webinar: insights from cyren's q3 trend report

April 12, 2023 © 2014 CYREN Confidential and Proprietary

INSIGHTS FROM CYREN'S NEW Q3 TREND REPORT

© 2014 CYREN Confidential and Proprietary2

IN TODAY’S WEBINAR

Apple users targeted

Shellshock

Exploiting tragedy

DNS abuse

Diet spam is good for you

© 2014 CYREN Confidential and Proprietary3

CELEBRITY PHOTO HACK – HOW?

1) Vulnerability in iCloud2) Vulnerability in Find My iPhone3) Phishing4) Brute force password5) Answering password questions6) Using other account data7) 3-6 combined8) One hacker9) A whole bunch of hackers10) Anyone who was at the Golden Globes

© 2014 CYREN Confidential and Proprietary4

MOST LIKELY….

“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find My iPhone.”

Chris Chaney

© 2014 CYREN Confidential and Proprietary5

APPLE PHISHING

ssl.apple.com.update-id…….

© 2014 CYREN Confidential and Proprietary6

POLL – APPLE PHISHING

Have you received an Apple phishing email in the last 2 months?

© 2014 CYREN Confidential and Proprietary7

APPLE LEGITIMATE EMAIL CONFUSION

…. And “free” iPhone 6 offers

....And: OS X bash Update 1.0.....

© 2014 CYREN Confidential and Proprietary8

Shellshock

• Disclosed publicly in late September• Deemed by many as the “world’s most dangerous

Internet security bug.”• Security hole in the Unix/Linux “Bash” Shell,

version 1.0.3.• Completely unnoticed for 21 years• Leaves hundreds of millions of Internet-

connected devices (including servers and computers) vulnerable to hackers

• Hackers began exploiting it almost immediately upon the announcement

• Could have been going on for years

© 2014 CYREN Confidential and Proprietary9

BASH? ENVIRONMENT VARIABLES?

© 2014 CYREN Confidential and Proprietary10

EXAMPLES AND USES

• “Getting shell” on a box has always been a major win for an attacker • Control over the target environment

• Access to internal data• Reconfiguration of environments• Publication of malicious code etc.

• Almost limitless• Readily automatable

Thanks to: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test

http-header = Cookie:() { :; }; ping -c 3 209.xx.230.74

CYREN: Unix/Flooder.AN (CGI attack)

© 2014 CYREN Confidential and Proprietary11

POLL: SHELLSHOCK

What do you think about Shellshock?

© 2014 CYREN Confidential and Proprietary12

EXPLOITING TRAGEDY

© 2014 CYREN Confidential and Proprietary13

MALWARE DOWNLOAD

© 2014 CYREN Confidential and Proprietary14

ADWARE, PUA

…And IS (ISIS)

© 2014 CYREN Confidential and Proprietary15

419

© 2014 CYREN Confidential and Proprietary

MALWARE TRENDS

© 2014 CYREN Confidential and Proprietary17

DUNIHI RAT

• Dunihi is a RAT (Remote Access Tool)• Provides backdoor access to the infected system

• Run a command instructions in command shell• Download and execute files which may include other malware• Update or uninstall a copy of itself• Send a local file for upload• Delete a local file or folder

© 2014 CYREN Confidential and Proprietary18

MICROSOFT VS. HOUDINI

• Microsoft filed civil lawsuit against: • Mohamed Benabdellah• Naser Al Mutairi• U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com)• …”for their roles in creating, controlling, and assisting in infecting millions of

computers with malicious software—harming Microsoft, its customers and the public at large.”

• Bladabindi (NJrat) and Jenxcus (NJw0rm)• Distributed using No-IP domains 93 percent of the time.• Over 8 million infections

© 2014 CYREN Confidential and Proprietary19

DYNAMIC DNS

• For good:• Remote access your computer, DVR,

webcam, security camera or any internet connected device easily

• Dynamic DNS points an easy to remember hostname to your dynamic IP address

• For bad:• Agile evasion technique against IP

blacklisting• Deliver malicious payloads from

constantly-changing hosting IPs• Use randomly-generated disposable

subdomains under the dynamic DNS domain

© 2014 CYREN Confidential and Proprietary20

DNS POISONING

• Attacker exploits a flaw in the DNS software• Data is introduced into a DNS cache database• Causes the DNS to return an incorrect IP address

• Diverting traffic to malicious computer

Customers of ISP redirected to phony banking site

© 2014 CYREN Confidential and Proprietary21

DNS POISONING

You

Hacked DNS (ISP)

Good DNS

Fake site

Real site

www.bdo.com.ph

www.bdo.com.ph

203.177.92.16

87.236.210.114

© 2014 CYREN Confidential and Proprietary22

YOUR DNS PROVIDER

Who do you use as your DNS provider? Google OpenDNS Your ISP Another provider Not sure…

© 2014 CYREN Confidential and Proprietary

SPAM TRENDS

© 2014 CYREN Confidential and Proprietary24

SPAM LEVELS

Daily average of 55 billion, averaged 68%

© 2014 CYREN Confidential and Proprietary25

ZOMBIE COUNTRIES

Russian Federation11.5%

Vietnam11.4%

China9.9%

India9.4%

Iran5.6%Taiwan

4.7%Argentina

3.1%Ukraine

3.0%

United States3.0%

Brazil2.4%

Germany1.8%

Saudi Arabia1.8%

Korea1.6%

Italy1.4%

Thailand1.3%

Others28.0%

© 2014 CYREN Confidential and Proprietary26

SPAM TOPICS

© 2014 CYREN Confidential and Proprietary27

EATING LOW CALORIE SALADS WILL MAKE YOU GAIN WEIGHT…

© 2014 CYREN Confidential and Proprietary

GLOBALVIEW

© 2014 CYREN Confidential and Proprietary29

GLOBALVIEW CLOUD AND PRODUCT FAMILIES

WEB EMAILANTIMALWARECYREN WebSecurityURL-Filtering

MobileSecurityAntiVirus

CYREN EmailSecurityEmail Messaging SuiteAntiSpamOutbound AntiSpamIP ReputationAntiVirus for Email

GlobalViewTM Cloud

© 2014 CYREN Confidential and Proprietary30

We focus on our core competencies so our partners can focus on theirs.

Technical Account ManagersPartner Success Program

COMMITTED TO PARTNER SUCCESS

WHAT MAKES US DIFFERENT

© 2014 CYREN Confidential and Proprietary

© 2014 CYREN Confidential and Proprietary

ANY QUESTIONS?

Test your knowledge on Internet security in our quiz!

http://pages.cyren.com/2014-Q4_Internet-Threats-Quiz.html