Your SlideShare is downloading. ×
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN

151
views

Published on

Презентация доклада директора по продажам компании McAfee, Алекса де Граафа. …

Презентация доклада директора по продажам компании McAfee, Алекса де Граафа.
Доклад проходил на конференции McAfee&Intel DAY 15 октября в Киеве.

Published in: Technology, News & Politics

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
151
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Modern Threats Landscape & GTI Alex de Graaf Director, Pre-Sales McAfee, Emerging Markets EMEA
  • 2. Q2-2013 Key Trends • The Dark Seoul attack against banks and media companies in South Korea • Backdoor Trojans and banking malware were the most popular mobile threats this quarter • Ransomware, which holds a computer hostage until the victim pays to free it, is getting worse. • Spam levels are bouncing back 2
  • 3. Q2-2013 Key Trend: The Dark Seoul Attack • The forensic data indicates that Dark Seoul was actually just the latest attack to emerge from a malware development project that has been named Operation Troy. • McAfee Labs investigation into the Dark Seoul incident uncovered a longterm attempt at domestic spying, based on code that originated in 2009, against military targets in South Korea. • McAfee Labs research learned that the Dark Seoul attack was preceded by years of attempted cyberespionage. • For details, read the McAfee Labs report “Dissecting Operation Troy: Cyberespionage in South Korea”. 3
  • 4. Q2-2013 Key Trend: Backdoor Trojans and Banking Malware • Backdoor” Trojans, which steal data without the victim’s knowledge, and malware that goes after banking login information have made up the largest portion of all new mobile malware families. • Halfway through 2013 McAfee Labs already collected almost as many mobile malware samples as in all of 2012. • In Q2 2013 we added more than 17,000 Android samples to our database. • Malware shows no sign of changing its steady growth, which has risen steeply during the last three quarters. At the end of this quarter we now have more than 147 million samples in our malware “zoo.” 4
  • 5. Q2-2013 Key Trend: Ransomware is getting worse! • Ransomware has become an increasing problem during the last several quarters, and the situation continues to worsen. • The number of new, unique samples this quarter is greater than 320,000, more than twice as many as last quarter. • During the past two quarters we have catalogued more ransomware than in all previous periods combined. • Reason for ransomware’s growth: • It’s a very efficient means for criminals to earn money because they use various anonymous payment services. This method of cash collection is superior to that used by fake AV products, for example, which must process credit card orders for the fake software. • An underground ecosystem is already in place to help with services such as pay-perinstall on computers that are infected by other malware, such as Citadel, and easy-touse crime packs are available in the underground market. These advantages mean that the problem of ransomware will not disappear anytime soon. 5
  • 6. Q2-2013 Key Trend: Spam levels are bouncing back • This quarter volume reached 2 trillion messages in April, the highest figure we’ve seen since 2010. • We continue to report on the variety of spam subjects and botnet prevalence in selected countries around the world. • Examining results by country, our statistics show marked differences from quarter to quarter. Ukraine and Belarus are the most dramatic examples; each had an increase of greater than 200 percent this period. 6
  • 7. Interested in the latest threats? http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2013.pdf
  • 8. Malware Tsunami McAfee Labs discovers over 100,000 samples every day 2000 2001 2002 2003 2004 2005 2006 2011 2013 McAfee Confidential—Internal Use Only
  • 9. Explosion of IP Devices 95% are unprotected 1 BILLION DEVICES 50 BILLION CONNECTED DEVICES McAfee Confidential—Internal Use Only
  • 10. Malware Tsunami (100.000 Threats) * (50 Billion Devices)= X 2000 2001 2002 2003 2004 2005 2006 2013 McAfee Confidential—Internal Use Only
  • 11. Rethink Security—a New Paradigm THE CONCEPT OF SIGNATURES IS BROKEN AMOUNT OF SAMPLES PER DAY AND TIME TO PROTECTION ZERO-DAY EXPLOITS KERNEL BASED ATTACKS 1997 2007 2013 (YTD) 50,000 known Threat Samples 450,000 known Threat Samples 147 million known Threat Samples 30 days to cross the office Minutes around the Globe THE NEW NATURE OF ATTACKS The future? Seconds around the Globe Milliseconds??? McAfee Confidential—Internal Use Only
  • 12. What it Takes to Make Your Organization Safe GLOBAL THREAT INTELLIGENCE THREAT REPUTATION Network Activity Affiliations Geo-location Application Domain Data Activity Ports/Protocol IP Address Web Reputation URL Web Activity Network IPS Firewall 300M IPS attacks/mo. 300M IPS attacks/mo. File Reputation DNS Server Sender Reputation Mail Activity Email Address Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed 2B botnet C&C IP reputation queries/mo. 20B message reputation queries/mo. 2.5B malware reputation queries/mo. 300M IPS attacks/mo. Geo location feeds McAfee Confidential—Internal Use Only
  • 13. What it Takes to Make Your Organization Safe GLOBAL THREAT INTELLIGENCE THREAT REPUTATION 10–30% Detection Improvement Average 5.3 Day Reduction in Time to Protection Protection will rely on the cloud increasingly in the future GTI can be used for both new detections and false alarm avoidance Network IPS Firewall 300M IPS attacks/mo. 300M IPS attacks/mo. Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed 2B botnet C&C IP reputation queries/mo. 20B message reputation queries/mo. 2.5B malware reputation queries/mo. 300M IPS attacks/mo. Geo location feeds McAfee Confidential—Internal Use Only