DDoS Attack Threats | Zeus Crimeware Kit Threat Advisory | Akamai Presentation by Prolexic

DDoS Attack Threats | Zeus Crimeware Kit Threat Advisory | Akamai Presentation

The Zeus Crimeware Kit â&#x20AC;&#x201C; An Insidious Threat Highlights from a Prolexic DDoS Threat Advisory

What is Zeus?

•  Zeus is the most used and most effective crimeware kit ever observed by the Internet security community •  First appeared in late 2007, primarily used to steal banking credentials from infected computers •  Focus has recently shifted to infecting and controlling zombie computers, with the ability to inject executable payloads and bot malware into infected computers

Why is Zeus So Dangerous? •  Requires extremely little skill for attackers to use – setting it up and generating a payload is accomplished with a simple GUI •  Can be combined with other attack tools that are used as Zeus payloads •  Has a very high level of control over infected computers •  Can exfiltrate large quantities of information, up to and including screenshots and passwords

Why is Zeus so Dangerous (continued) •  Zeus payloads are extremely stealthy – infected hosts may never realize they’ve been zombified •  Uses a number of powerful techniques to evade detection • Hidden files • Obfuscated content • Disables firewalls directly • Distributed, random communication •  Antivirus detection rate is estimated at only 39 percent

Zeus Commands: What Zeus Can Do

Cloud Services at Risk •  Lately, the Zeus framework has targeted Software-as-aService (SaaS) and Platform-as-a-Service (PaaS) infrastructures •  SaaS/PaaS instances allow attackers to exploit the extensive bandwidth and processing power of cloud vendors •  PLXSert has observed well-known cloud-services vendor IPs among the sources of many DDoS attacks

The Webinjects Configuration •  Webinjects is an insidious Zeus capability used to attack specific cloud services •  Zeus can inject custom code into websites and apps as the browser displays them •  Tricks users into providing personal information or sensitive credentials ©2014 AKAMAI | FASTER FORWARDTM

What You Can Do to Mitigate This Threat •  Zeus is mainly a client-based vector, spread by tricking users into running programs that infest their computer. • Organizational security policies and user education are crucial •  Learn how to prevent, detect, and remove Zeus infections •  Write Snort rules for Zeus traffic •  Further details on detection and mitigation are available in the full threat advisory

Threat Advisory: Zeus Crimeware Framework •  Download the threat advisory, Zeus Crimeware Kit •  The threat advisory includes mitigation details for enterprises, such as: • Origins and variations • How the kit works • Indicators of infestation • The process of infection • Remote command execution • A lab simulation showing its power and threat • Recommended mitigation

About Prolexic (now part of Akamai)

•  We have successfully stopped DDoS attacks for more than a decade •  Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers