• Like
Threat Lands
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Published

Bangsar South City Knowledge Clinics - Online Security & Data Protection on 30 June 2011

Bangsar South City Knowledge Clinics - Online Security & Data Protection on 30 June 2011

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
440
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • F-Secure Labs Helsinki, Finland
  • F-Secure Labs Kuala Lumpur, Malaysia
  • Virus Eras. Email is no longer the most common way of getting infected, web is. And web infections do not come via vulnerabilities in Windows or in the browser, they come through plugins like Flash And Adobe Reader, which are very common and always out-of-date as Microsoft Update won't patch them. In the future, more of the attacks are done via Social Networks. Your facebook account gets Phished and then the bad boys send status updates to your friends, posing as you. "Check out this cool link!" etc
  • Siemens PLC 1787 unit.
  • Still shot from a youtube video showing a test scada attack destroying an engine. Video on youtube, search for: scada aurora cnn engine

Transcript

  • 1. THREAT LANDS
    Presented by Goh, Su Gim
    Security Advisor, Asia
    F-Secure Response Labs
  • 2. About me
    10 years in the IT Security industry
    IT network security infrastructure design
    Assessment and penetration testing
    Standards and Compliance
    Security Operation Center / Incident Response
    Born and Raised in Malaysia
    Spent 12 years in Hawaii, USA
    Joined F-Secure about 9 months ago, now based in F-Secure Response Labs, Kuala Lumpur
    04 July, 2011
    2
  • 3. Agenda
    About F-Secure
    The Threat Landscape today
    Social Media Networking
    More than just $$
    The un-tethered world
    Malware for the mobile world
  • 4. 4 July, 2011
  • 5.
  • 6. © F-Secure / Public
    04 April, 2011
    6
  • 7. 1988
    Founded
    1999
    IPO (Helsinki Stock Exchange)
    Today
    “Protecting the irreplaceable”
    Enabling the safe use of computers and smartphones
    Strong solution portfolio covering both consumers and business
    The leading Software as a Service (SaaS) partner for operators globally
    Over 200 operator partnerships in more than 40 countries
    Strong market presence in Europe, North America and Asia
    Distributors/resellers in more than 100 countries
    20 offices globally and over 800 professionals worldwide
    F-Secure - Summary
    2007
  • 8. F-Secure in Malaysia
    04 July, 2011
    8
    Operations started 2006
    KL Sentral office opened 2006
    Moved to Bangsar South May 2009
    Today, 2011, 25% of the employees in Asia
    2005
    2006
    2007
    2008
    2009
    2011
  • 9. The Virus Eras
    © F-Secure / Public
    04 July, 2011
    9
    FLOPPY 
    LAN 
    EMAIL 
    WEB 
    FACEBOOK, MYSPACE, TWITTER, LINKEDIN?
    MOBILE MALWARE???
  • 10. http://campaigns.f-secure.com/brain/index.html
    © F-Secure / Public
    04 July, 2011
    10
  • 11. Malware Attacks 1986 - 2011
    1986 - Hobbyist attacks
    2002 - Financial attacks
    2005 - Spying / Espionage
    2010 - Cyber Sabotage
    © F-Secure Corporation
    April 28, 2010
    11
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. © F-Secure / Public
    04 July, 2011
    17
  • 18. © F-Secure / Public
    04 July, 2011
    18
  • 19. Hmm.. Is that my ex-girlfriend viewing my profile?
    © F-Secure / Public
    04 July, 2011
    19
  • 20. © F-Secure / Public
    04 July, 2011
    20
  • 21. © F-Secure / Public
    04 July, 2011
    21
  • 22. FB’s FAQ
    © F-Secure / Public
    04 July, 2011
    22
  • 23. LIKE JACKING
    © F-Secure / Public
    04 July, 2011
    23
  • 24. © F-Secure / Public
    04 July, 2011
    24
  • 25. © F-Secure / Public
    04 July, 2011
    25
  • 26. © F-Secure / Public
    04 July, 2011
    26
  • 27. Critical Infrastructure
  • 28.
  • 29.
  • 30.
  • 31. Stuxnet
  • 32.
  • 33. STUXNET
    Uses 5
    Vulnerabilities*
    Windows
    Worm
    Spreads via USB sticks
    * 4 zero-days
  • 34. Signedcomponent – thestolencertificate
  • 35. Stuxnetisbig
    Stuxnet
    1,5 MB
    AverageMalware
    50-100 KB
  • 36. Siemens Simatic Step7 WinCC PLC
  • 37. 6es7-417
  • 38.
  • 39. Bushehr  / Natanz
  • 40. CASE: hosting.ua – the Ukrainian Datacenter
    © F-Secure / Public
    04 July, 2011
    40
  • 41.
  • 42. Spring cleaning gone bad…
    © F-Secure / Public
    04 July, 2011
    42
  • 43.
  • 44.
  • 45. UNTETHERED
    © F-Secure / Public
    04 July, 2011
    45
  • 46. The big brother aka 大哥大
    04 July, 2011
    46
  • 47. The battlefield today..
    04 July, 2011
    47
  • 48. The ever growing Smartphone…
    04 July, 2011
    48
    “Smartphones to break 100 million shipment mark in Asia/Pacific (Excluding Japan) by 2011” - IDC
    “IDC expects 137 million units in 2011, double the units in 2010”
    “53% of Chinese citizens in key urban centres own a smartphone, well ahead of countries like the US, where penetration stands at around 30%, and Japan, on 10%” Consultancy Accenture
  • 49. Smartphone market share: Today and Tomorrow
    04 July, 2011
    49
  • 50. Android overtakes BlackBerry as Top US Smartphone platform
    04 July, 2011
    50
  • 51. WHAT CAN MOBILE MALWARE DO???
    PERSONAL DATA DISCLOSURE
    PHISHING
    SPYWARE
    DIALERWARE
    FINANCIAL MALWARE
    04 July, 2011
    51
  • 52. Huike.cn serving Windows Mobile apps
    04 July, 2011
    52
  • 53. 3D Anti-Terrorist
    04 July, 2011
    53
  • 54. Windows Mobile Trojan
    Poses as 3D Anti-Terrorist Action War Game
    Developed by Beijing Huike Technology in China
    Distributed in windows freeware download sites
    Packaged with virus written in Russia
    Malicious code initiate silently international calls to Premium Numbers
    04 July, 2011
    54
  • 55. A Dialerware example
    04 July, 2011
    55
  • 56. Dialerware continued..
    04 July, 2011
    56
  • 57. The numbers
    +882346077 Antarctica
    +17675033611 Dominican republic
    +88213213214 EMSAT satellite prefix
    +25240221601 Somalia
    +2392283261 São Tomé and Príncipe
    +881842011123 Globalstar satellite prefix
  • 58. www.keyzone-telemedia.com
    04 July, 2011
    58
  • 59. www.premium-rates.com
    04 July, 2011
    59
  • 60.
  • 61. Geinimi, Aka 給你米
    Android BOT
    Opens a backdoor and calls home
    Calls home to various servers:
    04 July, 2011
    61
    www.frijd.comwww.aiucr.com
    www.uisoa.comwww.islpast.comwww.piajesj.comwww.qoewsl.com
    www.weolir.comwww.riusdu.comwww.widifu.comwww.udaore.com
  • 62. The Variants… HongTouTou紅頭頭 / ADRD
    Targeting users in China
    Distributed on free file sharing websites as wallpaper apps
    Gather IMEI/IMSI - encrypted
    Search as a mobile user
    Emulate clicks as a mobile user
    Monitor SMS conversations
    04 July, 2011
    62
  • 63. Do Androids Dream? [THE MOTHER OF THEM ALL]
    Root your phone (Admin access)
    Sends IMEI/IMSI to remote server
    Steals sensitive data
    More than 50 applications infected
    Repackaged by app developer by
    Myournet
    Kingmail2010
    we20090202
    Hosted on Android Market
    50,000 to 200,000 downloads in 4 days
    04 July, 2011
    63
    DroidDream
  • 64. Trojanised apps by Myournet
    04 July, 2011
    64
    Falling Down
    Super Guitar Solo
    Super History Eraser
    Photo Editor
    Super Ringtone Maker
    Super Sex Positions
    Hot Sexy Videos
    Chess
    下坠滚球_Falldown
    Hilton Sex Sound
    Screaming Sexy Japanese Girls
    Falling Ball Dodge
    Scientific Calculator
    Dice Roller
    躲避弹球
    Advanced Currency Converter
    App Uninstaller
    几何战机_PewPew
    Funny Paint
    Spider Man
    蜘蛛侠
  • 65. Real App on left and virused-up version (Myournet)
    04 July, 2011
    65
  • 66. In case of emergency, press this:
    04 July, 2011
    66
    The KILL SWITCH
  • 67. On March 1st 2011, Google yanked 58 apps in Android Market
    March 6th, Google created the Android Market Security Tool to REMOTELY remove the malicious apps and the DroidDreamtrojan from hundreds of thousands of devices
    Gives me a mixed feeling…
    04 July, 2011
    67
    The Google KILL SWITCH
  • 68. 04 July, 2011
    68
    And so it was nice and dandy...
    Fake Google Security
    Patch
    4 days later..
    • Hijacked and retooled Google’s Android Market Security Tool
    • 69. Distributed by an unregulated Chinese app market
    • 70. Detected by Symantec as BgServicerunning on infected devices
    • 71. Trojan sends SMS to a command and control server
  • Multiple Sources for App Downloading “SIDELOADING”
    © F-Secure / Confidential
    04 July, 2011
    69
  • 72. Yingyonghui.com
    © F-Secure Confidential
    04 July, 2011
    70
  • 73. © F-Secure Confidential
    04 July, 2011
    71
  • 74. “SIDELOADING” : Androiddownloadz.com
    04 July, 2011
    72
  • 75. 04 July, 2011
    73
    Eventually, virus writerswill realize it's easier to makemoney by infecting phonesthan by infecting computers
  • 76. So how do I protect myself?
    04 July, 2011
    74
  • 77. (1) TRUSTED & REPUTABLE SOURCES
    Download from reputable app markets
    Avoid third party app stores (Sideloading)
    Review developer name, reviews and star ratings
    If it is too good to be true.. IT IS
    There is NO FREE LUNCH
    04 July, 2011
    75
  • 78. (2) Scrutinize permissions
    Check on permissions when installing an app
    Ensure the permissions match the features it provides
    04 July, 2011
    76
  • 79. (3) Auto-locking, reset and wipe (Housekeeping)
    Automatic locking after a few minutes of no activity
    Reset and wipe when disposing or recycling your phone
    04 July, 2011
    77
  • 80. (4) Install a mobile security app
    Install an Anti-virus for your SmartPhone against trojans/viruses/malware
    Other security vendor features (Anti Theft) include
    Remote Wipe, Lock & Alarm
    Remote Alarm
    GPS Locator
    Remote backup
    04 July, 2011
    78
  • 81. Keeping yourself posted…
    www.f-secure.com/weblog
    Twitter
    F-Secure
    mikkohypponen
    sugimgoh
    04 July, 2011
    79
  • 82. THE END
    Q&A?
    04 July, 2011
    80