CyberCrime, CyberSpy,CyberWar – Looking back inorder to protect the futureJD SherryVP of Public Technology and Solutions@j...
Discussion OutcomesI. How might organizations learn from elite hackers?II. Given the widespread use of APTs and the evolut...
Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013INFORMATION HAS BECOMEYOUR MOST STRATEGIC ASSETIdentify trendsUnderstand...
The New Reality• One new threat created every second 1• A cyber intrusion happens every 5 minutes 2• Over 90% of enterpris...
2013 Cyber Attack Trends•DDOS-yes still…•Mobile Malware/Proximity attacks•Cross-Platform Attacks•Man-in-the-Browser Attack...
• Localized attacks such as malware that will not execute unless certainconditions are met, such as language settings, or ...
Offense Informs Defense: Stages of Attack1. Reconnaissance2. Weaponization3. Delivery4. Exploitation5. C&C6. Lateral Movem...
86/5/2013
A Comparison of Eastern European and East Asian Blackhats
The Greatest Trick the Devil Ever Pulled was Convincing theWorld that He Didn’t Exist…• Kevin Spacey aka Verbal Kint-“The ...
Chinese Actors Gaining Headlines but…• Trend Micro has concluded that Eastern European hackers pose a greaterthreat than E...
Eastern European Tactics• Malware is innovative: RATs have all capabilities hard- coded internally;encrypted traffic, dyna...
In the News…• Spanish police Ransomware-REVETON– $1M per year revenue stream– Victims tricked into paying attackers posing...
The Children of Stuxnet-
ICS Attacks Become Mainstream
Go where the money is…• 93.6% of the world’s currency is digital• 6.4% cash and gold• 95% of bank heists have an electroni...
Modern Day John Dillingers
Banking Malware: Customized and Quiet• Citadel – modularized malware that steals online-banking credentials• TinBa- Tiny B...
Cybercrime or Cyber Warfare?-The Shadow Economy
IaaSDMZMission Critical ServersEndpointsInternetFirewallAnti-malwareIDS / IPSToday’s Enterprise ChallengesSaaS• Data in mo...
How do you answer these questions?• Have you been targeted by an attack? Unfortunately Yes! Not sure? But would like to ...
Detection Begins with Network Indicators• Changing C&C protocols requires considerable effort• Network traffic can be corr...
Mitigation Requires a Custom Defense
Data CenterPhysical Virtual Private Cloud Public CloudCloud and Data Center SecurityAnti-MalwareIntegrityMonitoringEncrypt...
Copyright 2013 Trend Micro Inc.Custom DefenseNetwork-wideDetectionAdvancedThreat AnalysisThreat Toolsand ServicesAutomated...
Risk Management 1016/5/2013 Copyright 2013 Trend Micro Inc.1. Has the cyber security posture of all third parties been aud...
27Copyright © 2013 Trend Micro Incorporated.All rights reserved.Thank You!jd_sherry@trendmicro.com@jdsherry
Upcoming SlideShare
Loading in...5
×

Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the lessons from the past, to build for the future

486

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
486
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the lessons from the past, to build for the future

  1. 1. CyberCrime, CyberSpy,CyberWar – Looking back inorder to protect the futureJD SherryVP of Public Technology and Solutions@jdsherry
  2. 2. Discussion OutcomesI. How might organizations learn from elite hackers?II. Given the widespread use of APTs and the evolution of the cyberattack chain- how can advanced situational awareness be achieved?III. Predictions for 2013 and how can we counter measure?
  3. 3. Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013INFORMATION HAS BECOMEYOUR MOST STRATEGIC ASSETIdentify trendsUnderstand customer behaviorAnalyze opportunitiesDiscover efficiencies
  4. 4. The New Reality• One new threat created every second 1• A cyber intrusion happens every 5 minutes 2• Over 90% of enterprises have malware 1• Almost 75% have one or more bots 1• Mobile malware outpacing PC malware– 350,000 Android pieces in 2012Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
  5. 5. 2013 Cyber Attack Trends•DDOS-yes still…•Mobile Malware/Proximity attacks•Cross-Platform Attacks•Man-in-the-Browser Attacks•Watering Hole Attacks•MAC Attacks•Cloud Attacks/Island Hopping•SWATing
  6. 6. • Localized attacks such as malware that will not execute unless certainconditions are met, such as language settings, or “watering hole”attacks that will only affect certain geographic regions or even onlyspecific netblocks.• The malware used in targeted attacks will have destructive capacity,either as its primary intent or as a clean-up mechanism to cover theattackers’ tracks.• Social, political and economic indicators must be used in conjunctionwith technical indicators to fully assess and analyze targeted attacks.Targeted Attack Trends
  7. 7. Offense Informs Defense: Stages of Attack1. Reconnaissance2. Weaponization3. Delivery4. Exploitation5. C&C6. Lateral Movement7. Exfiltration8. Maintenance
  8. 8. 86/5/2013
  9. 9. A Comparison of Eastern European and East Asian Blackhats
  10. 10. The Greatest Trick the Devil Ever Pulled was Convincing theWorld that He Didn’t Exist…• Kevin Spacey aka Verbal Kint-“The Usual Suspects”
  11. 11. Chinese Actors Gaining Headlines but…• Trend Micro has concluded that Eastern European hackers pose a greaterthreat than East Asian hackers• East Asian objectives: speed and cost-effectiveness.• Attacks are persistent, but use known vulnerabilities and malware and don’thide their tracks as well.• Eastern European objectives: remain hidden throughout the operation andbuild online reputation. Attacks use custom malware and innovativetechniques.
  12. 12. Eastern European Tactics• Malware is innovative: RATs have all capabilities hard- coded internally;encrypted traffic, dynamic drop zones, complex command & control• Infrastructure is internal to the operation, or bulletproof hosts are carefullyselected• Professionals who build a reputation over time; they respect and do notattack the motherland• Generally control their own servers, develop DNS servers, and createsophisticated traffic systems for attacks. Hallmark is to maintain totalcontrol.
  13. 13. In the News…• Spanish police Ransomware-REVETON– $1M per year revenue stream– Victims tricked into paying attackers posing as law enforcement– Computers compromised as well– Trend Micro corroborates with Spanish police to bring down• South Korean media and banking attacks– Destructive Trojan/logic bombs that erased MBR• Sleep cycle set to cause mayhem on March 20 at 2PM.– Trend Micro provides intelligence prior to attack– All codes detected by APT hunter-Deep Discovery• Major Korean bank avoids major attack
  14. 14. The Children of Stuxnet-
  15. 15. ICS Attacks Become Mainstream
  16. 16. Go where the money is…• 93.6% of the world’s currency is digital• 6.4% cash and gold• 95% of bank heists have an electronic vector– (FINCEN)
  17. 17. Modern Day John Dillingers
  18. 18. Banking Malware: Customized and Quiet• Citadel – modularized malware that steals online-banking credentials• TinBa- Tiny Banker 56K large- memory injection• SpyEye- Automated Transfer Systems• Eurograbber – multistaged attacks that compromise desktops andmobile devices• Gozi-Prinimalka – spring attack to be aimed at 30 U.S. bankinginstitutions• High Roller - uses automation to drain high-value bank accounts
  19. 19. Cybercrime or Cyber Warfare?-The Shadow Economy
  20. 20. IaaSDMZMission Critical ServersEndpointsInternetFirewallAnti-malwareIDS / IPSToday’s Enterprise ChallengesSaaS• Data in motion• Social Media• Virtualization and Cloud• Traditional defensesbypassed by low and slowattacks
  21. 21. How do you answer these questions?• Have you been targeted by an attack? Unfortunately Yes! Not sure? But would like to know!• How do you know? Data breach, forensic analysis Continuous Monitoring Security audit Incident response, alerts Custom threat defense• Why are you being targeted?• What are they after?
  22. 22. Detection Begins with Network Indicators• Changing C&C protocols requires considerable effort• Network traffic can be correlated with other indicators to provideproactive detection• Unknown threats may be detected by extrapolating methods andcharacteristics from known threat communication behaviors
  23. 23. Mitigation Requires a Custom Defense
  24. 24. Data CenterPhysical Virtual Private Cloud Public CloudCloud and Data Center SecurityAnti-MalwareIntegrityMonitoringEncryptionLogInspectionFirewallIntrusionPreventionData Center OpsSecurity
  25. 25. Copyright 2013 Trend Micro Inc.Custom DefenseNetwork-wideDetectionAdvancedThreat AnalysisThreat Toolsand ServicesAutomatedSecurity UpdatesThreatIntelligenceCustomSandboxesNetwork AdminSecurity
  26. 26. Risk Management 1016/5/2013 Copyright 2013 Trend Micro Inc.1. Has the cyber security posture of all third parties been audited?2. Is access to all sensitive systems and computers governed by two factor authentication?3. Does a log inspection program exist? How frequently are they reviewed?4. Does file integrity monitoring exist?5. Can vulnerabilities be virtually patched?6. Is MDM and Mobile Application Reputation software utilized?7. Do you utilize a DLP?8. Can you migrate your layered security into the cloud?9. Do you maintain multi-level rule-based event correlation? Is there custom sandboxanalysis?10. Do you have access to global threat intelligence?11. Can you transfer your risk?
  27. 27. 27Copyright © 2013 Trend Micro Incorporated.All rights reserved.Thank You!jd_sherry@trendmicro.com@jdsherry
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×