DDoS Attack Threats | Zeus Crimeware Kit Threat Advisory | Akamai Presentation

Published on January 2017 | Categories: Documents | Downloads: 64 | Comments: 0 | Views: 254
of 10
Download PDF   Embed   Report

Comments

Content


The Zeus Crimeware Kit – An Insidious
Threat
Highlights from a Prolexic DDoS Threat Advisory
©2014 AKAMAI | FASTER FORWARD
TM
What is Zeus?
• Zeus is the most used and most effective crimeware kit
ever observed by the Internet security community
• First appeared in late 2007, primarily used to steal
banking credentials from infected computers
• Focus has recently shifted to infecting and controlling
zombie computers, with the ability to inject executable
payloads and bot malware into infected computers

©2014 AKAMAI | FASTER FORWARD
TM
Why is Zeus So Dangerous?
• Requires extremely little skill for attackers to use – setting
it up and generating a payload is accomplished with a
simple GUI
• Can be combined with other attack tools that are used as
Zeus payloads
• Has a very high level of control over infected computers
• Can exfiltrate large quantities of information, up to and
including screenshots and passwords

©2014 AKAMAI | FASTER FORWARD
TM
Why is Zeus so Dangerous (continued)
• Zeus payloads are extremely stealthy – infected hosts
may never realize they’ve been zombified
• Uses a number of powerful techniques to evade detection
• Hidden files
• Obfuscated content
• Disables firewalls directly
• Distributed, random communication
• Antivirus detection rate is estimated at only 39 percent

©2014 AKAMAI | FASTER FORWARD
TM
Zeus Commands: What Zeus Can Do

©2014 AKAMAI | FASTER FORWARD
TM
Cloud Services at Risk
• Lately, the Zeus framework has targeted Software-as-a-
Service (SaaS) and Platform-as-a-Service (PaaS)
infrastructures
• SaaS/PaaS instances allow attackers to exploit the
extensive bandwidth and processing power of cloud
vendors
• PLXSert has observed well-known cloud-services vendor
IPs among the sources of many DDoS attacks

©2014 AKAMAI | FASTER FORWARD
TM
The Webinjects Configuration
• Webinjects is an
insidious Zeus
capability used to
attack specific cloud
services
• Zeus can inject custom
code into websites and
apps as the browser
displays them
• Tricks users into
providing personal
information or sensitive
credentials

©2014 AKAMAI | FASTER FORWARD
TM
What You Can Do to Mitigate This Threat
• Zeus is mainly a client-based vector, spread by tricking
users into running programs that infest their computer.
• Organizational security policies and user education are
crucial
• Learn how to prevent, detect, and remove Zeus infections
• Write Snort rules for Zeus traffic
• Further details on detection and mitigation are available in
the full threat advisory

©2014 AKAMAI | FASTER FORWARD
TM
Threat Advisory: Zeus Crimeware Framework
• Download the threat advisory, Zeus Crimeware Kit
• The threat advisory includes mitigation details for
enterprises, such as:
• Origins and variations
• How the kit works
• Indicators of infestation
• The process of infection
• Remote command execution
• A lab simulation showing its power and threat
• Recommended mitigation

©2014 AKAMAI | FASTER FORWARD
TM
About Prolexic (now part of Akamai)
• We have successfully stopped DDoS attacks for more
than a decade
• Our global DDoS mitigation network and 24/7 security
operations center (SOC) can stop even the largest
attacks that exceed the capabilities of other DDoS
mitigation service providers

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close