloat•3-10 agents* installed per endpoint•Decreased network performance

•Lack of Control•54% of IT security professionals cite managing the complexity of security as their #1 challenge•Decreasing visibility-disparate data•Ad-hoc monitoring of security posture

•43% of existing access rights were either excessive or should have been retired

•Increasing TCO of Point Technologies•Integration & MaintenanceLumension Global State of The Worldwide Endpoint 2009

29

Q&A

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com