Raimund genes from traditional malware to targeted attacks

493 views

Published on

Published in: News & Politics, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
493
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Raimund genes from traditional malware to targeted attacks

  1. 1. From Traditional Malwareto Targeted AttacksRaimund GenesChief Technology OfficerTrend Micro
  2. 2. InternetPCPCPCInternetGatewayExchangeServer150 infected Mails
  3. 3. CRIMEWAREDamagecausedbyCybercrime2001 2003 2004 2005 2007 2010VulnerabilitiesW ormOutbreaksSpamMass MailersSpywareIntelligentBotnetsWebThreatsEvolution to Cybercrime2011+TargetedAttacksMobileAttacks
  4. 4. Trustwave 2013 Global Security Report:Average time from initial breach todetection was 210 days, more than 35days longer than in 2011.
  5. 5. Malware / Bot / APT Behavior Comparison TableAPT Bot MalwareDistribution With organized planning Mass distribution over regions Mass distribution over regionsServices interruption No No YesAttack Pattern Targeted (only a fewgroups/organizations)Not targeted (large area spread-out)Not targeted (large area spread-out)Target Audience Particular Organization/Company Individual credentials includingonline banking accountinformationRandomFrequency of attacks Many times Once OnceWeapon -Zero-day exploit-Drop embedded RAT-Dropper or BackdoorMultiple-Exploits,All in one By Malware designDetection Rate Lower than 10% within one month Around 86% within one month Around 99% within one month
  6. 6. Some Documented Advanced Persistent Threat Campaigns(Real-world Examples)• LURID – threat actors launched around 300 campaignstargeting different industries in different countries• Luckycat – threat actors used diverse infrastructure(from throwaway free hosting to dedicated VPSs)• Taidoor – threat actors primarily targeted governmentorganizations located in Taiwan• IXESHE – threat actors used compromised computersinside the network to evade network detection
  7. 7. Advanced Persistent ThreatTargeted Attacks
  8. 8. The attacker knowswhat he’s looking for!
  9. 9. South Korea – Hacktivism, Cyber Sabotage, or Cyberterrorism?
  10. 10. Sometimes an “unusual” targets
  11. 11. Typical Industrial Control System (ICS)
  12. 12. • In a small city in US with 8000 citizens• It has to look like a real system• And by “accident” the system has a link to theInternetLet’s simulate a Water Pressure Control station
  13. 13. Building a SCADA Honeypot…
  14. 14. Attacks fromUS, 9LAOS, 6UK, 4CHINA, 17NETHERLANDS, 1JAPAN, 1BRAZIL, 2POLAND, 1VIETNAM, 1RUSSIA, 3PALESTINE, 1 CHILE, 1 CROATIA, 1 NORTHKOREA, 1
  15. 15. What to expect next?
  16. 16. Your phone as your wallet
  17. 17. Android Malware120,000 350,000
  18. 18. Vehicle past and nowTOYOTASVehicle(1955)TOYOTASHybrid Vehicle(2011)None ofcomputers includedover 70 ofcomputers included
  19. 19. Tire PressureMonitoring SystemUNAUTHORIZEDAPPS, Multimedia FileSmartphone,USBImmobilizerCutterDOOR LOCKSSmart KeyCHAdeMO :Quick charging method for batterypowered electric vehiclesKEYFOBTELEMATICSSYSTEMOBDII , CAN, ECUVehicle Area Network
  20. 20. iVehicle
  21. 21. Embedded OS selected by car industrySELECTEDIVI StandardOrganization
  22. 22. Security AssessmentKernel > 2.6.35.3Gain Privilege > 18
  23. 23. • All the ECU turned intoFail-Safe-Mode.• Engine fan andheadlamp kept working.• Meter(e.g. speed)needle keeps wobblingOverflow attack to CAN bus
  24. 24. If someone wants toget in, he get’s in!
  25. 25. So do we do a lot ofstuff just to satisfy theauditors?
  26. 26. LATIN AMERICAEUROPEAPACNORTH AMERICAGLOBAL
  27. 27. Thank You

×