1 / 17

Understanding Web Application Privacy Risks: A Comprehensive Look at Malicious Code Threats

In today's digital landscape, web applications face significant privacy threats from malicious code, which can compromise confidentiality, integrity, and availability of sensitive information. This report by Blake Hartstein, a Rapid-Response Engineer at VeriSign iDefense, outlines the functionality of malicious code, including its ability to steal private information, masquerade as trusted sources, and escalate privileges. It emphasizes the need for proactive measures from developers and administrators to thwart such attacks, along with insights from the industry-leading iDefense intelligence team, which has been monitoring threats since 1998.

nakia
Télécharger la présentation

Understanding Web Application Privacy Risks: A Comprehensive Look at Malicious Code Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Malicious Code Perspective on Web Application PrivacySept. 6, 2007 Blake HartsteinRapid-Response Engineer, VeriSign iDefense Security Intelligence Servicesbhartstein@verisign.com

  2. Web Application Privacy Agenda • Malicious Code Functionality • Confidentiality • Stealing Private Information • Masquerade • Escalate • Integrity • A Large Risk • Persistent • Large Scale • Availability • Denial of Service • Ransom • Developer and Administrator Preventative Actions

  3. iDefense Team Background • The Leading Security Intelligence Research Team • iDefense provides proactive notification of impending threats, including vulnerabilities and malicious code • Industry-Leading Services Offerings • Intelligence is all the iDefense team does • Completely vendor-agnostic • Marquee Customer and Partner Base • Government, financial services, insurance, healthcare, retail • Security software and services • Five Experienced Intelligence Teams • Actively Gathering Cyber Intelligence Since 1998

  4. iDefense Has More Than 40 Full-Time Researchers and More Than 300 Contributors Worldwide iDefense Teams 24X7 Operations Infiltration, Aggregation, Analysis 10,000+ Products and Technologies 1500+ Public Sources 1200+ Underground and Private Sources 35 Countries 12 Languages 1,000+ Vulnerability Reports each Month 1,200+ Malicious Code Reports each Month Intelligence Teams Coverage and Sources iDefense Labs Malicious Code Operations Team Vulnerability Aggregation Team Intelligence Reports Global Threat Team Rapid-Response Team VCP Network 280+ Researchers 35+ Countries

  5. Summary of Service Bundles Basic Service Enhanced Service Comprehensive Service • iDefense Intelligence Reports (daily alerts) • iDefense FLASH Reports • Public Vulnerability Feed • iDefense Exclusives • Weekly Version 1 Summary • Malicious Code Analysis Feed • iDefense Intelligence Reports (daily alerts) • iDefense FLASH Reports • Public Vulnerability Feed • iDefense Exclusives • Weekly Version 1 Summary • Malicious Code Analysis Feed • iDefense Analyst Access • Bi-Monthly Threat Briefings • Weekly Threat Report (E-Mail and Portal) • Bi-Weekly Malicious Code and Vulnerability Reviews • Rapid-Response Intelligence Reports • iDefense topical research reports (including MS bulletin review) • Monthly Microsoft Bulletin Post-Release Analysis Report • iDefense Intelligence Reports (daily alerts) • iDefense FLASH Reports • Public Vulnerability Feed • iDefense Exclusives • Weekly Version 1 Summary • Malicious Code Analysis Feed • iDefense Analyst Access • Bi-Monthly Threat Briefings • Weekly Threat Report (E-Mail and Portal) • Bi-Weekly Malicious Code and Vulnerability Reviews • Rapid-Response Intelligence Reports • iDefense Topical Research Reports • Monthly Microsoft Bulletin Post-Release Analysis Report • iDefense Focused Intelligence Reports • Custom “analyst desk” with Designated Analyst Contact • Phishing Take-Down Service Public-Only Vulnerability Feed • iDefense Public Vulnerability Reports (daily alert) • iDefense Public Vulnerabilities

  6. Confidentiality • Keystroke Logging • Form Grabbing • Browser Injection • Screenshots and Mouse Events • Stored Passwords • Certificates

  7. Compromised Hosts • HTML Injection • Transaction Authentication Numbers (TAN) • Additional Personal Information

  8. Nuklus • Spoofed Bank E-Mails • Pre-Qualify Victims

  9. Nuklus • Changes Behavior of Approximately 2,110 Pages • Modular Design and Evolving Functionality: • Steal Certificates • Firefox/IE Sniffers • Re-write URLs • Hook Connections • Proxy Traffic • Collect Credentials • Other Versions Delete Cookies, Capture Screens, Patch TCP/IP Stack and Redirect Connections

  10. Information Stealing made Easy • Gartner Estimates Banks Lost $2.4 billion • Malicious Programs Steal Credentials and Phishing • One-Year Period in 2004* • Pinch and LDPinch • Compress and Encode • Relay Confidential Information • SMTP and HTTP *http://www.microsoft.com/smallbusiness/resources/technology/security/3_major_online_threats_to_your_business.mspx

  11. Integrity Affects the Whole Network • File Infectors: Chir.B (Nimda) • Executables • HTML • <script language="JavaScript">window.open("readme.eml", null,"resizable=no,top=6000,left=6000")</script> • ARP Spoofing • Injection • Eavesdropping • Hijacking • Man-in-the-Middle • Rootkits • Hide from tools and users

  12. Backdoors, Control Panels and Toolkits • Designed to Steal, Retrieve, and Abuse Credentials • Configurable and Custom • Metaphisher (aka Agent.dq) • Apophis • Increased Risk • Attacker may target drop sites • Password file available • Weak or guessable passwords • Two-factor authentication • Securing drop sites

  13. Availability • Encrypt and Delete Original Data • Purchase Bots to use bandwidth • Denial of Service Ransom* • $50,000.00 fee • $10,000.00 for smaller organizations *http://www.theregister.com/2007/06/13/black_hat_list/

  14. The Good News and the Bad News • Which assets are valuable? • Targeted emails work • Monstres.A Trojan, Monster.com • Loss of Confidentiality • Users and Applications are Often Unaware • Risk to Assets • Attacks Evolve, but attack elements are often reused • Tools, Techniques and Hosts • Block Lists and Intrusion Detection • http://www.spamhaus.org/drop/drop.lasso • http://www.snort.org/ • http://www.bleedingthreats.net/

  15. Prevent and Detect • Secure Coding is Half the Battle • Application Knows Best • Behavioral Monitoring • Thresholds, Statistics, and Timing • Multiple Communication Channels • Varying Trust Levels • Revoking and Alerting • Enforcing Password Requirements • Protect Confidential Information

  16. Prevent and Detect • Assume Infection and Loss of Credentials • It IS a Developer’s Problem • Reputation and User Experience • Procedural Plan • Disaster Recovery and Business Continuity • Which Assets are at Risk? • File and Database Integrity • Change Monitoring

  17. Q and A Thank You Blake Hartstein bhartstein@verisign.com

More Related