DOCSLIB.ORG

Digital Transformation: Cure-All, Placebo Or Poison Pill? Leonidas Tougiannidis Country Manager, Greece & Cyprus

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Digital Transformation: Cure-All, Placebo Or Poison Pill? Leonidas Tougiannidis Country Manager, Greece & Cyprus Digital Transformation: Cure-all, Placebo or Poison Pill? Leonidas Tougiannidis Country Manager, Greece & Cyprus © Copyright Fortinet Inc. All rights reserved. IT Trends increase the ATTACK SURFACE & LIABILITIES ▪ Digital Transformation entails sharing data ▪ IoT brings 20 Billion new Devices Online ▪ Cloud breaks the Borders ▪ Mobility Disperses Users and Data ▪ SD-WAN stretchers enterprise networks ▪ Regulations (ie GDPR, PCI-DSS, PSD2) 2 [Digital Transformation] is the integration of digital technology into all areas of a business, resulting in fundamental changes to how businesses operate and how they deliver value to customers 3 Digital Transformation Digital Transformation Engage Your Empower Your Optimize Your Transform Your Customers Employees Business Products Digital Technology 4 Real Life Digital Transformation From 140-year old manufacturing company: Digital Transformation Goals – 2020: Top 10 Global Energy, Transportation, Healthcare Software Company – $15B Digital Revenue 5 Obstacles to Digital Transformation Security is the largest factor standing in the way of enterprise digital transformation efforts. More than half (55%) of companies said that security was the No. 1 challenge they face when implementing digital enablement technologies Source: SoftServe 2017 Cybersecurity one of Top 10 “Security nearly always tops the list of obstacles to Digital Transformation digital transformation obstacles”. Source:Harvard Business Review 2017 Marc Cecere, Forrester, ZD Net, 2017 The biggest disruptive technologies Some 57% of businesses reported cited by global respondents are the major issues finding and recruiting cloud (58%), mobility and talented IT security staff—a problem collaboration (54%), big data as digital transformation efforts (52%)...IoT (43%) move more data and systems to the cloud, and cyber attacks grow more Source: BT CIO Report 2016 sophisticated. Source: Osterman Research 2017 6 7 Securing the Digitally Transformed Enterprise “…in the digital era, [security] focus needs to shift from securing network perimeters to safeguarding data spread across systems, devices, and the cloud.” MIT Technology Review, 2017 Augmented Mobile Devices IoT Platforms Cloud Computing Reality/Wearables Bid Data Analytics Multi-level and Advanced Customer Algorithms Interaction and Customer Profiling 3D Printing Location Detection Smart Sensor Advanced Human-machine Technologies Interfaces 8 Virtualization and Cloud FOCUS #1 The Multi-Cloud Experience…In Silos VIRTUALIZATION PRIVATE CLOUD HYBRID PUBLIC CLOUD HYPERVISOR IaaS/PaaS East-West North-South SaaS 10 The Internet of Things FOCUS #2 Just How Many of These Things? 20.4B IoT Units Installed Base by Category (Billions of Units)* TOTAL 11.2B TOTAL 8.4B TOTAL Business Vertical Specific 12 863 Business Cross-Industry 7 038 5 244 Consumer 2017 2018 2020 12 *Gartner 2017 The Watchwords of IoT LEARN SEGMENT PROTECT Trusted or Not Define a Policy Everything 13 The Threat Landscape FOCUS #3 Q2 2018 by the Numbers* (some of the numbers) EXPLOITS MALWARE BOTNETS 7,230 unique exploit detections variants in 4,856 96% of firms saw severe 23,945 families exploits 265 unique botnets 23% detected cryptojacking 1.8 active botnets per firm malware 15 *FortiGuard Q2 2018 Threat Landscape Report FortiGuard Statistics – Greece Malware, IPS, Application and Botnet Greece: Last Month of Activity Total Malware Hits – Global Compared to GR Name Detection Count Name Detection Count W32/BackDoor.Prosiak.65 23,610,074 W32/Downloader_x.RE!tr.dldr 10,499 W32/GandCrab.E!tr.ransom 1,319,088 W32/Dx.DC!tr 8,218 W32/Dx.DC!tr 844,161 W32/K.AIG!tr.pws 8,215 W32/Khalesi.XB!tr 595,806 PossibleThreat.vw 2,963 W32/VB_BackDoor.B!tr 509,698 W32/Agent.AJFK!tr 2,719 W32/BDoor.IY!tr.bdr 460,562 W32/Bifrose.FMR!tr.bdr 2,648 Adware/Ejik 455,201 W32/Delf.TXH!tr.dldr 2,294 W32/Magef.4408!worm 420,354 WM/Agent.XY!tr.dldr 1,813 W32/Delf.TXH!tr.dldr 368,787 Adware/AirPush!Android 1,680 MSOffice/CVE_2017_11882.A!exploit 341,812 W32/GenKryptik.CJOK!tr 1,515 PossibleThreat.vw 295,973 W32/Injector.EADU!tr 1,073 W32/Agent.RGU!tr 285,472 Adware/Sprovider!Android 727 W32/AdClicker.C!tr 269,670 Adware/BHO 624 Android/Generic.AP.12BDF4E!tr 257,099 W32/Injector.EALR!tr 587 JS/Gnaeus.G!tr 245,402 W32/Injector.EAAL!tr 563 Riskware/PCAgent 244,589 BAT/Agent.OLR!tr 514 W32/Agent.DVC!tr.dldr 242,179 MSOffice/CVE_2017_11882.A!exploit 501 W32/K.AIG!tr.pws 238,172 Java/Kryptik.XF!tr 446 Riskware/CasOnline 234,310 MSOffice/Fareit.L!exploit 410 W32/Downloader_x.RE!tr.dldr 208,059 W32/Injector.EANJ!tr 399 17 Total IPS Hits – Global Compared to GR Name Detection Count Name Detection Count NTP.Monlist.Command.DoS 51,755,836,965 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypass 1,096,210 SIPVicious.SIP.Scanner 46,275,576,615 SIPVicious.SIP.Scanner 387,197 MS.DNS.WINS.Server.Information.Spoofing 9,094,601,243 D-Link.DSL-2750B.CLI.OS.Command.Injection 229,491 MS.Communicator.SIP.Invite.DoS 6,367,250,294 Samba.AD.DC.Null.Pointer.Dereference.DoS 139,041 ZMAP.Scanner 2,237,021,906 ZmEu.Vulnerability.Scanner 135,330 SSLv3.POODLE.Information.Disclosure 1,835,759,706 App.Control.Signature.Test 131,197 Traceroute 1,738,324,185 HTTP.URI.SQL.Injection 88,192 Backdoor.DoublePulsar 1,469,386,552 MS.IIS.WebDAV.PROPFIND.ScStoragePathFromUrl.Buffer.Overflow 58,499 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosure 1,401,600,137 VxWorks.WDB.Debug.Service.Version.Number.Scanner 56,203 SSL.Renegotiation.DoS 1,196,785,680 Port.Scanning 50,567 SNMP.Private.Access 1,158,390,728 OpenVAS.Web.Scanner 45,693 Memcached.UDP.Amplification.Detection 1,027,475,112 Masscan.Scanner 36,596 NBTStat.Query 914,678,349 Muieblackcat.Scanner 28,741 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypass 878,895,936 ZMAP.Scanner 25,935 MS.RDP.Connection.Brute.Force 841,596,972 Dasan.GPON.Remote.Code.Execution 22,287 TLS.Padding.Oracle.Information.Disclosure 599,446,628 Obfuscated.Rich.Text.Format 19,853 SIPVicious.svcrack.Brute.Force.Login 433,363,589 DuckDuckGo.Search 19,431 Cisco.IPv4.DoS 411,502,692 STUNSHELL.Web.Shell.Remote.Code.Execution 16,577 WordPress.xmlrpc.Pingback.DoS 396,287,798 Memcached.UDP.Amplification.Detection 14,478 SSH.Connection.Brute.Force 366,451,427 Generic.JavaScript.Cryptocurrency.Mining.Script 14,231 18 Total App Hits – Global Compared to GR Name Detection Count Name Detection Count DNS 587,891,495,602 DNS 1,064,868,547 HTTPS.BROWSER 565,554,559,139 HTTPS.BROWSER 906,340,485 HTTP.BROWSER 193,310,322,949 HTTP.BROWSER 216,825,735 SSL 150,135,989,528 Microsoft.Outlook.Office.365 215,333,375 SSL_TLSv1.2 116,122,231,605 SSL 192,932,550 Microsoft.Portal 84,703,575,535 QUIC 179,103,079 QUIC 82,892,628,214 Microsoft.Portal 136,388,869 HTTP.BROWSER_Chrome 75,547,220,308 SSL_TLSv1.2 124,878,308 Ping 58,903,009,200 HTTP.BROWSER_Chrome 108,403,265 Windows.File.Sharing 39,228,870,793 Microsoft.Office.Online 69,319,763 HTTP.BROWSER_IE 36,794,138,493 Fortiguard.Search 61,216,850 NetBIOS.SSN 33,002,586,007 SNMP_GetRequest 52,246,251 Microsoft.Outlook.Office.365 31,521,249,268 HTTP.BROWSER_Firefox 48,296,053 NTP 25,776,532,000 NTP 41,332,193 SNMP_GetRequest 22,244,565,109 Microsoft.SharePoint 38,583,845 Google.Services 21,834,681,002 HTTP.BROWSER_IE 36,701,324 SSL_TLSv1.0 19,104,364,543 DNS_Request.ANY.Record 32,099,085 HTTP.BROWSER_Firefox 19,099,401,544 MS.Windows.Update 32,005,889 BitTorrent_HTTP.Track 14,455,244,722 iCloud 31,090,789 Microsoft.Office.Online 14,315,356,235 MSSQL 31,018,432 19 Total Botnet Hits – Global Compared to GR Name Detection Count Name Detection Count Zeroaccess.Botnet 321,382,028 Conficker.Botnet 27,420 Andromeda.Botnet 242,791,307 Adwind.Botnet 21,815 H-worm.Botnet 150,059,634 Andromeda.Botnet 13,134 Conficker.Botnet 33,845,988 Loki.Botnet 12,830 Necurs.Botnet 27,918,793 Mariposa.Botnet 12,145 IMDDOS.Botnet 27,235,385 Citadel.Botnet 8,843 XorDDOS.Botnet 24,292,837 Zeroaccess.Botnet 3,051 Sality.Botnet 22,456,959 Gh0st.Rat.Botnet 2,839 Emotet.Botnet 16,769,768 Mirai.Botnet 2,192 Ramnit.Botnet 14,480,948 Torpig.Mebroot.Botnet 1,606 Neutrino.Botnet 11,798,216 Dyzap.Botnet 472 Cidox.Botnet 11,007,848 Emotet.Botnet 363 Smominru.Botnet 8,799,523 Pushdo.Botnet 292 Expiro.Botnet 7,609,933 Bladabindi.Botnet 255 Mariposa.Botnet 7,583,867 Nitol.Botnet 198 AAEH.Botnet 7,480,968 Gozi.Botnet 172 Torpig.Mebroot.Botnet 6,770,050 Quasar.Botnet 103 njRAT.Botnet 6,510,109 CryptoWall.Botnet 70 Gozi.Botnet 5,478,646 Fareit.Botnet 36 Pushdo.Botnet 4,938,046 Zeus.Botnet 16 20 Regulatory Pressure FOCUS #4 The Post-GDPR Era The World Didn’t End of May 25, 2018 23 [Security Transformation] is the integration of security into all areas of digital technology resulting in fundamental changes to how security is architected, deployed and operated. 24 Corporate Overview Network Security Leader Fortinet is among the top 3 public cybersecurity companies in the world. Its broad portfolio of solutions spans Network, Infrastructure, Cloud, and IoT $15B Mkt Cap $1.9B – 2017 (billings) Security. - HQ California, US Based - 6,000 employees - Fastest Growing Enterprise Network Security Company 25% YoY - 3 $Billion Revenue by 2020 - #1 Industry Clear Ranking by 2020 (Gartner, IDC, 350,000 + Customers 30% of Appliance NSS) Shipments Worldwide 25 70% of F100 Are Fortinet Customers 4 of 4 9 of 10 11 of 4 of 5 3 of 5 13 Financials/ Aerospace/ Telco Retail Energy Banking Defense 10 of 12 of 3 of 5 9 of 11 3 of 5 12 15 Technology Healthcare Transportation Financials/Ins Food/Bev 26 A Leader in Network Security 27 .
Load more

Recommended publications
  • Internet Security THREAT REPORT GOVERNMENT 2013 P
    2012 Trends, Volume 18, Published April 2013 INTERNET SECURITY THREAT REPORT GOVERNMENT 2013 p. 2 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 CONTENTS 03 Introduction 31 Social Networking, Mobile, and the Cloud 04 Executive Summary 32 Introduction 32 Data 06 2012 Security Timeline 35 Analysis 09 2012 in Numbers 35 Spam and Phishing Move to Social Media 37 Mobile Threats 13 Targeted Attacks, Hacktivism, and Data Breaches 38 Cloud Computing Risks 14 Introduction 14 Data 40 Malware, Spam, and Phishing 17 DDoS Used as a Diversion 41 Introduction 17 Data Breaches 42 Data 19 Analysis 42 Spam 19 Cyberwarfare, Cybersabotage, and Industrial Espionage 45 Phishing 20 Advanced Persistent Threats and Targeted Attacks 46 Malware 20 Social Engineering and Indirect Attacks 48 Website Exploits by Type of Website 21 Watering Hole Attacks 49 Analysis 49 Macs Under Attack 23 Vulnerabilities, Exploits, and Toolkits 50 Rise of Ransomware 24 Introduction 51 Long-term Stealthy Malware 24 Data 51 Email Spam Volume Down 26 Analysis 51 Advanced Phishing 26 Web-based Attacks on the Rise 27 The Arms Race to Exploit New Vulnerabilities 53 Looking ahead 27 Malvertising and Website Hacking 56 Endnotes 28 Web Attack Toolkits 57 Appendix 29 Website Malware Scanning and Website Vulnerability Assessment 29 The Growth of Secured Connections 29 Norton Secured Seal and Trust Marks 29 Stolen Key-signing Certificates p. 3 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 Introduction Symantec has established some of the most In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of comprehensive sources of Internet threat more than 51,644 recorded vulnerabilities (spanning more than data in the world through the Symantec™ two decades) from over 16,687 vendors representing over 43,391 Global Intelligence Network, which is made products.
    [Show full text]
  • BEGIN README.TXT-- PC Media Antivirus (PCMAV)
    --BEGIN README.TXT-- PC Media Antivirus (PCMAV) 9.9.1 Copyright (c) 2006-2014 Majalah PC Media Pinpoint Publications Group ************************************************************************ MEMANFAATKAN/MENGGUNAKAN PCMAV BERARTI ANDA MENGERTI DAN SETUJU DENGAN SELURUH KETENTUAN YANG ADA DI BAGIAN "KETENTUAN PENGGUNAAN (END-USER LICENSE)" YANG TERDAPAT PADA FILE README.TXT INI. PCMAV INI DIBUAT KHUSUS DAN DIPERSEMBAHKAN BAGI "PEMBACA SETIA" PC MEDIA DAN YANG KAMI CINTAI. MAKA DARI ITU, JIKA ANDA ADALAH PENGGUNA PEMULA DAN ATAU MERASA KESULITAN MEMAHAMI ISI README.TXT INI, BAIK SEBAGIAN MAUPUN SECARA KESELURUHAN, MAKA KAMI SANGAT MENYARANKAN ANDA UNTUK BERKONSULTASI TERLEBIH DULU DENGAN REKAN ANDA YANG LEBIH BERPENGALAMAN DALAM BERKOMPUTER. ATAU DEMI KENYAMANAN ANDA, MAKA KAMI SARANKAN UNTUK TIDAK MENGGUNAKAN PCMAV SAMA SEKALI. ************************************************************************ ------------------------------ ANTIVIRUS KEBANGGAAN INDONESIA ------------------------------ Tidak ada antivirus lain yang mampu mengatasi secara tuntas virus komputer, baik lokal maupun asing, yang banyak menyebar di Indonesia sebaik dan seaman PCMAV. Umumnya antivirus yang ada hanya mampu mengenali dan menghapus file yang dideteksi bervirus. PCMAV menyempurnakannya dengan tingkat akurasi pendeteksian yang lebih tinggi, sehingga lebih handal dalam mengembalikan file, dokumen dan sistem yang menjadi sasaran serangan virus hingga pulih 100%. Dengan PCMAV, Anda akan mendapatkan antivirus yang bukan hanya sekadar mendeteksi namun daya basminya
    [Show full text]
  • Coordinating Across Chaos: the Practice of Transnational Internet Security Collaboration
    COORDINATING ACROSS CHAOS: THE PRACTICE OF TRANSNATIONAL INTERNET SECURITY COLLABORATION A Dissertation Presented to The Academic Faculty by Tarun Chaudhary In Partial Fulfillment of the Requirements for the Degree International Affairs, Science, and Technology in the Sam Nunn School of International Affairs Georgia Institute of Technology May 2019 COPYRIGHT © 2019 BY TARUN CHAUDHARY COORDINATING ACROSS CHAOS: THE PRACTICE OF TRANSNATIONAL INTERNET SECURITY COLLABORATION Approved by: Dr. Adam N. Stulberg Dr. Peter K. Brecke School of International Affairs School of International Affairs Georgia Institute of Technology Georgia Institute of Technology Dr. Michael D. Salomone Dr. Milton L. Mueller School of International Affairs School of Public Policy Georgia Institute of Technology Georgia Institute of Technology Dr. Jennifer Jordan School of International Affairs Georgia Institute of Technology Date Approved: March 11, 2019 ACKNOWLEDGEMENTS I was once told that writing a dissertation is lonely experience. This is only partially true. The experience of researching and writing this work has been supported and encouraged by a small army of individuals I am forever grateful toward. My wife Jamie, who has been a truly patient soul and encouraging beyond measure while also being my intellectual sounding board always helping guide me to deeper insight. I have benefited from an abundance of truly wonderful teachers over the course of my academic life. Dr. Michael Salomone who steered me toward the world of international security studies since I was an undergraduate, I am thankful for his wisdom and the tremendous amount of support he has given me over the past two decades. The rest of my committee has been equally as encouraging and provided me with countless insights as this work has been gestating and evolving.
    [Show full text]
  • APCERT Annual Report 2012
    AAPPCCEERRTT AAnnnnuuaall RReeppoorrtt 22001122 APCERT Secretariat E-mail: [email protected] URL: http://www.apcert.org 1 CONTENTS CONTENTS ........................................................................................................................... 2 Chair’s Message 2012 ............................................................................................................ 4 I. About APCERT ................................................................................................................... 6 II. APCERT Activity Report 2012 ...................................................................................... 12 1. International Activities and Engagements 12 2. Approval of New General Members / Full Members 16 3. APCERT SC Meetings 16 4. APCERT Study Calls 16 5. APCERT Information Classification Policy 17 III. Activity Reports from APCERT Members ................................................................... 18 Full Members 18 1. AusCERT Activity Report 18 2. BKIS Activity Report 20 3. BruCERT Activity Report 24 4. CERT Australia Activity Report 30 5. CERT-In Activity Report 35 6. CNCERT/CC Activity Report 47 7. HKCERT Activity Report 55 8. ID-CERT Activity Report 61 9. ID-SIRTII/CC Activity Report 71 10. JPCERT/CC Activity Report 78 11. KrCERT/CC Activity Report 86 12. MyCERT Activity Report 91 13. SingCERT Activity Report 99 14. Sri Lanka CERT|CC Activity Report 102 15. TechCERT Activity Report 113 16. ThaiCERT Activity Report 122 2 17. TWCERT/CC Activity Report 131 18. VNCERT Activity Report 142 General Members 146 19. bdCERT Activity Report 146 20. EC-CERT Activity Report 150 21. mmCERT Activity Report 154 22. MOCERT Activity Report 160 23. MonCIRT Activity Report 168 24. NCSC Activity Report 179 3 Chair’s Message 2012 The history of CERTs began in 1989 as a result of the Morris worm. As Internet expanded globally, CERTs began to form within the Asia Pacific region and quickly it became clear that collaboration to address challenges that went beyond individual national borders would become essential.
    [Show full text]
  • Threatblogger Footsloggers Review 2012
    December 2012 Feature Article: ThreatBlogger FootSloggers Review 2012 Table of Contents ThreatBlogger FootSloggers Review 2012 ..................................................................................................................3 ESET Papers and Articles in 2012............................................................................................................................. 10 The Top Ten Threats of 2012 ................................................................................................................................... 12 Top Ten Threats at a Glance (graph) ....................................................................................................................... 15 About ESET .............................................................................................................................................................. 16 Additional resources ................................................................................................................................................ 16 ThreatBlogger FootSloggers Of course, other social media were targeted too, as Stephen Review 2012 pointed out in Tricky Twitter DM hack seeks your credentials, malware infection, and more. David Harley, ESET Senior Research Fellow In fact, scams were a very prominent feature of the January 2012 on the ThreatBlog was far too busy to do justice to in a threatscape: the first blog of the year, with some input from fairly short article: inevitably, I’ll have to leave out some ESET Ireland’s
    [Show full text]
  • Early Warning Factor of Cyber Threats Intelligence Fusion
    ISACA Conference – 23rd of October 2013 – Riga - Latvia • Trustworthy Computing @ 10 Years • Security Development Lifecycle • Digital Crimes Unit • Government Security Program • Security Cooperation Program • Cyber Defense – Technology View Infrastructure Impact Global Services Targeted Resources Trustworthy Computing Security • Security Science • Microsoft Security Response Center Microsoft Malware Prevention Center • Malware analysis • Anti-malware capabilities Microsoft Product Development • Product architecture & engineering insight Customer Service & Support - Cybersecurity • Diagnosis and technical investigation • IT ecosystem viewpoint Global view to Global Cyber Threats – Microsoft Intelligence – SIR Report vol. 14 more than 5 times Scenario 1: malware disables real-time Scenario 2: user disables real-time antimalware Scenario 3: subscription lapses antimalware to ‘stay quiet’ because of perceived performance improvements 16.0 14.0 12.0 10.0 8.0 6.0 4.0 2.0 0.0 July August September October November December 32 32 32 64 Windows Vista SP2 Unprotected Windows Vista SP2 Protected • Using up-to-date real-time security software is an important part of a defense in depth strategy • Simply installing and using up-to-date real-time antimalware software can help individuals and organizations reduce the risk they face from malware by more than 80 percent • The statistics presented here are generated by Microsoft security programs and services running on computers in Slovakia in 4Q12 and previous quarters. This data is provided from administrators
    [Show full text]
  • Malware Disruptions and More Information
    Malware Disruptions and More Information Malware Disruption Short description (you can Links for more information date also reference the Windows Defender Security Intelligence threat encyclopedia for more details Gamarue November • Also known as Andromeda Microsoft blog: Microsoft teams up with law 2017 • Sold as a crime kit on the enforcement and other partners to disrupt dark web with additional Gamarue (Andromeda) modules that could be added Europol newsroom: Andromeda botnet • Steals user names and dismantled in international operation passwords, disables security protections, and blocks Windows Update • Spreads through USB flash Geekwire: Microsoft releases new details on drives, instant messaging Gamarue malware botnet ad its 'sprawling programs, email, and infrastructure' social networks • Installs other malware types such as backdoor, downloaders, remote access, worm, spam, ransomware, and click fraud – a Gamarue infected system could be infected with dozens of additional different types malware Avalanche November • Used as a delivery 2017 platform to launch and manage mass global Europol newsroom: 'Avalanche' network malware attacks and dismantled in international cyber operation money mule recruiting campaigns Europol infographic: Operation Avalanche • Steals user names and passwords, launches denial of service (DoS) attacks, distributes other malware families, and targeted over 40 major financial institutions • Installs other malware types such as backdoor, downloaders, remote access, worm, spam, and click fraud Barium November
    [Show full text]
  • Civil Cyberconflict: Microsoft, Cybercrime, and Botnets Janine S
    Santa Clara High Technology Law Journal Volume 31 | Issue 2 Article 1 January 2014 Civil Cyberconflict: Microsoft, Cybercrime, and Botnets Janine S. Hiller Follow this and additional works at: http://digitalcommons.law.scu.edu/chtlj Part of the Intellectual Property Law Commons, and the Science and Technology Law Commons Recommended Citation Janine S. Hiller, Civil Cyberconflict: Microsoft, yC bercrime, and Botnets, 31 Santa Clara High Tech. L.J. 163 (2015). Available at: http://digitalcommons.law.scu.edu/chtlj/vol31/iss2/1 This Article is brought to you for free and open access by the Journals at Santa Clara Law Digital Commons. It has been accepted for inclusion in Santa Clara High Technology Law Journal by an authorized administrator of Santa Clara Law Digital Commons. For more information, please contact [email protected]. 08_ARTICLE_HILLER (DO NOT DELETE) 5/27/2015 1:51 PM CIVIL CYBERCONFLICT: MICROSOFT, CYBERCRIME, AND BOTNETS Janine S. Hiller† Cyber “warfare” and hackback by private companies is a hot discussion topic for its potential to fight cybercrime and promote cybersecurity. In the shadow of this provocative discussion, Microsoft has led a concerted, sustained fight against cybercriminals by using traditional legal theories and court actions to dismantle criminal networks known as botnets. This article brings focus to the role of the private sector in cybersecurity in light of the aggressive civil actions by Microsoft to address a thorny and seemingly intractable global problem. A botnet is a network of computers infected with unauthorized code that is controlled from a distance by malicious actors. The extent of botnet activity is staggering, and botnets have been called the plague of the Internet.
    [Show full text]
  • Lutte Contre Les Botnets : Analyse Et Stratégie Eric Freyssinet
    Lutte contre les botnets : analyse et stratégie Eric Freyssinet To cite this version: Eric Freyssinet. Lutte contre les botnets : analyse et stratégie. Cryptographie et sécurité [cs.CR]. Université Pierre et Marie Curie - Paris VI, 2015. Français. NNT : 2015PA066390. tel-01231974v3 HAL Id: tel-01231974 https://tel.archives-ouvertes.fr/tel-01231974v3 Submitted on 15 Feb 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Spécialité Informatique École doctorale Informatique, Télécommunications et Électronique (Paris) Présentée par Éric FREYSSINET Pour obtenir le grade de DOCTEUR DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Sujet de la thèse : Lutte contre les botnets : analyse et stratégie Présentée et soutenue publiquement le 12 novembre 2015 devant le jury composé de : Rapporteurs : M. Jean-Yves Marion Professeur, Université de Lorraine M. Ludovic Mé Enseignant-chercheur, Supélec Rennes Directeurs : M. David Naccache Professeur, École normale supérieure de thèse M. Matthieu Latapy Directeur de recherche, UPMC, LIP6 Examinateurs : Mme Clémence Magnien Directrice de recherche, UPMC, LIP6 Mme Solange Ghernaouti-Hélie Professeure, Université de Lausanne M. Vincent Nicomette Professeur, INSA Toulouse Cette thèse est dédiée à M.
    [Show full text]
  • Beheading Hydras: Performing Effective Botnet Takedowns
    Beheading Hydras: Performing Effective Botnet Takedowns Yacin Nadji Manos Antonakakis Roberto Perdisci College of Computing Damballa, Inc. Department of Computer Georgia Institute of Atlanta, GA Science Technology [email protected] University of Georgia Atlanta, GA Athens, GA [email protected] [email protected] David Dagon Wenke Lee College of Computing College of Computing Georgia Institute of Georgia Institute of Technology Technology Atlanta, GA Atlanta, GA [email protected] [email protected] ABSTRACT Categories and Subject Descriptors Devices infected with malicious software typically form bot- K.6.m [Management of Computing and Information net armies under the influence of one or more command and Systems]: Security; K.5.m [Legal Aspects of Comput- control (C&C) servers. The botnet problem reached such ing]: Contracts levels where federal law enforcement agencies have to step in and take actions against botnets by disrupting (or \taking General Terms down") their C&Cs, and thus their illicit operations. Lately, more and more private companies have started to indepen- Botnets dently take action against botnet armies, primarily focusing on their DNS-based C&Cs. While well-intentioned, their Keywords C&C takedown methodology is in most cases ad-hoc, and botnet takedowns; takedown analysis; takedown policy limited by the breadth of knowledge available around the malware that facilitates the botnet. With this paper, we aim to bring order, measure, and 1. INTRODUCTION reason to the botnet takedown problem. We propose a Botnets represent a persistent threat to Internet security. takedown analysis and recommendation system, called rza, To effectively counter botnets, security researchers and law that allows researchers to perform two tasks: 1) a post- enforcement organizations have been recently relying more mortem analysis of past botnet takedowns, and 2) provide and more on botnet takedown operations.
    [Show full text]
  • Éric FREYSSINET Lutte Contre Les Botnets : Analyse Et Stratégie
    THÈSE DE DOCTORAT DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Spécialité Informatique École doctorale Informatique, Télécommunications et Électronique (Paris) Présentée par Éric FREYSSINET Pour obtenir le grade de DOCTEUR DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Sujet de la thèse : Lutte contre les botnets : analyse et stratégie Présentée et soutenue publiquement le 12 novembre 2015 devant le jury composé de : Rapporteurs : M. Jean-Yves Marion Professeur, Université de Lorraine M. Ludovic Mé Enseignant-chercheur, CentraleSupélec Directeurs : M. David Naccache Professeur, École normale supérieure de thèse M. Matthieu Latapy Directeur de recherche, UPMC, LIP6 Examinateurs : Mme Clémence Magnien Directrice de recherche, UPMC, LIP6 Mme Solange Ghernaouti-Hélie Professeure, Université de Lausanne M. Vincent Nicomette Professeur, INSA Toulouse Cette thèse est dédiée à M. Celui qui n’empêche pas un crime alors qu’il le pourrait s’en rend complice. — Sénèque Remerciements Je tiens à remercier mes deux directeurs de thèse. David Naccache, officier de réserve de la gendarmerie, contribue au développement de la recherche au sein de notre institution en poussant des personnels jeunes et un peu moins jeunes à poursuivre leur passion dans le cadre académique qui s’impose. Matthieu Latapy, du LIP6, avec qui nous avions pu échanger autour d’une thèse qu’il encadrait dans le domaine difficile des atteintes aux mineurs sur Internet et qui a accepté de m’accueillir dans son équipe. Je voudrais remercier aussi, l’ensemble de l’équipe Réseaux Complexes du LIP6 et sa responsable d’équipe actuelle, Clémence Magnien, qui m’ont accueilli à bras ouverts, accom- pagné à chaque étape et dont j’ai pu découvrir les thématiques et les méthodes de travail au fil des rencontres et des discussions.
    [Show full text]
  • Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families
    Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Lars Strande Grini Master’s Thesis Master of Science in Information Security 30 ECTS Department of Computer Science and Media Technology Gjøvik University College, 2015 Avdeling for informatikk og medieteknikk Høgskolen i Gjøvik Postboks 191 2802 Gjøvik Department of Computer Science and Media Technology Gjøvik University College Box 191 N-2802 Gjøvik Norway Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Lars Strande Grini 15/12/2015 Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Abstract There exist different methods of identifying malware, and widespread method is the one found in almost every antivirus solution on the market today; the signature based ap- proach. This approach uses a one-way cryptographic function to generate a unique hash of each file. Afterwards, each hash is checked against a database of hashes of known mal- ware. This method provides close to none false positives, but this does also mean that this approach can only detect previously known malware, and will in many cases also provide a number of false negatives. Malware authors exploit this weakness in the way that they change a small part of the malicious code, and thereby changes the entire hash of the file, which then leaves the malicious code undetectable until the sample is discovered, analyzed and updated in the vendors database(s). In the light of this relatively easy mit- igation for malware authors, it is clear that we need other ways to identify malware.
    [Show full text]