rethinking spam the evolution of a threat vector · rethinking spam the evolution of a threat...
TRANSCRIPT
![Page 1: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/1.jpg)
Mendoza, Argentina, 7 October 2013
Rethinking Spam The Evolution of a Threat Vector
Paul J.S. Oliveria
Security Focus Lead, Trend Micro
Joint Internet Society, CITEL and ITU
Workshop on Combating SPAM
(Mendoza, Argentina, 7 October 2013)
![Page 2: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/2.jpg)
On a typical day, Trend Micro identifies…
![Page 3: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/3.jpg)
Email is BULK of malicious activities
![Page 4: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/4.jpg)
Massive impact of BOTNET TAKEDOWNS
![Page 5: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/5.jpg)
Spam is GLOBAL
![Page 6: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/6.jpg)
LAR is not immune
![Page 7: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/7.jpg)
Spamming as a Service (SaaS)
![Page 8: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/8.jpg)
SPAM TRENDS AND TECHNIQUES
![Page 9: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/9.jpg)
“Invisible Ink”
Concealment via HTTP formatting
![Page 10: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/10.jpg)
Forging header info
Adding fake header info to hide original source
![Page 11: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/11.jpg)
URL redirection using popular sites
Inclusion of popular sites in links
![Page 12: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/12.jpg)
Obfuscating URLs (“Punycoded” URLs)
Converting Unicode characters to ACII characters
![Page 13: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/13.jpg)
Web bugs
Tracking IDs to check active addresses
![Page 14: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/14.jpg)
10/4/2013 14 Confidential | Copyright 2012 Trend Micro Inc.
Spam email
Compromised
website
Redirect URL
Exploit
Payload
Blackhole Exploit Kit
![Page 15: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/15.jpg)
Real or Not Real?
Phish: Legit:
![Page 16: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/16.jpg)
Spear-phishing email: most favored APT attack bait
![Page 17: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/17.jpg)
Conclusion
The number of spam will continue to decrease as solutions become “basic”
The number of traditional spam will decrease as new vectors emerge
Threat actors will design highly targeted attacks using customized spam
Spam will still be “sexy” for cybercriminals
![Page 18: Rethinking Spam The Evolution of a Threat Vector · Rethinking Spam The Evolution of a Threat Vector Paul J.S. Oliveria Security Focus Lead, Trend Micro Paul_Oliveria@trendmicro.com](https://reader033.vdocuments.net/reader033/viewer/2022041416/5e1b91a9cd54863ff808128c/html5/thumbnails/18.jpg)