Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. ·...
Transcript of Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. ·...
![Page 1: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/1.jpg)
Web Security Attack Trends & Case Sharing
HKCERTHKCERT
![Page 2: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/2.jpg)
Page 2
Agenda
Information Security Landscape Botnet and Malware Unnoticeable Hack??? Case Sharing How to mitigate risks
Web Security Attack Trends & Case Sharing
![Page 3: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/3.jpg)
Information Security Landscape
HKCERTHKCERT
![Page 4: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/4.jpg)
Page 4
Attacks targeting at our Vulnerabilities
Insecure Configurations– Default password or settings
– e.g. some plug-ins require particular folders be made writeable
All software have security holes– Opportunity Windows between discovery
of security hole and availability of patch
People can be cheated– “Social Engineering” techniques
– The way you gain trust from others == the way hacker gain trust from you
Systems and Applications Human
![Page 5: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/5.jpg)
Page 5
Vulnerabilities : Social Engineering
In May 2010 seminar, we were talking about…
![Page 6: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/6.jpg)
Page 6
And now…
Social Engineering trick allowed a clickjackingworm to spread quickly over Facebook– Curiosity of knowing what your online friend “likes”– Facebook users’ profiles have been updated by the
clickjacking attack– What if it is a malicious Facebook game?
Vulnerabilities : Client Side attack via Social Network Sites
http://www.sophos.com/blogs/gc/g/2010/06/14/facebook-users-clickjacked-101-hottest-women-world/
http://www.sophos.com/blogs/gc/g/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/
![Page 7: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/7.jpg)
Page 7
Major Threats
Phishing / Defacement
Malware
Malicious Code Injection / SQL Injection
Distributed Denial of Service (DDoS)
Botnet– Sending phishing & spam mail
– Launching Denial-of-Service attack
etc…
![Page 8: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/8.jpg)
Page 8
Botnet is one of the major threats
![Page 9: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/9.jpg)
Botnet and Malware
HKCERTHKCERT
![Page 10: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/10.jpg)
Page 10
Botnet & Malware
Infection through– Web browsing
– Drive-by Download
– Social Engineering Technique
Malware Propagation and Distribution– Executables
– Document Malware
– Website
– Social Network
– SEO (Search Engine Optimization)
![Page 11: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/11.jpg)
Page 11
Malware 2.0
Propagation
Forming a Botnet Manage
Update
Survive the adverse
Encryption or Obfuscation
Morphing
Uses Search Engine to evade detection
Command & Control
Malware today causes victim PC becoming part of botnet
OthersEvade Detection
http://www.usenix.org/event/leet10/tech/full_papers/Rajab.pdf
http://googleonlinesecurity.blogspot.com/2010/04/rise-of-fake-anti-virus.html
![Page 12: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/12.jpg)
Page 12
Malware Propagation Channels
Fake security software
Fake video player codecExecutables
Document Malware
Website
![Page 13: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/13.jpg)
Page 13
Malware Propagation Channels
Embedded malware in PDF or Office files
Zeus botnet served PDF malware (Apr 2010)Executables
Document Malware
Website
![Page 14: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/14.jpg)
Page 14
Malware Propagation Channels
Legitimate and trusted websites compromised
Used to redirect user to malicious websites (via injected invisible iframes)
Web admin may be incapable to detect and mitigate the risks
Executables
Document Malware
Website
http://tech.fortune.cnn.com/2010/07/04/googles-youtube-temporarily-hacked/
![Page 15: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/15.jpg)
Page 15
Mass infection of Wordpress blogs hosted by Network Solutions (Apr 2010) – Use insecure web application configurations
– Outdated version of known vulnerabilities
– Vulnerable plug-ins
Mass infection of Wordpress blogs hosted by GoDaddy (May 2010)– Outdated Wordpress version of known PHP vulnerabilities
SQL injected iframes pointing to malware site in Wall Street Journalwebsite (June 2010)
Malware Propagation via websites
http://www.computerworld.com/s/article/9175783/Network_Solutions_sites_hacked_again http://community.godaddy.com/godaddy/the-latest-information-on-compromised-sites/ http://www.scmagazineus.com/wall-street-journal-others-hit-in-mass-sql-attack/article/172153/ http://blog.scansafe.com/journal/2010/6/9/wsj-a-victim-not-the-source-of-sql-injection.html
![Page 16: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/16.jpg)
Page 16
Malware Propagation Channels
Hackers exploit Social Network Services to convince victims
Hackers use Search Engine Optimizationtechniques to escalate malicious website ranking in search results
Executables
Document Malware
Website
Soc
ial E
ngin
eerin
g &
Bla
ck H
at S
EO
![Page 17: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/17.jpg)
Unnoticeable Hack???
HKCERTHKCERT
![Page 18: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/18.jpg)
Page 18
h4ck3d? d3f4c3d?
![Page 19: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/19.jpg)
Page 19
Defacement
Keyword Search : “hacked by” site:.hk– Number of results (15 July 2010): 6,590 (Google) / 6,310 (Yahoo)
![Page 20: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/20.jpg)
Page 20
HK Forum Websites
295 millions records (Google Search results)
![Page 21: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/21.jpg)
Page 21
Target Attack
“Hacked by ring04h, just for fun” (Jan 2009)
DNS Hack (Domain: customer.discuz.net)– Used for delivering updates and security patches
– Hacked and pointed to malicious DNS server
![Page 22: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/22.jpg)
Page 22
Domain Tasting
the practice of a domain name registrant using the five-day "grace period"(the Add Grace Period or AGP) at the beginning of the registration of an ICANN-regulated second-level domain to test the marketability of the domain.
During this period, when a registration must be fully refunded by the domain name registry, a cost-benefit analysis is conducted by the registrant on the viability of deriving income from advertisements being placed on the domain's website.
![Page 23: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/23.jpg)
Page 23
Domain Tasting Phishing
![Page 24: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/24.jpg)
Page 24
Domain Tasting Phishing
![Page 25: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/25.jpg)
Page 25
Fast Flux Domains
a DNS technique often used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hostsacting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures.
multiple individual nodes within the network registering and de-registering their addresses as part of the DNS A (address) record list for a single DNS name. This combines round robin DNS with very short TTL (time to live) values to create a constantly changing list of destination addresses for that single DNS name.
Mobile IP addresses are involved (e.g. 3G network)
![Page 26: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/26.jpg)
Page 26
Hacked?
![Page 27: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/27.jpg)
Case Sharing: Blackhat SEO
HKCERTHKCERT
![Page 28: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/28.jpg)
Page 28
SEO
Search Engine Optimization (SEO)– A collection of techniques used to achieve higher ranking of a particular URL in
the search
– Optimize website to increase its relevance to specific keywords searches
Black Hat SEO / SEO poisoning– Hackers use unethical SEO techniques and add numerous fake web pages in
compromised websites to manipulate the relevance of resources indexed by search engines.
![Page 29: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/29.jpg)
Page 29
Blackhat SEO???
Google Search for Vatican directed to ‘paedophile site’ (19 July 2010)
http://hk.apple.nextmedia.com/template/apple/art_main.php?iss_id=20100719&sec_id=15335&subsec_id=15339&art_id=14254412
http://www.tallerseo.com/en/2010/07/para-google-el-vaticano-es-pedofilo-com.html
![Page 30: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/30.jpg)
Page 30
Pharma Hack
Malicious files in the WordPress plugins folder coupled with encrypted code in the WordPress database.
http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html
http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php
![Page 31: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/31.jpg)
Page 31
SEO Poisoning
“keygen” available in “.edu.hk”???
![Page 32: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/32.jpg)
Page 32
JAVASCRIPTBROWSER?
Internet ExplorerMSOfficeWeb
EXPLOIT?
DOWNLOADER
PDF CWS
EXE
DOWNLOADER DOWNLOADER
404
REQUEST
REFERER? 404
RESPONSE
SEO Poisoning- Redirection (.htaccess)
Via Search Engine
Direct Access
Redirect to Fake AV scanning site
![Page 33: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/33.jpg)
Page 33
SEO Poisoning- Redirection
Sample content of “.htaccess” files under hacker’s control
![Page 34: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/34.jpg)
Page 34
Redirection of attacks to central exploit server
Malicious servers redirect victims to the Exploit Server which serves as a central delivery
http://www.honeynet.org/papers/mws
![Page 35: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/35.jpg)
Automatic Botnet System- Gumblar
HKCERTHKCERT
![Page 36: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/36.jpg)
Page 36
Gumblar
First appeared in spring 2009
Stealing FTP credentials
Injecting malicious links in legitimate content
(HTML/PHP/JavaScript files, etc)
Uploading backdoors on compromised servers
![Page 37: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/37.jpg)
Page 37
Gumblar
html-redirectors / php-redirectors
infectorsInternet users
Page Download Download Exploit
Injec
t Cod
e
FTP Accounts
Attacked Users
Got Infected
Inject Code
Inject Code
![Page 38: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/38.jpg)
Page 38
Gumblar (Automatic botnet system)
Stealing FTP credentials
Injecting malicious links in legitimate content
Uploading backdoors on compromised servers
Attacking visitors of a website Visitors have been infected with the
Windows executables Grabs FTP credentials from the
victim machines The FTP accounts are then used to
infect every webpage on new webservers
http://www.securelist.com/en/blog/208187897/The_Gumblar_system
http://www.securelist.com/en/blog?cat=7&page=2
http://www.digitalthreat.net/2009/06/deobfuscating-gumblar/
![Page 39: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/39.jpg)
Consequence of Security Attacks
HKCERTHKCERT
![Page 40: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/40.jpg)
Page 40
Consequences of Security Exposure
Machines fall into control by hackers
Theft of Credentials Financial loss
Hacker launch local attacks to the whole network
Bandwidth and performance downgrade
Legal liability liable for hacking activity within your premise
![Page 41: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/41.jpg)
Mitigation Strategies
HKCERTHKCERT
![Page 42: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/42.jpg)
Page 42
What do we do?
Finding compromised web sites and malware hosting
International Collaboration
Cyber Drill Exercise
Proactive Discovery of Incidents
Intelligence and Research
Collecting information of hacker behaviour
Good example of ConfickerWorking Group
![Page 43: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/43.jpg)
Page 43
What do we do?
Finding compromised web sites and malware hosting
International Collaboration
Cyber Drill Exercise
Proactive Discovery of Incidents
Intelligence and Research
Collecting information of hacker behaviour
Good example of ConfickerWorking Group
Cyber Security Incident Response Drill (coming October 2010)
![Page 44: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/44.jpg)
Page 44
What can you do?
Company Service Provider
Additional measures
At firewall, block all unnecessary traffic to servers except known services
Set up security policy
Install Anti-virus and Update
Fix all security holes– Patch software and application
– Change insecure default settings
Set strong password
Scan you system periodically
![Page 45: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/45.jpg)
Page 45
Awareness Education and Training
Awareness– Understand emerging attacks
– Beware of Social Engineering
Follow Guidelines
Train your staff
Set up Incident Response Procedure
![Page 46: Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread](https://reader035.fdocuments.net/reader035/viewer/2022081602/61426fbbd9e4dc11f47f0ce6/html5/thumbnails/46.jpg)
www.hkcert.orgHotline : 81056060
Q&A