DOCSLIB.ORG

Botnet As Platform to Deliver Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Botnet As Platform to Deliver Attacks Cyber Threats to e-Commerce S.C. Leung CISSP CISA CBCP Who are we? . HKCERT – Established in 2001. Operated by HK Productivity Council – Provide Internet users and SME services (free-of-charge) – Scope of services • Security Monitor and Early Warning • Incident Report Handling • Publication of guideline • Public Awareness – www.hkcert.org – Free subscription of alert information via email and mobile (we pay for the SMS charges) Page . 2 HKCERT CERT Teams in Asia Pacific CERT Teams around the World 亞太區其他協調中心 全球其他協調中心 CERT CERT CERT CERT CERT CERT CERT CERT CERT CERT CERTCERT CERTCERT CERTCERT APCERTAPCERT FIRSTFIRST CERTCERT Security Law Enforcement Research Centre 執法機關 保安研究中心 Local Enterprise & Internet Users 本地企業及互聯網用戶 Internet Infrastructure Software Vendor 互聯網基建機構 軟件供應商 Universities Page . 3 大學 Agenda Cyber Threats to e-Commerce Attackers and the Motives of Attacks Attack Trends Highlight Relevance to e-Commerce Attacks and Counter-attack Strategies Page . 4 Attackers and Motives . Kiddies and Early Hackers: Fame E-Commerce Relevant . Activists: Hacktivism . Cybercriminals: Money – Anonymous, Lulzsec groups – Theft of information –Extortion . State sponsored – Control machine for other purposes – Civilian monitoring • Doubts on R2D2 Trojan in Germany . Unfriendly parties – Attacks to state critical infrastructure or military – Disgruntled employees • Stuxnet - 2010 - loss of reputation via data leakage or scandals • USA drone malware - 2011 – Business competitors •DoS • Theft of business sensitive information, patent, forumla Page . 5 Cybercrime as a Service Products Piracy: theft of CD Keys Theft of Personal Information and Identification (SSN, id, password, cc #.) Services Hosting: Spam relays, phishing web hosting Phishing attacks: paid web hosting Proxy network (so beware of unsolicited open proxy!) Spyware/adware installation: pay per installation Click fraud: pay per click DDoS: extortion or competitor service site attack Blackmail / Ransomware encrypts hard drive data demand ransom Page . 6 Attack Trend Highlights . Attack becomes less visible - uninformed victims . Botnet as platform to deliver attacks . Cybercrime as a Service . Moving up from network attack – to web application attack – to business logic abuse . Exploit points of weak defense . Going Mobile, Going Social, Going Cloud Page . 7 Attacks Becomes Less Visible HKCERT incident report statistics 3500 3109 3000 2815 Virus attack 2500 Security attack 2000 1457 1500 1255 1101 898 948 955 928 1000 805 520 596 527 446 326 500 190 234 260 272 144 0 2001- 2002- 2003- 2004- 2005- 2006- 2007- 2008- 2009- 2010- 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 – Visible mass spreading worms (Blaster, Sasser, Netsky) peaked 2003-2005. – Reports on malware attack dropped significantly. – Security incident reports (hacking, phishing, defacement, botnet and others) increased by 4 folds. Page . 8 How Less Visible Attacks Surfaces . Victim report figure is low. Reporting Party (2010/11) . Compromise becomes visible when victim machine being used 27.84% 27.92% local to participate in phishing, malware hosting or other attacks. overseas proactive discovery 1. Overseas parties reported incidents to HKCERT 44.25% 2. HKCERT use proactive discovery methodologies to find out hacked machines in Hong Kong Page . 9 Botnet (roBot Network) - infrastructure for cybercrime Up: Data Bot Herder Down: Command/Update C&C C&C C&C Up: Data Down: Command/Update bot bot bot bot bot bot bot Spam DDoS attack victim victim Page . 10 Wikipedia not totally correct in “botnet”, Botnet is much more than DDOS platform. Relevance to e-Commerce . Websites – Exploit server to provide launchpad for attacks – For data on server – For money in extortion . Web Users – Targeted for credential, data breach, fraudulent transaction – Man-in-the-Middle (MitM), Man-in-the-Browser (MitB), Man-in-the-Mobile (MitMo) attacks Page . 11 Attacks to Websites Mass injection of osCommerce websites (Jul 2011) . osCommerce is an open source shopping cart using web 2.0 technology . Large scale injection attack since July. Over 2.7M web pages infected globally. Over 45,000 pages in Hong Kong . Inject "<iframe>" and "<script>" pointing to malicious links such as "willysy.com" and "exero.eu“ Page . 13 Page . 14 Multi-stage infection (drive-by download) Web server (injected) Exploit server Web request Redirected to Malware Hosting Exploit server Serve Exploit Page Browser Exploits imported from other servers via iframes, redirectsr e serve Malwar cted to Page When compromised, dropper downloadRedire and install the actual bot malware . 15 are Malw load Down Website Protection Strategies . Plugging security holes – Get security vulnerabilities warnings (available in http://www.hkcert.org) – Regular and Timely Patching . Application Firewall – Block web application attacks . Writing secure web applications is the root – Good coding practice; Minimum privilege of database user account – Code scanning, Vulnerability scanning – HKCERT SQL injection defense guideline • http://www.hkcert.org/english/sguide_faq/sguide/sql_injection_en.pdf – OWASP (Open Web Application Security Project) Top Ten Project • SQL injection, Cross-site scripting, Broken authentication and session management, mis-configuration … – https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Page . 16 Website Protection Strategies . Defense in depth - Separate web server and database server - Encryption - Encrypt web communication - Encrypt sensitive data on server - Plan for contingency - What if website not available ? - Alternate website - Manual procedure? - Backup and Recovery Page . 17 Attacks to Web Users Attacks targeting web users . Attack more sophisticated, targeting two-factor authentication, using Man- in-the-Middle attacks . From getting credential to transfer money on the spot, because piggybacking window is temporary . From phishing (fake site) to fraud on real online site . Targeted, because each online e-commerce site is different . E-Commerce site does not see hacker from access log. They are in the browser carrying the cyber identity of the customer Page . 19 What is Man-in-the-Middle attack? . Hacker sits in the middle of messages sent between the parties . Client and Server NOT AWARE th . It is an ACTIVE attack in the client and server and able stead of passivee existence sniffing of the middle man to read, modify and insert web browser Normal HTTP connection GET http://abc.com G E HTTP/1.0 200 OK T h tt H p :/ T /a MITM hijacked connection T b P c. Page /1 c . o . 20 0 m 2 0 0 O K web server GET http://abc.com attacker HTTP/1.0 200 OK Botnet targeting Banks and e-Commerce . Zeus and SpyEye Botnets – steals banking information by Keylogging and Form Grabbing – features: • Take screenshot (save to html without image) • Fake redirect (redirect to a prepared fake bank webpage) • HTML inject (hijack the login session and inject new field) • Log the visiting information of each banking site, record the input string (text or post URL) Page . 21 Man-in-the-Browser . Hackers’ dream: breaking two factor authentication – Intercept transaction • Install software/plugin inside the browser, hook major OS and web browser APIs and proxying data . Rewrite the screen. Trick user to enter credentials. Change amount and change destination to attacker account . Change the display to user as if his transaction was executed – Calculate the “should be amount” and rewrites the remaining total to screen – store in database in the cloud the amount transacted in user's perspective Source: www.cronto.com Page . 22 Zeus in the Mobile . ZitMo (reported in Sep-2010) – Zeus ver 2.0, with Man-in-the-Mobile (MitMo) feature – Mobile Infection: • Infected PC visit bank website • Zeus inject HTML content into webpage, requesting user to input their mobile phone number and the IMEI # (and phone model) • Hacker sends a new "digital certificate" to the phone • User install the Zeus mobile. – Platforms: Symbian, Android, WinCE and BlackBerry – Sniff the SMS messages when waken up by special SMS • Steal one-time password (OTP) sent via SMS 2011-July . SpyEye go mobile (Apr-2011) using similar techniques Page . 23 Inserting transaction (when login) Shadow Login . Login Trojan kick up shadow login at the back PIN + OTP PIN + OTP Submit Insert a new window PIN + OTP2 Hacker use OTP2 Submit “Not successful. to authenticate a Please retry” transaction Page . 24 Defense at client side . 3 Baseline Defense is necessary but not insufficient – Protection from malware – Personal Firewall – Update patches this is more and more important . Secunia Personal Software Inspector http://secunia.com/vuln erability_scanning/pers onal/ . Install Microsoft Malicious Software Removal Tool (MSRT) Page . 25 Defense at client side . Use newer and secure browsers (Chrome 12, FF 5, IE 9) . The Use separate browsers for casual browsing and transaction based come with new features: URL blocking, sandbox . Avoid installing add-ons (extension, activeX objects …) on the browser Page . 26 Attacks to Business Logics Attacks to Business Logics . When SQL and XSS vulnerabilities are reducing, attackers change focus to vulnerabilities in business logic . Business logic flaws are not software bug. Business logic abuse are not exploits. Attackers are using functionality used by legitimate users. – Web application firewalls has no defense on it. – Quality assurance may overlook this because tests usually test what the code is supposed to do, and not what it can be made to do. Page . 28 Abuse
Load more

Recommended publications
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • Detecting Botnets Using File System Indicators
    Detecting botnets using file system indicators Master's thesis University of Twente Author: Committee members: Peter Wagenaar Prof. Dr. Pieter H. Hartel Dr. Damiano Bolzoni Frank Bernaards LLM (NHTCU) December 12, 2012 Abstract Botnets, large groups of networked zombie computers under centralised control, are recognised as one of the major threats on the internet. There is a lot of research towards ways of detecting botnets, in particular towards detecting Command and Control servers. Most of the research is focused on trying to detect the commands that these servers send to the bots over the network. For this research, we have looked at botnets from a botmaster's perspective. First, we characterise several botnet enhancing techniques using three aspects: resilience, stealth and churn. We see that these enhancements are usually employed in the network communications between the C&C and the bots. This leads us to our second contribution: we propose a new botnet detection method based on the way C&C's are present on the file system. We define a set of file system based indicators and use them to search for C&C's in images of hard disks. We investigate how the aspects resilience, stealth and churn apply to each of the indicators and discuss countermeasures botmasters could take to evade detection. We validate our method by applying it to a test dataset of 94 disk images, 16 of which contain C&C installations, and show that low false positive and false negative ratio's can be achieved. Approaching the botnet detection problem from this angle is novel, which provides a basis for further research.
    [Show full text]
  • Symantec Intelligence Report: June 2011
    Symantec Intelligence Symantec Intelligence Report: June 2011 Three-quarters of spam send from botnets in June, and three months on, Rustock botnet remains dormant as Cutwail becomes most active; Pharmaceutical spam in decline as new Wiki- pharmacy brand emerges Welcome to the June edition of the Symantec Intelligence report, which for the first time combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from May and June 2011. Report highlights Spam – 72.9% in June (a decrease of 2.9 percentage points since May 2011): page 11 Phishing – One in 330.6 emails identified as phishing (a decrease of 0.05 percentage points since May 2011): page 14 Malware – One in 300.7 emails in June contained malware (a decrease of 0.12 percentage points since May 2011): page 15 Malicious Web sites – 5,415 Web sites blocked per day (an increase of 70.8% since May 2011): page 17 35.1% of all malicious domains blocked were new in June (a decrease of 1.7 percentage points since May 2011): page 17 20.3% of all Web-based malware blocked was new in June (a decrease of 4.3 percentage points since May 2011): page 17 Review of Spam-sending botnets in June 2011: page 3 Clicking to Watch Videos Leads to Pharmacy Spam: page 6 Wiki for Everything, Even for Spam: page 7 Phishers Return for Tax Returns: page 8 Fake Donations Continue to Haunt Japan: page 9 Spam Subject Line Analysis: page 12 Best Practices for Enterprises and Users: page 19 Introduction from the editor Since the shutdown of the Rustock botnet in March1, spam volumes have never quite recovered as the volume of spam in global circulation each day continues to fluctuate, as shown in figure 1, below.
    [Show full text]
  • S Ym a Nte C Enterpris E S E CU Rit Y Symantec Global Internet Security
    ublished April 2009 P V, V, I rends for 2008 Volume X Volume Symantec Symantec Global Internet Security Threat Report T SYMANTEC ENTERPRISE SECURITY Marc Fossi Executive Editor Manager, Development Security Technology and Response Eric Johnson Editor Security Technology and Response Trevor Mack Associate Editor Security Technology and Response Dean Turner Director, Global Intelligence Network Security Technology and Response Joseph Blackbird Threat Analyst Symantec Security Response Mo King Low Threat Analyst Security Technology and Response Teo Adams Threat Analyst Security Technology and Response David McKinney Threat Analyst Security Technology and Response Stephen Entwisle Threat Analyst Security Technology and Response Marika Pauls Laucht Threat Analyst Security Technology and Response Candid Wueest Threat Analyst Security Technology and Response Paul Wood Senior Analyst MessageLabs Intelligence, Symantec Dan Bleaken Threat Analyst MessageLabs Intelligence, Symantec Greg Ahmad Threat Analyst Security Technology and Response Darren Kemp Threat Analyst Security Technology and Response Ashif Samnani Threat Analyst Security Technology and Response Volume XIV, Published April 2009 Symantec Global Internet Security Threat Report Contents Introduction ...............................................................................4 Executive Summary . 5 Highlights ............................................................................... 13 Threat Activity Trends . 17 Vulnerability Trends .....................................................................
    [Show full text]
  • Microsoft | Security Intelligence Report
    Battling Botnets for Control of Computers Microsoft | Security Intelligence Report Volume 9 January through June 2010 Microsoft | Security Intelligence Report Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMA- TION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2010 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 2 January through June 2010 Authors David Anselmi Jimmy Kuo Navaneethan Santhanam Digital Crimes Unit Microsoft Malware Protection Center Bing Richard Boscovich Scott Molenkamp Christian Seifert Digital Crimes Unit Microsoft Malware Protection Center Bing T.J. Campana Michelle Meyer Frank Simorjay Digital Crimes Unit Microsoft Trustworthy Computing Microsoft Trustworthy Computing Neil Carpenter Bala Neerumalla Holly Stewart CSS Security Microsoft Secure SQL Initiative Team Microsoft Malware Protection Center Greg Cottingham Daryl Pecelj Adrian Stone CSS Security Microsoft IT Information Security and Risk Management Microsoft Security Response Center Joe Faulhaber Anthony Penta Matt Thomlinson Microsoft Malware Protection Center Microsoft Windows Safety Platform Microsoft Security Response Center Vinny Gullotto Paul Pottorff Jossie
    [Show full text]
  • Internet Security Threat Report
    INTERNET SECURITY THREAT REPORT 2011 Trends Volume 17 Published April 2012 INTERNET SECURITY THREAT REPORT Paul Wood Mathew Nisbet Executive Editor Malware Data Analyst Manager, Cyber Security Intelligence Security Technology and Response Security Technology and Response Nicholas Johnston Gerry Egan Sr. Software Engineer Sr. Director, Product Management Security Technology and Response Security Technology and Response Bhaskar Krishnappa Kevin Haley Sr. Software Engineer Director, Product Management Security Technology and Response Security Technology and Response Irfan Asrar Tuan-Khanh Tran Security Response Manager Group Product Manager Security Technology and Response Security Technology and Response Sean Hittel Orla Cox Principal Software Engineer Sr. Manager, Security Operations Security Technology and Response Security Technology and Response Eric Chien Hon Lau Technical Director Manager, Development Security Technology and Response Security Technology and Response Eric Park Candid Wueest Sr. Business Intelligence Analyst Principal Software Engineer Anti-Spam Engineering Security Technology and Response Mathew Maniyara David McKinney Security Response Analyst Principal Threat Analyst Anti-Fraud Response Security Technology and Response Olivier Thonnard Tony Millington Sr. Research Engineer Associate Software Engineer Symantec Research Laboratories Security Technology and Response Pierre-Antoine Vervier Benjamin Nahorney Network Systems Engineer Senior Information Developer Symantec Research Laboratories Security Technology and Response
    [Show full text]
  • Exhibit N.DOC
    Page 1 1 of 1 DOCUMENT Copyright 2010 The Washington Post All Rights Reserved The Washington Post April 21, 2010 Wednesday Suburban Edition SECTION: A-SECTION; Pg. A15 DISTRIBUTION: Maryland LENGTH: 692 words HEADLINE: Google hackers duped company personnel to penetrate networks; Cyberattacks growing more sophisticated, experts say BYLINE: Ellen Nakashima BODY: The hackers who penetrated the computer networks of Google and more than 30 other large companies used an in- creasingly common means of attack: duping system administrators and other executives who have access to passwords, intellectual property and other information, according to cybersecurity experts familiar with the cases. "Once you gain access to the directory of user names and passwords, in minutes you can take over a network," said George Kurtz, worldwide chief technology officer for McAfee, a Silicon Valley computer security firm that has been working with more than half a dozen of the targeted companies. Kurtz and others said hackers are mounting ever more sophisticated and effective attacks that often begin with a ruse familiar to many computer users -- a seemingly innocuous link or attachment that admits malicious software. The attacks were publicized in January when Google, one of the world's most advanced tech firms, announced that intruders had penetrated its network and compromised valuable intellectual property. Google asserted that the attacks originated in China; Chinese officials say they are investigating. The New York Times reported on its Web site Monday that the Google theft included source code for a password system that controls access to almost all of the company's Web services. But the cyber-espionage campaign went far beyond Google, targeting companies with apparently strong intrusion- detection systems, including Adobe, Northrop Grumman and Yahoo, industry sources said.
    [Show full text]
  • H1 2011 E-Threat Landscape Report
    H1 2011 E-Threat Landscape Report MALWARE, SPAM AND PHISHING TRENDS H1 2011 E-Threats Landscape Report Author Bogdan BOTEZATU, Senior Communication Specialist Contributors Loredana BOTEZATU, Communication Specialist – Malware & Web 2.0 Threats Răzvan BENCHEA, Malware Analyst Dragoş GAVRILUŢ, Malware Analyst Alexandru Dan BERBECE - Database Administrator Dan VANDACHEVICI - Spam Analyst Irina RANCEA – Phishing Analyst 2 H1 2011 E-Threats Landscape Report Table of Contents Table of Contents .............................................................................................................................................. 3 Table of Figures ............................................................................................................................................. 4 Overview ........................................................................................................................................................ 5 Malware Spotlights ......................................................................................................................................... 6 Malware Threats in Review ............................................................................................................................ 7 World’s Top Countries Producing and Hosting Malware ........................................................................... 7 Top 10 E-Threats for H2 2010 ................................................................................................................... 8 Botnet Intelligence
    [Show full text]
  • Microsoft Security Intelligence Report
    An in-depth perspective on software vulnerabilities and exploits, malware, potentially unwanted software, and malicious websites Microsoft Security Intelligence Report Volume 14 July through December, 2012 Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2013 Microsoft Corporation. All rights reserved. Microsoft, the Microsoft logo, Active Directory, ActiveX, Bing, Forefront, Hotmail, Internet Explorer, MSDN, Outlook, the Security Shield logo, SmartScreen, System Center, Visual Basic, Win32, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. July–December 2012 i Authors Danielle Alyias Paul Henry Tim Rains Microsoft Trustworthy Computing Wadeware LLC Microsoft Trustworthy Computing Dennis Batchelder Jeff Jones Vidya Sekhar Microsoft Protection Technologies Microsoft Trustworthy Computing Microsoft Malware Protection Center Joe Blackbird Jimmy Kuo Holly Stewart Microsoft Malware Protection Center Microsoft Malware Protection Center Microsoft Malware Protection Center Joe Faulhaber Marc Lauricella Matt Thomlinson Microsoft Malware Protection
    [Show full text]
  • Symantec Government Internet Security Threat Report Trends for 2008
    ublished April 2009 P V, V, I rends for 2008 Volume X Volume Symantec Symantec Government Internet Security Threat Report T SYMANTEC ENTERPRISE SECURITY Marc Fossi Executive Editor Manager, Development Security Technology and Response Eric Johnson Editor Security Technology and Response Trevor Mack Associate Editor Security Technology and Response Dean Turner Director, Global Intelligence Network Security Technology and Response Gary Kevelson Global Manager Symantec Cyber Threat Analysis Program Andrew J. Rogers Cyber Threat Analyst Symantec Cyber Threat Analysis Program Joseph Blackbird Threat Analyst Symantec Security Response Mo King Low Threat Analyst Security Technology and Response Teo Adams Threat Analyst Security Technology and Response David McKinney Threat Analyst Security Technology and Response Stephen Entwisle Threat Analyst Security Technology and Response Marika Pauls Laucht Threat Analyst Security Technology and Response Greg Ahmad Threat Analyst Security Technology and Response Darren Kemp Threat Analyst Security Technology and Response Ashif Samnani Threat Analyst Security Technology and Response Volume XIV, Published April 2009 Symantec Government Internet Security Threat Report Contents Introduction ...............................................................................4 Executive Summary . 5 Highlights ............................................................................... 11 Threat Activity Trends . 14 Malicious Code Trends .................................................................... 43 Phishing,
    [Show full text]
  • The IT Security Situation in Germany in 2011
    The IT Security Situation in Germany in 2011 Federal Office for Information Security www.bsi.bund.de IT SECURITY STATUS REPORT 2011 | CONteNts 2 IT SECURITY STATUS REPORT 2011 | CONteNts Contents Preface 5 Overview 6 1 Security Vulnerabilities 8 2 Drive-By Exploits 11 3 Botnets 14 4 Spam 17 5 Identity Theft and Identity Fraud 21 6 Malware 24 7 Stuxnet 28 8 Domain Name System and Routing 30 9 Mobile Communication 33 10 Cloud Computing 38 11 Smart Grid / Smart Meter 40 Conclusion 42 BSI – Focusing on IT Security 43 Bibliography 46 List of Illustrations 47 3 IT SECURITY STATUS REPORT 2011 | PreFace 4 IT SECURITY STATUS REPORT 2011 | PreFace Preface The opportunities offered by present-day IT in both our private and professional lives are many and varied. Just as many and varied, however, are the risks we face as we in- creasingly shift our business transactions and social interaction into the virtual world. For attackers also keep tabs on developments and are constantly working out sophisti- cated ways of staying one step ahead of their potential victims. Authors of malware are using ever more diverse technical measures to make their programs harder to detect or Michael Hange analyze. For example, there is malware out there that can scan its target system to pick President of the Federal Office for Information up on features of an analysis environment. If it detects any, it will stop trying to infect Security the system. This makes it harder for specialists to analyze the program. It also increases the demands on users; it is becoming more crucial for them to play an active role than ever before.
    [Show full text]
  • SHS Branding LAUNCH
    MESSAGELABS INTELLIGENCE MESSAGELABS INTELLIGENCE MARCH 2010 The Nature of Cyber Espionage; Most Malicious File Types Identified and Encrypted Spam from Rustock Welcome to the March edition of the MessageLabs Intelligence monthly report. This report provides the latest threat trends for March 2010 to keep you informed regarding the ongoing fight against viruses, spam and other unwelcome content. REPORT HIGHLIGHTS Spam – 90.7% in March (an increase of 1.4 percentage points since February) Viruses – One in 358.3 emails in March contained malware (a decrease of 0.05 percentage points since February) Phishing – One in 513.7 emails comprised a phishing attack (a decrease of 0.02 percentage points since February) Malicious websites – 1,919 websites blocked per day (a decrease of 61.6% since February) 39.9% of all malicious domains blocked were new in March (a decrease of 4.8 percentage points since February) 14.9% of all web-based malware blocked was new in March (an increase of 1.6 percentage points since February) The nature of industrial espionage and targeted attacks Understanding the most frequently targeted job roles in targeted attacks Death by a thousand cuts: Rustock botnet sends more encrypted spam REPORT ANALYSIS The nature of industrial espionage and targeted attacks The ultimate aim of a targeted attack is to gain access to sensitive data or internal systems by targeting specific individuals or companies. They are sent in relatively small volumes compared with spam and phishing emails, for example, but are one of the most damaging email threats. Any organization that possesses sensitive and valuable data can be an attractive target.
    [Show full text]