Panda Software SecurityCast

Ryan SherstobitoffProduct Technology OfficerPanda Software, USA

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

Malware Trends 2000 - 2007

Payload Vectors

Signs and Symptoms

Malware Trends 2000 – 2007 – Cont.

New and unique samples detected by AV Labs

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

Current Malware Trends & Statistics

• Current situation regarding Malware

• Statistics from Panda Labs

• Change in Malware dynamics

• Effects on the industry & end-users

Current Situation

• Malware is now economically motivated and backed by organized crime and foreign interest.

• The development of highly critical malware such as targeted attacks is also on the rise.

• The level of sophistication behind malware makes it extremely difficult for traditional solutions to detect and remove.

• Creation of Bot-Networks to de-fraud business models and consumers through sophisticated social engineering

Current Malware Trends & Statistics

• Current situation regarding malicious code & vulnerabilities

• Statistics from Panda Labs

• Change in Malware dynamics

• Effects on the industry & end-users

Statistics from Panda Labs

Statistics from Panda Labs – Cont.

Panda Labs Statistics - Cont

Current Malware Trends & Statistics

• Current situation regarding malicious code & vulnerabilities

• Statistics from Panda Labs

• Change in Malware dynamics

• Effects on the industry & end-users

Change in Malware Dynamics

The Dynamics of Malware have changed and the visible front has diminished. The “Silent Epidemic” has emerged.

Worms

Spam

Phishing

Bots

Viruses

Spyware

Targeted Trojans

Rootkits

“Spear Phishing”

Stable Front

Growing Front

Front in Decline

Visibility

Propagation

Current Malware Trends & Statistics

• Current situation regarding malicious code & vulnerabilities

• Statistics from Panda Labs

• Change in Malware dynamics

• Effects on the industry & end-users

Effects on the Industry and End-Users

• Cyber-Criminals have turned to new techniques to stay ahead of the game. Hundreds of new variants of malware are released each month in an attempt to overload the resources at AV research labs.

• Consumers are now the prime target for ID Theft and other on-line fraud.

• Traditional signature based anti-virus solutions have become useless to these new sophisticated attacks.

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

The rise of economically motivated malware

• Overview of crime-ware families

• How bot-nets are used to commit financial fraud

• Sophisticated social engineering tricks used today

• Infection strategies used by hackers

Overview of crime-ware families

• Banking Trojans (Banker.BSX, Banbra variants, Citifraud.a, Crazyfrog.a, Bancos.NL)

• Keyloggers (Banbra, Cimuz)

• Bots (Clickbot.a, Botnet.A)

• Phishing (Barclays, PayPal)

• Targeted Trojans (Israel Case)

Crime-Ware is broken down into several categories

The rise of economically motivated malware

• Overview of crime-ware families

• How bot-nets are used to commit financial fraud

• Sophisticated social engineering tricks used today

• Infection strategies used by hackers

How bot-nets are used to commit financial fraud

• A bot network consists of a “controller” and compromised zombie PCs. There have been cases of bot networks containing up to 1.5 Million zombie PCs like in the Dutch bot-net case.

• The bots that infect systems can perform several actions such as relay spam, launch malware and perform ID theft.

• Some of the common methods for bot infection is through websites that contain exploits and vulnerabilities that actively transmit malware to the PC visiting the site. Components can also be downloaded such as ActiveX controls, etc that will then deal with the rest of the infection process.

• Social engineering techniques also exist to infect systems through Spam, Phishing and other content.

• Once a PC has become infected it can receive remote commands from the “Bot Master” remotely.

How botnets are used to commit financial fraud - Cont

How botnets are used to commit financial fraud - Cont

The rise of economically motivated malware

• Overview of crime-ware families

• How bot-nets are used to commit financial fraud

• Sophisticated social engineering tricks used today

• Infection strategies used by hackers

Sophisticated Social Engineering

Some common sophisticated social engineering techniques are:

• Spear-Phishing and other highly targeted scams

• Spam with exploits

• Phishing emails that direct users to web-sites with hidden Trojans

• Malware through IM channels

The rise of economically motivated malware

• Overview of crime-ware families

• How bot-nets are used to commit financial fraud

• Sophisticated social engineering tricks used today

• Infection strategies used by hackers

Infection strategies used by hackers

Common Infection Strategies used by hackers

• A web-site is physically hacked and seeded with Trojans (i.e. Superbowl website case).

• Phishing emails with exploits

• Malware transmitted through IM channels

• Malware attached to free-ware and share-ware

• Malware in the form of Video Codecs

• Infection through BOT-NETS

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

Understanding your enemy – Targeted attacks

• Overview of Targeted attacks

• The mechanics of Targeted attacks

• What is “Highly Critical” malware

• Some real-world cases

Overview of Targeted Attacks

• Involves “Highly Critical” malware tailored towards attacking a specific target (i.e. Bank Of America)

• Such Malware target a specific set of confidential information to capture and send to a 3rd party

• Targeted attacks always involve a hacker hired to design Malware to bypass specific defenses

• Attacks are very localized; therefore, distribution is limited. In most cases AV labs do not receive a sample which results in no signature file.

• Current security solutions will not detect the Malware because the hacker has tested to ensure it does not.

• Hackers are using sophisticated stealth techniques such as root-kits to hide the presence of malware

Understanding your enemy – Targeted attacks

• Overview of Targeted attacks

• The mechanics of Targeted attacks

• What is “Highly Critical” malware

• Some real-world cases

The Mechanics of a Targeted Attack

Research

Discovers Target

Installs Malware

PC Accesses Database

Credit Card Data Stolen

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

Security 2.0 – Defense Strategies

• Defending against “Highly Critical” malware

• Tracking and defending against botnets

• Protection strategies

Defending against “Highly Critical” Malware

Tracking and defending against bot-nets

Protection Strategies

Agenda

• Current Malware trends and statistics

• The rise of economically motivated malware

• Understanding your enemy – Targeted attacks

• Security 2.0 – Defense Strategies

• Product Solutions

• What is Malware Radar?• Software as a service• Real results obtained in pilot companies• How Malware Radar works

Panda RISK Assessment

It is an automated audit service of the whole network

•On-demand•It can be run locally or remotely•It does not require local installation or uninstallation of current security software

•It is designed to search for and find:1.Any malware on the network

•Malware that goes undetected by traditional protection solutions (highly critical or targeted malware) active or latent, known or unknown

2.Security flaws•Protection: Check the security protection status

•Critical vulnerabilities: Check for critical vulnerabilities exploited by malware (security holes)

•And allows the malware detected to be cleaned (greater protection)

What is Malware Radar?

Malware Radar Foundations

•Proactive approach of the latest generation of the genetic heuristic technologies TruPrevent

•Collective intelligence–Datacenter network of 100 servers–Based on:

•Collection of data from the community.

•Automated data processing

•Release of the knowledge extracted.

New Model: Collective Intelligence

1) Collection of data from the community. The data comes from different sources.

2) Automatic data processing. The system automatically analyzes and classifies the thousands of new samples received every day. To do this, an expert system correlates the data received from the community with PandaLabs’ extensive malware knowledge base.

3) The knowledge extracted is made available to users.

Collective Intelligence

•Initially, through the first Panda product to integrate it: Malware Radar.

–Periodically performing a malware audit along with the PIPS.–In addition to Collective Intelligence, Malware Radar offers other advantages:

•It has more sensitive heuristics, it detects more unknown malware

•It does not rely on the desktop protection being enabled and up-to-date

•It detects malware that other desktop protection does not detect (for example, rootkits)

How do we apply collective intelligence?

Software as a Service

Panda Malware Radar benefits from the software as a service (SaaS) concept

• It does not require specific hardware• It does not require any software to be installed, a web browser is

suffice.• The updates are immediate

– Latest technologies - latest signature file– Latest version of the product without having to worry about

upgrades• The intelligence and the application are in Panda

– Minimum cost to the client

REAL Results of the BETA

All these companies thought

they were protected

How does Malware Radar Work?

Real-time monitoring

RegistryLoginPassword

Choose the PCs that you want to scan

Distribution of a

client

(without installation)

Scan:-searches for all types of malware:-evaluates the protection-detects vulnerabilities

Sends suspicious files to PandaLabs

Online summary

Generates detailed reports and allows disinfection of all malware detected

Reports and disinfection

Conclusion

Ryan SherstobitoffProduct Technology OfficerPanda Software, USA