SlideShare une entreprise Scribd logo

Malware

Setiya Nugroho
Setiya Nugroho

This document provides an overview of malware topics that will be covered in a 4-week lecture series. It defines malware and describes common types including viruses, worms, trojans, ransomware, bots/botnets, adware, spyware, rootkits, and fileless malware. It explains how malware spreads and signs of infection. Methods of malware analysis, detection techniques, and creating a safe analysis environment are outlined. Potential malware sources and 5 cyber threat trends for 2022 are also summarized. The document concludes with 5 case studies examining real-world incidents involving supply chain attacks, account takeovers, out-of-hours attacks, lower barriers to entry for criminals, and new ransomware approaches.

Technologie
1  sur  24
Télécharger pour lire hors ligne
WEEK4: MALWARE Assoc. Prof. Ts. Dr. Madihah Mohd Saudi Faculty of Science & Technology, USIM
Lecture : 24 & 31 March,7 &14 April • Pertemuan ke-4 : Kamis, 24 Maret 2022 : Malware • Pertemuan ke-5 : Kamis, 31 Maret 2022 : Mobile Device Security • Pertemuan ke-6 : Kamis, 07 April 2022 : Access Control Fundamentals Pertemuan ke-7 : Kamis, 14 April 2022 : Basic Cryptography
CONTENTS • Malware Definition • Types of Malware • How Malware Spreads? • Signs of Malware Infection • Prevent Malware Infection • Malware Analysis • Malware Detection Techniques • Safe Lab Environment for Malware Analysis • Malware Sources • Case Study
MALWARE DEFINITION • Short for malicious software. • Software used or created > • disrupt computer operation • gather sensitive information (bank / credit card numbers, etc) • gain access to private computer systems.
TYPES OF MALWARE • Viruses • Program/piece of code >loaded onto victim computer> without their knowledge & runs against their wishes. • Can replicate themselves • Worms • self-replicating computer program • Does not need to attach itself to a software program in order to cause damage.
TYPES OF MALWARE • Trojans • A type of malware that downloads onto a computer > disguised as a legitimate program. • Often used to capture your logins & passwords. • Ransomware • malware that employs encryption to hold a victim's information at ransom • Often spread through phishing emails that contain malicious attachments or through drive-by downloading • Bots or Botnets • The term “botnet” is formed from the word’s “robot” & “network • Botnets are networks of hijacked computer devices used to carry out various scams & cyberattacks. • Adware • Short for advertising-supported software • A type of malware that automatically delivers advertisements
TYPES OF MALWARE • Spyware • Defined as malicious software designed to enter your computer device, gather data, & forward it to a third-party without your consent. • Rootkit • A set of programs that allow a hacker to maintain access to a computer after cracking it & that prevent the hacker being detected. • Fileless malware • a type of malicious software that uses legitimate programs to infect a computer. • It does not rely on files & leaves no footprint, making it challenging to detect & remove. • Malvertising • Malicious advertising • Criminally controlled advertisements within Internet connected programs > usually web browsers > intentionally harm people & businesses with assorted malware, potentially unwanted programs & assorted scams.
HOW MALWARE SPREADS ? Websites Emails Removable Media Pirated Software Social Network
SIGNS OF MALWARE INFECTION Unfamiliar apps 07 06 02 03 08 01 04 05 Sudden performance drops Frequent crashes & freezing Deleted or corrupted files Lots of pop-up ads Browser redirects Your contacts receiving strange messages from you See a ransom note
PREVENT MALWARE INFECTION 10 Use firewall, anti- malware, anti- ransomware, & anti- exploit technology. 01 Update your operating system, browsers, & plugins 02 Enable click-to- play plugins 03 Remove software you don’t use (especially legacy programs 04 Read emails with an eagle eye. 05 Do not call fake tech support numbers 06 Do not believe the cold callers 07 Use strong passwords &/or password managers 08 Make sure you’re on a secure connection 09 Log out of websites after you’re done Protect vulnerabilities Social engineering Practice safe browsing Layer security
MALWARE ANALYSIS The study of malware's behavior To understand the working of malware, how to detect & eliminate it Involves analyzing the suspect binary in a safe environment to identify its characteristics & functionalities
To determine the attacker's intention & motive 5. 4. 1. 2. 3. WHY MALWARE ANALYSIS? To extract host-based indicators such as filenames, & registry keys, etc To identify the network indicators associated with the malware To determine the nature & purpose of the malware. To gain an understanding of how the system was compromised & its impact
MALWARE DETECTION TECHNIQUES Factors Static Analysis Dynamic Analysis Hybrid Analysis Time required Less More More Input Binary files, scripting language file, etc Memory snapshots, runtime API data Data obtained from both analysis Code obfuscation Yes No No Resource Consumption (Power & Memory) Less More More Effectiveness & Accuracy Lower than dynamic analysis Medium High, more accurate (combining both analyses) Target Code Execution Not possible Possible Possible Advantages Low cost & requires less time for analysis Provides deep analysis & higher detection rate Extracts features of static & dynamic analysis both, provide more accurate results Limitations Limited signature database More time & power consumption High cost
SCANNING THE SUSPECT BINARY WITH VIRUSTOTAL • Popular web-based malware scanning service. • It allows users • upload a file > scanned with various anti-virus scanners & results are presented in real time on the web page. • VirusTotal web interface provides the ability to search their database using hash, URL, domain, or IP address
DYNAMIC ANALYSIS STEPS Reverting to the clean snapshot Running the monitoring/dynamic analysis tools Executing the malware specimen Stopping the monitoring tools Analyzing the results
SAFE LAB ENVIRONMENT FOR MALWARE ANALYSIS • Keep your virtualization software up to date. • Install a fresh copy of the operating system inside the virtual machine (VM). • Do not keep any sensitive information in the virtual machine. • Consider using host-only network configuration mode for restrict malware to reach Internet. • Do not connect any removable media that might later be used on the physical machines. • Recommended to choose a base operating system such as Linux or macOS X for host machine instead of Windows.
MALWARE SOURCES
5 CYBER THREAT TRENDS 2022 01 02 03 04 05 Technology Supply Chain Attacks Account Takeovers Lower Barrier to Entry for Cyber Criminals Out-of-Hours Attacks New Approaches to Ransomware
CASE STUDY 1: Technology Supply Chain Attacks Real-World Case Study: Log4Shell attack stopped by Autonomous Response • December 2021> discovered an Internet-facing server that had been compromised via the Log4Shell vulnerability. • The server connected to anomalous external IP for C2 & malware delivery, using HTTP over port 88 – which was highly unusual for that device, its peer group, & the organization as a whole. • This targeted response meant that the server could continue functioning as normal – but all the highly anomalous actions were interrupted in real time. • Attackers can embed malicious software throughout supply chains through proprietary source code, developer repositories or open-source libraries > traditional security tools struggle to identify them • An effective response to supply chain attacks requires technology that can identify subtle deviations in activity that point to an emerging compromise, without relying on pre-defined rules & binary ‘block’ or ‘allow’ response mechanisms. Figure 1: Antigena responds, blocking connections to the malicious IP address
CASE STUDY 2: Account Takeovers • Attackers continue to capitalize on organizations’ widespread adoption of cloud applications such as Microsoft Teams, SharePoint & Zoom. • Account credentials can be obtained via brute forcing methods, phishing attacks, exchanges on the Dark Web, or by exploiting password reuse between personal & corporate accounts Figure 2: Antigena Email detects anomalous emails from the compromised account. The red hold icon indicates that these were held back from the recipient. Real-World Case Study: Business Email Compromise leads to fraudulent payment request. • The attacker then logged into their account & sent out over 30 emails to the employee’s colleagues, repeating the approach & hoping to gain new victims. • They also sent a request to the accounts department to pay an overdue invoice for $78,000 – copying a legitimate invoice but changing the bank details.
CASE STUDY 3: Out-of-Hours Attacks • Increase in attacks striking at nights, weekends & holidays, with 76% of ransomware attacks conducted outside of normal business hours Figure 3: Darktrace detects encryption from the infected device & takes action with Autonomous Response. Real-World Case Study: Autonomous Response stops an REvil July 4th Attack • In 2021 > US prepared holiday weekend > July 4th- the ransomware group REvil leveraged a vulnerability in Kaseya software to attack over 1,500 companies
• The barrier to entry for cyber- crime is at an all-time low. There are now numerous tutorials, affiliate schemes, & Ransomware as a Service (RaaS) models that allow unskilled attackers to access & deploy sophisticated tools & methods. CASE STUDY 4: Lower Barrier to Entry for Cyber Criminals Real-World Case Study: AI neutralizes Hafnium copycat attacks • In 2021, the advanced cyber espionage group Hafnium used a ProxyLogon vulnerability to target Microsoft Exchange Servers. • After being publicly disclosed, however, the vulnerability was rapidly exploited by numerous other threat actors. • This new wave of attacks came from amateur attackers for whom Threat Intelligence did not yet exist, & so these ‘copycat’ intrusions regularly circumvented rule & signature-based security solutions Figure 4: Autonomous Response takes action in one of Darktrace’s customer environments, neutralizing a Hafnium copycat attack
CASE STUDY 5: New Approaches to Ransomware • Ransomware attacks expand beyond encryption • Smaller businesses make easier targets • Fighting Ransomware with Autonomous Response Figure 5: Cyber AI Analyst identifies a device attempting to spread a malicious payload using SMBv1 Real-World Case Study: Autonomous Response Stops Advanced Ransomware • Darktrace was deployed in a pre-infected public sector organization, where it soon detected malicious lateral movement indicative of a Trickbot attack. • The malware spread to 280 devices, 160 of which began to download disguised executable files likely containing Ryuk ransomware. • Autonomous Response was initially being trialed in active mode, but at this stage, the organization switched it to autonomous mode to help contain the attack.
Malware

Recommandé

WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Security
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attackvikram vashisth
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 

Recommandé

WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Security
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attackvikram vashisth
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsIBM Security
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquescsandit
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
Malware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxMalware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxalishapatidar2021
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 

Contenu connexe

Tendances

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsIBM Security
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquescsandit
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 

Tendances (20)

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
 
Taxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniquesTaxonomy mobile malware threats and detection techniques
Taxonomy mobile malware threats and detection techniques
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 

Similaire à Malware

Malware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxMalware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxalishapatidar2021
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimenidhidgowda185
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfANUSREEASHOK5
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
 
Anti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsAnti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsUltraUploader
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Attack on computer
Attack on computerAttack on computer
Attack on computerRabail khan
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 

Similaire à Malware (20)

Malware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxMalware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptx
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crime
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Cyber Security.pdf
Cyber Security.pdfCyber Security.pdf
Cyber Security.pdf
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
Anti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsAnti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documents
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Attack on computer
Attack on computerAttack on computer
Attack on computer
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 

Plus de Setiya Nugroho

Modul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdfModul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdfSetiya Nugroho
 
Modul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdfModul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdfSetiya Nugroho
 
Web-based culinary tourism recommendation system
Web-based culinary tourism recommendation systemWeb-based culinary tourism recommendation system
Web-based culinary tourism recommendation systemSetiya Nugroho
 
Network Automation.pdf
Network Automation.pdfNetwork Automation.pdf
Network Automation.pdfSetiya Nugroho
 
RPS 2022-Pemrograman Web 2.pdf
RPS 2022-Pemrograman Web 2.pdfRPS 2022-Pemrograman Web 2.pdf
RPS 2022-Pemrograman Web 2.pdfSetiya Nugroho
 
3. Basic Pentesting 1 Walkthrough.pdf
3. Basic Pentesting 1 Walkthrough.pdf3. Basic Pentesting 1 Walkthrough.pdf
3. Basic Pentesting 1 Walkthrough.pdfSetiya Nugroho
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
case study1 web defacement answer.pdf
case study1 web defacement answer.pdfcase study1 web defacement answer.pdf
case study1 web defacement answer.pdfSetiya Nugroho
 
Modul 05 Framework CodeIgniter.pdf
Modul 05 Framework CodeIgniter.pdfModul 05 Framework CodeIgniter.pdf
Modul 05 Framework CodeIgniter.pdfSetiya Nugroho
 
Modul 4 Web Programming HTML Form & Hyperlink.pdf
Modul 4 Web Programming HTML Form & Hyperlink.pdfModul 4 Web Programming HTML Form & Hyperlink.pdf
Modul 4 Web Programming HTML Form & Hyperlink.pdfSetiya Nugroho
 

Plus de Setiya Nugroho (13)

Modul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdfModul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdf
 
Modul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdfModul 02 CRUD CI 3.pdf
Modul 02 CRUD CI 3.pdf
 
Web-based culinary tourism recommendation system
Web-based culinary tourism recommendation systemWeb-based culinary tourism recommendation system
Web-based culinary tourism recommendation system
 
Network Automation.pdf
Network Automation.pdfNetwork Automation.pdf
Network Automation.pdf
 
RPS 2022-Pemrograman Web 2.pdf
RPS 2022-Pemrograman Web 2.pdfRPS 2022-Pemrograman Web 2.pdf
RPS 2022-Pemrograman Web 2.pdf
 
10. Data Security.pdf
10. Data Security.pdf10. Data Security.pdf
10. Data Security.pdf
 
3. Basic Pentesting 1 Walkthrough.pdf
3. Basic Pentesting 1 Walkthrough.pdf3. Basic Pentesting 1 Walkthrough.pdf
3. Basic Pentesting 1 Walkthrough.pdf
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
 
Web Programming Form
Web Programming FormWeb Programming Form
Web Programming Form
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
case study1 web defacement answer.pdf
case study1 web defacement answer.pdfcase study1 web defacement answer.pdf
case study1 web defacement answer.pdf
 
Modul 05 Framework CodeIgniter.pdf
Modul 05 Framework CodeIgniter.pdfModul 05 Framework CodeIgniter.pdf
Modul 05 Framework CodeIgniter.pdf
 
Modul 4 Web Programming HTML Form & Hyperlink.pdf
Modul 4 Web Programming HTML Form & Hyperlink.pdfModul 4 Web Programming HTML Form & Hyperlink.pdf
Modul 4 Web Programming HTML Form & Hyperlink.pdf
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Malware

  • 1. WEEK4: MALWARE Assoc. Prof. Ts. Dr. Madihah Mohd Saudi Faculty of Science & Technology, USIM
  • 2. Lecture : 24 & 31 March,7 &14 April • Pertemuan ke-4 : Kamis, 24 Maret 2022 : Malware • Pertemuan ke-5 : Kamis, 31 Maret 2022 : Mobile Device Security • Pertemuan ke-6 : Kamis, 07 April 2022 : Access Control Fundamentals Pertemuan ke-7 : Kamis, 14 April 2022 : Basic Cryptography
  • 3. CONTENTS • Malware Definition • Types of Malware • How Malware Spreads? • Signs of Malware Infection • Prevent Malware Infection • Malware Analysis • Malware Detection Techniques • Safe Lab Environment for Malware Analysis • Malware Sources • Case Study
  • 4. MALWARE DEFINITION • Short for malicious software. • Software used or created > • disrupt computer operation • gather sensitive information (bank / credit card numbers, etc) • gain access to private computer systems.
  • 5. TYPES OF MALWARE • Viruses • Program/piece of code >loaded onto victim computer> without their knowledge & runs against their wishes. • Can replicate themselves • Worms • self-replicating computer program • Does not need to attach itself to a software program in order to cause damage.
  • 6. TYPES OF MALWARE • Trojans • A type of malware that downloads onto a computer > disguised as a legitimate program. • Often used to capture your logins & passwords. • Ransomware • malware that employs encryption to hold a victim's information at ransom • Often spread through phishing emails that contain malicious attachments or through drive-by downloading • Bots or Botnets • The term “botnet” is formed from the word’s “robot” & “network • Botnets are networks of hijacked computer devices used to carry out various scams & cyberattacks. • Adware • Short for advertising-supported software • A type of malware that automatically delivers advertisements
  • 7. TYPES OF MALWARE • Spyware • Defined as malicious software designed to enter your computer device, gather data, & forward it to a third-party without your consent. • Rootkit • A set of programs that allow a hacker to maintain access to a computer after cracking it & that prevent the hacker being detected. • Fileless malware • a type of malicious software that uses legitimate programs to infect a computer. • It does not rely on files & leaves no footprint, making it challenging to detect & remove. • Malvertising • Malicious advertising • Criminally controlled advertisements within Internet connected programs > usually web browsers > intentionally harm people & businesses with assorted malware, potentially unwanted programs & assorted scams.
  • 9. SIGNS OF MALWARE INFECTION Unfamiliar apps 07 06 02 03 08 01 04 05 Sudden performance drops Frequent crashes & freezing Deleted or corrupted files Lots of pop-up ads Browser redirects Your contacts receiving strange messages from you See a ransom note
  • 10. PREVENT MALWARE INFECTION 10 Use firewall, anti- malware, anti- ransomware, & anti- exploit technology. 01 Update your operating system, browsers, & plugins 02 Enable click-to- play plugins 03 Remove software you don’t use (especially legacy programs 04 Read emails with an eagle eye. 05 Do not call fake tech support numbers 06 Do not believe the cold callers 07 Use strong passwords &/or password managers 08 Make sure you’re on a secure connection 09 Log out of websites after you’re done Protect vulnerabilities Social engineering Practice safe browsing Layer security
  • 11. MALWARE ANALYSIS The study of malware's behavior To understand the working of malware, how to detect & eliminate it Involves analyzing the suspect binary in a safe environment to identify its characteristics & functionalities
  • 12. To determine the attacker's intention & motive 5. 4. 1. 2. 3. WHY MALWARE ANALYSIS? To extract host-based indicators such as filenames, & registry keys, etc To identify the network indicators associated with the malware To determine the nature & purpose of the malware. To gain an understanding of how the system was compromised & its impact
  • 13. MALWARE DETECTION TECHNIQUES Factors Static Analysis Dynamic Analysis Hybrid Analysis Time required Less More More Input Binary files, scripting language file, etc Memory snapshots, runtime API data Data obtained from both analysis Code obfuscation Yes No No Resource Consumption (Power & Memory) Less More More Effectiveness & Accuracy Lower than dynamic analysis Medium High, more accurate (combining both analyses) Target Code Execution Not possible Possible Possible Advantages Low cost & requires less time for analysis Provides deep analysis & higher detection rate Extracts features of static & dynamic analysis both, provide more accurate results Limitations Limited signature database More time & power consumption High cost
  • 14. SCANNING THE SUSPECT BINARY WITH VIRUSTOTAL • Popular web-based malware scanning service. • It allows users • upload a file > scanned with various anti-virus scanners & results are presented in real time on the web page. • VirusTotal web interface provides the ability to search their database using hash, URL, domain, or IP address
  • 15. DYNAMIC ANALYSIS STEPS Reverting to the clean snapshot Running the monitoring/dynamic analysis tools Executing the malware specimen Stopping the monitoring tools Analyzing the results
  • 16. SAFE LAB ENVIRONMENT FOR MALWARE ANALYSIS • Keep your virtualization software up to date. • Install a fresh copy of the operating system inside the virtual machine (VM). • Do not keep any sensitive information in the virtual machine. • Consider using host-only network configuration mode for restrict malware to reach Internet. • Do not connect any removable media that might later be used on the physical machines. • Recommended to choose a base operating system such as Linux or macOS X for host machine instead of Windows.
  • 18. 5 CYBER THREAT TRENDS 2022 01 02 03 04 05 Technology Supply Chain Attacks Account Takeovers Lower Barrier to Entry for Cyber Criminals Out-of-Hours Attacks New Approaches to Ransomware
  • 19. CASE STUDY 1: Technology Supply Chain Attacks Real-World Case Study: Log4Shell attack stopped by Autonomous Response • December 2021> discovered an Internet-facing server that had been compromised via the Log4Shell vulnerability. • The server connected to anomalous external IP for C2 & malware delivery, using HTTP over port 88 – which was highly unusual for that device, its peer group, & the organization as a whole. • This targeted response meant that the server could continue functioning as normal – but all the highly anomalous actions were interrupted in real time. • Attackers can embed malicious software throughout supply chains through proprietary source code, developer repositories or open-source libraries > traditional security tools struggle to identify them • An effective response to supply chain attacks requires technology that can identify subtle deviations in activity that point to an emerging compromise, without relying on pre-defined rules & binary ‘block’ or ‘allow’ response mechanisms. Figure 1: Antigena responds, blocking connections to the malicious IP address
  • 20. CASE STUDY 2: Account Takeovers • Attackers continue to capitalize on organizations’ widespread adoption of cloud applications such as Microsoft Teams, SharePoint & Zoom. • Account credentials can be obtained via brute forcing methods, phishing attacks, exchanges on the Dark Web, or by exploiting password reuse between personal & corporate accounts Figure 2: Antigena Email detects anomalous emails from the compromised account. The red hold icon indicates that these were held back from the recipient. Real-World Case Study: Business Email Compromise leads to fraudulent payment request. • The attacker then logged into their account & sent out over 30 emails to the employee’s colleagues, repeating the approach & hoping to gain new victims. • They also sent a request to the accounts department to pay an overdue invoice for $78,000 – copying a legitimate invoice but changing the bank details.
  • 21. CASE STUDY 3: Out-of-Hours Attacks • Increase in attacks striking at nights, weekends & holidays, with 76% of ransomware attacks conducted outside of normal business hours Figure 3: Darktrace detects encryption from the infected device & takes action with Autonomous Response. Real-World Case Study: Autonomous Response stops an REvil July 4th Attack • In 2021 > US prepared holiday weekend > July 4th- the ransomware group REvil leveraged a vulnerability in Kaseya software to attack over 1,500 companies
  • 22. • The barrier to entry for cyber- crime is at an all-time low. There are now numerous tutorials, affiliate schemes, & Ransomware as a Service (RaaS) models that allow unskilled attackers to access & deploy sophisticated tools & methods. CASE STUDY 4: Lower Barrier to Entry for Cyber Criminals Real-World Case Study: AI neutralizes Hafnium copycat attacks • In 2021, the advanced cyber espionage group Hafnium used a ProxyLogon vulnerability to target Microsoft Exchange Servers. • After being publicly disclosed, however, the vulnerability was rapidly exploited by numerous other threat actors. • This new wave of attacks came from amateur attackers for whom Threat Intelligence did not yet exist, & so these ‘copycat’ intrusions regularly circumvented rule & signature-based security solutions Figure 4: Autonomous Response takes action in one of Darktrace’s customer environments, neutralizing a Hafnium copycat attack
  • 23. CASE STUDY 5: New Approaches to Ransomware • Ransomware attacks expand beyond encryption • Smaller businesses make easier targets • Fighting Ransomware with Autonomous Response Figure 5: Cyber AI Analyst identifies a device attempting to spread a malicious payload using SMBv1 Real-World Case Study: Autonomous Response Stops Advanced Ransomware • Darktrace was deployed in a pre-infected public sector organization, where it soon detected malicious lateral movement indicative of a Trickbot attack. • The malware spread to 280 devices, 160 of which began to download disguised executable files likely containing Ryuk ransomware. • Autonomous Response was initially being trialed in active mode, but at this stage, the organization switched it to autonomous mode to help contain the attack.