Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Alexandru Catalin Cosoi
Head of BitDefender Online Threats Lab
Contents
• Malware, spam and phishing
• Trending Menaces – Corporate Data leaks & hacks – Rogue Mobile Devices Applications – Rogue Social Networks Applications
• The anatomy of a targeted attack
• What can we do?
Malware Evolution
Phishing Attacks
Spam – not quite history
• About 12% decrease in the last 6 months on email spam • About 15% increase in the last 6 months on comment spam
– Comes from several IPs as email spam – Although the messages in a wave are semantically identical, they are
syntactical different – A spam analyst can notice the evolution from email spam to blog spam
• Growing interest in social media spam
What’s Next?
• Security companies do whatever it takes to secure their customers • OS developers are learning from their mistakes and new versions are
safer than their predecessors • (some) Users have learned what is a spam message, why they should
not open attachments in spam messages • The number of threats is continuously growing
The Master Plan
A"ack
Prepare the a"ack
Build the structure
• Create unique messages based on the vic<m’s social profile
• Convince them to disable the protec<on if necessary
• Find people and iden<fy their online iden<ty • Spread spyware that will constantly monitor their ac<vity
• Malware that infects computers and steals data or becomes part of a botnet
• Spam messages that contain infected a"achments
• Fake shops and scams which provide the necessary investment
Recent Data Leaks
Leaks
• WikiLeaks • Facebook Apps leaking access
tokens to 3’rd parties
Hacks
• Operation Aurora • LastPass • PSN • Fox.com • Epsilon • WordPress • RSA
All Eyes on Facebook
• 23% of our Facebook security app users found something malicious on their wall – 34.7% stalker apps (who viewed my profile, etc) – 16.2% game scams – 14.1% shocking images/video – 12.5% fake Facebook Features – 8.4% fake famous games versions – 5.7% free gadget offers – 4.1% other types of less popular scams – 4.3% malware
Menaces for Android Devices
• Fake Online Banking Applications • Tap Snake • FakePlayer • Geinimi • ADRD • PjApps • DroidDream
Steps of a Targeted Attack
email address • Social media accounts • Complete Name and Nicknames
• List of registered domains
LinkedIn & Social Networks • Gender • Workplace related info • List of friends and coworkers
• Field of ac<vity and interests
Aggregate data into complete social profiles • Use search engines to complement the informa<on extracted from SNS
• Use NLP techniques to parse and use data
Attacks Topology
Vic’s Online Iden<ty
Proceed automa<cally and target a single individual
Direct Profit (phishing, etc) Iden<ty theS
Proceed manually and target an en<re group
Confiden<al Data / Intellectual Property
Our online identity
Questions that need to be asked
• What is your name or nickname? • What are your interests? • Who do you work for? • Who are your friends/colleagues? • What is you job title? • Who is you manager/CEO/director? • Who are your family members? • Are you married? With whom? • Do you have any kids? What are their names? • Where do you live? Where were you born? • How much do you earn? • Where do you stay? How expensive is your house?
Hypothetical trivial example Dear Alexandru Cosoi, I'm writing to you in a time of sadness and desperation. I'm not sure if you know this, but two decades ago, your cousin, [insert random Romanian name] Cosoi moved to Nigeria. Here he managed to start a shipment business which in time managed to become quite successful. He has two sons [another random Romanian name here] Cosoi and [yet another random Romanian name here] Cosoi, which moved to UK. Your cousin is dying, bla bla bla, so we need to transfer money out of Nigeria to UK, in order to provide a decent living for his kids. We ask for your help because you are family and we wouldn't bother you if it weren't important, and also, it would be better to keep this between us. • email address • Gender • Name • location And it this doesn't work, how about a letter coming directly from my cousin's son? :)
Wrapping up
• Social engineering works. • Social engineering can be automated • We need to understand the addiction to social networks and the fact that
users will post information about themselves online • Blocking access to social networks is not a sollution • Education can work. It’s our duty to educate both users and employees
about social engineering and how their own data can turn against them.