CS 5323 Malware Prof Ravi Sandhu Executive Director

CS 5323 Malware Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 11 ravi. utsa@gmail. com www. profsandhu. com © Ravi Sandhu World-Leading Research with Real-World Impact! 1

Industry Reports Ø Ø Ø Ø Ø Symantec Internet Security Threat Report AT&T Cybersecurity Insights Report Cisco Annual Security Report Dell Security Annual Threat Report Google Android Security Annual Report IBM X-Force Cyber Security Intelligence Index Report Mc. Afee Labs Threat Predictions Report Verizon Data Breach Investigation Report …… © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Symantec Internet Security Threat Report 2016 (for 2015) Ø A new zero-day vulnerability was discovered on average each week (total 54) v Doubled from 2014 Ø Over half a billion personal records were stolen or lost v Companies choosing not to report the number of records lost increased by 85 percent Ø Major security vulnerabilities in 75% of popular websites v 15% of legitimate websites have critical vulnerabilities Ø Spear-phishing targeting employees increased 55% v 43% of all attacks targeted at small businesses Ø Ransomware increased 35% v moved beyond PCs to smart phones, Mac, and Linux systems Ø Symantec blocked 100 million fake tech support scams v first reported in 2010 © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Symantec Internet Security Threat Report 2016 (for 2015) Ø Big numbers v Pages 8 and 9 of report © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Malware Modern Crimeware Classic Malware Trojan Horse (1971) Logic Bomb Virus (1985) Worm © Ravi Sandhu Adware Spyware Ransomware Rootkit Exploit Zero-Day Keylogger Drive by World-Leading Research with Real-World Impact! Phishing Spam DDOS Botnet 5

Malware Trigger Delivery Self. Planted Inadvertent Propagating By Attacker By User Local Condition Target External Command Damage Host External Exfiltrate Virus Worm © Ravi Sandhu World-Leading Research with Real-World Impact! 6