How to stay safe
Ken SwainSr. SE -‐ SC TN GA@kenotic
Today's Threat Landscape
PenTester
Built ShadowLabs at HP
Mobile Security Passion
Hacker
Husband
Father
Biker
Nerd
About Me
4
Opportunistic Threat
5
Digital smash and grab
6
Methods of infection – Drive-‐by downloads
7
Typical Drive By Download
8
Methods of infection -‐ Video codecs
9
Phishing getting more sophisticated
10
Phishing getting more sophisticated
11
Phishing getting more sophisticated
12
Facebook, we don't need any help
13
Pavel Vrublevsky
14
$$$ help recruit new affiliates
15
Methods of infection -‐ Exploit kits
16
Affiliate marketing, Russian style
18
Email Protection
19
Whitelisting/Blacklisting and AV
22
Out with the old
Ransomware
FakeAV
25
Modern ransomware
26
Modern ransomware
28
GameOver botnet
29
Methods of infection – Zeus/Zbot
30
Methods of infection -‐ SPAM
31
Real life consequences
34
Advanced Threat Protection
36
Devices everywhere
37
Cloudy with a chance of breaches
38
Android malware
40
Andr/Slocker-‐A AKA Simplelocker
44
Data everywhere? Encrypt it!
45
Advanced Persistent Threat
46
Another Popular Term?• Specific individuals• Specific well-‐defined goals• Nation-‐state sponsored
• Espionage• Watering hole• Dragnet by vertical
49
Gain Persistence
50
Gain persistence
51
Gain persistence
54
Act on objective
56
APT vs Opportunistic threat• Well funded• Targeted• Specialized• Diverse goals• Maintained
• Well funded• Broad• Generalized• Financially motivated• Abandoned
57
Global specialization
Image courtesy of krebsonsecurity.com
58
What about the NSA?
62
The greedy '80s
63
'90s introduces another go at the idea
64
The third generation, security and stupidity
65
I suppose I didn't have to use my card
66
Many cards, similar form
67
What's on a card?
Source: http://www.q-card.com/support/magnetic-stripe-card-standards.asp
68
Track 1:
%B4349120384822282^SHIER/JOHN ^17032019010000549000000?
Track 2:
;4349120384822282=170320190100549?
What's on a stripe?
70
Pocket Skimmer
71
Bad, not terrible
72
Where to begin?
73
Begin by scraping the RAM
74
Don't waste time
75
Trip up & hide from researchers
76
Grab the cards
77
Trust, but verify
78
Command & Control (C2)
79
PCI says to encrypt before exfiltration, right?
81
What can you do?
82
PCI DSS is driving innovation
• Encryption in transit
• Encryption at rest• Secure remote
access
85
Old and busted
87
Active protection
89
Complete Security
90
Latest news: http://nakedsecurity.sophos.comPodcasts: http://podcasts.sophos.comVideos: http://youtube.com/SophosLabsSee us again: http://nakedsecurity.sophos.com/events
Contact me: [email protected] Email@kenotic Twitter
Newsletter
© Sophos Ltd. All rights reserved. 91