If you can't read please download the document
Upload
panda-security
View
4.068
Download
2
Embed Size (px)
Citation preview
Evolution of Malware and the Next
Generation Endpoint Protection against
Targeted Attacks
02/07/2015Malware Evolution 2
Index
1. Malware volume evolution
2. Malware Eras
3. Panda Adaptive Defense
1. What is it
2. Features & Benefits
3. How does it work
4. Successs Story
02/07/2015Malware Evolution 3
Malware samples evolution
Malware
volume
evolution
02/07/2015Malware Evolution 4
02/07/2015Malware Evolution 5
Malware Eras
1st Era
Very little samples and Malware families
Virus created for fun , some very harmful, others harmless, but no ultimate goal
Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered
All samples are analysed by technicians
Sample static analysis and disassembling (reversing)
02/07/2015Malware Evolution 6
02/07/2015Malware Evolution 7
W32.Kriz Jerusalem
2nd Era
Volume of samples starts growing
Internet slowly grows popular, macro
viruses appears
In general terms, low complexity
viruses, using social engineering via
email, limited distribution , they are not
massively distributed
Heuristic Techniques
Increased update frequency
02/07/2015Malware Evolution 8
02/07/2015Malware Evolution 9
Melissa Happy 99
3rd EraMassive worms apparition overloads the
internet
Via mail: I Love You
Via exploits: Blaster, Sasser, SqlSlammer
Proactive Technologies
Dynamic: Proteus
Static: KRE & Heuristics Machine Learning
Malware process identification by events
analysis of the process:
Access to mail contact list
Internet connection through non -standard
port
Multiple connections through port 25
Auto run key addition
Web browsers hook
02/07/2015Malware Evolution 10
02/07/2015Malware Evolution 11
I love you Blaster
Sasser
02/07/2015Malware Evolution 12
Static proactive
technologies
Response times reduced to 0 detecting
unknown malware
Machine Learning algorithms applied to
classic classification problems
vs goodware .
02/07/2015Malware Evolution 13
4th EraHackers switched their profile: the main
motivation of malware is now an economic
benefit , using bank trojans and phishing
attacks.
Generalization of
droppers/downloaders/EK
The move to Collective Intelligence
Massive file classification.
Knowledge is delivered from the cloud
02/07/2015Malware Evolution 14
02/07/2015Malware Evolution 15
Banbra Tinba
02/07/2015Malware Evolution 16
El salto a la
Inteligencia
Colectiva
La entrega del conocimiento desde la
nube como alternativa al fichero de
firmas.
Escalabilidad de los servicios de
entrega de firmas de malware a los
clientes mediante la automatizacin
completa de todos los procesos de
backend (procesado, clasificacin y
deteccin ).
Big Data
arrival
Current working set of 12 TB
400K million registries
600 GB of samples per day
400 million samples stored
Innovation: to make viable the data
processing derived from Collective
Intelligence strategy, applying Big Data
technologies.
02/07/2015Malware Evolution 17
5th EraFirst massive cyber -attack against a country,
Estonia from Russia.
Anonymous starts a campaign against
several organizations (RIAA, MPAA, SGAE, and
others)
Malware professionalization
Use of marketing techniques in spam
campaigns
Country/Time based malware variant
distribution
Ransomware
APTs
Detection by context
Apart from analysing what a process does,
the context of execution is also taken into
02/07/2015Malware Evolution 18
02/07/2015Malware Evolution 19
Reveton Ransomware
02/07/2015Malware Evolution 20
APTs
02/07/2015Malware Evolution 21
02/07/2015Malware Evolution 22
- November / December 2013
- 40 millions credit/debit cards stolen
- Attack made through the A/C
maintenance company
- POS
- Unknown author
- Information deletion
- TB of information stolen
Sony Pictures computer system down after reported hackHackers threaten to release 'secrets' onto web
02/07/2015Malware Evolution 23
Carbanak
- Year 2013/2014
- 100 affected entities
- Countries affected: Russia, Ukraine,
USA, Germany, China
- ATMs: 7.300.000 US$
- Transfer: 10.000.000 US$
- Total estimated: 1.000.000.000 US$
02/07/2015Adaptive Defense 24
What is Panda Adaptive Defense ?
The Next Generation Endpoint Protection
02/07/2015Adaptive Defense 25
Panda Adaptive Defense is a new security model
which can guarantee complete protection for
devices and servers by classifying 100% of the
processes running on every computer throughout
the organization and monitoring and controlling
their behavior.
More than 1.2 billion applications already classified.
Adaptive Defense new version (1.5) also includes
AV engine, adding the disinfection capability.
Adaptive Defense could even replace the
company antivirus.
and forensic
information
to analyze
each
attempted
attack in
detail
traceability of each
action taken by the
applications running on a
system
blockage of applications
and isolation of systems to
prevent future attacks
and blockage
of Zero -day and
targeted
attacks in real -
time without the
need for
signature files
02/07/2015Adaptive Defense 26
Features and benefits
Daily and on -demand reports
Simple, centralized
administration from a Web
console
Better service, simpler
management
Detailed and configurable monitoring
of running applications
Protection of vulnerable systems
Protection of intellectual assets against
targeted attacks
Forensic report
Protection
ProductivityIdentification and blocking of
unauthorized programs
Light, easy -to -deploy solution
Management