Evolution of Malware and the Next

Generation Endpoint Protection against

Targeted Attacks

02/07/2015Malware Evolution 2

Index

1. Malware volume evolution

2. Malware Eras

3. Panda Adaptive Defense

1. What is it

2. Features & Benefits

3. How does it work

4. Successs Story

02/07/2015Malware Evolution 3

Malware samples evolution

Malware

volume

evolution

02/07/2015Malware Evolution 4

02/07/2015Malware Evolution 5

Malware Eras

1st Era

Very little samples and Malware families

Virus created for fun , some very harmful, others harmless, but no ultimate goal

Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered

All samples are analysed by technicians

Sample static analysis and disassembling (reversing)

02/07/2015Malware Evolution 6

02/07/2015Malware Evolution 7

W32.Kriz Jerusalem

2nd Era

Volume of samples starts growing

Internet slowly grows popular, macro

viruses appears

In general terms, low complexity

viruses, using social engineering via

email, limited distribution , they are not

massively distributed

Heuristic Techniques

Increased update frequency

02/07/2015Malware Evolution 8

02/07/2015Malware Evolution 9

Melissa Happy 99

3rd EraMassive worms apparition overloads the

internet

Via mail: I Love You

Via exploits: Blaster, Sasser, SqlSlammer

Proactive Technologies

Dynamic: Proteus

Static: KRE & Heuristics Machine Learning

Malware process identification by events

analysis of the process:

Access to mail contact list

Internet connection through non -standard

port

Multiple connections through port 25

Auto run key addition

Web browsers hook

02/07/2015Malware Evolution 10

02/07/2015Malware Evolution 11

I love you Blaster

Sasser

02/07/2015Malware Evolution 12

Static proactive

technologies

Response times reduced to 0 detecting

unknown malware

Machine Learning algorithms applied to

classic classification problems

vs goodware .

02/07/2015Malware Evolution 13

4th EraHackers switched their profile: the main

motivation of malware is now an economic

benefit , using bank trojans and phishing

attacks.

Generalization of

droppers/downloaders/EK

The move to Collective Intelligence

Massive file classification.

Knowledge is delivered from the cloud

02/07/2015Malware Evolution 14

02/07/2015Malware Evolution 15

Banbra Tinba

02/07/2015Malware Evolution 16

El salto a la

Inteligencia

Colectiva

La entrega del conocimiento desde la

nube como alternativa al fichero de

firmas.

Escalabilidad de los servicios de

entrega de firmas de malware a los

clientes mediante la automatizacin

completa de todos los procesos de

backend (procesado, clasificacin y

deteccin ).

Big Data

arrival

Current working set of 12 TB

400K million registries

600 GB of samples per day

400 million samples stored

Innovation: to make viable the data

processing derived from Collective

Intelligence strategy, applying Big Data

technologies.

02/07/2015Malware Evolution 17

5th EraFirst massive cyber -attack against a country,

Estonia from Russia.

Anonymous starts a campaign against

several organizations (RIAA, MPAA, SGAE, and

others)

Malware professionalization

Use of marketing techniques in spam

campaigns

Country/Time based malware variant

distribution

Ransomware

APTs

Detection by context

Apart from analysing what a process does,

the context of execution is also taken into

02/07/2015Malware Evolution 18

02/07/2015Malware Evolution 19

Reveton Ransomware

02/07/2015Malware Evolution 20

APTs

02/07/2015Malware Evolution 21

02/07/2015Malware Evolution 22

- November / December 2013

- 40 millions credit/debit cards stolen

- Attack made through the A/C

maintenance company

- POS

- Unknown author

- Information deletion

- TB of information stolen

Sony Pictures computer system down after reported hackHackers threaten to release 'secrets' onto web

02/07/2015Malware Evolution 23

Carbanak

- Year 2013/2014

- 100 affected entities

- Countries affected: Russia, Ukraine,

USA, Germany, China

- ATMs: 7.300.000 US$

- Transfer: 10.000.000 US$

- Total estimated: 1.000.000.000 US$

02/07/2015Adaptive Defense 24

What is Panda Adaptive Defense ?

The Next Generation Endpoint Protection

02/07/2015Adaptive Defense 25

Panda Adaptive Defense is a new security model

which can guarantee complete protection for

devices and servers by classifying 100% of the

processes running on every computer throughout

the organization and monitoring and controlling

their behavior.

More than 1.2 billion applications already classified.

Adaptive Defense new version (1.5) also includes

AV engine, adding the disinfection capability.

Adaptive Defense could even replace the

company antivirus.

and forensic

information

to analyze

each

attempted

attack in

detail

traceability of each

action taken by the

applications running on a

system

blockage of applications

and isolation of systems to

prevent future attacks

and blockage

of Zero -day and

targeted

attacks in real -

time without the

need for

signature files

02/07/2015Adaptive Defense 26

Features and benefits

Daily and on -demand reports

Simple, centralized

administration from a Web

console

Better service, simpler

management

Detailed and configurable monitoring

of running applications

Protection of vulnerable systems

Protection of intellectual assets against

targeted attacks

Forensic report

Protection

ProductivityIdentification and blocking of

unauthorized programs

Light, easy -to -deploy solution

Management