spam_and_malware@MTI:~#

arie.lendra.putra

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Introduce

▪ Arie Lendra Putra

▪▪ NOC – NCSIRT ( Network and Cyber Security Incident Response Team )
▪Join Date November 2018
Prev. experience: 2004-2018 PT. Smart Telecom (Smartfren) as Packet/Data Core TAC

▪ You ?
▪ your position now in MTI

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Spam

What is a SPAM?
is internet slang that refers to
unsolicited commercial email (UCE) or
unsolicited bulk email (UBE). Some
people refer to this kind of
communication as junk email

Spam has steadily grown since 1990s;

Botnets, infected computers,
contributes 80% of spam sent.

Spammer collects email addresses from

chatrooms, customer list, newsgroups,
websites, leaked address book, hacked
computer, etc.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Spam
Top 8 Spammer
Spam Heavens
1. Brazil
2. Vietnam
3. Russia
4. India
5. China
6. South Korea

7. United States

8.Indonesia
*data based on UCE Protect July 2019

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Malware

What is a Malware?
Malicious + Software = Malware

Malware is a malicious software that

gets installed on your computer (PC,
phone, etc.) and perform unwanted
tasks.

This software specifically designed to

disrupt, damage, or gain unauthorized
access to a computer system.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Malware

What is observed
Most, if not all are financially
motivated

Most are discovered only after some

time

The ones in the news are the bigger

ones

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Malware

Types of Malware
Adware
Adware (Advertising supported + Software) is seen in pop-up ads and advertisements that are displayed, often
promoting free versions of software. Most adware is not dangerous. However, it could contain spyware which
is used to track user activity and steal private information.

Ransomware
Ransomware is a type of malware that holds a user’s computer hostage until a ransom fee is paid. It
intrudes a PC and locks the user out of the network system.

Spyware
Spyware is a form of malware that gathers information through the user’s internet connection without
their knowledge. This malicious software collects login information, financial data, monitors user
activity and more. Often it spreads by bundling itself with legitimate software.

Bots
Bot (Internet bot) is a software application that automatically performs task over the internet. Computers
infected with bot will be a part of Botnet which can be instructed by CnC server to perform malicious
task to external target without the user knowing.

Bugs
A bug refers to an error in software or hardware that causes a program to malfunction. Minor bugs can affect
a program’s behavior that may result in crashing or freezing. Sometimes bugs were implemented intentionally
by insider and became exploitable on-demand.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Malware

Types of Malware (cont.)

Rootkit
A rootkit is a type of malicious software that is downloaded each time a system boots up. It is designed to
access or take control a computer without being detected. Once installed, a rootkit been can remotely access
and steal information.

Trojan Horses
Trojan horse is a type of malware that disguises itself as a normal file or program that tricks users into
downloading malware. The most dangerous types of Trojans are the programs that claim to rid your system of
viruses but end up introducing your computer to a host of infections and other forms of malware.

Viruses
A computer virus is a lot like a human viral condition. It is capable of replicating itself and spreading to
other computers. Viruses spread to other networks by attaching themselves to files and programs.

Worms
A worm is a type of malware that replicates itself and breaks into a computers to perform malicious acts and
potentially shut the system down.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Malware

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Notable Incidents

Florida City Ransomware

In Florida, Riviera Beach paid

$600,000 and Lake City almost
$500,000 to get their data unlocked.

Wannacry

Was easily the worst ransomware

attack in history

Teslycrypt
Petya / Not Petya
Cryptolocker
Etc…

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

What is a Phishing ?
Phreak + Fishing = Phishing

Act of tricking someone into giving confidential

information (password / credit card details /
bank account, etc) on a fake web page.

Or more often tricking someone into opening

attachment in phishing email which contains
malicious of unwanted software (malware) which
can do harmful to your computer.

Nowadays deceptive spam email mostly contain spam

and/or malware.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

Types of Phishing
1.Deceptive Phishing
2.Malware based Phishing
3.Man in the Middle Phishing
4.Search Engine Phishing

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

Deceptive Phishing
Deceptive spam emails, which demands the recipient to click on certain links,
These links could be a fake websites which can collect sensitive information
(financial, login info, etc.)

Phishing itself in general usually rely on target’s interest or FUD (Fear,

Uncertainty, Doubt).

Links usually made of similar with the normal links. But with certain easily
unnoticeable different . (instead of microsoft.com they use rnicrosoft.com /
microosoft.com / etc.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

kilkbca.com Other cases

Tokopedia

Bank Mandiri

Paypal

Operation Phish Phry

Etc. (so many case on google)

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

Malware Based Phishing

Deceptive spam emails, but this time included with a malicious attachment.

Interest based. They craft the spam phishing mail so the user (based on
his/her interest) opening the malicious attachment. (i.e.: invoices, bills,
etc.)

Once attachment opened Malwares including Ransomware, Bot, Virus, Trojan,

Keylogger, etc. will infect the target computer, it may not have immediate bad
effect, but the computer is already compromised.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

The Tactics
Some Facts
More than 156 millions
phishing emails are sent
out every day.

Around 16 millions of
these emails get pass spam
email filters

Around 800 hundreds of

these emails are read and
links/attachement were
opened

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Phishing

At our door …

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Who is monitoring?

Who are they ?

Projects / Organizations who track email spammers and spam-related
activity and built a shared database for users to query or refer.

SPAMHAUS S.O.R.B.S
Spamhaus Block List (SBL) Spam and Open Relay Blocking System
Exploits Block List (XBL)
Domain Block List (DBL) SPAMRATS
Botnet Controller List (BCL) RATS-Dyna
Etc. RATS-NoPTR
RATS-Spam
UCE PROTECT RATS-Auth
L1 Blacklist
L3 Blacklist And many more …

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Effects

How are these effecting Moratel ??

1.IP Addresses Blacklist
2.IP / ASN Reputation
3.Bandwidth Exhaustion
4.Confidential Information Leaks
5.In Extreme case, Sabotage …

LESS PROFIT
© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | What to To ?

How to Protect Yourself, and your company ...

1. Always use anti-virus / anti-malware, update them regularly
2. Regular Update and Patch your Computer
3. Use Strong Password, update at least yearly, use 2-FA if available
4. Always be wary, if you see suspicious email, delete them, never click on
links within those emails and never download suspicious email
attachments
5. Be logical, if it seems to good to be true, then it probably is
6. Do not use cracked software / keygen
7. Download software from reputable sources
8. Never click on online ads. Never click on popups
9. Never install anything suspicious
10. Backup, Backup, Backup... And Backup again.
11. Never perform online transaction on unsecure sites (without HTTPS)
12. Secure your network.(Strong Wi-Fi Password, Minimizing using open Wi-Fi)

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Be Aware …

Zero Day
A zero-day exploit/malware uses a security vulnerability the same day that
vulnerability becomes known to the public or to those who created the
software.
Because there are zero days between the first attack and the
time it is discovered there is currently no available defense
or fix.

File-less Malware
Unlike attacks carried out using traditional malware, file-less malware
attacks don't entail attackers installing software on a victim's machine.
Instead, instructions are directly run into target computer’s RAM, tools
that are built-in to Windows are hijacked and used to carry out attacks.
(Windows PowerShell)

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | Enter NCSIRT

NCSIRT
Network and Cyber Security Incident Response Team

Established in 2018

Current Members:
- Deddy Harison Laoli
- Satrio Adi Nugroho
- Agung Reza
- Arie Lendra Putra

Task: Securing Moratelindo and its customer.

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | NOC - NCSIRT

SPAM & MALWARE MITIGATION

1.Blocking TCP/UDP Port 25, TCP Port 0

2.onBlocking
reports.
and notify “bad” customer, Action

3.Identify Malware CnC (Command and Control)

server and block them

4.Builds, Improves, and Introduce new tools

and skills to identify and mitigate faster

5.Building Awareness
© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | NOC - NCSIRT

SPAM & MALWARE MITIGATION

Monitoring

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | ???

ANY QUESTION ?

&
© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | ???

© 2019 | NCSIRT
 SPAM and MALWARE

[ NCSIRT] | ???

© 2019 | NCSIRT