1
2 Advanced capabilities Incorporates a comprehensive menu of functions, including: • Key-logging, screen capturing • Remote code execution • Full remote control 1 Massively distributed Off-the-shelf malware, not custom designed Mass distribution campaigns used for infecting machines all over the world Millions of machines already infected! IBM Security Trusteer Apex Advanced Malware Protection delivers: Infection rates for massively distributed APT malware by country The four characteristics of massively distributed APT malware Credential protection from cyber attackers who use phishing schemes or breached third-party databases to manipulate users. Exploit chain disruption to help prevent stealthy infection of user applications. Advanced malware detection and prevention to prevent mass-distributed malware infections and detect legacy threats. Lockdown for Java to enable the safe use of Java applications while preventing untrusted Java applications from executing high-risk actions. Malicious communication blocking that prevents the establishment of connection channels between malware and the attacker. Massively distributed APT malware is a serious new threat for enterprises IBM ® Security Trusteer Apex Advanced Malware Protection provides protection against unknown, zero-day threats and advanced malware without impacting user productivity. This software protects endpoints throughout the threat lifecycle by applying an integrated, multilayered defense that breaks the attack chain and preempts infection. The growing use of massively distributed APT malware for APT-style attacks represents a ticking time bomb in enterprise settings. While sophisticated Trojans such as Citadel, Dyre, and ZeuS were once used almost exclusively for financial fraud, they now provide criminals with a much wider range of opportunities within the enterprise—everything from stealing corporate data to taking control of corporate systems. Massively distributed APT malware is extremely dangerous given the wide range of capabilities it incorporates. IBM Security Trusteer researchers have identified several key characteristics that give cybercriminals exceptional power and control. © Copyright IBM Corporation 2015. IBM, the IBM logo, are trademarks of IBM Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. Trusteer Apex is a trademark of Trusteer, an IBM Company. Learn more 0.25% Saudi Arabia 0.15% South Africa 0.17% Nigeria 0.18% France 0.26% UK 0.17% Canada 0.15% Argentina 0.24% Chile 0.24% USA 0.07% Brazil 0.23% Mexico 0.16% Colombia 0.21% Belgium 3 Can be repurposed Communicates with a C&C Receives operational instructions via configuration file Can receive new operational data through configuration file updates 4 Highly evasive Can bypass detection using sophisticated evasion techniques Can remain stealthy on the machine for long periods of time

Massively Distributed APT Malware is a Serious New Threat for Enterprises

Embed Size (px)

Citation preview

Page 1: Massively Distributed APT Malware is a Serious New Threat for Enterprises

2 Advanced capabilitiesIncorporates a comprehensive menu of functions, including:

• Key-logging, screen capturing• Remote code execution• Full remote control

1 Massively distributedOff-the-shelf malware, not custom designed

Mass distribution campaigns used for infecting machines all over the world

Millions of machines already infected!

IBM Security Trusteer Apex Advanced Malware Protection delivers:

Infection rates for massively distributed APT malware by country

The four characteristics of massively distributed APT malware

Credential protection from cyber attackers who use phishing schemes or breached third-party databases to manipulate users.

Exploit chain disruption to help prevent stealthy infection of user applications.

Advanced malware detection and prevention to prevent mass-distributed malware infections and detect legacy threats.

Lockdown for Java to enable the safe use of Java applications while preventing untrusted Java applications from executing high-risk actions.

Malicious communication blocking that prevents the establishment of connection channels between malware and the attacker.

Massively distributed APT malware is a serious new threat for enterprises

IBM® Security Trusteer Apex™ Advanced Malware Protection provides protection against unknown, zero-day threats and advanced malware without impacting user productivity. This software protects endpoints throughout the threat lifecycle by applying an integrated, multilayered defense that breaks the attack chain and preempts infection.

The growing use of massively distributed APT malware for APT-style attacks represents a ticking time bomb in enterprise settings. While sophisticated Trojans such as Citadel, Dyre, and ZeuS were once used almost exclusively for financial fraud, they now provide criminals with a much wider range of opportunities within the enterprise—everything from stealing corporate data to taking control of corporate systems.

Massively distributed APT malware is extremely dangerous given the wide range of capabilities it incorporates. IBM Security Trusteer researchers have identified several key characteristics that give cybercriminals exceptional power and control.

© Copyright IBM Corporation 2015. IBM, the IBM logo, are trademarks of IBM Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.

Trusteer Apex is a trademark of Trusteer, an IBM Company.

Learn more

0.25%Saudi Arabia

0.15%South Africa

0.17%Nigeria

0.18%France

0.26%UK

0.17%Canada

0.15%Argentina

0.24%Chile

0.24%USA

0.07%Brazil

0.23%Mexico

0.16%Colombia

0.21%Belgium

3 Can be repurposedCommunicates with a C&C

Receives operational instructions via configuration file

Can receive new operational data through configuration file updates

4 Highly evasiveCan bypass detection using sophisticated evasion techniques

Can remain stealthy on the machine for long periods of time