In 2011, mass malware is still the most common source of compromise on corporate networks. Bots like Zeus, Gozi, and Clampi successfully infect devices despite organizations carefully managing disclosed vulnerabilities and subscribing to detailed analysis of the latest malware families. Existing efforts at malware prevention focus broadly on vulnerabilities and their impact yet ignore the means by which they are exploited and the motivations, opportunities and capabilities of attackers, which has allowed this problem to become worse year-after-year.
In this talk, I introduce an intelligence-driven approach to malware defense, focusing on attacker’s capabilities and methods, with data collected from the most popular crimeware packs currently deployed in-the-wild. This analysis identifies the means by which exploits are developed and selected for inclusion in crimeware packs, identifies defenses that are outside the capability of malware exploit writers to bypass, and helps attendees evaluate not just the exploitability, but the probability of a vulnerability being exploited. This study shows that, until crimeware packs substantially advance in sophistication, only a few simple defensive tactics are required to protect users from such opportunistic threats.
Dan Guido is a Security Consultant at iSEC Partners, where he specializes in incident response, application security, and penetration testing. Before joining iSEC, Dan worked for the Federal Reserve System’s incident response team where he developed and ran a threat intelligence program to report on current trends in cybercrime, threats to payment systems, and nation-state cyber espionage activities. In addition to his work at iSEC, Dan is an adjunct faculty member at NYU:Poly where he teaches a graduate computer science course in penetration testing and vulnerability analysis.