20101025資安新聞簡報

報告者：劉旭哲、莊承恩、曾家雄

Adobe Reader X

報告者：劉旭哲

1999~2010

2010 Adobe Reader Vulnerabilities

1 月 2 月 3 月 4 月 5 月 6 月 7 月 8 月 9 月 10 月0

5

10

15

20

25

Adobe Reader

Adobe Reader

Total ： 67

• July, Adobe shared an example of a new mitigation technology

• Adobe Reader Protected Mode• Oct, Adobe showed the technology about it.• Sandbox

Sandbox

• a security mechanism used to run an application in a confined execution environment in which certain functions (such as installing or deleting files, or modifying system information) are prohibited

• Office 2010 Protected Viewing Mode• Google Chrome

Adobe Reader X

• Principle of least privilege• This design has three primary effects ：– All PDF processing happens in the sandbox– Must do so through a trusted proxy called a

“broker process.”– Create a new distinction of two security principals

Design Principles

• Leverage the existing operating system security architecture

• Leverage existing implementations• Adhere to the principle of least privilege• Consider all sandbox data untrusted

Conclusion

• Preventing the attacker from doing :– Installing malware– Monitoring the user

• Cannot protect against weakness or bugs in the operating system itself

• Within 30 days

Reference

• http://blogs.adobe.com/asset/2010/10/inside-adobe-reader-protected-mode-part-1-design.html

• http://blogs.adobe.com/asset/2010/07/introducing-adobe-reader-protected-mode.html

• http://en.wikipedia.org/wiki/Principle_of_least_privilege• http://

web.nvd.nist.gov/view/vuln/search-results?cid=14• http://ppt.cc/pS!p• http://

news.cnet.com/8301-27080_3-20019816-245.html?tag=mncol;title

Attackers getting creative, thwarting botnet detection, research finds

Kathleen Kriz, Contributor21 Oct 2010

Introduction

• The Georgia Tech Information Security Center (GTISC) last week released its Emerging Cyber Threats Report

• It offers insight into the malicious tactics it expects to be prevalent in 2011

Emerging Cyber Threats Report 2011

• The top 3 trends– Proliferation & sophistication of botnets– Attacks on pervasive devices & social networking– Cyber security issues on physical systems

Proliferation & Sophistication of Botnets

• Traditional forms of security antivirus become ineffective– Such as signature-based one

• Cyber criminals now have automated tools capable of releasing very large volumes of malware with extreme variety and sophisticated features

Proliferation & Sophistication of Botnets

• Security researchers now uncovering close to 100,000 new malware samples a day

• Human analysis on every piece of malware has become overwhelming

• Automated analysis technologies lack the precision needed to malwares, such as– Decipher purposely compressed – Encrypted and obfuscated ones

Proliferation & Sophistication of Botnets

• One current trend in the world of botnets is the release of largescale botnet attacks to hide more targeted malware

• Cyber criminals or even nation-states will either send out a widespread attack or take advantage of an existing widespread attack to launch similar malware targeted towards a specific organization

Proliferation & Sophistication of Botnets

• Another alarming trend in the botnet space is the resurgence of previous attacks– Spamming botnet, Kraken

• It’s bootstrapped by another botnet that acted as a malicious installation service

• This example illustrated that cyber criminals are indeed making efficient reuse of malicious software

Pervasive Devices & Social Networking

• While more than 1.5 billion people use the Internet daily, over 4.5 billion use a cell phone every day, creating an attractive target for cyber criminals

• According to M.A.D. "Smartphones are the new computers. An estimated 2 billion of them will be deployed globally by 2013"

Pervasive Devices & Social Networking

• Phones have traditionally been so diverse that it was difficult for cyber criminals to effectively take advantage of them

• Now we are seeing a move towards homogeny where the majority of phones are being built on a few core operating systems including Windows, Android and Mac, which according to Traynor could cause further security concerns

Pervasive Devices & Social Networking

• The first worm for the Apple iPhone was uncovered in late 2009 in Australia

• People are carrying around sensitive information including their exact location and financial data on their phones

• Attackers are seeing huge value and are actively trying to subvert these devices

Pervasive Devices & Social Networking

• Another security issue pertaining to phones, much like computers, is that they offer so many different gateways of attack

• Attackers can take advantage of smartphone users through email, Internet applications, text messaging and even through call fraud

Pervasive Devices & Social Networking

• Security professionals at Barracuda Networks are studying user behavior on social networking sites in an effort to decipher between legit and fake accounts

• In October 2009, the crime rate on Twitter rose to 12 percent, accounting for one in eight accounts being suspended

Pervasive Devices & Social Networking

• In another study over the past four months, an average of 130 instances of malware were found every day simply by searching for content on popular, "trending" topics via Twitter, Google, Yahoo! and Bing

Pervasive Devices & Social Networking

• Beyond traditional forms of security, social networking is demanding new research and technology specifically focused on identifying malicious accounts and expecting search engine providers to clear malicious links from their search results

• Services like these are now being offered by software-as-a-service providers that offer security in the cloud

Cyber Threats Targeting Physical Systems

• There is a rising concern that the damage done could also cause the destruction and malfunction of physical systems in areas including critical infrastructure and even information technologies deployed in the healthcare sector

Cyber Threats Targeting Physical Systems

• Nation-states not friendly to the U.S. are plotting and testing the waters for the takedown of our critical infrastructure including the power grid, communications systems, emergency services and financial systems as a means of preparing the battlefield for invasion

Cyber Threats Targeting Physical Systems

• The Russia/Georgia conflict in 2008• Russia commenced physical attacks on

Georgia, cyber attacks were launched against the country’s government communications systems, media outlets and banking institutions, knocking many of them offline for long periods

Cyber Threats Targeting Physical Systems

• Ramsey of SecureWorks said he has also seen the compromise of medical systems as a result of cyber attacks

• He pointed to a hospital in which one of the radiology systems used to share images between doctors was compromised due to a cyber issue, having a direct impact on the standard of patient care

Cyber Threats Targeting Physical Systems

• They have seen systems in hospitals that were patched, but then quickly re-infected through the insertion of USBs containing malware

• Other organizations like the U.S. military have banned the use of USBs for this reason

Reference

• http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1522303,00.html

• http://www.gtiscsecuritysummit.com/index.html

• http://www.gtisc.gatech.edu/pdf/cyberThreatReport2011.pdf