the threat landscape jan 2013. 2013 threat report 2
TRANSCRIPT
The Threat LandscapeJan 2013
2013 Threat Report
2
4
1. Threat VolumeSophosLabs see 250,000 new files each day
250,000previously unseen files
received each day within SophosLabs
2. The malicious webWeb servers are under constant attack. A new malicious URL every couple of seconds
20-30kmalicious URLs seen each day. This is almost a new
malicious URL every 2 secs
6
3. Professionalism, crimeware‘Monetization’ : the bulk of today’s threats are automated, coordinated & professional
Case study 1: Drive-by downloads
7
Controlling user traffic
• Inject redirects into legitimate sites
Web threats are all about controlling user web traffic
80%of malicious URLs are actually legitimate sites
that have been compromised
It’s all about trafficDistribution of today’s web threats (2012 H1)
Drive-by downloadsCompromising legitimate websites to drive user traffic to malware
Drive-by downloadsCompromising legitimate websites to drive user traffic to malware
Drive-by downloadsCompromising legitimate websites to drive user traffic to malware
“Monetizatio
n”
Drive-by downloadsCompromising legitimate websites to drive user traffic to malware
URL filtering
Content detection
Case study 2: Ransomware
14
RansomwareMulti-lingual!
15
Ransomware
• Malware that locks/encrypts user data• Pay ransom to access files
16
Simple• Password
protected archives
Medium• XOR• shift
Complex• RC4• Public key crypto
Recover data?
Blackhole payloads
Zbot25%
Ransomware18%PWS
12%Sinowal11%
FakeAV11%
Backdoor6%
ZeroAccess6%
Downloader2%
Other9%
Payload distribution (late 2012)
17
Case study 3: Android Threats
18
19
Mobile OS market (US)What will mobile malware target?
Android ApplicationsSignificant growth
2009 2010 2011 20120
100000
200000
300000
400000
500000
600000
700000
800000
Apps available Customer downloads
Android malwareHuge growth in 2012 (x40, just in September!)
21
1000Android samples analyzed
each day within SophosLabs
Android vs PC
22
SophosLabs
23
SophosLabsKey differentiators
24
1. Integrated threat analysis
2. Fast response time
3. Global presence 24/7/365
4. Updates issued from any lab location at any time
5. 100% in-house technology
6. Pre-configured intelligence
Top Facts
25
1,000Android samples analysed
each day within SophosLabs
80%of malicious URLs are actually legitimate sites
that have been compromised
250,000previously unseen files
received each day within SophosLabs
20-30kmalicious URLs seen each day. This is almost a new
malicious URL every 2 secs
Top Facts
26
Mitigating Risks
27
Complete Security Solutions designed to mitigate risks
Questions?
28