Presentatie Kaspersky over Malware trends en statistieken, 26062015

NEW MOTIVES, NEW THREATS:HOW TO PROTECT YOURSELF FROM TARGETED ATTACKS

Jornt v.d. Wiel

Global Research and Analysis Team

2 The evolving threat landscape

THE SCALE OF THE THREAT

1NEW VIRUS EVERY HOUR

1994

1NEW VIRUS EVERY MINUTE

2006

1NEW VIRUS EVERY SECOND

2011

325,000NEW SAMPLES EVERY DAY

2014


0.1%

9.9%

90%

THE NATURE OF THE THREAT

Traditional cybercrime

Targeted threats to organisations

Cyber-weapons


HOW MALWARE SPREADS

Exploit kits

Email

Social networks

USB


Exploit kits

Social networks

WEB-BASED THREATS

Exploit kits Social networks

Kaspersky Lab discovered almost 1.4 billion web attacks in 2014

38 attacks per second

3.8 million attacks per day

159.000 attacks per hour

2.663 attacks

per minute

ATTACKS IN 2014

6 The Evolving Threat Landscape

INFECTION: WHERE & WHAT


ADVANCED PERSISTENT THREATS (APT)

Facts

Classification

Detection Time

Active Since

Gauss

Espionageprogram

July2012

Aug / Sep2011

• Sophisticated toolkit for cyber-espionage

• Implemented by creators of the Flame platform

• Modules perform a variety of functions

Flame

Espionageprogram

May2012

2007

• Complex set of operations

• Downloads extra modules to victim computers

• 20 extension modules detected

• Sophisticated toolkit

Duqu

Espionageprogram

September2011

2010

• Destroys all traces of activity

• Core module never detected

• No modifications discovered since Feb 2012

miniFlame

Espionageprogram

October 2012

October 2012

• Miniature fully-fledged spyware module

• Used for highly targeted attacks against select victims

• Stand-alone malware or as a plug-in for Flame

Wiper

Destroyer

NeverDetected

April 2012

• Destroyed dozens of database and computer systems

• Majority of targets were organisations in Iran’s oil industry

• Malware still unknown to this day


CYBER-WEAPONS: NUMBER OF VICTIMS

OVER 100K

OVER 300K

2,500

10K

700

5-6K

20

50-60

10-20

50-60

Stuxnet Gauss Flame Duqu miniFlame

Known number of incidents Additional number of incidents (approximate)

300K

100K

10K

1K

50

20

Source: Kaspersky Lab


ENERGETIC BEAR – CROUCHING YETI

Recent APTTargets: Educational (32); Research(14); IT(10);

Geography: 99 different countries

Interesting facts: No 0-days used, slightly modified metasploit exploits used

How does it work?Three different infection methods

Spear-phishing

Trojanized software installers

Watering hole attacks

Upon infection 4 different backdoors + additional tools are installed

June 2014 2010

Classification: Detection time: Active since:

Espionage program

10 The evolving threat landscapePAGE 10 | Source: Kaspersky Lab

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec0

2000

4000

6000

8000

10000

12000

14000

16000

18000

20000

MOBILE MALWARE

2014 Growth


WHY TARGET MOBILE DEVICES?

Mobile devices contain a lot of ‘interesting’ things:

incoming and outgoing SMS messages

workemails

business contacts

personal photos

GPS coordinates

online banking credentials

various installed apps

calendar


MOBILE MALWARE: TARGETED PLATFORMS

Mostly Android!

98.05%

Android

1.55%

0.27%0.13%

Others

Symbian

J2ME


FUTURE IT THREATS

CYBERWEAPONSwill be tailor-made for specific cases. Cyber criminals will increasingly use simpler tools to destroy data at a required time

MULTIPLE ATTACKSON GOVERNMENTinstitutions and businesses will be carried out all over the world. ‘Hacktivism’ may also be used to conceal other types of attacks

MALWAREwill be uploaded to official app stores. Mobile espionage will become widespread including stealing data from mobile phones and tracking people using their phones

ATTACKS ON ONLINE BANKING SYSTEMSwill become one of the most widespread methods of stealing money from users

THE NUMBER OF TARGETED ATTACKSwill continue to grow. Cybercriminals will start using new infection methods. The range of targeted businesses under threat will expand

CYBERCRIMINALSwill write mobile malware increasingly attacking Google Android


MINIMISING YOUR RISK OF INFECTION

A GReAT tip: Raise Awareness

Cybercriminals are increasingly using public data to launch targeted attacks against businesses. Tell your colleagues about the risks associated with sharing personal and business information online.



A GReAT tip: Keep your software up to date

Prevention is better than the cure. Often malware does not use 0-days but known vulnerabilities. Keeping your software up to date mitigates the attack vector considerably. This holds especially for:• Operating System• PDF reader• MS Office• Java• Browser• Flash



A GReAT tip: Apply whitelisting

Having a pre-defined list of benign applications prevents malware from executing applications on your system.



A GReAT tip: Choose good and different passwords

Passwords up to 8 characters can be easily cracked. Therefore passwords of more than 16 characters are recommended.Also, choosing an unique password for each account is advised. In case one account gets compromised, your other accounts are still safe. A password manager can help you with this.


AND IN THE CASE THAT IT GOES WRONG….

A GReAT tip: Create backups

Backups are always good. If you get infected with, for example, ransomware, then you haven’t lost all of your files. You can backup to the version prior to your infection and you are safe again. Backups are also great for data loss (e.g. due to failing hardware).

THANK YOU