security - the new black

1

THE

NEW

BLACK

2

http://sg.linkedin.com/in/vishalkapoorinfotech

3It’s déjà vu All Over Again

4

5

The Network Is The Computer

6

7

8

.com

9

The Return Of The WWW

10

SECURITY

IS

PLASMA

HOT

AGAIN!

11

12

If You’re Going To Risk Going To Jail…

…It Might As Well Be For Money.

$$$$$$$$$$$$$

$$$$$$$$$$$$$

13

14

Rank Item %age Range of Prices

1 Credit cards 28% $1 - $30

2 Bank accounts 24% $10 - $125

3 Email accounts 8% $5 - $12

4 Email addresses 5% $5 -$10/MB

5 Credit card dumps 4% No specified prices

6 R57 & C99 shells 3% $2 - $5

7 Full identity 3% $3 - $20

8 Mailers 3% $1 - $5

9 Attack toolkits 3% $5 - $20 or $120/month

10 Cash-out services 2% 50% - 70%Symantec Intelligence Quarterly April-June 2010

Doesn’t Pay ???Crime

15

16Bot Networks

The Walking Dead

17

Master Controller

C&C Servers

Suckers

18

Rent-A-Bot

Denial Of

Service

Spam

Phishing

PPI

PPI

PPI

PPI

PPI

PPI

PPI

PPI

$49.95

PPI: Pay Per Install

Two Week Sales Leaders

Source: Brian Krebs, Security Fix, Washington Post, 3/16/2009

“Some of the biggest earners made more

than $330,000 a month in

commissions.”

PPI10 cents per installation

50-90% of profit

23

How End Users Get Infected

Clicking on a email linkVisiting high risk sites

ObviousClicking link at trusted site

Not Obvious

Clicking link at trusted site

Not Obvious

Just visiting a trusted site

Scary!

Stupid You & I

24

1st Line Of Defense: Common Sense

2nd Line Of Defense: Your AV

3 Components of Every Single AV Product on Earth

25

Scans files and executes repairs

Signatures and repair instructions

Name Fingerprint

Devil…

Death

11010101010101

00011101010101

Killer

UI, bells-and-whistles and alerts

26

27

28

29

30

31

32

33

34

35

36

Global2.cssLogo.gif

A Web Page is a set of files & images

N360stor.gif

Index.jsp

Buyo.jsp

Pca.gif

Threatcon.gif

Index.htmlSymantec.jsRecentnews.gif

41

42

What Beyond Today’s Signature-Based AV???

Switch to Reputation Based Security presn.

43

http://www.psdgraphics.com/icons/black-laptop-icon/http://www.psdgraphics.com/icons/psd-white-laptop-icon/http://dottech.org/tipsntricks/4932http://penciltool.deviantart.com/http://thedailyblonde.com/2009/07/would-you-like-fries-with-that/http://www.mannythemovieguy.com/index.php?m=01&y=09&entry=entry090130-030249http://www.freakingnews.com/Roadside-Breakdown-Pictures-55104.asphttp://gertiecranker.blogspot.com/2009/09/rip-associations-off-stage.html http://sohowww.nascom.nasa.gov/gallery/images/eit001.html http://exceptionsnoted.wordpress.com/2010/01/ http://noiseatniagara.com/DThorp/SpenceDiamonds/home.html http://www.greenlionlawncare.com/payment.html http://visualartmsc.blogspot.com/ http://www.gamespot.com/pages/unions/forums/show_msgs.php?topic_id=24526800&union_id=1027 http://www.blind.org.ph/wayshelp/bancnet.html http://usedbooksblog.com/blog/2008/12/ http://www.freeiconsweb.com/Mac_server_icons.html http://chrissygardner.blogspot.com/http://www.flickr.com/photos/sammorar/2926615695/

Acknowledgements