April 2016 Volume 14 Issue 4 Protecting against Tomorrow’s Malware Attacks Today The Rise of Malicious Documents The Practice of Malware Protection for Commercial Banking The Hotel Industry Has a PoS Malware Problem Evolving Ransomware Crypto lockerRANSOMWARE MALWARE THREAT EVOLUTION Table of Contents DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY Feature 14 CryptoLocker By Carl Saiyed – ISSA member, Greater Spokane Chapter This article discusses CryptoLocker ransomware, how it works, how it happens, and most importantly what enterprises can do to protect themselves above and beyond IDS/IPS and antivirus systems. Articles 28 The Practice of Malware Protection for 19 Protecting against Tomorrow’s Malware Commercial Banking Attacks Today By Sergey Tikhonov and Miroslava Bondarenko – ISSA members, Russia By Guy Bunker – ISSA member, UK Chapter The variety of attacks against enterprise networks This article discusses why cybersecurity organizations is undergoing rapid development. In this article we need to rethink how they protect against the next wave will describe some protection practices performed of malware attacks and information-borne threats. by an in-house information security team in a small 24 The Rise of Malicious Documents commercial bank. By Didier Stevens – ISSA member, Belgian Chapter 37 The Hotel Industry Has a PoS Malware The author discusses the increasing use of embedded Problem active content—macros, scripts, executables—in malicious Office docs and pdfs designed to fly under By Andy Green the radar of email and antivirus scanning tools. Hotels are increasingly becoming victims of point- of-sale data breaches, falling prey to the same PoS malware that have been plaguing big retailers for years. The author discusses ways they should be learning from past mistakes and how to defend going forward. Also in this Issue 39 Evolving Ransomware 3 From the President By Stu Sjouwerman 4 [email protected] This article discusses the proliferation and evolution of new strains of ransomware using social engineering 5 Sabett’s Brief tactics to trick the users. @MalwareThreatEvolutionLawyers 6 Herding Cats Infection 7 Security Awareness A Talk with Bernadette Palmer 8 Security in the News 9 Perspective: Women in Security SIG Malware Evolution and the Cyber Talent Gap 10 Open Forum Internet Balkanization Is Coming 11 Association News 47 Crypto Corner ©2016 Information Systems Security Association, Inc. (ISSA) White-Box Cryptography The ISSA Journal (1949-0550) is published monthly by Information Systems Security Association 12100 Sunset Hills Road, Suite 130, Reston, Virginia 20190 703-234-4082 (direct) • +1 866 349 5818 (USA toll-free) +1 206 388 4584 (International) 2 – ISSA Journal | April 2016 From the President International Board Officers Hello ISSA Members President Andrea C. Hoy, CISM, CISSP, MBA, Andrea Hoy, International President Distinguished Fellow Vice President Justin White Secretary/Director of Operations Anne M. Rogers his month’s Journal is about the Malware CISSP, Fellow Threat Evolution. So what are we as infor- Treasurer/Chief Financial Officer mation security professionals really looking Pamela Fusco Distinguished Fellow Tat as far as malware? We have been told it is esti- mated that by the year 2019, there will be 24.4 billion IP-connected Board of Directors devices and 5.9 billion smartphone connections by 2020. With all Frances “Candy” Alexander, CISSP, CISM, Distinguished Fellow these connections, we are seeing that malware has extended itself Debbie Christofferson, CISM, CISSP, into these data streams at a prolific rate. One antivirus company re- CIPP/IT, Distinguished Fellow ported detecting 84 million samples of new malware in 2015, which Mary Ann Davidson Distinguished Fellow is nine million more than the previous year. It is estimated that the Rhonda Farrell, Fellow total number of malware strains detected globally was 304 million Garrett D. Felix, M.S., CISSP, Fellow with Trojans being the highest, followed by PUPs. Geoff Harris, CISSP, ITPC, BSc, DipEE, CEng, CLAS, Fellow The most interesting statistic, though, was the one I found regarding Alex Wood, Senior Member geographic presence of malware. Being an international association, Keyaan Williams it is interesting to find that on the high end is China for percentage Stefano Zanero, PhD, Fellow of infected computers. Those of you in Finland, Norway, Sweden, and Japan will be happy to hear that you rank amongst the lowest. The Information Systems Security Asso- ciation, Inc. (ISSA)® is a not-for-profit, international organization of information We are now seeing boot-persistent malware that hides in a hard security professionals and practitioners. It drive’s VBR (volume boot record) and that is being used to target provides educational forums, publications and peer interaction opportunities that en- ATMs, banks, credit unions, and financial-sector institutions. This hance the knowledge, skill and professional growth of its members. puts a whole new meaning to putting out the trash...BOOTRASH, With active participation from individuals that is. and chapters all over the world, the ISSA is the largest international, not-for-profit And let’s not forget ransomware! We are seeing encryption technol- association specifically for security pro- fessionals. Members include practitioners ogy being used for nefarious purposes and hackers making money at all levels of the security field in a broad because of the simplicity and anonymity of this attack. range of industries, such as communica- tions, education, healthcare, manufactur- ing, financial, and government. So, there is a lot out there, and I believe this Journal will be an ex- The ISSA international board consists of cellent read. some of the most influential people in the security industry. With an internation- On another note, I’d like to welcome Janice Comer Bradley, our new al communications network developed throughout the industry, the ISSA is fo- Executive Director, to our staff at headquarters. We are excited to cused on maintaining its position as the preeminent trusted global information se- add someone with her vast years of experience in association man- curity community. agement to our team. The primary goal of the ISSA is to promote management practices that will ensure the Moving forward, confidentiality, integrity and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global informa- tion systems security and for the profes- sionals involved. April 2016 | ISSA Journal – 3 [email protected] Malware Threat Evolution – Editor, the ISSA Journal Thom Barrie Editor: Thom Barrie [email protected] “Malware is not a threat as long as it does not exe- Advertising: [email protected] cute,” say Tikhonov and Bondarenko. 866 349 5818 +1 206 388 4584 hough that executables—in Office docs and PDF files Editorial Advisory Board may seem in “The Rise of Malicious Documents.” Phillip Griffin, Fellow overly sim- The question becomes, why do we need Michael Grimaila, Fellow Tplistic, one of the this embedded active content in the first John Jordan, Senior Member threads weaving place? It’s pretty much a major entry through this month’s articles is just that, into the enterprise. If your organization Mollie Krehnke, Fellow with the emphasis on users being social- requires embedded macros and scripts, Joe Malec, Fellow ly engineered to let malicious code past mechanisms should be in place so that Donn Parker, Distinguished Fellow all the enterprise efforts to keep it at bay. users know legitimate senders—back to Kris Tanaka Security awareness plays a part, as do social engineering and awareness. Guy vulnerable apps, but a lot, in fact, “has to Bunker, in “Protecting against Tomor- Joel Weise – Chairman, go wrong for an attack to get through,” row’s Malware Attacks Today,” basically Distinguished Fellow says Stu Sjouwerman in “Evolving Ran- says strip it all out and be done with it. Branden Williams, somware.” He also has some interesting things to Distinguished Fellow say about how social engineers get some Carl Saiyed starts us with in-depth look Services Directory at one ransomware variant, what it is, of their information from metadata in how it does it, and how to defend against documents. Again, Guy’s solution: strip Website it in “CryptoLocker.” I personally find it out from any outward-facing docu- [email protected] this form of cybercriminality especial- ments. End of subject. 866 349 5818 +1 206 388 4584 ly odious, not only because it outright Two articles look at malware from the steals from its victims, but those who do sector perspectives of banking and ho- Chapter Relations not pay the ransom are out all their files, tels. Sergey Tikhonov and Miroslava [email protected] important ones, not-so-important ones, Bondarenko, in “The Practice of Mal- 866 349 5818 +1 206 388 4584 and those with great personal mean- ware Protection for Commercial Bank- ing and attachment. I am reminded of ing,” describe what an in-house securi- Member Relations [email protected] a hard drive that one day just stopped ty team does to protect a small Russian working. I lost a lot of my digital life that commercial bank’s network from Web 866 349 5818 +1 206 388 4584 day. Was it backed up? Not completely. and email attacks. And Andy Green ex- Executive Director Well, that’s one defense against ransom- plores, with amazement, that hotels are [email protected] ware—so do it. Stu Sjouwerman wraps being victimized by some of the same up ransomware with a little history and point-of-sale malware attacks that have 866 349 5818 +1 206 388 4584 a lot of defense. been continuingly making the news with Vendor Relations For the ever-evolving malware delivery big retailers—lessons NOT learned. [email protected] vector, Didier Stevens delves into mali- Good issue; enjoy, 866 349 5818 +1 206 388 4584 cious active content—macros, scripts, —Thom The information and articles in this mag- the best knowledge of the author and the official policy of ISSA.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages48 Page
-
File Size-