Sophos introduces the Threat Landscape

Threat Landscape

John ShierSr. Security Advisor@john_shierMarch 2017, Infosec BE

The Problem

Symptoms and Causes

ANNUAL NEW MALWARE

SAMPLES100,000,000’s

ANNUAL KNOWN EXPLOITS (CVE’S) 1,000’s

CUMULATIVE KNOWN EXPLOIT TECHNIQUES 10’s

Top 10 detections: BelgiumMalformed doc

Infected archive

Conficker

Browser hijacker

Jenxcus botnet

Shortcut trojan

IRC bot

Bundpil worm

Dropper

Phishing

What are we facing?

The Tools

Phishing

How not to phish

Modern phishing

http://www.kbc.be.vvsmbk.info/bestellen

HD phishing

Paypal

Amazon

Document malware

Curiosity infected the cat

It’s guaranteed!

Build Your Own 2.0

The Infrastructure

Malvertising

Exploit kits

A decade of misery

2006 2013 2016

Angler EK

Lurk banking trojan

Exploit Kits (2016)1H2016

Angler Nuclear NeutrinoMagnitude RIG Other

2H2016

RIG Neutrino Other

Exploits (January 2017)• Magnitude• Neutrino-v

• RIG, RIG-E

• Sundown

• Bizarro Sundown

CVE-2016-0189

CVE-2014-6332

CVE-2016-4117

CVE-2016-1019

CVE-2015-8651

CVE-2016-4117

CVE-2016-0189

CVE-2016-7200

CVE-2016-7201

CVE-2016-0189

CVE-2015-8651

CVE-2015-5122

CVE-2013-2551

CVE-2014-6332

CVE-2015-2419

CVE-2016-4117

CVE-2015-5119

CVE-2016-0034

CVE-2016-7200

CVE-2016-7201

CVE-2016-0189 CVE-2016-4117

CVE-2015-5119

Flash Edge Silverlight IE Windows LPE

The Payloads

Remote access trojans

Honour amongst thieves

Dridex

BetaBot

Ransomware

Command andControl Server

Malware Distribution

Server

Ransomware

abc exe abc

abc abc dll

Private Key Public Key

Server

Command andControl Server

0100101011010110101010

Ransomware

abc exe abc

abc abc dll

Private Key Public Key

ServerRAM

#$! exe #$!

#$! #$! dllCommand andControl Server

Sophos introduces the Threat Landscape

Education

Sophos Security Threat Report midyear 2011

Sophos Security Threat Report 2014

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy, User

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy

Sophos SafeGuard Disk Encryption, Sophos SafeGuard

Cosc 4765 SOPHOS Security Threat report about 2010

Sophos Security Day Belgium - The Hidden Gems of Sophos

igmmumbai.spmcil.comigmmumbai.spmcil.com/UploadDocument/6000010273... · 2017-11-16 · Cybefoam A SOPHOS Cyberoam NG series of Unified Threat Management appliances are the Next-Generation

Sophos Midyear Threat Report July08 p1of1

Scalable and Real-time Network Forensicsitm.iit.edu/netsecure11/RajeshTalpade_NetworkForensics.pdf- 67 new malware variants created every minute (Sophos Security Threat Report 2011)

Sophos Security Threat Report 2013

Sophos Mobile Security Threat Report · Sophos Mobile Security Threat Report Launched at Mobile World Congress, 2014 By Vanja Svajcer, Principal Researcher, SophosLabs. Contents

Sophos Day Belgium - The IT Threat Landscape and what to look out for

Sophos UTM Endpoint Protection Datasheet 2 Sophos UTM Endpoint Protection Sophos UTM Branch Ofﬁce Sophos UTM Endpoints Laptop Endpoints Server Policy setup via WebAdmin Sophos LiveConnect

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

Sophos Endpoint Security and Control standalone …sinetcomm.com/common/Sophos/standalone_70_seng.pdf · Sophos Endpoint Security and Control ... Sophos Endpoint Security and Control

Securing with Sophos - Sophos Day Belux 2014

npi.ph€¦ · SOPHOS Security made simple, Sophos Mobile Control Mobile Productivity with Sophos Security. Sophos Mobile Control secures mobile devices and protects corporate data

MAXIMIZING MSP CYBER RESILIENCE WITH MANAGED ......MAXIMIZING MSP CYBER RESILIENCE WITH MANAGED THREAT RESPONSE A Sophos whitepaper September 2020 2 Sophos Managed Threat Response

Sophos Mobile Control Administratorhilfe · 2 Über Sophos Mobile Control Sophos Mobile Control Sophos Mobile Control ist eine Verwaltungssoftware für Mobilgeräte wie Smartphones