Why Depending On Malware Prevention Alone Is No Longer An Option
-
Upload
seculert -
Category
Technology
-
view
187 -
download
0
description
Transcript of Why Depending On Malware Prevention Alone Is No Longer An Option
![Page 1: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/1.jpg)
© 2013 Seculert Company, All Rights Reserved
Why Depending On Malware Prevention Alone Is No Longer An Option
WEBINAR
July 18, 2013
![Page 2: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/2.jpg)
Welcome
Aviv RaffChief Technology Officer
2© 2013 Seculert Company, All Rights Reserved
Debbie Cohen-AbravanelVP Online Marketing
Are you on Twitter? Use #seculertjuly2013 to connect with us during and after the presentation.
![Page 3: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/3.jpg)
Advanced Threats in the News
3#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
![Page 4: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/4.jpg)
Define Target
Create/Acquire Malware
Researchthe Target
"QA" for Detection
Infect the Target"Call ..Home"
ExpandAccess
ExtractData
EnhancePresence
Stay Undetected .
How Advanced Threats Work
4
1. Preparation
2. Infection
3. Deployment
4. Persistence
AdvancedPersistent
Threat
1
23
4
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
![Page 5: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/5.jpg)
Define Target
Create/Acquire Malware
Researchthe Target
"QA" for Detection
Infect the Target"Call ..Home"
ExpandAccess
ExtractData
EnhancePresence
Stay Undetected .
Traditional Defenses
5
• Focus on prevention:– Endpoint products– Firewalls– IPS / IDS
• Is 100% prevention really feasible?– 0-day exploits– Spear-phishing– Remote access (VPN)
– BYOD– Partners– Physical access
AdvancedPersistent
Threat
1
23
4
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
![Page 6: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/6.jpg)
• Shamoon is a 2-stage attack targeting Oil & Energy companies
• Comprised of 3 modules– Dropper– Reporter– Wiper
• Extracting data via an internal infected machine proxy
6
Shamoon Targeted Attack
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
![Page 7: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/7.jpg)
• Spreading itself on the local network via Scheduled Tasks
• Abuse a legitimate & signed RawDisk driver to wipe MBR
• Wiper module Time Bomb– Wipe drive and MBR at
specified dates and times– Others copycat this capability
Shamoon Targeted Attack
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved 7
![Page 8: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/8.jpg)
• Initial attack vector is still unknown– Physical access / Insider– Partner– Spear phishing
• Time based attack (time bomb)• Worm spreading in local network• Using local machine as a proxy• Most of the victim companies were using
solutions which are focused on prevention
Shamoon – Why It Wasn’t Prevented?
#seculertjuly2013 8© 2013 Seculert Company, All Rights Reserved
![Page 9: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/9.jpg)
• A customer uploaded a suspicious file to the Seculert Elastic Sandbox
• Malware behavioral profile was automatically created
• Shamoon was detected on another customer using Big Data analysis of their gateway traffic logs
• Customers use Seculert API to enhance their on-premises security devices to protect against Shamoon
How Seculert Identified Shamoon?
#seculertjuly2013 9© 2013 Seculert Company, All Rights Reserved
![Page 10: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/10.jpg)
From Prevention to Protection
Persistent attacks require a new approach
Big Data analytics
Long-term analysis
Advanced malware profiling
Automated expertise
#seculertjuly2013 10© 2013 Seculert Company, All Rights Reserved
![Page 11: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/11.jpg)
11 © 2013 Seculert Company Confidential, All Rights Reserved
Don’t forget to use
#seculertjuly2013 on Twitter!
Visit us at: TT17
![Page 12: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/12.jpg)
Q & A
#seculertjuly2013 12© 2013 Seculert Company, All Rights Reserved
![Page 13: Why Depending On Malware Prevention Alone Is No Longer An Option](https://reader036.fdocuments.us/reader036/viewer/2022062313/5575957bd8b42ae7708b5279/html5/thumbnails/13.jpg)
Thank Youseculert.com/signup
13© 2013 Seculert Company, All Rights Reserved
Don’t forget to use
#seculertjuly2013 on Twitter!