Your SlideShare is downloading. ×
Cyber threats landscape and defense
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber threats landscape and defense

1,857
views

Published on

Cyber threats landscape and defense workshop …

Cyber threats landscape and defense workshop
ISIS "C. Facchinetti" - Castellanza - Varese
Italy

Published in: Internet, Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,857
On Slideshare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
62
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cyber Threats: Landscape and Defense Ing. Andrea Garavaglia Andrea Minigozzi, CISSP – OPST ISIS “C. Facchinetti” Castellanza – VA 14 – 04 - 2014
  • 2. Cyber Threats Landscape and Defense Andrea Minigozzi is a certified CISSP and OPST Security Expert with fourteen years experience, encompassing SIEM, malware analysis, investigating security incidents, computer and network forensics, ISO 27001/NIST/COBIT audits and hardening of various devices on civil and military programs. Andrea is the owner of FantaGhost web site and develops FG-Scanner project. About US…. #whoami Andrea Minigozzi – Andrea Garavaglia Andrea Garavaglia supported for years Law Enforcement with analysis tools used to discover patterns, trends, associations and hidden networks in any number and type of data sources. He worked also with voice and ip interceptions, traffic reconstruction, forensics analisys. Actually is a Network Security Monitor lover.
  • 3. Cyber Threats Landscape and Defense A Real problem for today’s industries Andrea Minigozzi – Andrea Garavaglia
  • 4. Cyber Threats Landscape and Defense Who can become a Victim ? Andrea Minigozzi – Andrea Garavaglia Source: http://www.tietoturvapaiva.fi/uploads/Tietoturva%202012/stonesoft.pdf
  • 5. Cyber Threats Landscape and Defense From virus to Advanced Persistent Threats: the timeline 1971 Creeper 1987 Jerusalem 1982 Elk Cloner 1992 Michelangelo 2005 MyTob 2000 I love you 2001 Code Red 2004 Sasser 1999 Melissa 2007 Storm BotNet 2009 Conficker 1970 1980 1990 2000 - 2009 Source: http://blogs.csoonline.com/1421/40_years_after_the_first_computer_virus 1986 Brain Andrea Minigozzi – Andrea Garavaglia
  • 6. Cyber Threats Landscape and Defense From virus to Advanced Persistent Threats: the timeline 2010 - Today 2010 Stuxnet 2010 VBMania 2010 Kenzero 2010 SpyEye + Zeus 2011 Zero Access 2011 Duqu 2012 Flame 2012 Shamoon 2012 NGRBot 2013 CryptoLocker 2014 ................ Source: http://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms Andrea Minigozzi – Andrea Garavaglia
  • 7. Cyber Threats Landscape and Defense Terms and definitions: viruses and worms Andrea Minigozzi – Andrea Garavaglia VIRUS A program that “infects” computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected files is loaded into memory, allowing the virus to infect other files. A virus requires human involvement (usually unwitting) to propagate. WORM An independent computer program that reproduces by copying itself from one system to another across a network. Unlike computer viruses, worms do not require human involvement to propagate and exploit vulnerabilities to bypass security systems.
  • 8. Cyber Threats Landscape and Defense Terms and definitions: trojan horses and 0-day exploits TROJAN HORSE A computer program that conceals harmful code. A Trojan horse usually masquerades as a useful program that a user would wish to execute. 0-DAY EXPLOIT An exploit that takes advantage of a security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. Andrea Minigozzi – Andrea Garavaglia
  • 9. Cyber Threats Landscape and Defense Terms and definitions: malware MALWARE A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or of otherwise annoying or disrupting the victim and often violates one or more of the following fundamental principles: Consent: Malware may be installed even though the user did not knowingly ask for that to happen. Privacy-Respectfulness: Malware may violate a user's privacy, perhaps capturing user passwords or credit card information. Non-Intrusiveness: Malware may annoy users by popping up advertisements, changing web browser's home page, making systems slow or unstable and prone to crash, or interfering with already installed security software. Harmlessness: Malware may be software that hurts users (such as software that damages our system, sends spam emails, or disables security software). Respect for User Management: If the user attempts to remove the software, it may reinstall itself or otherwise override user preferences. Source: http://itlaw.wikia.com/wiki/Malware Andrea Minigozzi – Andrea Garavaglia
  • 10. Cyber Threats Landscape and Defense Malicious code spreading vectors and attack surface 1980 1990 2000 - 2014 Andrea Minigozzi – Andrea Garavaglia
  • 11. Cyber Threats Landscape and Defense New malware in the last two years Andrea Minigozzi – Cyber Threats Landscape and Defense Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
  • 12. Cyber Threats Landscape and Defense New malwares for emerging operating systems Andrea Minigozzi – Cyber Threats Landscape and Defense Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
  • 13. Cyber Threats Landscape and Defense Global Email Volume, in Trillions of messages Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf Andrea Minigozzi – Andrea Garavaglia
  • 14. Cyber Threats Landscape and Defense Hacking motivations HACKERS : They need to understand how the systems works and how to improve security and performances HACKTIVISTS: They use computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics. STATE SPONSORED HACKERS: Governments around the globe realize that it serves their military objectives to be well positioned online. SPY HACKERS: Corporations hire hackers to infiltrate the competition and steal trade secrets. CYBER TERRORISTS: These hackers, generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting critical infrastructures. Andrea Minigozzi – Andrea Garavaglia
  • 15. Cyber Threats Landscape and Defense Attack Diagram: the past Andrea Minigozzi – Andrea Garavaglia
  • 16. Cyber Threats Landscape and Defense Andrea Minigozzi – Andrea Garavaglia Attack Diagram: the present
  • 17. Cyber Threats Landscape and Defense Terms and definitions: advanced persistent threats ADVANCED PERSISTENT THREATS Advanced Persistent Threat (APT) is a set of stealthy and continuous hacking processes often orchestrated by human targeting a specific entity. APT usually targets organizations and or nations for business or political motives. APT processes require high degree of covertness over a long period of time. Source: https://www.academia.edu/6309905/Advanced_Persistent_Threat_-_APT The advanced process signifies sophisticated techniques using malware to exploit vulnerabilities in systems and Advanced Evasion Technique to avoid detection. The persistent process suggests that an external command and control is continuously monitoring and extracting data off a specific target. The threat process indicates human involvement in orchestrating the attack Andrea Minigozzi – Andrea Garavaglia
  • 18. Cyber Threats Landscape and Defense Andrea Minigozzi – Andrea Garavaglia APT Teams and Connections B-TeamA-Team More senior? Malware writers? Beaconing & Latching Command & Control; Agent transfer Command & Control; Agent transfer www.hackedsite1.com Agent Download & Install www.hackedsite2.com Data transfer Data transfer Stage 0 Infection Stage 1 Generate Intermediaries Stage 2 Setup Relay Agents Stage 3 Data Exfiltration RDP & Other Transfer HostIntermediary HostFoothold Host Data Host
  • 19. Cyber Threats Landscape and Defense Advanced Persistent Threats LifeCycle Source: http://en.wikipedia.org/wiki/Advanced_persistent_threat#History_and_targets Andrea Minigozzi – Andrea Garavaglia
  • 20. Cyber Threats Landscape and Defense A great video from TrendMicro explain how the attacks works Source: http://www.youtube.com/watch?v=fpeMR1214t0 Andrea Minigozzi – Andrea Garavaglia This video describe a real successful attack happended some time ago: the attacked company lost about 60 Million dollar$
  • 21. Cyber Threats Landscape and Defense Live Demo Andrea Minigozzi – Andrea Garavaglia
  • 22. Cyber Threats Landscape and Defense QR Codes and Shortened URLs: when the threats get short ! http://goo.gl/pJ0sKw Andrea Minigozzi – Andrea Garavaglia
  • 23. Cyber Threats Landscape and Defense QR Codes and Shortened URLs: when the threats get short ! STAY AWAY FROM MALICIOUS QR CODES! Scanning QR codes in the form of stickers placed randomly on the street's walls is most dangerous. It is a very common way that scammers use to get people scan the code just because of curiosity. Reports say, “46% just said they were curious what this odd little jumbled cube could do.” So, we should not scan any QR codes that are not from trusted sources. LOOK CLOSELY TO A QR CODE BEFORE DO ANYTHING ELSE! Andrea Minigozzi – Andrea Garavaglia The are few apps on the stores you can use to analyze the Qrcode.....
  • 24. Cyber Threats Landscape and Defense QR Codes and Shortened URLs: when the threats get short ! http://goo.gl/pJ0sKw http://goo.gl/ZFm5u6 Are you able to see if the two shortened URLs above lead us to trusted websites? http://goo.gl/pJ0sKw http://goo.gl/ZFm5u6 Malicious URL FantaGhost Web Page Andrea Minigozzi – Andrea Garavaglia
  • 25. Cyber Threats Landscape and Defense QR Codes and Shortened URLs: when the threats get short ! Are there any solutions for this problem? YES! WE SHOULD PREVIEW THE SHORTENED URLS BEFORE USING THEM. Several website tools help us to get a full URL address from the shortened URL, an example is http://unshort.me/ In addition, some URL shortening services, such as goo.gl, give us an option to preview the shortened URL first by add a “+” at the end of the URL. Andrea Minigozzi – Andrea Garavaglia
  • 26. Cyber Threats Landscape and Defense The most dangerous (and commons) vulnerabilities 1. Email Social Engineering/Spear Phishing 2. Infection Via a Drive-By Web Download: Watering Hole Attack 3. USB Key Malware 4. Scanning Networks for Vulnerabilities and Exploitment 5. Guessing or Social Engineering Passwords 6. Wifi Compromises 7. Stolen Credentials From Third-Party Sites 8. Compromising Web-Based Databases 9. Exploiting Password Reset Services to Hijack Accounts 10. Insiders Andrea Minigozzi – Andrea Garavaglia
  • 27. Cyber Threats Landscape and Defense Understanding HeartBleed Bug Andrea Minigozzi – Andrea Garavaglia CVE-2014-0160 Source: http://www.xkcd.com/1354 - http://regmedia.co.uk/2014/04/09/openssl_haertbleed_diagram.png
  • 28. Cyber Threats Landscape and Defense Questions ? Andrea Minigozzi – Andrea Garavaglia
  • 29. @FantaGhost andrea@fantaghost.com http://www.fantaghost.com THANK YOU! Ing. Andrea Garavaglia Andrea Minigozzi, CISSP - OPST garanews@gmail.com

×