How  to  stay  safe

Ken  SwainSr.  SE  -­‐ SC  TN  GA@kenotic

Today's  Threat  Landscape

PenTester

Built  ShadowLabs  at  HP

Mobile  Security  Passion

Hacker

Husband

Father  

Biker

Nerd

About  Me

3

Agenda

4

Opportunistic  Threat

5

Digital  smash  and  grab

6

Methods  of  infection  – Drive-­‐by  downloads

7

Typical  Drive  By  Download

8

Methods  of  infection  -­‐ Video  codecs

9

Phishing  getting  more  sophisticated

10

Phishing  getting  more  sophisticated

11

Phishing  getting  more  sophisticated

12

Facebook,  we  don't  need  any  help

13

Pavel  Vrublevsky

14

$$$  help  recruit  new  affiliates

15

Methods  of  infection  -­‐ Exploit  kits

16

Affiliate  marketing,  Russian  style

17

Defense

18

Email  Protection

19

Whitelisting/Blacklisting  and  AV

20

HIPS  

21

Ransomware

22

Out  with  the  old

Ransomware

FakeAV

23

AIDS  trojan

24

AIDS  trojan

25

Modern  ransomware

26

Modern  ransomware

27

Cryptolocker

28

GameOver  botnet

29

Methods  of  infection  – Zeus/Zbot

30

Methods  of  infection  -­‐ SPAM

31

Real  life  consequences

32

Defense

33

Web  filtering

34

Advanced  Threat  Protection

35

Mobile

36

Devices  everywhere

37

Cloudy  with  a  chance  of  breaches

38

Android  malware

39

Andr/Koler

40

Andr/Slocker-­‐A  AKA  Simplelocker

41

Oleg  Pliss

42

Defense

43

Mobile  AV

44

Data  everywhere?  Encrypt  it!

45

Advanced  Persistent  Threat

46

Another  Popular  Term?• Specific  individuals• Specific  well-­‐defined  goals• Nation-­‐state  sponsored

• Espionage• Watering  hole• Dragnet  by  vertical

47

Research

48

Exploit

49

Gain  Persistence

50

Gain  persistence

51

Gain  persistence

52

Explore

53

Explore

54

Act  on  objective

55

Cleanup

56

APT  vs  Opportunistic  threat• Well  funded• Targeted• Specialized• Diverse  goals• Maintained

• Well  funded• Broad• Generalized• Financially  motivated• Abandoned

57

Global  specialization

Image  courtesy  of  krebsonsecurity.com

58

What  about  the  NSA?

59

Point  of  Sale

60

61

In  the  news

62

The  greedy  '80s

63

'90s  introduces  another  go  at  the  idea

64

The  third  generation,  security  and  stupidity

65

I  suppose  I  didn't  have  to  use  my  card

66

Many  cards,  similar  form

67

What's  on  a  card?

Source:  http://www.q-­card.com/support/magnetic-­stripe-­card-­standards.asp

68

Track  1:

%B4349120384822282^SHIER/JOHN  ^17032019010000549000000?

Track  2:

;4349120384822282=170320190100549?

What's  on  a  stripe?

69

ATM  Skimmer

70

Pocket  Skimmer

71

Bad,  not  terrible

72

Where  to  begin?

73

Begin  by  scraping  the  RAM

74

Don't  waste  time

75

Trip  up  &  hide  from  researchers

76

Grab  the  cards

77

Trust,  but  verify

78

Command  &  Control  (C2)

79

PCI  says  to  encrypt  before  exfiltration,  right?

80

Cashing  out

81

What  can  you  do?

82

PCI  DSS  is  driving  innovation

• Encryption  in  transit

• Encryption  at  rest• Secure  remote  

access

83

Defense

84

Firewall

85

Old  and  busted

86

New  hotness

87

Active  protection

88

SophosLabs

89

Complete  Security

90

Latest  news: http://nakedsecurity.sophos.comPodcasts: http://podcasts.sophos.comVideos: http://youtube.com/SophosLabsSee  us  again: http://nakedsecurity.sophos.com/events

Contact  me: ken.swain@sophos.com Email@kenotic Twitter

Newsletter

©  Sophos   Ltd.   All  rights  reserved. 91