2017 Threat Assessment – Technical Session – 2017 March 8

 View the Webinar recorded on 2017 March 8.

Description:

A technical webinar discussing the Ransomware and other Threats that face computers in 2017.

Topics:

Current malware and security trends
Deeper look at current threats
Attacking the problem

Presenters: 1:06

  • Greg Mosher – Vice President of Product and Engineering SMB
  • Jan Sirmer – Senior Malware Analyst

Scope of the problem: 3:30

  • Cyber Security is in the news constantly… 5:14
  • 2016 was the year of ransomware (and 2017 doesn’t look any different)… 6:00
  • 2017: 300% increase in incidents from 2016
  • FBI reports ransomware cost at over $200 million in Q1 of 2016 which was almost 10 times that of all of 2015
  • Ransomware is now 3 times more common that banking trojans
  • Estimates that ransomware was a $1 billion problem in 2016
  • Ransomware’s Explosive Growth 7:46
  • Biggest impacts are on businesses and institutions… 8:30
  • Ransomware steals more than money… 10:15

How is ransomware being delivered today? 11:32

  • 800% increase phishing emails in 2016
  • 93% of phishing emails are now delivering ransomware
  • Exploit kits are still there, but effectiveness is waning some (Angler, RIG, RIG-v, Nuclear, Bizarro Sundown, RIG-E, Sundown, Neutrino-v, Magnitude
  • Microsoft Office macros for malware distribution

IoT is vulnerable, being attacked and used to attack others 15:46

(The Internet of things (IoT) is the inter-networking of physical devices (also referred to as “connected devices” and “smart devices”),

  • The Mirai bonet was behind the biggest DDoS attacks ever seen last fall.
  • Composed of many traditional IoT type devices including: Routers, Security Cameras, Printers, Digital Video Records (DVRs)
  • Avast conducted IoT research for Mobile World Congress and discovered just with the country of Spain: 17:30
    • 5.3 million vulnerable smart devices
    • 150,000 hackable webcams
    • 79,000 vulnerable smart kettle and coffee machines
    • More than 444,000 devices using the Telnet network protocol, the same type of protocol that was abused to create the Mirai botnet

Types of Malware (Jan Sirmer) (Technical) 20:20

  • Locker ransomware – Android, IOS, Windows
    • Koler
    • FBI Locker
    • Fobus – banker & ransomeware
  • Crypto ransomware
    • Locky
    • Nemucod
    • Cerber
  • Spam Campaigns

File encryption preparation (Technical) 31:39

Configuration Structure (Technical) 33:14

Origin of Authors (Technical) 34:21

File Encryption Method (Technical) 36:26

Payment method (Technical) 39:08

Necurs botnet (Over 5 million PCs) 41:14

Conclusion 42:27

AVG and Avast Antivirus 2017 (release Q1 2017) 42:25

  • 400 million users worldwide
  • Massive geographically spread sensor network for new and emerging threats
  • United States is largest country user base with over 58 million users
  • Automatically collect over 100,000 unique malware samples per day from our user base
  • The number one or two consumer security provider in Russia, France, Brazil, as well as in most of Europe and Latin America
  • Block more than 500 million malicious URLs and around 50 million phishing attacks per month

AVG and Avast Antivirus 2017 Combined release 47:33

“Better together” – the security features at the core of Avast 2017 are what protects our 400 million users against viruses and internet-based threats.

Key protection features:

  • Behavior Shield provides behavioral analysis of all programs running on the device; of all the processes, all the file system access, all registry access, all intra-process communication, etc. It “kernalizes” that with out signals that we receive from endpoints in the Cloud. By doing that, it enables us to uncover malicious behavior even if we don’t know anything about the malware family.
  • Wi-Fi inspector (49:33) is a feature that scans all the devices on a network and can pinpoint the security vulnerabilites of these devices and guide users through remediation steps.

Stay up-to-date on emerging security concerns blog.avast.com

See: 2017 Threat Assessment – Technical Session – 2017 May 10