sophos introduces the threat landscape
TRANSCRIPT
Threat Landscape
John ShierSr. Security Advisor@john_shierMarch 2017, Infosec BE
The Problem
Symptoms and Causes
ANNUAL NEW MALWARE
SAMPLES100,000,000’s
ANNUAL KNOWN EXPLOITS (CVE’S) 1,000’s
CUMULATIVE KNOWN EXPLOIT TECHNIQUES 10’s
5
Top 10 detections: BelgiumMalformed doc
Infected archive
Conficker
Browser hijacker
Jenxcus botnet
Shortcut trojan
IRC bot
Bundpil worm
Dropper
Phishing
6
What are we facing?
The Tools
7
Phishing
9
How not to phish
10
Modern phishing
11
Modern phishing
http://www.kbc.be.vvsmbk.info/bestellen
12
HD phishing
13
Paypal
14
Amazon
15
Apple
Document malware
16
17
Curiosity infected the cat
18
Curiosity infected the cat
19
Curiosity infected the cat
20
It’s guaranteed!
21
Build Your Own 2.0
The Infrastructure
Malvertising
Exploit kits
25
26
A decade of misery
2006 2013 2016
27
Angler EK
28
Lurk banking trojan
Exploit Kits (2016)1H2016
Angler Nuclear NeutrinoMagnitude RIG Other
2H2016
RIG Neutrino Other
Exploits (January 2017)• Magnitude• Neutrino-v
• RIG, RIG-E
• Sundown
• Bizarro Sundown
CVE-2016-0189
CVE-2014-6332
CVE-2016-4117
CVE-2016-1019
CVE-2015-8651
CVE-2016-4117
CVE-2016-0189
CVE-2016-7200
CVE-2016-7201
CVE-2016-0189
CVE-2015-8651
CVE-2015-5122
CVE-2013-2551
CVE-2014-6332
CVE-2015-2419
CVE-2016-4117
CVE-2015-5119
CVE-2016-0034
CVE-2016-7200
CVE-2016-7201
CVE-2016-0189 CVE-2016-4117
CVE-2015-5119
Flash Edge Silverlight IE Windows LPE
The Payloads
31
32
Remote access trojans
33
Honour amongst thieves
34
Dridex
BetaBot
Ransomware
36
37
Ransomware
</>
Command andControl Server
Malware Distribution
Server
38
Ransomware
abc exe abc
abc abc dll
Private Key Public Key
RAM
Malware Distribution
Server
Command andControl Server
0100101011010110101010
39
Ransomware
abc exe abc
abc abc dll
Private Key Public Key
Malware Distribution
ServerRAM
#$! exe #$!
#$! #$! dllCommand andControl Server