Threats in Cyberspace — 2008 Saumil Shah Evolvement

Threats in Cyberspace - 2008 Saumil Shah Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad

About me • Founder & CEO Net-Square Solutions. • Speaker at Blackhat, RSA, and many international security conferences. • Author: • Web Hacking – Attacks and Defense (2002) • The Anti-virus book (1996) • MS Computer Science – Purdue University. © net-square

Attack trends since 2000 AD • • 2000: Networks and OS 2001: HTTP, DDo. S, Worms 2002: Web apps, email, Worms, Databases 2003: Apps, Bruteforcing 2004: Apps, IE, Spyware, Phishing 2005: Apps, ID thefts, Phishing, Malware 2006: Large data stores, apps, IDs, etc. 2007: App worms, Botnets, Pharming © net-square

Spam in 2007 • 90 -95% of all emails sent were spam. • 13% of users >50 spam emails per day. © net-square

Spam in 2007 • Pump-and-dump stock scam. • Image and attachment spam. • surged but died towards the end of 2007. • News topics as subject lines. • Generated through botnets. • Fraud and Phishing. © net-square

Breaches in 2007 • TD Ameritrade: 6. 3 million customer records. • Monster. com: 1. 6 million job seekers' records. • Western Union: 20, 000 credit card records. • Illinois Dept of Financial and Professional regulation: 3, 000 records. • T J Maxx: 45. 7 million credit card records. • Moneygram: 79, 000 records. © net-square

We’ve all been victims of fraud • “I’ve never been to Japan!” © net-square

Hacking the Human Mind • Citibank “phishing” scam The email: © net-square http: //antiphishing. org

Faking a bank • http: //www. mycitibank. net/ © net-square http: //antiphishing. org

Faking a bank • Who is mycitibank. net? Domain Name. . Creation Date. . . . Registration Date. . Expiry Date. . Organisation Name. . Organisation Address. © net-square mycitibank. net 2004 -06 -22 2005 -06 -22 Sharon J Warr 4 Knotty Pine Place Texarkana 75503, TX, UNITED STATES

Spyware • “Marketing delivered to your desktops”. • Advertisers pay for targeted advertising. • Adware companies: • 100 -200 employees, $50 -$200 M revenues • How to get into desktops? … © net-square

A typical user's desktop © net-square

Spyware • Digital Gluttony • “I want to download it all!” • Cater to users’ greed. • MP 3 s, Videos, Ringtones, Wallpapers, Smileys, Screensavers, Calendars, … • …as long as it is free. © net-square

The Spyware/Adware eco-system © net-square

Malware example © net-square

How do you know what NOT to click? © net-square

Malware on the rise • • • 2005 -2006: 172% increase. 2006 -2007: 800% increase. MPack. RBN. Fast-flux Networks. The Storm Botnet. © net-square

MPack • Exploit delivery mechanism. • Updated regularly with 0 -day exploits. • • IE VML bug. IE Animated Cursor vulnerability. Quick. Time overflow. Winzip Active. X overflow. etc. • PHP based automatic website generator. • Sold for $500 -$1000, with auto-exploitupdates. © net-square

Botnets • • • Large number of compromised systems. Centrally controlled. Spam marketing. Identity theft, password theft. DDo. S threats. Espionage. © net-square

Botnet control © net-square

The Storm Botnet • P 2 P controlled – no central "mother ship". • Event based campaigns • 2008 greetings, Thanksgiving/Xmas/Valentines • Operated by the RBN. • Purchase expired domains. • Domains resolve to fast-flux networks. • Continuously changing DNS records. • Point to infected hosts. © net-square

The Storm Botnet • A few infected hosts are special • P 2 P control relays. • DNS servers. • HTTP servers. • Rootkits, malware, hacked sites, etc. • various delivery mechanisms. • Running for more than a year. • We have NOT been able to shut it down. © net-square

Cyber warfare / terrorism? • China penetrated key US databases. • Dec 07/Jan 08 power blackouts in Central and South America. • 14 year old boy takes control of Tram network in Poland. © net-square

Effectiveness of Anti-Virus software • Makes computers sluggish. • False alarms. • "Most popular brands have an 80% miss rate" – Aus. CERT. • Heuristic recognition fell from 40 -50% (2006) to 20 -30% (2007) – Heise. Online. • Signature based scanning does not work. • AI techniques can be easily beaten. © net-square

Web 2. 0 attacks • My. Space worm – XSS goes the virus way. • Cross Site Request Forgery. • Predicted rise in Web 2. 0 attacks in 2008. • as more generic APIs become popular. © net-square

Pharming • • Hijacking DNS entries. www. hsbc. com resolves to fraud site. DNS server specified in broadband router. Broadband routers have web administration interfaces. • and are typically on 192. 168. 1. 1 • and have weak passwords: admin/admin. • Malicious sites contain an IFRAME to access web admin interface. © net-square

Pharming – Hijacking DNS entries © net-square

Resources • 20 Reasons the world hates Norton Antivirus http: //www. dtgeeks. com/index. php/blogs/comment/20_reasons_the_world_hates_norton_anti_virus • Antivirus protection worse than a year ago http: //www. heise-security. co. uk/news/print/100900 • Teen tram hack http: //www. theregister. co. uk/2008/01/11/tram_hack/print. html • China has penetrated key US databases http: //www. securecomputing. net. au/print. aspx? CIID=101491 • Trojan to attack bank sites http: //www. symantec. com/enterprise/security_response/weblog/2008/01/banking_in_silence. html • The Russian Business Network http: //rbnexploit. blogspot. com/ © net-square

saumil@net-square. com Evolvement of IPRs and its management seminar February 9, 2008 - Ahmedabad