challenges in the morphing threat landscape apr 2011, arnhem tamas rudnai, websense security labs
TRANSCRIPT
Challenges In The Morphing Threat LandscapeApr 2011, Arnhem
Tamas Rudnai, Websense Security Labs
Agenda
How Has The Threat Landscape Changed?
Advanced Persistent Threats
Web 2.0
Blended Threats
Websense Security Labs
Something has Changed
Rich Internet ApplicationsRich Internet Applications
Cloud ComputingCloud Computing
Social WebSocial Web
Threat Report 2010
111% increase in number of malicious websites from 2009 to 2010
80% of malicious sites we see were legitimate
Since April ‘10, the ThreatSeeker
Network has identified
between 1 and 2 million
malicious sites per month
Threat Report 2010...continued
52% of web-based attacks are data-stealing
9 out of 10 unwanted emailscontain a URL
84% of email messageswere spam
More info: http://www.websense.com/threatreport2010
Top Compromised Site Categories
24.30%
8.20%
6.80%
5.80%
5.80%
Business and EconomyTravelSexSportsEducation
Advanced Persistent Threats
APT
Advanced: They know what they are doing!
Persistent: They have a mission.
Threats: They are funded, motivated, organized, and connected
“Aurora” Timeline
* Independent firm, Virus Total** Websense Security Labs
February 23Intel confirms “sophisticated” attacks
coinciding with Google’s
Week of February 22 200+ sites use the exploit to deliver other malware**
January 21Microsoft patch released.
Only 26% of AV vendors offer protection*
January 16Exploit code available
January 140-day identified publicly
January 12Google announcement
SitesCompromised
9 Days
Nov-Dec, 2009Multiple phishing
attacks
Anatomy of Aurora
1
Corporate Network
1 Exploit code posted to target and Web 2.0 enabled sites
2 Spoofed emails sent to target companies with URL lure to infected Web site
3 Employees clicked on lures in emails and on social networking sites and became infected
4 Infected machines sent sensitive information via the Web to host Web sites
3
AV & URLFilters
4
Email & URLFilters
2
Email Filters
http://http://
http://http://
0-day Timeline
2010
June July August September
Total of 79 Days of vulnerable software and counting…
6 Days to patch Adobe Flash 25 Days to patch Adobe Acrobat Reader
15 Days to patch
9 Days to patch
17 Days to patch
7 Days to patch
Adobe Flash and Acrobat Reader CVE-2010-1297
Microsoft LNK Vulnerability CVE-2010-2568
JailbreakMe drive-by attacks on iOS
Apple QuickTime “_MARSHALES_PUNK” 0-day CVE-2010-1818
Adobe Flash CVE-2010-2884
27 Days to patch
Adobe Acrobat Reader CVE-2010-2883
Modern Security for Modern Threats
01010101010101010001011010110111010101110111
ThreatSeekerNetwork
1101
0101
0101
0101
1001
0110
0101
0100
1010
1010
10
0101
0101
0001
0001
1001
0101
0110
1001
10
1010
0011
1101
0100
0110
0100
1010
1010
1001
1101
0100
1001
0110
1010
0101
0100
1011
0101
1001
1010
0011
1010
1011
1000
11
0101010101010101000
ACE protects customers against the most complex known and unknown threats in the areas of; web
exploits, web 2.0, malware, data leakage, and real-time content classification in 95+ categories.
ACE: Composite Security Engine
PreciseID
Reputation
Anti-SPAM
Real-timeWeb 2.0 Classification
Real-Time Security Classification
URL Classification
Antivirus ++
• Fingerprints Known Good, Known Bad
• StatisticalMachine Learning
• Logical Regular Expressions
• Reputation Contextual
• CorrelationCombining Analytics
All-purpose real-time analytics
All major content types supported
LizaMoon – Mass Injection
<script src=hxxp://lizamoon.com/ur.php></script>
LizaMoon – Mass Injection
?Q & A
Thank You
Websense Security Labs’ Bloghttp://securitylabs.websense.com/
@websenselabshttp://twitter.com/websenselabs
Keep in touchhttp://twitter.com/trudnai