Trends in Security
Jerco Veltjen Senior Sales Engineer
March 2017
Agenda Infectie methoden Phishing Malvertising Exploit Kits
Malware Document Malware Data Stealing Malware Ransomware
Toekomst 2017
What are we facing?
4
Phishing
The good news: spam drops However not for long …
How not to phish / early days of phishing
7
Modern phishing
8
Modern phishing
9
HD phishing
10
Malvertising
12
RTB Ad network Third party
Malvertising threat chain
No site is immune
14
Exploit kits Crimeware as a Service
15
A decade of misery
16
2006 2013 2016
Exploits as a Service
17
Initial Request
Victims
Exploit Kit Customers Redirection
Malicious Payloads
Stats
Landing Page
Exploits
Payloads
Get Current Domain
Get Stats
Update payloads
Management Panel Malware Distribution Servers
Gateway Servers
VPN
Exploit Kit Admin Spammer/Malvertiser Exploit merchant
Ransomware author
EK prominence – October 2016
18
RIG
Nuclear
Chinese EK
Da Gong/Gondad
Angler
Fiesta
Neutrino v2
Other
Document malware
19
Why does document malware work?
20
•Out of the spotlight
•Familiarity and trust
•Email as file transfer protocol
•Patching failure
•Call to action
Curiosity infected the cat
21
Build Your Own
22
How to protect against document malware?
23
•Email filtering
•Sandbox
•Cloud services
•Document viewers
•Share files differently
Data stealing malware
24
Why does data stealing malware work?
25
•Multiple security failures
•Needs a human actor
•Poor network segregation
•Over privileged users
•Poor outbound filtering
•Unknown baseline
How does data stealing malware work?
26
Target(ed) exfiltration
27
New fileless malware uses DNS queries to recieve powershell commands
28
Source: Talos Security
How to protect against data stealing malware?
29
•Multiple security failures
•Needs a human actor
•Poor network segregation
•Over privileged users
•Poor outbound filtering
•Unknown baseline
Ransomware
30
Why does ransomware work?
31
•Complex threat chain
•Social Engineering
•No need for persistence
•Uses existing tools
•Geographically targeted, locally customized
•It’s your data
Locky/Zepto/Odin
32
Locky/Zepto/Odin
33
CryptoWall 4.0
34
Zcrypt: Cryptolocker Virus
35
Stampado/Philadelphia
36
8 tips for preventing ransomware
37
1. Back up your files regularly and keep them offline
2. Don’t enable macros
3. Consider installing Microsoft Office viewers
4. Be very careful about opening unsolicited attachments
5. Don’t give yourself more login power than necessary
6. Patch, Patch, Patch
7. Train and retrain your users
8. Segment your network
2017
38
2017 Predictions
39
1. Linux and IOT Malware/Ransomware • Mirai
2. Mobile Malware/Ransomware • Andr/Ransom-l
3. OSX Malware/Ransomware • KeRanger
40
Root Cause Analysis