Embed Size (px)
DESCRIPTION
Who Were The Attackers? Joy Riders Vandals Activists Opportunists
Citation preview
Changes in Computer SecurityWill You Be Better Off?
Topics
1. Who are the Attackers? 2. Computer Crime 3. What are our Defences? 4. Phishing5. Malware6. Botnets7. Future of Security
Who Were The Attackers?
Joy Riders Vandals Activists Opportunists
Who Are The Attackers?
Thieves Spies Corporations
Computer Crime: The Same Stuff
Theft Vandalism Extortion Con Games Fraud Stalking
Computer Crime: What’s Different
Automation Action at a distance Knowledge propagation
What Are Our Defences?
Firewalls Virus Scanners Spyware Scanners Patches Backups
Prevent
Detect
Respond
Recover
What Are The Attacks?
Phishing Malware Ransomware Spyware Botnets
Phishing E-mail
Phishing Site
Malware
Trojan Horses Viruses Worms
Ransomware
Spyware and Adware
Most Trojan Horses, some infect directly.
Browser hijacking Pop-up advertisements Keystroke and network logging Steal confidential data from email and files
80% of PCs are infected with spyware (Oct 2004 AOL/NCSA survey.)
Rootkits
Execution Redirection File Hiding Process Hiding Network Hiding
User Program
Rootkit
OS
Botnets
Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include:
Attempt to infect other PCs Send spam message Launch DOS attack Upgrade attack and control software Virus writers sell botnets to spammers for
$0.10/compromised PC
New Defences
Least Privilege and MAC Secure Software
Engineering Usable Security
Future of Attacks
Deep Rootkits Mobile Malware Gone in 20 Minutes RFID Viruses Virtual Property Theft
References1. Alexander Gostev et. al., “Malware Evolution: January – March 2006,”
Virus List, http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.
2. The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004.
3. John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004.
4. Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, 2005.
5. Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005.
6. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006 7. Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn
the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.
8. Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26 2005.
