Prezentace aplikace PowerPoint - e

Download Report

Transcript Prezentace aplikace PowerPoint - e 

Ransomware, Internet
of Things and Botnets
vs. Control
Presented by
Martin Šimek
Agenda
• Ransomware
• The Internet of Things
• Botnets
Ransomware
Ransomware – definition
• Ransom
 The practice of holding a prisoner or item to
extort money to secure their release.
• Ransomware
 Malicious software holding your files as
prisoners to extort money to secure their
release.
Cryptolocker
• Encrypts your files
 Files are present but unreadable
 No need of transfer and remote storage
 Files can be decrypted only by private key
• You must pay money to get the key
 Bitcoins
 TOR sites
Cryptolocker – Email infection
“Image: works.jpeg” http://fickmonster.blogspot.cz/2015/09/howransomware-spreads-and-how-it-works.html
Cryptolocker – Fake update site
Cryptolocker – Ramification
Cryptolocker – sequels
Ransomware – workstation protection
• Up-to-date antivirus
 Emails and websites are transferred
encrypted
 Endpoint workstation can see them plain
• Up-to-date software
 Zero day vulnerabilities elimination
• Employee training
 Learn to swim and don't swim in wild river
Ransomware – webfilter
+
Ransomware – Intrusion prevention system
Ransomware – Application awareness
Ransomware – Protocol inspection
Ransomware – Antivirus
The Internet of Things
The Internet of Things
• Home
 Wi-fi router, fridge, lightbulb, printer,
extension cord, thermostat
• Bussines
 NAS, printer, IP phone, air condition, window
blinds
The Internet of Things – pitfalls
• Low cost chips, small RAM, unprotected OS
 No spare resources for self-defense
• Rapid development
 Small to no focus on security
• Linux based
 full-featured computer
The Internet of Things – Attack
The Internet of Things – Recovery
•
•
•
•
Disconnect thing immediately
Re-flash firmware or replace Thing
Set strong password
Perform system audit
 Logs
 Scan other systems
The Internet of Things – Prevention
• Strong password for Thing's administration
• Update Thing's firmware regularly
• Don’t buy second hand devices
 Saving few euros might not pay off
The Internet of Things – Multiple interfaces
The Internet of Things – Access
• Don't expose Thing's web interface
 Use VPN to access network behind firewall
and then access Thing's web interface locally.
 If exposing is necessary, use Reverse proxy
The Internet of Things – Reverse Proxy
• Only web port is exposed
• Firewall can see and filter all requests
Botnet
Botnet
• Set of computers enslaved by malware
performing tasks assigned by master
 Spam, DDoS Attack, Malware distribution,
Bitcoin mining, clickfraud, spying on user
• Tasks are issued by command & control center
Botnet – attack
“Image:Botnet.svg” https://commons.wikimedia.org/wiki/File:Botnet.svg
Botnet – recovery
• Scan computers in LAN by up-to-date antivirus
• Perform audit of firewall logs
• Negotiate blacklist removal if botnet operation
gets your IP address there
Botnet – prevention
• Forbid access to the Internet underground
 Webfilter & Content Rules
• Forbid botnet to call home
 Blacklists, Security rules
Botnet – Blacklists & Security rules
Summary