mr. roland abi najem - security
TRANSCRIPT
![Page 1: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/1.jpg)
SecurityPrepared & Presented by Roland Abi Najem
![Page 2: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/2.jpg)
The process of attempting to gain or successfully gaining, unauthorized access to computer resources
is called Hacking.
What Is Hacking ?
4/22/2015Roland Abi Najem 2
![Page 3: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/3.jpg)
Just for fun.
Show off.
Hack other systems secretly.
Notify many people their thought.
Steal important information.
Destroy enemy’s computer network during the war.
4/22/2015Roland Abi Najem 3
Reasons for Hacking
![Page 4: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/4.jpg)
Website Hacking
Network Hacking
Ethical Hacking
Email Hacking
Password Hacking
Online Banking Hacking
Computer Hacking
Types Of Hacking
4/22/2015Roland Abi Najem 4
![Page 5: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/5.jpg)
Evolution Of Malware
4/22/2015Roland Abi Najem 5
APTs
Data Loss Filtering
URLFiltering
1990s
Anti-spam,Anti-spyware
2000s
Anti-malware
Trojans
Worms,Bots
Spyware
Spam
Grey-listing
BehavioralAnalysis
Heuristics
Whitelisting
Rootkits
PhishingZero-days
1980s 2010s
Offense
Defe
nse
CodeRed
Melissa
Birth of Anti-Virus
Mobile Threats
![Page 6: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/6.jpg)
4/22/2015Roland Abi Najem 6
Statistics Tell A Story
More than 5 billion downloads of
Google Play apps are vulnerable
to remote attacks
The Android platform has the most mobile malware, around 96%
About 60% popular Google Play apps have crypto weakness
![Page 7: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/7.jpg)
4/22/2015Roland Abi Najem 7
Anatomy Of A Multi-Staged CyberAttack
Exploit Detection is Critical All Subsequent Stages can be Hidden or Obfuscated
IP
S
File
Share 2
File Share 1
5. Data Exfiltration
3. Callbacks and Control Established
4.Horizontal Spread
Callback ServerExploit Server
1.Exploitation of System
2.Malware Executable Download
Firewall
![Page 8: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/8.jpg)
4/22/2015Roland Abi Najem 8
Structure Of A Multi-Flow Attack
Exploit injects code in Web browser1
Exploit code downloads encrypted malware (not SSL!)2
3 Exploit code decrypts malware
Target end point connects to C&C server4
CallbackExploit in compromised Web page
Encrypted
Malware
Command and Control Server
Embedded
Exploit Alters
EndpointCallback
Encrypted
malware
downloads
Callback
and data
exfiltration1 2 3 4
![Page 9: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/9.jpg)
4/22/2015Roland Abi Najem 9
Structure Of A Multi-Flow Attack
Email with weaponized document, opened by user, causing exploit1
Client endpoint calls back to infection server2
3 Backdoor DLL dropped
Encrypted callback over HTTP to command and control server4
Callback Server
Weaponized Email (2011 Recruitment Plan.xls) Backdoor C&C Server
1 2 3 4
![Page 10: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/10.jpg)
4/22/2015Roland Abi Najem 10
Anatomy Of A Mobile Threat
Benign Access
1 Calendar Access 2 Microphone Access 3 Exfiltration 4 The tip of the iceberg
Exfiltration
Server
10AM CIA – FBI
sync on Cuba
Hidden Malicious Behavior
![Page 11: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/11.jpg)
4/22/2015Roland Abi Najem 11
Traditional “Defense In Depth” IsFailing
Firewalls/NGFW
Secure Web Gateways
IPSAnti-Spam Gateways
DesktopAV
The New Breed of Attacks Evade Signature-Based Defenses
![Page 12: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/12.jpg)
4/22/2015Roland Abi Najem 12
The High Cost Of Being Unprepared
229 DaysMedian # of days attackers are present on
a victim network before detection.
3 Months 6 Months 9 Months
InitialBreach of Companies Learned
They Were Breached from an External Entity
of Victims Had
Up-To-Date Anti-Virus Signatures
THREAT UNDETECTED REMEDIATION
Source: M-Trends Report
![Page 13: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/13.jpg)
4/22/2015Roland Abi Najem 13
The High Cost Of Being Unprepared
3 Months 6 Months 9 Months
InitialBreach of Companies Learned
They Were Breached from an External Entity
of Victims Had
Up-To-Date Anti-Virus Signatures
THREAT UNDETECTED REMEDIATION
Source: M-Trends Report, Ponemon
32 DaysAverage Time to Resolve an Attack
![Page 14: Mr. Roland Abi Najem - Security](https://reader034.vdocument.in/reader034/viewer/2022042602/55c93cb0bb61eb0a5e8b46e7/html5/thumbnails/14.jpg)
4/22/2015Roland Abi Najem 14
Thank You