![Page 1: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/1.jpg)
Trends in Security
Jerco Veltjen Senior Sales Engineer
March 2017
![Page 2: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/2.jpg)
Agenda Infectie methoden Phishing Malvertising Exploit Kits
Malware Document Malware Data Stealing Malware Ransomware
Toekomst 2017
![Page 3: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/3.jpg)
![Page 4: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/4.jpg)
What are we facing?
4
![Page 5: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/5.jpg)
Phishing
![Page 6: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/6.jpg)
The good news: spam drops However not for long …
![Page 7: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/7.jpg)
How not to phish / early days of phishing
7
![Page 8: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/8.jpg)
Modern phishing
8
![Page 9: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/9.jpg)
Modern phishing
9
![Page 10: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/10.jpg)
HD phishing
10
![Page 11: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/11.jpg)
Malvertising
![Page 12: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/12.jpg)
12
![Page 13: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/13.jpg)
RTB Ad network Third party
Malvertising threat chain
![Page 14: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/14.jpg)
No site is immune
14
![Page 15: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/15.jpg)
Exploit kits Crimeware as a Service
15
![Page 16: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/16.jpg)
A decade of misery
16
2006 2013 2016
![Page 17: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/17.jpg)
Exploits as a Service
17
Initial Request
Victims
Exploit Kit Customers Redirection
Malicious Payloads
Stats
Landing Page
Exploits
Payloads
Get Current Domain
Get Stats
Update payloads
Management Panel Malware Distribution Servers
Gateway Servers
VPN
Exploit Kit Admin Spammer/Malvertiser Exploit merchant
Ransomware author
![Page 18: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/18.jpg)
EK prominence – October 2016
18
RIG
Nuclear
Chinese EK
Da Gong/Gondad
Angler
Fiesta
Neutrino v2
Other
![Page 19: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/19.jpg)
Document malware
19
![Page 20: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/20.jpg)
Why does document malware work?
20
•Out of the spotlight
•Familiarity and trust
•Email as file transfer protocol
•Patching failure
•Call to action
![Page 21: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/21.jpg)
Curiosity infected the cat
21
![Page 22: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/22.jpg)
Build Your Own
22
![Page 23: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/23.jpg)
How to protect against document malware?
23
•Email filtering
•Sandbox
•Cloud services
•Document viewers
•Share files differently
![Page 24: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/24.jpg)
Data stealing malware
24
![Page 25: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/25.jpg)
Why does data stealing malware work?
25
•Multiple security failures
•Needs a human actor
•Poor network segregation
•Over privileged users
•Poor outbound filtering
•Unknown baseline
![Page 26: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/26.jpg)
How does data stealing malware work?
26
![Page 27: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/27.jpg)
Target(ed) exfiltration
27
![Page 28: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/28.jpg)
New fileless malware uses DNS queries to recieve powershell commands
28
Source: Talos Security
![Page 29: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/29.jpg)
How to protect against data stealing malware?
29
•Multiple security failures
•Needs a human actor
•Poor network segregation
•Over privileged users
•Poor outbound filtering
•Unknown baseline
![Page 30: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/30.jpg)
Ransomware
30
![Page 31: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/31.jpg)
Why does ransomware work?
31
•Complex threat chain
•Social Engineering
•No need for persistence
•Uses existing tools
•Geographically targeted, locally customized
•It’s your data
![Page 32: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/32.jpg)
Locky/Zepto/Odin
32
![Page 33: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/33.jpg)
Locky/Zepto/Odin
33
![Page 34: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/34.jpg)
CryptoWall 4.0
34
![Page 35: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/35.jpg)
Zcrypt: Cryptolocker Virus
35
![Page 36: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/36.jpg)
Stampado/Philadelphia
36
![Page 37: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/37.jpg)
8 tips for preventing ransomware
37
1. Back up your files regularly and keep them offline
2. Don’t enable macros
3. Consider installing Microsoft Office viewers
4. Be very careful about opening unsolicited attachments
5. Don’t give yourself more login power than necessary
6. Patch, Patch, Patch
7. Train and retrain your users
8. Segment your network
![Page 38: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/38.jpg)
2017
38
![Page 39: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/39.jpg)
2017 Predictions
39
1. Linux and IOT Malware/Ransomware • Mirai
2. Mobile Malware/Ransomware • Andr/Ransom-l
3. OSX Malware/Ransomware • KeRanger
![Page 40: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/40.jpg)
40
![Page 41: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/41.jpg)
Root Cause Analysis
![Page 42: Trends in Security · Locky/Zepto/Odin 32 . Locky/Zepto/Odin 33 . CryptoWall 4.0 34 . Zcrypt: Cryptolocker Virus 35 . Stampado/Philadelphia 36 . 8 tips for preventing ransomware 37](https://reader033.vdocument.in/reader033/viewer/2022060310/5f0aa65c7e708231d42ca930/html5/thumbnails/42.jpg)