Upload File

“the trick is to stop thinking of it as ‘your’ money” -...

  • Home
  • Documents
  • “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it
15
1 © Copyright 2011 EMC Corporation. All rights reserved. “The trick is to stop thinking of it as ‘your’ money” - IRS Technion Security Summer School 2012 Etay Maor Research Lab Manager [email protected]

Upload: tranhanh

Post on 14-Mar-2018

221 views

Category:

Documents


5 download

Report

TRANSCRIPT

Page 1: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

1 © Copyright 2011 EMC Corporation. All rights reserved.

“The trick is to stop thinking

of it as ‘your’ money” - IRS

Technion Security Summer School 2012

Etay Maor

Research Lab Manager

[email protected]

Page 2: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

2 © Copyright 2011 EMC Corporation. All rights reserved.

1 2

6 5

RDP MITM Attack Scheme

Page 3: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

3 © Copyright 2011 EMC Corporation. All rights reserved.

VNC/RDP

Page 4: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

4 © Copyright 2011 EMC Corporation. All rights reserved.

What Else Are Fraudsters Up To?

• Citadel – THE latest version of Zeus

• Acknowledge the community’s requests

• Modules include: – All previous Zeus components – Video recorder – Auto CMD (“This is a good feature to have when analyzing a

company’s internal structure”) – DNS redirection (“AVs, Banks”) – “Important: Our software does not work on Russian-language systems.

If a Russian or Ukrainian layout is detected, the bot terminates. This is done to prevent installs on CIS systems. You may disagree, but that’s taboo for us.”

Page 5: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

5 © Copyright 2011 EMC Corporation. All rights reserved.

Citadel

Page 6: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

6 © Copyright 2011 EMC Corporation. All rights reserved.

Citadel + Ransomware

Page 7: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

7 © Copyright 2011 EMC Corporation. All rights reserved.

Mobile Vulnerabilities (POC)

– Insecure data storage

– HTML Injection

– Sensitive information disclosure

– Broken Cryptography

– And more…

• Source: OWASP Mobile Security Project

Page 8: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

8 © Copyright 2011 EMC Corporation. All rights reserved.

Portals, Redirectors and ATMs…O My…

Page 9: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

9 © Copyright 2011 EMC Corporation. All rights reserved.

Citadel Mobile Malware

Page 10: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

10 © Copyright 2011 EMC Corporation. All rights reserved.

Citadel Mobile Malware

Page 11: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

11 © Copyright 2011 EMC Corporation. All rights reserved.

Citadel Mobile Malware

Page 12: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

12 © Copyright 2011 EMC Corporation. All rights reserved.

Trojan Evasion

Page 13: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

13 © Copyright 2011 EMC Corporation. All rights reserved.

Trojan Evasion

Page 14: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

14 © Copyright 2011 EMC Corporation. All rights reserved.

XaaS

Page 15: “The trick is to stop thinking of it as ‘your’ money” - IRStce.webee.eedev.technion.ac.il/wp-content/uploads/sites/8/2015/02/... · “The trick is to stop thinking of it

15 © Copyright 2011 EMC Corporation. All rights reserved.

Security Awareness 101


Stop Rules: Mood & Perseverative Thinking

Stop Thinking and Start Movingoverwhelmedtoaction.com/images/2017/02/stop-think-start-move-15 … · The UnStuck oach Stop Thinking and Start Moving For Business Transformation and

CURRICULUM ON MILITARY SUBJECTS - cacadets.org...B9. Stop Procrastinating How to Stop Procrastinating: (5mins 12s YouTube Video, Watchwellcast) - Trick yourself into getting the job

Stop Thinking, Start Living: Discover Lifelong Happiness

UNHOOKED THINKING 2007 WHY STOP AT RECOVERY? ANTHONY HEWITT

SharePoint Governance. Stop features thinking,

How to Be Quiet and Stop Thinking Meditation

STOP, THINK SCORTCH: Re-thinking the traditional ‘TORCH

Stop PowerPoint Paranoia: Thinking Differently about

Marketing Decision-Makers: Stop Thinking Tactics, Start Thinking Campaigns

Stop Thinking (So Much) About ‘Sexual Harassment’1/file/V8StopThinkin… · Stop Thinking (So Much) About ‘Sexual Harassment’1 Abstract This paper explores two related widespread

Decision Makers: Stop thinking tactics, Start thinking campaigns

Marketing Decision Makers: Stop Thinking Tactics, Start Thinking Campaigns - 2014 AMA Marketing Workshop

Stop Thinking - How to Reduce Your Thinking to Help Create Quality Ideas,85p

Stop thinking, start tagging - Tag Semantics emerge from Collaborative Verbosity

The STOP System for Overcoming Negative Thinking

How To Stop Negative Thinking And Think Positively20daypersuasion.com/StopNegativeThoughts.pdf · How To Stop Negative Thinking And Think Positively Brought To You By: Michael Lee,

DevOpsGuys / Ranger4 - Stop Thinking About Servers

Stop thinking, start doing

Transform DMI 2015: Stop thinking silos, start thinking eco-systems

Charles Bukowski | I can't stop thinking about you · 2019. 8. 29. · Charles Bukowski | I can't stop thinking about you I have not stopped thinking about you, I’d love to tell

Marketing Decision Makers: Stop Thinking Tactics, Start Thinking Campaigns - 2014 Fall AMA Marketing Workshop

[Webinar] Stop Thinking About It and Automate Your AP Processes

campus02.at don't stop thinking about tomorrow

Americans Stop Thinking Like Communists

Research Article Should I Stop Thinking About It: A

Stop Complaining to ME… Voter Behavior and Thinking

How To Trick People Into Thinking You’re Not A Graduate Student

Stop Thinking Start Doing | Benchmark Search Conference 2016

Stop thinking and sleep

TH504 - Stop Thinking Like an Instructional Designer: Start Thinking Like a Game Designer

Trick Best Trick

09 – Thinking and language. What can stop you from thinking correctly?

Prashant Tripathi: Stop thinking, just relax and understand

Stop Thinking, Start Doing - Daniel Davis (2014)