Every 2 seconds a new malware threat is created


Download 475 b.
Sana01.04.2018
Hajmi475 b.











Every 2 seconds a new malware threat is created

  • Every 2 seconds a new malware threat is created

  • 79% of websites hosting malicious code are legitimate – thus compromised by hackers

  • 59% view their organization’s Web gateway security solutions as only somewhat effective, not very effective or not at all effective in protecting against web-borne threats









More profitable

  • More profitable

    • $100 billion: Estimated profits from global cybercrime
    • -- Chicago Tribune, 2008
  • More sophisticated, malicious & stealthy

    • “95% of 285 million records stolen in 2008, were the
    • result of highly skillful attacks”
    • “Breaches go undiscovered and uncontained for
    • weeks or months in 75% of cases.”
    • -- Verizon Breach Report, 2009
  • More frequent

    • We receive 40000 attacks per hour on a typical morning -- Cleveland Clinic Health System @ HIMSS 2006
  • More targeted

    • "Harvard and Harvard Medical School are attacked
    • every 7 seconds, 24 hours a day, 7 days a week.”
    • -- John Halamka, CIO


Layered and coordinated protection

  • Layered and coordinated protection

  • Closes security gaps in virtual environments

  • Layer of isolation and immunity for the protection engine from target malware

  • Baseline protection provided for VM sprawl

  • Lower management complexity

  • Provides cloud security







TROJ_CONYCSPA.M

  • TROJ_CONYCSPA.M



This file infector checks if the infected system is running on VMWare or on a virtual machine environment. It does its checking by comparing the reply on port. If the reply returns "VMXh", it adjusts its privileges so that it shuts down the affected system.

  • This file infector checks if the infected system is running on VMWare or on a virtual machine environment. It does its checking by comparing the reply on port. If the reply returns "VMXh", it adjusts its privileges so that it shuts down the affected system.

  • Propagates via network shares and removable drives

  • Downloads TROJ_ALMANAHE.V

  • Upon execution, it decrypts the embedded rootkit file NVMINI.SYS and CDRALW.SYS, detected by Trend Micro as TROJ_AGENT.THK.



gathers the contact list from the Windows Messenger and Windows Address Book (WAB), as well as the contents of certain.TXT files located in the Winny installation folder.

  • gathers the contact list from the Windows Messenger and Windows Address Book (WAB), as well as the contents of certain.TXT files located in the Winny installation folder.

  • It sends the stolen information to the 2CH.NET Bulletin Boards by posting a message to the said boards.

  • terminates itself if VMWARE is installed. It does the said routine by checking the following registry subkey:

  • HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools



Grayware (5)

  • Grayware (5)

  • CRCK_VMWARE.B

  • CRCK_VMWARE.C

  • TSPY_GOLDUN.CD

  • TSPY_KAKKEYS.AE

  • TSPY_KAKKEYS.AK



  • Malware (30)

  • BKDR_HAXDOOR.DE

  • BKDR_HAXDOOR.FR

  • BKDR_HAXDOOR.IV

  • BKDR_HAXDOOR.JH

  • BKDR_SDBOT.LP

  • JS_RESETTABLE.A

  • PE_CORELINK.C-O

  • TROJ_AGENT.BRS

  • TROJ_CONYCSPA.M

  • TROJ_DLOADER.CPI

  • TROJ_KAKKEYS.P



The infection count on VMWare malware family increased from last year’s 1234 to 1304.

  • The infection count on VMWare malware family increased from last year’s 1234 to 1304.







Three Primary Configurations:

    • Three Primary Configurations:
      • Physical Separation of Trust Zones
      • Virtual Separation of Trust Zone with Physical Security Devices
      • Fully collapsing all servers and security devices into a VI3 infrastructure
    • Also Applies to PCI Requirements 2.2.1, 1.1.x, 6.3.2, and 6.3.3


“How do you secure a virtualized environment”

  • “How do you secure a virtualized environment”

  • “How do you virtualize all of the security infrastructure in an organization”

  • “What do you call something that inspects memory inside of VM and inspects traffic and correlates the results? We don’t really have a definition for that today, because it was impossible, so we never considered it.”



Use the Principles of Information Security

  • Use the Principles of Information Security

    • Hardening and Lockdown
    • Defense in Depth
    • Authorization, Authentication, and Accounting
    • Separation of Duties and Least Privileges
    • Administrative Controls


Host

  • Host

  • Network

    • Intrusion Detection/Prevention (IDS/IPS)
    • Firewalls








Datacenter trends

  • Datacenter trends

  • Securing VMs

    • Traditional approach
    • Problems
  • VMsafe

  • The Trend Micro approach







Same threats in virtualized servers

  • Same threats in virtualized servers

  • as physical.

























Layered and coordinated protection

  • Layered and coordinated protection

  • Closes security gaps in virtual environments

  • Layer of isolation and immunity for the protection engine from target malware

  • Baseline protection provided for VM sprawl

  • Lower management complexity

  • Provides cloud security



Trend Micro

  • Trend Micro

  • Core Protection

  • for VMs

  • Trend Micro

  • Deep Security 6

  • Trend Micro

  • Deep Security 7







More Protection

  • More Protection

  • First virtualization-aware anti-malware product in the market

  • Secures dormant and active VMs efficiently

  • New VMs auto-scanned on creation and auto-assigned to a scanning VM

  • Supports VI3 and vSphere 4 (needs vCenter)

  • Less Complexity

  • Flexible Management: Through standalone web console, as a plugin to Trend Micro OfficeScan or through VMware vCenter

  • Flexible Configuration: Can be configured with multiple scanning VMs on any ESX/ESXi (or physical) server

  • Flexible Deployment: CPVM can be setup to co-exist with OSCE or competitive products if necessary (not ideal*)





Security Design of the VMware Infrastructure 3 Architecture (http://www.vmware.com/resources/techresources/727)

    • Security Design of the VMware Infrastructure 3 Architecture (http://www.vmware.com/resources/techresources/727)
    • VMware Infrastructure 3 Security Hardening (http://www.vmware.com/vmtn/resources/726)
    • Managing VMware VirtualCenter Roles and Permissions (http://www.vmware.com/resources/techresources/826)
    • DISA STIG and Checklist for VMware ESX (http://iase.disa.mil/stigs/stig/esx_server_stig_v1r1_final.pdf) (http://iase.disa.mil/stigs/checklist/esx_server_checklist_v1r1_30_apr_2008.pdf)
    • CIS (Center for Internet Security) Benchmark (http://www.cisecurity.org/bench_vm.html)
    • Xtravirt Virtualization Security Risk Assessment (http://www.xtravirt.com/index.php?option=com_remository&Itemid=75&func=fileinfo&id=15)


TNL article on Virtualization:

  • TNL article on Virtualization:

  • http://tnl.trendmicro.com.ph/tnl_articles.php?id=242&action=view

  • Related blog entries:

  • http://blog.trendmicro.com/vmware-bug-provides-escape-hatch/

  • http://blog.trendmicro.com/rootkits-get-more-physical/








Do'stlaringiz bilan baham:


Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2017
ma'muriyatiga murojaat qiling