DOCSLIB.ORG

Symantec Global Internet Security Threat Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

INTERNET SECURITY THREAT REPORT 2011 Trends Volume 17 Published April 2012 INTERNET SECURITY THREAT REPORT Paul Wood Mathew Nisbet Executive Editor Malware Data Analyst Manager, Cyber Security Intelligence Security Technology and Response Security Technology and Response Nicholas Johnston Gerry Egan Sr. Software Engineer Sr. Director, Product Management Security Technology and Response Security Technology and Response Bhaskar Krishnappa Kevin Haley Sr. Software Engineer Director, Product Management Security Technology and Response Security Technology and Response Irfan Asrar Tuan-Khanh Tran Security Response Manager Group Product Manager Security Technology and Response Security Technology and Response Sean Hittel Orla Cox Principal Software Engineer Sr. Manager, Security Operations Security Technology and Response Security Technology and Response Eric Chien Hon Lau Technical Director Manager, Development Security Technology and Response Security Technology and Response Eric Park Candid Wueest Sr. Business Intelligence Analyst Principal Software Engineer Anti-Spam Engineering Security Technology and Response Mathew Maniyara David McKinney Security Response Analyst Principal Threat Analyst Anti-Fraud Response Security Technology and Response Olivier Thonnard Tony Millington Sr. Research Engineer Associate Software Engineer Symantec Research Laboratories Security Technology and Response Pierre-Antoine Vervier Benjamin Nahorney Network Systems Engineer Senior Information Developer Symantec Research Laboratories Security Technology and Response Martin Lee Joanne Mulcahy Sr. Security Analyst Technical Product Manager Symantec.cloud Security Technology and Response Daren Lewis John Harrison Principal Strategic Planning Specialst Group Product Manager Symantec.cloud Security Technology and Response Scott Wallace Thomas Parsons Sr. Graphic Designer Director, Development Security Technology and Response Andrew Watson Sr. Software Engineer Security Technology and Response 2 Symantec Corporation INTERNET SECURITY THREAT REPORT TABLE OF CONTENTS Introduction ..........................................................5 Consumerization And Mobile Computing: Balancing The Risks 2011 By Month ....................................................6 And Benefits In The Cloud .......................25 Risks With ‘Bring Your Own Device’ .......................25 ............................................... 2011 In Numbers 9 Threats Against Mobile Devices .............................25 Consumerization Of It And Cloud Computing .....26 Executive Summary .....................................12 Quick Response (QR) codes ....................................27 What Mobile Malware Does With Your Phone .....27 Confidence In The Cloud: Balancing Risks �����������28 Safeguarding Secrets: Industrial Espionage In Cyberspace ���������������������������������������������������14 Spam Activity Trends ..................................29 Spam In 2011 ............................................................ Cyber-Espionage In 2011 ........................................14 29 Impact Of Botnets On Spam ................................... Advanced Persistent Threats ..................................15 30 The Changing Face Of Spam ................................... Targeted Attacks .......................................................16 30 URL Shortening And Spam ...................................... Case Study .................................................................16 31 Where Attacks Come From ��������������������������������������19 Malicious Code Trends ...............................32 Against The Breach: Malware In 2011 .......................................................32 Securing Trust Website Malware .......................................................33 And Data Protection ....................................20 Email-Borne Malware ...............................................34 Data Breaches In 2011 ............................................21 Border Gateway Protocol (BGP) Hijacking .........................................................35 Certificate Authorities Under Attack .....................23 Polymorphic Threats ................................................35 Building Trust And Securing The Weakest Links ....................................................24 Dangerous Web Sites ...............................................36 Exploiting The Web: Attack Toolkits, Rootkits And Social Networking Threats ..............37 Macs Are Not Immune ..............................................38 Rootkits .......................................................................39 Social Media Threats ������������������������������������������������39 Symantec Corporation 3 INTERNET SECURITY THREAT REPORT Closing The Window Best Practice Guidelines Of Vulnerability: Exploits For Businesses .................................................44 And Zero-Day Attacks .................................40 Number Of Vulnerabilities ......................................40 Best Practice Guidelines Weaknesses in Critical For Consumers ................................................46 Infrastructure Systems ............................................41 Old Vulnerabilities Are Still Under Attack ............41 Web Browser Vulnerabilities ..................................41 More Information ..........................................48 New Zero-day Vulnerabilities Create Big Risks .......................................................42 About Symantec ..............................................48 Conclusion: What’s Ahead In 2012 .................................43 Endnotes ...............................................................49 FIGURES Figure 1 Figure 10 Targeted Attacks Trend Showing Average Key Functionality Of Mobile Risks..................................27 Number Of Attacks Identified Each Month, 2011 .........15 Figure 11 Figure 2 Percentage Of Email Identified As Spam, 2011 ............30 Targeted Email Attacks, By Top-Ten Industry Sectors, 2011 ��������������������������������16 Figure 12 Top Ten Spam Email Categories, 2010-2011 ................31 Figure 3 Attacks By Size Of Targeted Organization ....................17 Figure 13 Average Number Of Malicious Web Sites Figure 4 Identified Per Day, 2011 ................................................33 Analysis Of Job Functions Of Recipients Being Targeted .........................................18 Figure 14 Ratio Of Malware In Email Traffic, 2011 ........................34 Figure 5 Geographical Locations Figure 15 Of Attackers’ IP Addresses ���������������������������������������������19 Rise In Email-Borne Bredolab Polymorphic Malware Attacks Per Month, 2011 ................................35 Figure 6 Timeline Of Data Breaches Figure 16 Showing Identities Breached In 2011 ............................21 Most Dangerous Web Site Categories, 2011 .................36 Figure 7 Figure 17 Top-Ten Sectors Macdefender Trojan Screenshot ������������������������������������38 By Number Of Data Breaches, 2011 ������������������������������22 Figure 18 Figure 8 Total Number Of Vulnerabilities Identified, Top-Ten Sectors 2006-2011 .....................................................................40 By Number Of Identities Exposed, 2011 ........................22 Figure 19 Figure 9 Browser Vulnerabilities In 2010 And 2011 ...................41 Total Mobile Malware Family Count 2010-2012 ...........26 Figure 20 Web Browser Plug-In Vulnerabilities .............................42 4 Symantec Corporation INTERNET SECURITY THREAT REPORT Introduction ymantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global SIntelligence Network, which is made up of more than 64.6 million attack sensors and records thousands of events per second. This network monitors attack activity in more than 200 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, and other third-party data sources. In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 47,662 recorded vulnerabilities (spanning more than two decades) from over 15,967 vendors representing over 40,006 products. Spam, phishing and malware data is captured through a variety of sources, including the Symantec Probe Network, a system of more than 5 million decoy accounts; Symantec.cloud and a number of other Symantec security technologies. Skeptic™, the Symantec.cloud proprietary heuristic technology is able to detect new and sophisticated targeted threats before reaching customers’ networks. Over 8 billion email messages and more than 1.4 billion Web requests are processed each day across 15 data centers. Symantec also gathers phishing information through an extensive antifraud community of enterprises, security vendors, and more than 50 million consumers. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises and consumers the essential information to secure their systems effectively now and into the future. Symantec Corporation 5 INTERNET SECURITY THREAT REPORT 2011 BY MONTH MOBILE BOTNET THREAT SPAM SOCIAL HACKS
Recommended publications
  • ASEC REPORT Malicious Code Trend 5 6 Vol.17 Security Trend Web Security Trend

    ASEC REPORT Malicious Code Trend 5 6 Vol.17 Security Trend Web Security Trend

    Disclosure to or reproduction for others without the specific written authorization of AhnLab is prohibited. ASEC Copyright (c) AhnLab, Inc. All rights reserved. REPORT VOL.17 | 2011.6 AhnLab Monthly Security Report AhnLab ASEC (AhnLab Security Emergency Response Center) is a Security global security response group consisting of virus analysts and CONTENTS Emergency security experts. This monthly report is published by ASEC, response and it focuses on the most significant security threats and the latest security technologies to guard against these threats. For 01. Malicious Code Trend 02. Security Trend Center further information about this report, please refer to AhnLab, a. Malicious Code Statistics 05 a. Security Statistics 14 Inc.’s homepage (www.ahnlab.com). - Top 20 Malicious Code Reports - Microsoft Security Updates- May 2011 - Top 20 Malicious Code Variant Reports b. Malicious Code Issues 16 - Breakdown of Primary Malicious Code Types - Comparison of Malicious Codes with - Zeus Source Code Leaked and Spyeye Trend Previous Month - Coreflood, a Banking Trojan - Monthly Malicious Code Reports - Online Banking Hacking Scam - Top 20 New Malicious Code Reports - Breakdown of New Malicious Code Types 03. Web Security Trend b. Malicious Code Issues 10 a. Web Security Statistics 17 - 'Dislike' Button Scam - Web Security Summary - AntiVirus AntiSpyware 2011 Scam - Monthly Blocked Malicious URLs - Scam Emails From Bobijou Inc. - Monthly Reported Types of Malicious Code - Spam Promising Nude Photo Spreads Malware - Monthly Domains with Malicious Code - Osama Bin Laden Themed Malware - Monthly URLs with Malicious Code - Distribution of Malicious Codes by Type - Top 10 Distributed Malicious Codes b. Web Security Issues 20 - May 2011 Malicious Code Intrusion: Website ASEC REPORT Malicious Code Trend 5 6 Vol.17 Security Trend Web Security Trend 01.
  • Homeland Threats and Agency Responses”

    Homeland Threats and Agency Responses”

    STATEMENT OF ROBERT S. MUELLER, III DIRECTOR FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE AT A HEARING ENTITLED “HOMELAND THREATS AND AGENCY RESPONSES” PRESENTED SEPTEMBER 19, 2012 Statement of Robert S. Mueller, III Director Federal Bureau of Investigation Before the Committee on Homeland Security and Governmental Affairs United States Senate At a Hearing Entitled “Homeland Threats and Agency Responses” Presented September 19, 2012 Good morning, Chairman Lieberman, Ranking Member Collins, and Members of the Committee. Thank you for the opportunity to appear before the Committee today and for your continued support of the men and women of the FBI. As you know, the Bureau has undergone unprecedented transformation in recent years. Since the attacks of September 11th, we have refocused our efforts to address and prevent emerging terrorist threats. The terrorist threat is more diverse than it was 11 years ago, but today, we in the FBI are better prepared to meet that threat. We also face increasingly complex threats to our nation’s cyber security. Nation-state actors, sophisticated organized crime groups, and hackers for hire are stealing trade secrets and valuable research from America’s companies, universities, and government agencies. Cyber threats also pose a significant risk to our nation’s critical infrastructure. As these threats continue to evolve, so too must the FBI change to counter those threats. We must continue to build partnerships with our law enforcement and private sector partners, as well as the communities we serve. Above all, we must remain firmly committed to carrying out our mission while protecting the civil rights and civil liberties of the people we serve.
  • RSA-512 Certificates Abused in the Wild

    RSA-512 Certificates Abused in the Wild

    RSA-512 Certificates abused in the wild During recent weeks we have observed several interesting publications which have a direct relation to an investigation we worked on recently. On one hand there was a Certificate Authority being revoked by Mozilla, Microsoft and Google (Chrome), on the other hand there was the disclosure of a malware attack by Mikko Hypponen (FSecure) using a government issued certificate signed by the same Certificate Authority. That case however is not self-contained and a whole range of malicious software had been signed with valid certificates. The malicious software involved was used in targeted attacks focused on governments, political organizations and the defense industry. The big question is of course, what happened, and how did the attackers obtain access to these certificates? We will explain here in detail how the attackers have used known techniques to bypass the Microsoft Windows code signing security model. Recently Mikko Hypponen wrote a blog on the F-Secure weblog (http://www.f-secure.com/weblog/archives/00002269.html) detailing the discovery of a certificate used to sign in the wild malware. Specifically this malware was embedded in a PDF exploit and shipped in August 2011. Initially Mikko also believed the certificate was stolen, as that is very common in these days, with a large amount of malware families having support, or optional support, for stealing certificates from the infected system. Apparently someone Mikko spoke to mentioned something along the lines that it had been stolen a long time ago. During the GovCert.nl symposium Mikko mentioned the certificate again, but now he mentioned that according to the people involved with investigating the case in Malaysia it likely wasn't stolen.
  • Sample Iis Publication Page

    Sample Iis Publication Page

    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
  • Bakalářská Práce 2013

    Bakalářská Práce 2013

    Masarykova univerzita Filozofická fakulta Ústav české literatury a knihovnictví Kabinet informa čních studií a knihovnictví Bakalá řská diplomová práce 2013 Alena Brožová Masarykova univerzita Filozofická fakulta Kabinet informa čních studií a knihovnictví Informa ční studia a knihovnictví Alena Brožová AntiSec: hacktivistická kampa ň za svobodu na internetu Bakalá řská diplomová práce Vedoucí práce: PhDr. Pavla Ková řová 2013 Prohlašuji, že jsem diplomovou práci vypracovala samostatn ě s využitím uvedených pramen ů a literatury. …………………………………………….. Podpis autora práce Zde bych cht ěla pod ěkovat vedoucí práce PhDr. Pavle Ková řové za pomoc a cenné rady v pr ůběhu tvorby bakalá řské diplomové práce. Bibliografický záznam BROŽOVÁ, Alena. AntiSec: hacktivistická kampa ň za svobodu na internetu . Brno: Masarykova univerzita, Filozofická fakulta, Ústav české literatury a knihovnictví, Kabinet informa čních studií a knihovnictví, 2013, 59 s. Vedoucí bakalá řské práce PhDr. Pavla Ková řová. Anotace Bakalá řská diplomová práce „AntiSec: hacktivistická kampa ň za svobodu na internetu“ se zabývá hackerskými útoky v rámci operace AntiSec, které byly uskute čněny pod záštitou propagace svobodného internetu, svobody informací a svobody projevu. Práce se zabývá etickou oprávn ěností provedení útok ů v souvislosti s pravidly definovaných etických teorií a kodex ů. Pro toto hodnocení jsou využity principy dimenzionální analýzy. Výsledkem práce je souhrn informací o prob ěhnuté operaci s důrazem na eti čnost provedených útok ů. Annotation Bachelor thesis „AntiSec: hacktivism campaign for freedom on the internet“ deals with hacker attacks in Operation AntiSec which were made under the auspices of promoting free internet, freedom of information and freedom of expression. The work deals with the ethical legitimacy of carrying out attacks in relation to the rules of defined ethical theories and codes.
  • Pirates of the Isps: Tactics for Turning Online Crooks Into International Pariahs

    Pirates of the Isps: Tactics for Turning Online Crooks Into International Pariahs

    21st CENTURY DEFENSE INITIATIVE CyBER SECuRITy #1 July 2011 Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Noah Shachtman 1775 Massachusetts Ave., NW Washington, D.C. 20036 brookings.edu Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Noah Shachtman CyberSeCurity #1 July 2011 21st CENTURY DEFENSE INITIATIVE Acknowledgements every research paper is a group effort, no mat- My Wired.com colleagues—ryan Singel, kevin ter what it says on the byline. this project relied Poulsen, kim Zetter and David kravets—cover more on outside assistance than most. brookings the cybersecurity beat better than anyone. this Senior fellows Peter Singer and ken lieberthal paper would have been impossible without them, were the ones who convinced me to explore the and without brian krebs, master investigator of broad topic of cybersecurity. the panel they as- the online underworld. sembled gave me new insight with every meeting; my colleague allan friedman was an especially bill Woodcock, rick Wesson, Jeff Cooper, tyler invaluable tutor and remarkably generous with Moore, audrey Plonk, Jim lewis, Dmitri alpero- his time. heather Messera and robert o’brien vitch, Paul Nicholas, Jessica herrera-flannigan, provided important research and logistical sup- Jart armin, richard bejtlich, Steve Schleien, Jona- port. My research assistant, adam rawnsley, was than Zittrain and many, many others steered me tireless in his exploration of the minutiae of ev- away from my worst ideas and towards those few erything from tort law to pirate havens. not-so-bad ones. for that, i am deeply in their debt. brookings recognizes that the value it provides to any supporter is in its absolute commitment to quality, independence and impact.
  • Forensics 2Ème Partie

    Forensics 2Ème Partie

    actu l’ACTUSÉCU est un magazine numérique rédigé et éditésécu par les consultants du cabinet de conseil XMCO 34MAI 2013 SPÉCIAL INVESTIGATIONS Forensics 2ème partie Investigations Forensics Les étapes et réflexes essentiels pour la réalisation d’une mission forensics. APT1 Résumé et analyse de l’étude menée par Mandiant. Conférences BlackHat, JSSI et HITB. Actualité du moment Analyses du malware Dervec, de la vulnérabilité Java (CVE-2013-0422) et des at- - taques 0day ciblant ColdFusion. buildscharac Et toujours… les logiciels et nos Twitter favoris ! 1 Ce document est la propriété du cabinet XMCO. Toute reproduction est strictement interdite. ® we deliver security expertise www.xmco.fr 2 Ce document est la propriété du cabinet XMCO. Toute reproduction est strictement interdite. édito MAI 2013 [ 45 millions de dollars.... 5 millions chacun ] Ils sont neuf. Ils ont agi dans 27 pays et sont allés jusqu’à retirer 2,4 millions dans des distributeurs automatiques de billets : plus de 40 000 retraits en espèces !!! Bref, un job à plein temps, particulièrement bien rémunéré, mais qui comporte quand même quelques risques... Voici, en synthèse, la news qui est tombée le 10 mai 2013. Comment ne pas la reprendre dans le deuxième numéro de l’ActuSécu consacré au Forensic ? Attention, n’y voyez aucune espèce d’opération marketing conjointe : nous n’avons pas mandaté ces cybercriminels pour promouvoir l’activité de recherche de preuve ! Plusieurs anomalies, dont cette phrase, se trouvent dans cet édito. J’ai fait cela parce que personne ne fait jamais aucun retour sur mon unique contribution à notre magazine. Mais il faut bien admettre que cette information vient confirmer un phénomène de plus en plus constaté : la reconversion d’une partie de la criminalité vers la cybercriminalité.
  • An Interdisciplinary Introduction

    An Interdisciplinary Introduction

    Index # See OMB and, 82, 83–84 2-factor authentication, 57, 295, 296 Paperwork Reduction Act, 82 9/11/2001. September 11, 2001 supply chain security, 166, 170 60-Day Cyberspace Policy Review, 100–101, 130, 259 active responses to threats, 207–208, 237–238 256-bit encryption, 193 acts of law, 263 300A and 300B reports, 170 actual cost (AC), 152–154, 156, 299–300, 302 414s (hackers), 6 ACWP (actual cost of work performed), 152 1930s IT infrastructure, 185 “adequate security,” 171 1940s IT infrastructure, 75 Administrative Procedure Act (APA), 266 1950s IT infrastructure, 75–76, 185¬ advanced notices of proposed rulemaking (ANPR), 260, 1960s cybersecurity issues, 4, 76–77, 95 266 1970s cybersecurity issues, 5, 179 advanced persistent threats (APTs), 203–204, 276,- 277 1980s cybersecurity issues, 4–9, 77–81, 82, 185 Advanced Research Projects Agency (ARPA), 4 1990s cybersecurity issues, 9, 81–90, 223–225, 276 Advanced Research Projects Agency Network (AR 2000s cybersecurity issues, 9, 89, 90–101, 220, 276 agenciesPANET), 4, 179 A2010s cybersecurity issues, 10, 101–104, 221–222, 276 African Network Information Centre (AfriNIC), 278 A circulars. See under civilian.audits, 241 See civilian agencies OMB budgets, 260 AC (actual cost), 152–154, 156, 299–300, 302 acceptable levels of risk, 36 classified/unclassified protective markings, 79 acceptable quality level (AQL), 145 compliance standards, 168–169 accepting risks, 16, 20, 22, 60–61 creation of, 266 access codes, 236 cybersecurity policy role, 69–70 access points, 233, 258 Federal Register rules publication, 260 accessibility of systems intelligence.FISMA requirements, See intelligence 97–98, agencies 171 corporate systems, 233 impact on projects, 123 health care systems, 224 military.
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
  • TLS Attacks & DNS Security

    TLS Attacks & DNS Security

    IAIK TLS Attacks & DNS Security Information Security 2019 Johannes Feichtner [email protected] IAIK Outline TCP / IP Model ● Browser Issues Application SSLStrip Transport MITM Attack revisited Network Link layer ● PKI Attacks (Ethernet, WLAN, LTE…) Weaknesses HTTP TLS / SSL FLAME FTP DNS Telnet SSH ● Implementation Attacks ... ● Protocol Attacks ● DNS Security IAIK Review: TLS Services All applications running TLS are provided with three essential services Authentication HTTPS FTPS Verify identity of client and server SMTPS ... Data Integrity Detect message tampering and forgery, TLS e.g. malicious Man-in-the-middle TCP IP Encryption Ensure privacy of exchanged communication Note: Technically, not all services are required to be used Can raise risk for security issues! IAIK Review: TLS Handshake RFC 5246 = Establish parameters for cryptographically secure data channel Full handshake Client Server scenario! Optional: ClientHello 1 Only with ServerHello Client TLS! Certificate 2 ServerKeyExchange Certificate CertificateRequest ClientKeyExchange ServerHelloDone CertificateVerify 3 ChangeCipherSpec Finished ChangeCipherSpec 4 Finished Application Data Application Data IAIK Review: Certificates Source: http://goo.gl/4qYsPz ● Certificate Authority (CA) = Third party, trusted by both the subject (owner) of the certificate and the party (site) relying upon the certificate ● Browsers ship with set of > 130 trust stores (root CAs) IAIK Browser Issues Overview Focus: Relationship between TLS and HTTP Problem? ● Attacker wants to access encrypted data ● Browsers also have to deal with legacy websites Enforcing max. security level would „break“ connectivity to many sites Attack Vectors ● SSLStrip ● MITM Attack …and somehow related: Cookie Stealing due to absent „Secure“ flag… IAIK Review: ARP Poisoning How? Attacker a) Join WLAN, ● Sniff data start ARP Poisoning ● Manipulate data b) Create own AP ● Attack HTTPS connections E.g.
  • Web and Mobile Security

    Web and Mobile Security

    Cyber Security Body of Knowledge: Web and Mobile Security Sergio Maffeis Imperial College London bristol.ac.uk © Crown Copyright, The National Cyber Security Centre 2021. This information is licensed under the Open Government Licence v3.0. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open- government-licence/. When you use this information under the Open Government Licence, you should include the following attribution: CyBOK Web & Mobile Security Knowledge Area Issue 1.0 © Crown Copyright, The National Cyber Security Centre 2021, licensed under the Open Government Licence http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at [email protected] to let the project know how they are using CyBOK. bristol.ac.uk Web & Mobile Security KA • This webinar covers and complements selected topics from the “Web & Mobile Security Knowledge Area - Issue 1.0” document [WMS-KA for short] • “The purpose of this Knowledge Area is to provide an overview of security mechanisms, attacks and defences in modern web and mobile ecosystems.” • We assume basic knowledge of the web and mobile platforms – The WMS-KA also covers some of the basic concepts assumed here Web and Mobile Security 3 Scope • The focus of WMS-KA is on the intersection of mobile and web security, as a result of recent appification and webification trends. – The KA does not cover specific mobile-only aspects including mobile networks, mobile malware, side channels.
  • Reporting, and General Mentions Seem to Be in Decline

    Reporting, and General Mentions Seem to Be in Decline

    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.