• No results found

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

N/A
N/A
Protected

Academic year: 2021

Share "Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA"

Copied!
35
0
0

Loading.... (view fulltext now)

Full text

(1)

Prevent Malware attacks

with F5 WebSafe and

MobileSafe

Alfredo Vistola

(2)

F5 Agility 2014 2

Malware Threat Landscape – Growth and Targets

Existing malware strains are Trojans

%

79

Of malware code is logic to bypass defenses

%

50

Of Institutions learned about fraud incidents from their customers

%

82

Of real-world malware is caught by anti-virus

%

25

Data sources: Dark Reading, PandaLabs, & ISMG

PandaLabs Q1 Report

http://press.pandasecurity.com/usa/news/pandalabs

-q1-report-trojans-account-for-80-of-malware-infections-set-new-record/

(3)

F5 Agility 2014 3

Malware Threat Landscape – Phishing by Number of Attacks

Phishing Attacks by Industry

• Finance, Government, Shopping, Online Auctions, and Multiplayer Games.

United States

Amazon

Blizzard Entertainment eBay

Internal Revenue Service J.P. Morgan Chase

PayPal

Wells Fargo

United Kingdom

Barclays

HM Revenue & Customs HSBC

Lloyds TSB Natwest

Royal Bank of Scotland

Brazil Banco Bradesco Banco do Brasil Banco Itau Italy Intesa Sanpaolo Posteitaliane UniCredit Australia

ANZ (Australia and New Zealand Banking Group) Westpac Bank

McAfee Threats Report 2013

http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2013.pdf

(4)

F5 Agility 2014 4

F5’s Security Services and Solutions

EAL2+ EAL4+ (in process)

Network Firewall

One Platform

Traffic

Management ApplicationSecurity

DNS Security SSL Access Control DDoS Protection Anti-Fraud, Anti-Malware, Anti-Phishing

(5)

© F5 Networks, Inc 5

Our unique solution

Offers protection to cover the gaps with most security solutions

Device Fingerprinting • Geo-location • Brute Force Detection • Behavioral Analysis Behavioral and Click Analysis Abnormal Money Movement Analysis Site Visit Site Log In User

Navigation Transactions Transaction Execution

Customer Fraud Alerts Phishing Threats Credential Grabbing Malware Injections Automatic Transactions PII and CC Grabbing

(6)

F5 Agility 2014 6

Fraud, phishing & malware protection

Application level encryption

End-user and application transparency

24x7 SOC research, investigation & site take down

Simple deployment & supports any device

F5 Web Fraud Protection

Healthcare

Retail Bank

Device and behavioral analysis

“The knowledge that our online users are protected from fraudsters, wherever they are and at any time, enables our team to focus on developing new products and services.”

(7)
(8)

F5 Agility 2014 8

WebSafe – Clientless and Transparent Anti-Fraud Solution

Transaction Protection Security Operations Research Center Fraud Detection and

Protection

• Real-time transaction analysis for automated or human

behavior

• Transaction integrity

• Comprehensive request analysis

• 24X7 security reports and alerts • Identifies and investigates attacks

in real-time

• Researches and investigates new global fraud technology &

schemes

• Provides detailed incident reports • Optional site take-down

• Detection of targeted malware, BOTs, MITM/B, form grabbing, Zero-day, …

• Monitors and alerts when website is copied and uploaded to a spoofed domain (phishing)

• Clientless application-layer encryption of sensitive user data with session-initiated randomly rotating keys

(9)

F5 Agility 2014 9

WebSafe Implementation Options

Strategic Point of Control

Web Fraud Protection Online Customers A B C Online Customers Online Customers F5 Security Operations Center A B C Customer Scenarios

Malware Detection and Protection Anti-Phishing Transaction Analysis Account Amount Transfer Funds Network Firewall Copied Pages and Phishing Man-in-the-Browser Attacks Application Automated Transactions and Transaction integrity  Easily deployed

 Deploys with no change to applications  Leverages existing F5 resources &

knowledge

 Enables IT consolidation

 Integrated into BIG-IP GUI in 11.6

Local alert server and/or SIEM

(10)

© F5 Networks, Inc 10

Advanced Phishing Attack Detection and Prevention

Alerts upon usage of copy site on local computer

Alerts upon login and testing of phishing site Phished user names are sent to the SOC F5 SOC shuts down identified phishing websites

Identifies phishing threats early-on and stops attacks before emails are sent

Internet Web Application 1. Copy website 2. Save image to computer 3. Upload image to spoofed site 4. Test spoofed site

Alerts at all stages of

(11)

© F5 Networks, Inc 11

Generic and Targeted Malware Detection

• Analyzes browser for traces of

common malware (i.e., Zeus, citadel, Carberp, etc)

• Detects browser redressing

• Performs checks on domain and other components

With real-time analysis and a variety of checks WebSafe identifies compromised sessions, malicious scripts, phishing attacks and malware including MITM/B, BOTs, fraudulent

(12)

F5 Agility 2014 12

(13)

F5 Agility 2014 13

Malware Detection – Web Injection Examples

Targeted  malware  web injection

(14)

F5 Agility 2014 14

Malware Detection – Web Injection Examples

Targeted  malware  web injection

(15)

F5 Agility 2014 15

(16)

F5 Agility 2014 16

(17)

© F5 Networks, Inc 17

Clientless Application-Level Encryption

(18)

© F5 Networks, Inc 18

Clientless Application-Layer Encryption

WebSafe secures credentials and other valuable data submitted on web forms

• Any sensitive information can be encrypted at the message level • User credentials & information is

submitted & encrypted with public key

• Data is decrypted on BIG-IP WebSafe using the private key • Intercepted information rendered

(19)

WebSafe™

(20)

© F5 Networks, Inc 20

WebSafe : BIG-IP Integration 11.6

• Define anti-fraud profile for each domain

• Configure alert server

• Enable and disable individual detection/protection modules

o Phishing detection o Malware detection

o Application layer encryption

o Automated transaction protection Easily turn on WebSafe anti-fraud protection from BIG-IP

(21)

F5 Agility 2014 21

(22)

F5 Agility 2014 22

(23)
(24)

F5 Agility 2014 24

• Man in the middle

• DNS spoofing

• The target domain is checked against a pre-loaded list of known IPs • Certificate forging

• The target certificate is compared against a pre-loaded certificate

• Jailbreak / rooted devices

• Detection of a jailbreak and rooted device

(25)

F5 Agility 2014 25

• OS security

• Unpatched version with known vulnerabilities will raise the device risk score (sent when the app is loaded)

• App integrity

• Android - MobileSafe will check the application signature (Checksum) • IOS – this check is disabled

• Keyloggers – virtual keyboard

• Network sniffing at the OS level (before the SSL) vCrypt

(26)

F5 Agility 2014 26

MobileSafe Architecture / Data Flow

User

Data Center

BIG-IP

(message encryption) servers F5 SOC Download app Device to application communication Alerts F5 Configuration Server F5 SOC (Cloud)

(27)
(28)

© F5 Networks, Inc 28

F5 Security Operations Center

Always on the watch

24x7x365 fraud analysis team that extends your security team

Researches and investigates new global fraud technology & schemes

Detailed incident reports

Provides detailed threat analysis & incident reports

Real-time alerts activated by phone, sms and email

Optional site take-down:

(29)

© F5 Networks, Inc 29

F5 SOC: Phishing Site Take-Down Service

Always available F5 monitoring and response team

Complete attack assessment & post-partum attack report

Leverage relationships with ISPs, anti-phishing groups and key

international agencies

Malicious site take-down in minimal time

Recommendations for counter security measures

(30)

F5 Agility 2014 30

(31)

F5’s Anti-Fraud Solutions

If I can be of further assistance please contact me: [email protected]

Targeted malware, MITB, zero-days, MITM, phishing, automated

transactions…

Clientless solution, enabling 100% coverage

Protect Online User

Desktop, tablets & mobile devices

On All Devices

No software or user involvement required

Full Transparency

Alerts and customizable rules

Prevent Fraud

(32)
(33)

F5 Agility 2014 33

Demo of Clientless Application-Level Encryption

Infected PC Web application Dropzone and C&C on the server at the ISP Login Information Username + password Login Information Username + password Internet

(34)

F5 Agility 2014 34

(35)

References

Related documents

* Windows 7 battery life will vary depending on numerous factors including product model, configuration, loaded applications, features, use, wireless functionality, and power

In the following subtopics, we will discuss the current status of research and literature covering the cloud computing and Software as a Service (SaaS) model then the strategic

Butler & Concierge Service PLUS personalized in-room check-in with a cold towel & chilled champagne • Luggage unpacking & packing • Nightly pressing service •

508 double occupancy rooms and single use, 304 rooms with garden view, 134 rooms with swimming pool view, 70 rooms with ocean view, 48 interconnecting rooms and 2 for the

These rooms are air conditioned and acclimated with ceiling fans provide a nice break in the King size bed with pillow top, living room with 2 sofas, 2 bathrooms, minibar, 2 LCD 42

The first idea for the de Bruijn graph-based algorithm came from Nicolas Govert de Bruijn (1946).(de Bruijn, 1946) He designed his signature de Bruijn

ŠˆÀ^À Äì~ï"ëÍÈvjiÙ"†ÄF,Ñ ŠÀ^ÀlëfêDâlãhêDâÍÉ«]Ù(ÆiÑ ŠˆÀ^ÀvDílì,ÄëîsíMÑ

• Full-scale current over Δ temperature. Accuracy of sensing full- scale current flow including temperature effects..