ISSAPreso

Download Report

Transcript ISSAPreso 

Threat Chaos: Cyber Crime Turns to
Targeted Attacks
Webroot Software
Richard Stiennon
privacy ● protection ● peace of mind
2
Defining Spyware
privacy ● protection ● peace of mind
System Monitors
Range in capabilities and may record some or all of the following:
keystrokes, e-mails, chat room conversations, instant messages,
Web sites visited, programs run, time spent on Web sites or using
programs, and even usernames and passwords. The information is
transmitted via remote access or sent by e-mail.
Trojans
A Trojan horse is a malicious program disguised as a harmless
software program. Trojans do not replicate themselves like viruses,
but spread through e-mail attachments and Web downloads.
Adware
Monitors and profiles web usage and directs pop up ads. Most peerto-peer file sharing programs come bundled with Adware and the
user is only notified in the fine print of the End User License
Agreement or not at all.
Cookies
Pieces of information generated by a Web server and stored in the
user's computer, to record user data. Cookies are embedded in the
HTML information flowing back and forth between the user's
computer and the servers.
3
Tips for avoiding spyware
privacy ● protection ● peace of mind
•
•
•
•
•
•
•
•
Just say “No!” to free software
Use Mozilla FireFox
Use a Mac
Avoid questionable sites
Be very suspicious of email
Use public kiosks with extreme caution
Use a firewall and AV
Use an anti-spyware product
4
Top-Level Report Findings
privacy ● protection ● peace of mind
Spyware Trace Count
•
More than 80% of enterprise desktops
infected
120,000
100,000
80,000
•
Number of known spy traces doubled in
the first half of 2005
60,000
40,000
20,000
Ju
l
ay
M
ar
M
Ja
n
No
v
Se
p
Ju
l
ay
M
In Q2, more than a dozen incidents
involving loss of corporate data for
customers and employees occurred
ar
•
M
Number of known spyware distribution
sites have quadrupled this year
(>300,000 sites)
Ja
n
•
No
v
0
# of spyware exploit websites
350000
300000
250000
•
Legislative activity on the rise: passage of
HR 29 and HR744, and introduction of
S.687 and S.1004; 12 states proposed
new spyware laws and an additional 19
bills still active and pending in 10 states
200000
150000
100000
50000
0
Jan
Feb
Mar
Apr
May
Jun
5
Case Study
privacy ● protection ● peace of mind
• 8,008 pieces of adware
discovered
• 10 Keystroke Loggers
• 144 dialers
• 146 Trojans
Software Name Total Count
Iwon
973
Hotbar
735
WebSearch Toolbar
368
Gator (GAIN)
363
CWS-AboutBlank
300
Apropos
219
nCase
211
vx2 (Transponder)
197
ShopAtHomeSelect
194
Adlogix
193
WinAd
180
InternetOptimizer
171
IEPlugin
164
Comet Cursor
149
SaveNow - WhenUSave 133
Bonzi Buddy
124
Ezula iLookup
124
6
The Three Axes of Evil
Actions
Browser Hijacking
Spam relay
Search re-direct
Pop-up
Trojan
Bots for Dos
Network Sniffer
Vectors
privacy ● protection ● peace of mind
Vectors
Email
Browsing
File shares
Server to server
IM
RSS
Vulnerabilities
Unicode traversal
SQL Server
ByteVerify
Cisco SNMP
RPC DCOM
JPEG
IFRAME
7
The Adware economy
privacy ● protection ● peace of mind
E-commerce Sites
Hit Stats
Popularity- Stats
Brokers
Webrings
Affiliate Web Sites
Software parasites
Worms
Viruses
Spam
Infected Desktops
ADware
8
The Adware economy
privacy ● protection ● peace of mind
E-commerce Sites
Hit Stats
Popularity- Stats
Brokers
Webrings
Affiliate Web Sites
Software parasites
Worms
Viruses
Spam
Infected Desktops
ADware
9
At Risk in Israel
privacy ● protection ● peace of mind
10
Threat hierarchy is a timeline!
privacy ● protection ● peace of mind
•
•
•
•
•
Experimentation
Vandalism
Hactivism
CyberCrime
Information Warfare
11
Spyware In The News
privacy ● protection ● peace of mind
February
Choice Point identity theft
145,000 individuals affected
March
BJ Wholesale credit card info stolen
8m customers affected
April
Lexis Nexis passwords compromised
312,000 individuals affected
April
Sumitomo Bank keystroke logger
£220m compromised
May
Israeli Trojan horse
High-profile companies indicted
-- confidential data stolen
June
Card Systems systems hacked
40m individuals affected
July
eBank Co., Mizuho Bank and Japan Net Bank
Ltd. spyware
Illegal Money transfers of over
9M Yen
August
“Titan Rain” keystroke logger email attacks
Dept. of State, Homeland
Security, Energy and
Defense….
12
Going Forward
privacy ● protection ● peace of mind
• Incidents of spyware will continue to rise driven by monetary
gain potential. WMF case in point.
• Spyware becomes more sophisticated to avoid detection and
removal
• Legislation is picking up steam (27 states) but ultimately it will
not solve the problem -- but it will increase awareness
• Insiders become savvy. What do you do when every employee
could be a hacker?
13