Embed Size (px)
DESCRIPTIONCosc 4765. SOPHOS Security Threat report about 2013 (and predictions for 2014). Side note . Independent test lab AV-Test, discovers it’s 50 millionth virus/malware (Jan 26, 2011) 220,000 new malware each day 9,166 every hour or 152 every minute or about 2.5 every second. History: - PowerPoint PPT Presentation
SOPHOSSecurity Threat report about 2013
(and predictions for 2014)
• Independent test lab AV-Test, • discovers it’s 50 millionth virus/malware (Jan 26, 2011)
– 220,000 new malware each day• 9,166 every hour or 152 every minute or about 2.5 every second.
– History: • 1985: 553 different viruses• 2000: 176,312• 2006: about 1 million• 2010: about 20 million new malware variants• 2013: about 83 million new malware variants
– Source: http://www.av-test.org/
A bad day comes.
• April 8, 2014– The end security updates for • Windows XP• Office 2003
• What dangerous “zero-day-forever” attacks may follow it.
All pictures and data are from SOPHOS 2013 report.
Botnets Grow in Size & Stealth
• In the past 12 months, infected networks of computers called botnets have become more widespread, resilient and camouflaged—and they’re spreading dangerous new payloads like the nasty Cryptolocker ransomware.– Zeus source, leads to Gameover
• Which has a P2P Command&Control structure– ZeroAccess Botnet
• In least than 2 weeks, undoes all the countermeasures by antivirus companies.
– Watch: Cryptolocker in Action
Botnets Grow in Size & Stealth (2)
• Ransomware has become more common, because fake AV and alert scams are now failing.
• Banking malware– Carberp steals over $250 million!– Malware like shylock/caphaw botnets targets
customers of Barclays, Bank of America, Capital One, Citi, and Wells Fargo.
Botnets Grow in Size & Stealth (3)
• More use of the “Darknet”– Hidden networks such as Tor that are designed to
resist surveillance.– Wikileaks and many people use it to protect sources.
– Botnet C&C servers are hidden in the Tor network as well.
Botnet Bitcoin Mining
• The masters of the ZeroAccess botnet for a short time in 2013 used its computing power to create (or mine) bitcoins, the virtual currency.
• Back Channels and Bitcoins: ZeroAccess' Secret C&C Communications
Spam Reinvents Itself.
• From penny stock pump-and-dump schemes to natural weight loss scams, some spam just never goes away. In 2013, distributed networks of servers helped keep spam under the radar of filters, a technique called “snowshoe spamming.”– Distribute the load across a large area (botnet), so
they don’t sink like snow shoes.• Uses many IPs so it harder to filter spam out.
Android Malware• Android malware continues to grow and evolve.
– The Android Market place is an “open place”– Watch those permissions when installing.
• Does the facebook app really need all these permissions?– Call phone number, read your text messages, record audio, full location services, read/write
contacts, read/write call log– Add/modify calendar events, Read confidential information
» “send email to guest without owners’ knowledge”– Read/Modify/delete the content of USB storage– Add/remove accounts, find accounts on the device– Change network connectivity, connect/disconnect wifi, download files without notification– Retrieve and Reorder running apps– Draw over other apps, prevent phone from sleeping, control vibration, change audio
settings, read and change sync settings, expand/collapse status bar– And last install shortcuts and send “sticky broadcasts”.
Android Malware (2)
• Ransomware:– for the first time in 2013 began infecting
smartphones and other Android devices.• Botnets, mostly in China– Send premium SMS messages that charge the
user.• GinMaster: A Case Study in Android Malware
Android Malware (2)
Windows: The Growing Risk of Unpatched Systems
• The two known big ones are WinXP and Office2010.– Here the real issue, because it’s not your PC.
• All though 31% of all PCs are running winXP.– There are millions of Point of Sale devices (POS)
• Running WinXP, some still running Win2K.• These handle Credit card information!
– And a really scarey note, many medical devices are WinXP as well….
Windows: The Growing Risk of Unpatched Systems (2)
• So Win8/7/Vista are not new code. • A vulnerability in one those will point to a now
(possible) unpatched vulnerability in WinXP.
• dangerous, difficult-to-detect web server attacks by Darkleech and exploit kits like Redkit have been responsible for more drive-by download attacks against vulnerable web users.– DarkLeech compromised over 40K domains • Delivered ransomware and other malware to users.
– Mostly in “drive-by attacks”• 93% of infected sites were running Apache.
Web-Based Malware (2)
• Using kits (such as Blackhole and others)– Attacking Java, Adobe PDF and Flash– Other third party plugins.
nothing. Back to the “stone age” of browsers.• Unless there is an exploit in the browser itself of course.
• Malware 101: – http://www.youtube.com/watch?v=P1U9_s7j4Hg
• About an hour long video for beginning on how malware works and spreads.
Threats to Your Financial Account
• We are seeing more advanced persistent threats (APTs)—persistent, targeted, hard-to-detect attacks—aimed at compromising financial accounts.– What is APTs? Watch: APTs
Threats to Mac OS X
• Mac malware is becoming more widespread, with new versions of Mac Trojans, adware and ransomware emerging in 2013.
• And like Windows, a number of still common version of the Mac OS X are no longer receiving security updates.
Threats to linux growing
• Why?– Linux servers are widely used to run websites and
deliver web content, making them and the software running on them prime targets of attack.
– IE, it’s all about deliverables.
Trends to watch for in 2014
• Attacks on corporate and personal data in the cloud
• More complex Android malware– Going after person data and financial data on
phones!– Attempts to spread via social networks as well.
• 64bit only malware.• At least it won’t work on 32bit OSs.
Trends to watch for in 2014 (2)
• Hacking Everything– Attacks will continue to increase, but not to critical
levels in 2014.– Infrastructure– “Internet of Things”• From thermostats, network printers, and anything
connected to the network.