1 / 32

Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad

Threats in Cyberspace - 2008. Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad. About me. Founder & CEO Net-Square Solutions. Speaker at Blackhat, RSA, and many international security conferences. Author: Web Hacking – Attacks and Defense (2002)

jon
Télécharger la présentation

Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threats in Cyberspace - 2008 Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad

  2. About me • Founder & CEO Net-Square Solutions. • Speaker at Blackhat, RSA, and many international security conferences. • Author: • Web Hacking – Attacks and Defense (2002) • The Anti-virus book (1996) • MS Computer Science – Purdue University.

  3. Attack trends since 2000 AD • 2000: Networks and OS • 2001: HTTP, DDoS, Worms • 2002: Web apps, email, Worms, Databases • 2003: Apps, Bruteforcing • 2004: Apps, IE, Spyware, Phishing • 2005: Apps, ID thefts, Phishing, Malware • 2006: Large data stores, apps, IDs, etc. • 2007: App worms, Botnets, Pharming

  4. Spam in 2007 • 90-95% of all emails sent were spam. • 13% of users >50 spam emails per day.

  5. Spam in 2007 • Pump-and-dump stock scam. • Image and attachment spam. • surged but died towards the end of 2007. • News topics as subject lines. • Generated through botnets. • Fraud and Phishing.

  6. Breaches in 2007 • TD Ameritrade: 6.3 million customer records. • Monster.com: 1.6 million job seekers' records. • Western Union: 20,000 credit card records. • Illinois Dept of Financial and Professional regulation: 3,00,000 records. • T J Maxx: 45.7 million credit card records. • Moneygram: 79,000 records.

  7. We’ve all been victims of fraud • “I’ve never been to Japan!”

  8. Hacking the Human Mind • Citibank “phishing” scam The email: http://antiphishing.org

  9. Faking a bank • http://www.mycitibank.net/ http://antiphishing.org

  10. Faking a bank • Who is mycitibank.net? Domain Name.......... mycitibank.net Creation Date........ 2004-06-22 Registration Date.... 2004-06-22 Expiry Date.......... 2005-06-22 Organisation Name.... Sharon J Warr Organisation Address. 4 Knotty Pine Place Organisation Address. Texarkana 75503, TX, UNITED STATES

  11. Spyware • “Marketing delivered to your desktops”. • Advertisers pay for targeted advertising. • Adware companies: • 100-200 employees, $50-$200M revenues • How to get into desktops?…

  12. A typical user's desktop

  13. Spyware • Digital Gluttony • “I want to download it all!” • Cater to users’ greed. • MP3s, Videos, Ringtones, Wallpapers, Smileys, Screensavers, Calendars, … • …as long as it is free.

  14. The Spyware/Adware eco-system

  15. Malware example

  16. How do you know what NOT to click?

  17. Malware on the rise • 2005-2006: 172% increase. • 2006-2007: 800% increase. • MPack. • RBN. • Fast-flux Networks. • The Storm Botnet.

  18. MPack • Exploit delivery mechanism. • Updated regularly with 0-day exploits. • IE VML bug. • IE Animated Cursor vulnerability. • QuickTime overflow. • Winzip ActiveX overflow. etc. • PHP based automatic website generator. • Sold for $500-$1000, with auto-exploit-updates.

  19. Botnets • Large number of compromised systems. • Centrally controlled. • Spam marketing. • Identity theft, password theft. • DDoS threats. • Espionage.

  20. Botnet control

  21. The Storm Botnet • P2P controlled – no central "mother ship". • Event based campaigns • 2008 greetings, Thanksgiving/Xmas/Valentines • Operated by the RBN. • Purchase expired domains. • Domains resolve to fast-flux networks. • Continuously changing DNS records. • Point to infected hosts.

  22. The Storm Botnet • A few infected hosts are special • P2P control relays. • DNS servers. • HTTP servers. • Rootkits, malware, hacked sites, etc. • various delivery mechanisms. • Running for more than a year. • We have NOT been able to shut it down.

  23. Growth of the Storm Botnet

  24. Cyber warfare / terrorism?

  25. Cyber warfare / terrorism? • China penetrated key US databases. • Dec 07/Jan 08 power blackouts in Central and South America. • 14 year old boy takes control of Tram network in Poland.

  26. Effectiveness of Anti-Virus software • Makes computers sluggish. • False alarms. • "Most popular brands have an 80% miss rate" – AusCERT. • Heuristic recognition fell from 40-50% (2006) to 20-30% (2007) – HeiseOnline. • Signature based scanning does not work. • AI techniques can be easily beaten.

  27. Security by pop-ups

  28. Web 2.0 attacks • MySpace worm – XSS goes the virus way. • Cross Site Request Forgery. • Predicted rise in Web 2.0 attacks in 2008. • as more generic APIs become popular.

  29. Pharming • Hijacking DNS entries. • www.hsbc.com resolves to fraud site. • DNS server specified in broadband router. • Broadband routers have web administration interfaces. • and are typically on 192.168.1.1 • and have weak passwords: admin/admin. • Malicious sites contain an IFRAME to access web admin interface.

  30. Pharming – Hijacking DNS entries

  31. Resources • 20 Reasons the world hates Norton Antivirus http://www.dtgeeks.com/index.php/blogs/comment/20_reasons_the_world_hates_norton_anti_virus • Antivirus protection worse than a year ago http://www.heise-security.co.uk/news/print/100900 • Teen tram hack http://www.theregister.co.uk/2008/01/11/tram_hack/print.html • China has penetrated key US databases http://www.securecomputing.net.au/print.aspx?CIID=101491 • Trojan to attack bank sites http://www.symantec.com/enterprise/security_response/weblog/2008/01/banking_in_silence.html • The Russian Business Network http://rbnexploit.blogspot.com/

  32. saumil@net-square.com Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad

More Related