Smarter, Shadier, Stealthier Malware:

The Latest on Todays Threats

Sponsored by

Webcast Logistics
Optimize your experience today

Enable pop-ups within your browser

Turn on your systems sound to hear the streaming presentation
Questions? Submit them to the presenters at anytime on the console
Technical problems? Click Help or submit a question for
assistance

Featured Presenters
Our knowledgeable speakers today are:

Maxim Weinstein
Senior Product Marketing Manager
Sophos

John Shier
Senior Security Expert
Sophos

Smarter, Shadier, Stealthier

Malware: The Latest on Todays
Threats

Maxim Weinstein and John Shier

Sophos security experts

Smarter

Encryption
DGAs
Proxies
Web botnets

Domain generation algorithm (DGA)

creates seemingly random domain
names for use as traffic redirectors or
command and control servers
5

Ransomware
Multi-factor
Bitcoin mining
Android adware

Shadier

Ransomware locks your

data and demands payment

Stealthier

Tor
Polymorphism
Apache modules
Web botnets
Digital signatures
Malvertising

Polymorphism changing an apps code

each time it is downloaded or installed
7

The infection chain

8

Web injection
insertion of malicious
code into a web page

10

Redkit Exploit Kit

Exploit kit a toolset
for distributing
exploits via the web
Redirect an
instruction to the
web browser to load
a different page

11

Buffer overflow
when malware
exceeds the
allocated memory to
escape the bounds
of an application

Photo by wwarby, icon by Luc Alquier

12

13

Man-in-the-browser
intercepts, injects,
and/or modifies data
on web pages
14

Botnet a collection
of infected systems
controlled by a
hacker

Citadel, this is
control. Please
acknowledge.
Over.
15

Dropper malware
that installs other
malware; a.k.a.,
downloader
16

Poll Question Placeholder

What has been your organizations experience with ransomware in the past year?
Ransomware has caused substantial damage or disruption to our organization.
We have had some ransomware infections, but they have not caused substantial
damage or disruption.
We have experienced other malware infections, but NOT ransomware.
We have not had any malware infections (that we know of) in the past year.

17

Cryptolocker
18

Methods of infection - SPAM

19

Methods of infection - SPAM

20

Methods of infection - SPAM

21

Methods of infection Exploit kits

22

Latent infections Zeus/Zbot

23

Cryptolocker

24

Cryptolocker DGA

25

Cryptolocker file list

26

Cryptolocker file encryption

DATA

Encrypted Data

AES256 key

Crook's Public key

Encrypted Key

Encrypted Data

27

Cryptolocker pay page

28

Cryptolocker

29

Cryptolocker distribution

http://blogs.technet.com/b/mmpc/archive/2013/11/19/backup-the-best-defense-against-cri-locked-files.aspx
30

Cryptolocker mitigation

31

Cryptolocker mitigation
1.Back up your important files
2.Make sure your AV is up-to-date and use HIPS
3.Keep up with software and OS patches
4.Use stricter access controls

5.Use administrator accounts sparingly

32

Reduce the risk - 5

things you can do
today
33

34

35

36

37

38

Predictions for 2014

39

Cloud data

Blurred lines

Connections

Smart? things
40

sophos.com/threatreport

41

Complete Security, Made Simple

Complete Security
Network

Servers

Devices

Anti-Malware
Next Gen
Firewall

Antimalware
and IPS

Wireless

VPN

URL
Network
Filtering Access Control

Anti-Spam

Email
Encryption

Webserver
Protection

Virtualization

AntiMalware

Mobile

Application
Control

Device
Control

Encryption

Patch
Assessment

Encryption Endpoint Web

for Cloud
Protection

Made Simple.
Simple Deployment

On premise
Virtual
Cloud
User self provision

Simple Protection

Simple Management

Active Protection real-time

protection powered by SophosLabs
Live lookups via the Cloud
SophosLabs experts tune the
protection so you dont have to

Intuitive consoles:
On Premise or
From the Cloud
Backed by expert support

42

Staying ahead of the curve

Sophos Naked Security:
Best IT Security Blog
Providing award-winning security news,
advice, research, opinion.
Nakedsecurity.sophos.com

Sophos Corporate Blog

Blogs.sophos.com

Contact Us
US and Canada 1-866-866-2802
Nasales@sophos.com

43

 Sophos Ltd. All rights reserved.

44

Questions?
Submit questions to the presenters via the on-screen text box

Maxim Weinstein
Senior Product Marketing Manager
Sophos

John Shier
Senior Security Expert
Sophos

Thank you for attending

Please visit our sponsor and any of the resources below:

Get the Security Threat Report 2014: Smarter, Shadier, Stealthier Malware:
http://www.sophos.com/threatreport

Read Naked Security for award-winning news, opinion, advice and research.:
http://nakedsecurity.sophos.com/

Start your Sophos free trial today!

http://www.sophos.com/en-us/products/free-trials.aspx

www.darkreading.com/events