nuit tech talk - northwestern university · 2019. 3. 20. · sms bomber application: • sms-short...
TRANSCRIPT
![Page 1: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/1.jpg)
NUIT Tech Talk
Beating Back the Tide (of Security Exploits)
* * *Information & SystemsSecurity/Compliance
* * *May 3, 2011
![Page 2: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/2.jpg)
“Thank You” to RSAThe Security Division of EMC Corp.
Etay Maor – Head of Fraud Action Knowledge Delivery
Rachael Stockton – Senior Manager, Product Marketing
Dave Kovarik, DirectorInformation & Systems Security/Compliance
![Page 3: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/3.jpg)
• What’s happening• Significant increase in activity, all OS, all devices• Increased sophistication
• What we’re doing• Scanning• Assessments• Communications• Prevention
• What You Can Do• 100% Aware• 100% of the Time
Overview
![Page 4: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/4.jpg)
Communication Sophistication
• Dedicated machine• Specific transactions and locations
• Multi-use machines
• Work & personal use
• Remote access
• Mobile phones, tablets, etc.
• Access from/to everywhere
70’s70’s
80’s80’s
90’s90’s
00’s00’s
60’s60’s
10’s10’s
![Page 5: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/5.jpg)
Advanced Persistent Threats (APT)Operation Aurora
• Highly Targeted, Highly Coordinated• Targeted Unpatched Vulnerability• Able to Bypass Most Common Security Controls
Malware Infection• Targeted or Widespread• Botnet Application, Bulletproof Hosting• SaaS Capable
Spear Phishing• Targeted, Coordination Varies• Relatively low-tech• Buy mailing list online
Com
plex
ity S
pect
rum
LessLess
MoreMore
Com
plex
ity S
pect
rum
Less
More
![Page 6: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/6.jpg)
Growth In Mobile Platforms
• Mobile applications have more than tripled over the past year
• App downloads are expected to increase sevenfold within the next five years
• Device and mobile delivery platform diversity will continue to expand
![Page 7: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/7.jpg)
Targeting Mobile Platforms
SMS Bomber Application:• SMS-Short Message
Service• Automated spamming• Leverage multiple source
e-mail accountsSaaS: • $7/100 SMS• $20/500 SMS• $35/1000 SMS
![Page 8: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/8.jpg)
Mobile Specific Malware
JAILBREAKING: Contributing Factor
![Page 9: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/9.jpg)
Customization
![Page 10: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/10.jpg)
Evolution of Phishing – New Forms
Continued popularity and now with variations… • Phishing: E-mail, Instant Messaging • SMiShing: Text message and malware download • Vishing: Voicemail, use of synthesized messages,
VoIP features, Caller-ID spoofing
*Chart Data: RSA 2010 Global Online Consumer Security Survey
![Page 11: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/11.jpg)
Phishing Attack
“Stand Alone Attack”• No need for hosting,
domains or page design
• Simple yet successful• Consumer education
still best prevention
![Page 12: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/12.jpg)
Multiple and New Targets and Schemes
• Simultaneously target consumers of multiple products/services
• Using social engineering schemes (tax refund, satisfaction surveys, etc.)
• Collecting financial information but not targeting financial institutions
New & Improved
![Page 13: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/13.jpg)
Competition Cooperation
Competition parallels legitimate business
• Free Market, Responsive pricing
• Better Features = Product Sales
• Full SLAs • No shortage of product
Customer hijacking• SpyEye cleans ZeuS before
installation
Result
Cooperation focuses efforts
• Attention paid to product enhancement
• Increased functionality• Broader fraud community
input• Credit card grabbing add-
on application• Windows Remote
Desktop application Backconnect
![Page 14: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/14.jpg)
Backconnect
• Bad Guy inserts malware into video• Bad Guy executes netcat command• Bad Guy sends out video• Good Guy executes video • Bad Guy owns Good Guy
• Video
![Page 15: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/15.jpg)
Trojan SaaS
SpyEye
![Page 16: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/16.jpg)
Trojan SaaS
ZeuS
![Page 17: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/17.jpg)
Trojan SaaS
SpyZeuS
![Page 18: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/18.jpg)
GoziSyscron
• During 2010, more than 15 new Trojans released• Each belonging to a different criminal gang • Developed for internal use or for commercial purposes
More: Malware in 2010
![Page 19: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/19.jpg)
The Shift in Malware Threats
From amateur virus writers to organized money making professionals !
Virus WormInternet Trojan (MITM / MITB)PhishingSpywareSpam
20052000 2003 2004 2010
Mobile Threats
2008
![Page 20: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/20.jpg)
The Faces Have Changed
Chen-Ing Hau, 24(author of CIH virus)
Script Kiddies
Joseph McElroy, 16(Hacked into Nuclear US
Lab)Jeffrey Lee Parson, 18
(author of Blaster.B virus)
![Page 21: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/21.jpg)
Professionals
The Faces Have Changed
Jeremy JaynesMillionaire spammer
Jay EchouafniAttacker
Andrew Schwarmkoff Russian phishing mob
![Page 22: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/22.jpg)
HTML Injection
![Page 23: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/23.jpg)
What We’re Doing
• Automated scanning using NESSUS• Ongoing and automatic
• On-demand assessments using WebInspect• Collaborative process• Network, server and applications
• QualysGuard• SaaS – scheduled and on-demand• Web application scanning • Historical reporting
• Communications & Education
![Page 24: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/24.jpg)
Be 100% Aware100% of the Time• Enable a firewall on your computer• Get the latest computer updates for
all your installed software • Keep OS and applications current• Use up-to-date antivirus software –
keep it current• Limit access to your computer (work
vs. personal)
![Page 25: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/25.jpg)
Be 100% Aware100% of the Time• Use caution when opening
attachments and accepting files• Use caution when clicking on links
to web pages• Don’t download software you haven’t
paid for• Protect yourself against social
engineering attacks• Use strong password
25
![Page 26: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/26.jpg)
High Grade Trojans
Probably NOT a good idea
Instead… Get Professional Help847‐491‐HELP
![Page 27: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/27.jpg)
High Grade Trojans
Final Thoughts
![Page 28: NUIT Tech Talk - Northwestern University · 2019. 3. 20. · SMS Bomber Application: • SMS-Short Message Service • Automated spamming • Leverage multiple source e-mail accounts](https://reader036.vdocuments.net/reader036/viewer/2022063019/5fdf04bb2319b57a8c7da526/html5/thumbnails/28.jpg)
REFERENCES
NUIT Support Center 847-491-HELP (4357)• www.it.northwestern.edu/supportcenter/
Information Security Flyers• www.it.northwestern.edu/security/flyer.html
Phishing E-mail• www.it.northwestern.edu/security/phishing.html
Security News Podcasts• www.it.northwestern.edu/security/podcast.html
Security Statistics• www.it.northwestern.edu/about/stats/sec.html
Secure IT @ NU• www.it.northwestern.edu/security/