docInternet Security Threat in Malaysia
download 
Report Transcription
Internet Security Threat in Malaysia
Ministry of Science, Technology & Innovation Internet Security Threat in Malaysia Bengkel Pembudayaan Pengukuhan Keselamatan ICT Kota Kinabalu, Sabah 12/10/2010 Adnan bin Mohd Shukor (GPEN, SANS/GIAC Advisory Board) [email protected] Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia Background Adnan Mohd Shukor – [email protected] Intrusion Analyst at MyCERT, CyberSecurity Malaysia. Currently involved with Cyber Early Warnings. Education background comprises of Degree in Information Technology, majoring in Security Technology from Multimedia University in 2008. A GPEN (GIAC Penetration Tester) certified and member of the SANS Advisory Board since December 2009 Has been involved in the computer security field for over 4 years and his current area of focus and interest is in web security technologies and client side security. Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 2 Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 3 Cyber Early Warning Technical and Global Coordination Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 4 Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 5 MyCERT’s Vision: ‘To reduce the probability of successful attack & lower the risk of consequential damage’ MyCERT’s Mission: ‘To address the computer security concerns of local Internet users’ Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 6 Cyber Early Warning Research Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 7 Cyber Early Warning Malware Research LebahNet Advisory and Alerts Emerging Threats Threats Visualization Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 8 Technical and Global Coordination Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 9 Technical Co-ordination National Cooperation Cyber Security Experts ISPs gcert Regulators MCMC Law Enforcement, Authorities Vendors Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 10 Technical Coordination Centre Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 11 International Collaboration European Government CSIRTs Group (EGC) Organizatio n of American States (OAS) CERT Forum of Incident Response Teams MyCERT is an SC member European Network and Information Security Agency (ENISA) Pakistan Qatar Pakistan Egypt Oman Saudi Bangladesh Tunisia Bahrain “OIC CYBER EMERGENCY RESPONSE TEAM” Malaysia Brunei UAE Organization of Islamic Countries Computer Emergency Response Teams Morocco Indonesia Jordan Nigeria Turkey Securing Our Cyberspace Syria Kuwait Home OIC-CERT Task Force Member Copyright © 2010 CyberSecurity Malaysia 12 Current Trend and Threats Overview Phishing Malware Botnet Web Hacking Client Side Attack Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 13 What threat is this? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 14 Phishing Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 15 Phishing Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication [source: wikipedia] Still works today Targeting favourite banks in Malaysia / international Uses long URL that masquerading the original website Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 16 Phishing Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 17 Phishing Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 18 Phishing Does it really works? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 19 Phishing Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 20 Prevention Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 21 Phishing : Prevention Do not respond to e-mails requesting for your personal information Do not open attachments or download files Do not click on links provided in e-mails. Firefox user might install DontPhishMe https://addons.mozilla.org/firefox/addon/142878/ Report to MyCERT by forwarding the email to [email protected] Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 22 DontPhishMe in Action Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 23 23 DontPhishMe in Action Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 24 24 Demo Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 25 What threat is this? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 26 Malware Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 27 Malware A computer program created with malicious intents. It performs malicious tasks: Stealing your identity Key logging Disrupt system Damage data Attack other computers Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 28 Malware We can get infected by malware from almost everywhere: Web (drive by download, web exploitation, flash) Fake antivirus Email (email attachment, links) Files (pdf, doc, jpeg, etc.etc [file exploitation]) Video/Mp3 (fake codec, file exploitation) Portable hardisk Errr..your USB storage? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 29 Malware Unpatched systems or systems with vulnerable applications will easily become target to malware. Malicious software includes Trojan horse Virus Worms Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 30 Malware: What MyCERT Observed? MyCERT have been collected more than 26113 unique samples (based on MD5 hash). Most of it are positive with detection from antivirus software. Using honeypot concept (low interaction) for collecting malware. Most likely coming from host which infected by sort of malware. Malware is normally distributed by IRC, FTP and HTTP Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 31 Malware: What MyCERT Observed? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 32 Malware: Scenario (Conficker) Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 33 Malware : Conficker : What MyCERT Observed? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 34 Malware : Conficker : What MyCERT Observed? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 35 Malware : Conficker : What MyCERT Observed? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 36 Malware : Conficker : What MyCERT Observed? Top Country Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 37 Malware : Conficker : What MyCERT Observed? Top .my Domain Requested Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 38 Botnet Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 39 Botnet Botnet is collection of compromised computers (called Zombie computers) running software, usually installed via worms, Trojan horses, or backdoors, under a common command-andcontrol infrastructure. Use to perform DDoS, Automated hacking, Spamming, etc..etc.. Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 40 Botnet : Scenario 1. Botnet operator sends out viruses or worms • infect ordinary users [trojan application is the bot] 2. The bot on the infected PC logs into an IRC server • Server is known as the command-and-control server 3. Spammer gets access to botnet from operator 4. Spammer sends instructions to the infected PCs 5. Infected PCs send out spam messages Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 41 Botnet : DDoS Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 42 Prevention Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 43 Malware : Prevention Patch.. Patch.. Patch.. and Patch (update) your OS & Applications Make sure Antivirus installed and up-to-date Stay away from illegal/questionable sites Be careful with mail attachments! Be careful with ‘autorun’ thumbdrive Report to MyCERT : [email protected] Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 44 Demo Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 45 Web Hacking Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 46 What threat is this? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 47 Remote File Inclusion + Steganography Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 48 Statistics The following graph shows the breakdown of domains defaced in Q4 2009. Out of the 362 websites defaced in Q4 2009, 70% of them are those with a com and com.my extensions.Defacers generally target web applications that are prone to SQL injection or sites that are not secured. Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 49 Statistics Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 50 Web Hacking Most Common methods: Remote File Inclusion (RFI) SQL Injection Remote Code Execution Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 51 Web Defacement Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 52 Web Defacement Tracker Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 53 Web Defacement Tracker Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 54 Prevention Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 55 Web Hacking : Prevention Patch.. Patch.. Patch.. and Patch (OS & Applications) Secure coding practice Secure configurations 3rd party applications (GreenSQL, PHP-IDS) Log analysis (time to time) Report to MyCERT : [email protected] Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 56 Demo Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 57 What’s now/next? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 58 Client Side Attack Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 59 Client Side Attack Target vulnerabilities in client applications that interact with a malicious server or process malicious data. Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 60 Client Side Attack Common Target Browser (IE, Firefox, Chrome, Safari) PDF Reader (Adobe Acrobat, Foxit) Flash Player Multimedia Plugin (Java, Quicktime, ActiveX) Microsoft Office Apps (Excel, PowerPoint) Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 61 Client Side Attack Used in ‘Targeted Attack’ o Scenario: Receive file with attachment from boss Normally used current propaganda to conduct social engineering: o o o o o US Presidential Election Tibetan Movement Pharmacy spam Swine Flu .. OR MAYBE .. Laporan Kewangan Bengkel Pembudayaan Pengukuhan Keselamatan ICT Negeri Sabah ?? Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 62 Client Side Attack : Acrobat Reader (1) Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 63 Client Side Attack : Acrobat Reader (2) Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 64 Prevention Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 65 Client Side Attack : Prevention Patch.. Patch.. Patch.. and Patch (OS & Applications) Make sure Antivirus installed and up-to-date Be careful with mail attachments and URL! Stay away from questionable sites Use extra protection :) (Firewall, F-Secure Exploit Shield, Google Safe Browsing API) Subscribe to MyCERT Advisory http://www.mycert.org.my/en/feed http://www.twitter.com/mycert Report to MyCERT : [email protected] Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 66 Demo Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 67 Conclusion Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 68 BIG Problem Security is OUR Responsibility Small Issues Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 69 Q&A THANK YOU [email protected] [email protected] [email protected] Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 70 Our Websites and emails for http://www.cybersecurity.my Corporate website http://www.mycert.org.my for http://www.esecurity.org.my for Technical website Awareness Portal http://cnii.cybersecurity.my [email protected] for → [email protected] → for general inquiries for incidence reporting Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia 71 Our Corporate Website: Securing Our Cyberspace Securing Our Cyberspace Copyright © 2010 CyberSecurity Malaysia Copyright © 2008 CyberSecurity Malaysia 72