![Page 1: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/1.jpg)
![Page 2: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/2.jpg)
Paul Henry Paul ZimskiRichard Stiennon
Author and Security Industry Expert, IT-Harvest
Security and Forensics Analyst, Lumension
VP, Solution Marketing, Lumension
![Page 3: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/3.jpg)
State Sponsored Malware is Officially Out of the Shadows
Google begins alerting Gmail users to 'state-sponsored' attacks.
Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.
![Page 4: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/4.jpg)
…did we get to the point where your online email provider specifically warns users of state- sponsored attacks?
HOW…
![Page 5: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/5.jpg)
…a little history.
FIRST…
![Page 6: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/6.jpg)
How Big a Problem is Weaponized Malware?Scale vs. Real World Malware
![Page 7: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/7.jpg)
Event Timeline: Stuxnet
• Publically disclosed 13 months after the first attack against Iran• Designed to sabotage Iranian nuclear refinement plants• Stuxnet attacked Windows systems using an unprecedented four zero-day attacks• First to include a programmable logic controller (PLC) rootkit • Has a valid, but abused digital signature• Payload targeted only Siemens supervisory control and data acquisition (SCADA) systems
2009.06: STUXNET
![Page 8: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/8.jpg)
Event Timeline: Duqu
• Considered to be “next generation Stuxnet” • Believed that Duqu was created by the same authors as Stuxnet• Exploits zero-day Windows kernel vulnerabilities• Components are signed with stolen digital keys• Highly targeted and related to the nuclear program of Iran• Designed to capture information such as keystrokes and system information• Central command and control with modular payload delivery – also capable of attacking
2009.06: STUXNET
2010.09: DUQU
![Page 9: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/9.jpg)
Event Timeline: Flame
• Designed for targeted cyber espionage against Middle Eastern countries• Spreads to systems over a local network (LAN) or via USB stick• Creates Bluetooth beacons to steal data from nearby devices• Most complex malware ever found• “Collision" attack on the MD5 algorithm – to create fraudulent Microsoft digital certificates• Utilized multiple zero day exploits
2009.06: STUXNET
2010.09: DUQU
2011.05: FLAME
![Page 10: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/10.jpg)
millions of malware signatures discovered in the last year
Weaponized Malware: Scale vs. Real World Malware
![Page 11: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/11.jpg)
Weaponized Malware: Scale vs. Real World Malware
only a handful of known malware has ever been weaponized
![Page 12: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/12.jpg)
Weaponized vs. General Malware
First, let’s take a look at where we’ve come from. Even the oldest remote access Trojans had convenient surveillance options such as rerecording the victim’s key strokes, turning on the microphone, capturing screens, etc.
All in easy point-and-click interfaces. Anti-virus evasion was trivial through The use of executable “packers” to randomize signatures:
Sub7: 1999Back Orifice: 1998 NetBus: 1998
![Page 13: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/13.jpg)
Weaponized - What’s Different?
Development
• Nation-States
• Truly customized payloads
![Page 14: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/14.jpg)
Weaponized - What’s Different?
Development Delivery
• Nation-States
• Truly customized payloads
• Zero day propagation
• Multi-vectored: Blue tooth, USB, network
![Page 15: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/15.jpg)
Weaponized - What’s Different?
Development Delivery Detection
• Nation-States
• Truly customized payloads
• Zero day propagation
• Multi-vectored: Blue tooth, USB, network
• Digitally signed with compromised certificates
• Outbound ex-filtration masking
![Page 16: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/16.jpg)
Weaponized - What’s Different?
Development Delivery Detection Command & Control
• Nation-States
• Truly customized payloads
• Zero day propagation
• Multi-vectored: Blue tooth, USB, network
• Digitally signed with compromised certificates
• Outbound ex-filtration masking
• Central command
• Modular payloads
![Page 17: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/17.jpg)
Weaponized - What’s Different?
Development Delivery Detection Command & Control Intent
• Nation-States
• Truly customized payloads
• Zero day propagation
• Multi-vectored: Blue tooth, USB, network
• Digitally signed with compromised certificates
• Outbound ex-filtration masking
• Central command
• Modular payloads
• Surveillance
• Disrupt / Destroy
![Page 18: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/18.jpg)
…should the enterprise care?
WHY…
![Page 19: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/19.jpg)
Why Should the Enterprise Care?
Retaliation RiskUS Admits Stuxnet - expect increasing retaliation risk against sensitive economic and infrastructure assets
![Page 20: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/20.jpg)
Why Should the Enterprise Care?
Collateral DamageLoss of control of weaponized malware in (once weaponized malware is released control is effectively lost) – being exposed to accidentally spreading malware (Stuxnet was discovered after it escaped its targeted environment and started spreading)
![Page 21: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/21.jpg)
Why Should the Enterprise Care?
Adaptation by Cyber CriminalsTargeted attacks on sensitive information
Variants of Stuxnet already seen
![Page 22: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/22.jpg)
What Should The Enterprise Do?
Know Where the Risk Is / Endpoint Not Gateway
Every endpoint is an enterprise of ONE.
Need to have autonomous protection.
Need to have a layered approach.
![Page 23: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/23.jpg)
Patch and Configuration ManagementControl the Vulnerability Landscape
Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches.
Deploy Defense in Depth Strategy
![Page 24: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/24.jpg)
Patch and Configuration ManagementControl the Vulnerability Landscape
Application ControlControl the Grey
Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches.
Deploy Defense in Depth Strategy
![Page 25: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/25.jpg)
Patch and Configuration ManagementControl the Vulnerability Landscape
Application ControlControl the Grey
Hard Drive and Media EncryptionControl the Data
Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches.
Deploy Defense in Depth Strategy
![Page 26: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/26.jpg)
Patch and Configuration ManagementControl the Vulnerability Landscape
Application ControlControl the Grey
Device ControlControl the Flow
Hard Drive and Media EncryptionControl the Data
Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches.
Deploy Defense in Depth Strategy
![Page 27: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/27.jpg)
Patch and Configuration ManagementControl the Vulnerability Landscape
Application ControlControl the Grey
Device ControlControl the Flow
AVControl the Known
Hard Drive and Media EncryptionControl the Data
Successful risk mitigation relies and solid vulnerability management foundations, together with layered defenses beyond traditional black-list approaches.
Deploy Defense in Depth Strategy
![Page 28: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/28.jpg)
Start Managing Risk
28
Business Interests
Compliance Controls
Assessment
Risk Management
![Page 29: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/29.jpg)
Employee Education
Often the first and last
line of defense.
lumension.com/how-to-stay-safe-online
![Page 30: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/30.jpg)
Learn More
Quantify Your IT Risk with Free
Scanners
Watch the On-Demand Demos
Get a Free Trial
![Page 31: Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?](https://reader033.vdocuments.us/reader033/viewer/2022052822/554fb216b4c9057b298b5172/html5/thumbnails/31.jpg)
Summary
Weaponized malware is a legitimate threat however the “sky is not falling”.
Understand the risk and implement technologies, process and people to mitigate.