AVG (AU/NZ)'s Security Advisor, Michael McKinnon, details the latest emerging threats and trends in online security: toolkits, spam, rogue apps, printed malware, fake anti-virus, ransomware and mobile security.
2. Emerging Threats & Trends - Overview
• Current Threats
• Toolkits, Spam, Mobile, Printed Malware,
Fake Anti-Virus, Ransomware
• Trends & Emerging
• Facebook, Mobile security, DNSSEC, Anonymous
• Dispel some common myths along the way
2
3. Current Threats
• Compiled from our local support team; and
• AVG Community Powered Threat Report, Q4 2011
3
4. Blackhole Toolkit – What is it?
• Web based, distribution system for exploits and
malware; runs on a private or compromised server
4
5. Blackhole Toolkit – Targets many platforms
• Allows them to target many platforms, including Mac!
5
6. Blackhole Toolkit – Features & facts
• Other key “features”:
• Analytics network
• Built-in anti-virus scanning to avoid detection
• Does many complex tasks very easily
• Facts:
• In the last ¼ of 2011 it accounted for 80.2% of all known toolkits
being used
• Exploit toolkits account for 58% of threat activity on malicious
websites
6
7. Blackhole Toolkit – Mitigation
• Always keep computers updated with latest patches to
avoid 0day vulnerabilities
• Run up to date Internet Security solutions – but you
already know that!
7
8. Spam – SNAP POLL
• In Q4 of 2011, which country sent the most spam?
• China
• Romania
• United States
• Israel
8
11. Spam – Mitigation
• Run an anti-spam solution on servers & desktops
• Be proactive and know basic email handling tips
• We’ll be providing some tips and resources on how to
spot email scams in the near future…
11
12. Mobile Threats – Rogue apps
• Affecting mostly Android phone and tablet users
12
13. Mobile Threats – Rogue apps
• In Q4 we reported the emergence of rogue “signed”
applications available in the Android Marketplace
• Signed with stolen/leaked digital certificates
• Permission prompts on Android is weak – doesn’t make
the user think at all
• Risks are mostly around spying and premium SMS
• Google has recently announced they are scanning apps
in the Marketplace with “bouncer”
13
14. Mobile Threats – Mitigation
• Update your Android device – if you cannot upgrade
past Android 2.2 then BUY A NEW PHONE! (Same can
be said of older iPhones stuck on iOS 4.3)
• ONLY install applications from the Android Marketplace
– nowhere else
• Have a look at AVG Mobilation for scanning
14
16. Printed Malware – QR codes
Just like URL shorteners (like bit.ly for
example), QR codes don’t reveal too much about
themselves until you use them
In Q4 2011 we observed a QR code being used
in a Russian forum website that linked to a
malicious mobile app
These are something to keep your eye
on, especially with large, well-known, trusted
brands starting to use them for marketing
16
17. Fake AV – What is it?
• Our support team has been helping clean up the
following Fake AV’s for customers:
• Security Shield
• System Fix
• XP Antivirus 2012
• Internet Security 2012
• Let’s have a look at what they can do…
17
20. Fake AV – Mitigation & removal
• Can be very tricky to remove completely, usually
involves reverting to safe-mode and removing files
manually
• Some tricks for removal have, in some cases, been to
enter the fake AV licence key to get rid of it!
• Preventing fake AV from being installed usually involves
keeping the PC up to date, in combination with some
user awareness
20
21. Ransomware – What is it?
• Has been observed being served up by Blackhole
toolkits
• Unlike fake AV – this malicious code just locks up your
computer and demands money!
• Usually pretends to be
from the government or
a law enforcement
agency
21
23. Ransomware – Mitigation
• Update, update, update!
• Since the vector for this is 0day vulnerabilities, usually
exploited by a toolkit (like Blackhole) – staying updated
is the first line of defence
• And, of course, AVG 2012 Internet Security
• Browsing questionable websites (i.e. user habit) could
also be a contributory factor in these examples
23
24. Trends & Emerging Threats
• Predictions for 2012
• And some overall stats and trends
24
26. Trends & Emerging – Facebook or Scambook?
• Global spam levels are decreasing
• Scammers are now using Facebook, which provides:
• Instant access to 850+ million users
• Built-in word of mouth provides viral spread
• Default “trust” with Facebook is still high
26
27. Trends & Emerging – Mobile Security
• Did you know?
• Lost/stolen smartphones & tablets can be located using
GPS tracking
• Mobile devices can be remote wiped if fallen into the
wrong hands
• PIN number should always be used, but also
these can be activated remotely
27
28. Trends & Emerging – DNSSEC
• The Domain Name System (DNS) is vulnerable, so
DNSSEC promises to cryptographically secure it
• We should see improvements over time with true
verification of legitimate sites, good for eCommerce and
consumer confidence online
• Will make stolen SSL certificates much harder to exploit
in the wild
• Should start to have some impacts on
reducing spam levels further, in conjunction
with DMARC
28
29. Trends & Emerging – #opGlobalBlackout
• “Anonymous” announced that it is attempting to bring
down the Internet on 31st March 2012
• http://pastebin.com/NKbnh8q8
• Will be interesting to see what happens, if anything, I
suspect the Internet will be just fine
• No doubt it will hit the news
29