Taking Down the World's Largest Botnets: An Inside Look at Grum

Attackers have defenders on their heels and it’s because they are effectively exploiting security gaps – and this isn’t only limited to advanced attacks. Even when common threat techniques are used, traditional defenses still miss too much – as demonstrated by the continued success of industrialized attacks.

Intelligence needs to inform response. We need a new threat protection platform that provides the insight to stop today’s threats in an integrated manner across the enterprise. Matching insight with action requires coordination and integration of the security infrastructure to address the attack lifecycle. However, in recent EMA research, “poor integration” stands out as one of the greatest frustrations with today’s market of security technologies.

Join Scott Crawford, EMA Managing Research Director, and Phil Lin, FireEye Director of Product Marketing, to learn how your organization can achieve:

- Better security intelligence: More insight can be useful but to deliver true value, it must enable effective action. Where is intelligence making a difference?

- Better security response: Intelligence-driven response will become the hallmark of tomorrow’s security technologies. How is this trend emerging today?

- Better integration of defense: How will successful, integrated measures overcome the silos of legacy defenses that have kept attackers in business for far too long?

During the course of 2012, FireEye monitored hundreds of thousands of infected enterprise hosts, intercepting millions of callbacks. By capturing details of both advanced and more generic malware attacks and monitoring callback activity, a great deal can be learned about an attacker’s intentions, interests and geographic location. This talk will detail:
- How does malware typically operate?
- Why do traditional defenses fail to stop advanced attacks?
- Which verticals and countries are prime targets?
- What are typical attacker tools, such as RATs, used in malware attacks?
- What strategies do leading enterprises use to mitigate the threat of malware?

In this webinar, Jason Steer will go through the new breed of cyber attacks, such as advanced malware and Advanced Persistent Threats (APTs). He will look at how these threats manage to easily bypass traditional security defences such as firewalls, IPS, AV and gateways, and what today’s enterprise organisations can do to stop them.

Today’s cybercriminals and threat actors continue to innovate and utilize sophisticated malware exploits to bypass traditional security defenses, infiltrate networks, and steal sensitive data. In fact, over 95 percent of companies are already compromised due to advanced targeted attacks, and most don’t even know it. FireEye delivers a complete security platform that provides integrated, multi-vector protection utilizing stateful attack analysis to stop all stages of an advanced attack. The FireEye Malware Protection System features the Virtual Execution (VX) engine that provides state-of-the-art, signature-less analysis using patented, proprietary virtual machines, and provides a 360-degree, stage-by-stage analysis of an advanced attack, from exploitation to data exfiltration. In this session we will demonstrate FireEye’s game-changing technology and threat intelligence to help you prevent advanced attacks from penetrating your defenses, as well as spreading into file shares and establishing long-term footholds in your network.

Spear phishing continues to be highly effective and quickly becoming the "new normal". This talk will review recent IT security reports that show how and why spear phishing attacks are so successful as well as tips to secure against next-generation spear phishing threats.

Threat actors use spear phishing to exploit your network and trigger an attack which can lead to catastrophic financial, operations, and reputation risks. Discover how to keep your network secure — by learning more about today's spear phishing attacks and how you can close the security gap that sophisticated attackers are exploiting. This session will discuss real-time techniques to analyze and quarantine spear phishing attacks with great accuracy.

Key topics include:

- The growing popularity of spear phishing tactics
- How advanced cyber attacks are triggered and staged
- A real-world example of spear phishing that lead to an advanced cyber attack
- Real-time techniques to help you mitigate the threat of spear phishing

Next-generation threats are aggressively targeting sensitive data, from high value M&A information to consumer PII. And, the increasing regulations around consumer and transaction data makes it more critical than ever to safeguard both the confidentiality as well as the integrity of the information.

Due to the sophistication of malware as well as the explosion in the number and types of malware variants, traditional defenses like next-generation firewalls, IPS, antivirus, and gateways have been rendered ineffective. Also, with the many 3rd parties accessing your network, like auditors, consultants, and subsidiary organizations, it is increasingly difficult to maintain a secure network.

This webcast explores the rising costs of targeted attacks and how you can protect against sophisticated malware.

Learn more about:
• Dynamic defenses to stop targeted attacks
• How to block data exfiltration attempts over multiple protocols
• Integrating inbound and outbound filtering to stop spear phishing

Botnets are controlled by sophisticated cybercriminals. Grum, the world's third-largest botnet, included a network of hundreds of thousands of infected computers perpetrating cybercrime and online fraud, impacting consumers and organizations worldwide.

Hear directly from a FireEye malware expert who led the effort to take down Grum, including:

• Distinct strategies for botnet takedowns
• Evolution of Grum
• Role of the research community in finding Grum master CnC servers
• A blow-by-blow account of how the criminals tried to salvage Grum and what's next

Learn how botnets operate and how research and technology from FireEye played a key role in dismantling four of the world's largest botnets since 2008, including Grum, Rustock, Ozdok/Mega-D, and Srizbi.

Cyber security remains the #1 priority for IT security executives and practitioners in 2012 for good reason. With cyber-attacks on federal government systems and civilian networks increasing at an alarming rate, the threat posed is only heightened by vulnerabilities in networks that support critical operations and infrastructure. In fact, on a weekly basis, over 95% of organizations have at least 10 malicious infections bypass existing security to penetrate their networks.
In a recent congressional hearing, a former FBI cyber security specialist stated: "I believe most major companies have already been breached or will be breached, resulting in substantial losses in information, economic competitiveness and national security. Many are breached and have absolutely no knowledge that an adversary was or remains resident on their network, often times for weeks, months or even years."
Organizations need real time, dynamic protection from today’s most dangerous threats designed to bypass traditional security defenses. Attend this webcast to learn:
•The new techniques and tactics that make these next-generation attacks successful in the absence of a true defense-in-depth security architecture
•Why conventional security defenses are no match for today’s sophisticated and coordinated attacks
•How to detect and stop Web and email-based attacks that exploit zero-day vulnerabilities—when they first appear on your network
•Key criteria when investigating next-generation threat protection