Upload
slbdiensten
View
63
Download
1
Tags:
Embed Size (px)
Citation preview
NEW MOTIVES, NEW THREATS:HOW TO PROTECT YOURSELF FROM TARGETED ATTACKS
Jornt v.d. Wiel
Global Research and Analysis Team
2 The evolving threat landscape
THE SCALE OF THE THREAT
1NEW VIRUS EVERY HOUR
1994
1NEW VIRUS EVERY MINUTE
2006
1NEW VIRUS EVERY SECOND
2011
325,000NEW SAMPLES EVERY DAY
2014
3 The evolving threat landscape
0.1%
9.9%
90%
THE NATURE OF THE THREAT
Traditional cybercrime
Targeted threats to organisations
Cyber-weapons
4 The evolving threat landscape
HOW MALWARE SPREADS
Exploit kits
Social networks
USB
5 The evolving threat landscape
Exploit kits
Social networks
WEB-BASED THREATS
Exploit kits Social networks
Kaspersky Lab discovered almost 1.4 billion web attacks in 2014
38 attacks per second
3.8 million attacks per day
159.000 attacks per hour
2.663 attacks
per minute
ATTACKS IN 2014
6 The Evolving Threat Landscape
INFECTION: WHERE & WHAT
7 The evolving threat landscape
ADVANCED PERSISTENT THREATS (APT)
Facts
Classification
Detection Time
Active Since
Gauss
Espionageprogram
July2012
Aug / Sep2011
• Sophisticated toolkit for cyber-espionage
• Implemented by creators of the Flame platform
• Modules perform a variety of functions
Flame
Espionageprogram
May2012
2007
• Complex set of operations
• Downloads extra modules to victim computers
• 20 extension modules detected
• Sophisticated toolkit
Duqu
Espionageprogram
September2011
2010
• Destroys all traces of activity
• Core module never detected
• No modifications discovered since Feb 2012
miniFlame
Espionageprogram
October 2012
October 2012
• Miniature fully-fledged spyware module
• Used for highly targeted attacks against select victims
• Stand-alone malware or as a plug-in for Flame
Wiper
Destroyer
NeverDetected
April 2012
• Destroyed dozens of database and computer systems
• Majority of targets were organisations in Iran’s oil industry
• Malware still unknown to this day
8 The evolving threat landscape
CYBER-WEAPONS: NUMBER OF VICTIMS
OVER 100K
OVER 300K
2,500
10K
700
5-6K
20
50-60
10-20
50-60
Stuxnet Gauss Flame Duqu miniFlame
Known number of incidents Additional number of incidents (approximate)
300K
100K
10K
1K
50
20
Source: Kaspersky Lab
9 The evolving threat landscape
ENERGETIC BEAR – CROUCHING YETI
Recent APTTargets: Educational (32); Research(14); IT(10);
Geography: 99 different countries
Interesting facts: No 0-days used, slightly modified metasploit exploits used
How does it work?Three different infection methods
Spear-phishing
Trojanized software installers
Watering hole attacks
Upon infection 4 different backdoors + additional tools are installed
June 2014 2010
Classification: Detection time: Active since:
Espionage program
10 The evolving threat landscapePAGE 10 | Source: Kaspersky Lab
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec0
2000
4000
6000
8000
10000
12000
14000
16000
18000
20000
MOBILE MALWARE
2014 Growth
11 The evolving threat landscape
WHY TARGET MOBILE DEVICES?
Mobile devices contain a lot of ‘interesting’ things:
incoming and outgoing SMS messages
workemails
business contacts
personal photos
GPS coordinates
online banking credentials
various installed apps
calendar
12 The evolving threat landscape
MOBILE MALWARE: TARGETED PLATFORMS
Mostly Android!
98.05%
Android
1.55%
0.27%0.13%
Others
Symbian
J2ME
13 The evolving threat landscape
FUTURE IT THREATS
CYBERWEAPONSwill be tailor-made for specific cases. Cyber criminals will increasingly use simpler tools to destroy data at a required time
MULTIPLE ATTACKSON GOVERNMENTinstitutions and businesses will be carried out all over the world. ‘Hacktivism’ may also be used to conceal other types of attacks
MALWAREwill be uploaded to official app stores. Mobile espionage will become widespread including stealing data from mobile phones and tracking people using their phones
ATTACKS ON ONLINE BANKING SYSTEMSwill become one of the most widespread methods of stealing money from users
THE NUMBER OF TARGETED ATTACKSwill continue to grow. Cybercriminals will start using new infection methods. The range of targeted businesses under threat will expand
CYBERCRIMINALSwill write mobile malware increasingly attacking Google Android
14 The evolving threat landscape
MINIMISING YOUR RISK OF INFECTION
A GReAT tip: Raise Awareness
Cybercriminals are increasingly using public data to launch targeted attacks against businesses. Tell your colleagues about the risks associated with sharing personal and business information online.
15 The evolving threat landscape
MINIMISING YOUR RISK OF INFECTION
A GReAT tip: Keep your software up to date
Prevention is better than the cure. Often malware does not use 0-days but known vulnerabilities. Keeping your software up to date mitigates the attack vector considerably. This holds especially for:• Operating System• PDF reader• MS Office• Java• Browser• Flash
16 The evolving threat landscape
MINIMISING YOUR RISK OF INFECTION
A GReAT tip: Apply whitelisting
Having a pre-defined list of benign applications prevents malware from executing applications on your system.
17 The evolving threat landscape
MINIMISING YOUR RISK OF INFECTION
A GReAT tip: Choose good and different passwords
Passwords up to 8 characters can be easily cracked. Therefore passwords of more than 16 characters are recommended.Also, choosing an unique password for each account is advised. In case one account gets compromised, your other accounts are still safe. A password manager can help you with this.
18 The evolving threat landscape
AND IN THE CASE THAT IT GOES WRONG….
A GReAT tip: Create backups
Backups are always good. If you get infected with, for example, ransomware, then you haven’t lost all of your files. You can backup to the version prior to your infection and you are safe again. Backups are also great for data loss (e.g. due to failing hardware).
THANK YOU