APT Malware & Media

871 views

Published on

A short talk on Advanced Persistent Threat and corresponding malware seen in the wild. Also touches upon the role of electronic media in over hyping specific cases.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
871
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

APT Malware & Media

  1. 1. APT .. Malware and Media Entertainment for the Industry http://www.3slabs.com
  2. 2. Advanced Persistent Threat ?? • Target: Organization “XYZ” – Follows Security Best Practices – Regular Penetration Tests done – Empty report with Nessus, AppScan/Acunetix/... on their online assets I am a h4x0r and I have better and easier targets than “XYZ” I am an employee and my employer “demands” that I compromise “XYZ”
  3. 3. http://threatpost.tumblr.com/post/16467594167/whos-spying-on-whom-examples-include-hacks-of
  4. 4. The Popular “APT”s 2013 • • • • • • • • Red October APT1 MiniDuke TeamSpy Flame Duqu StuxNet [ …. Lot more .. ] Top countries with Online Resources seeded with Malware http://www.securelist.com/en/analysis/204792292/IT_Threat_Evolution_Q1_2013
  5. 5. The “supposedly” Father of APT You cannot blame it all on the CHINESE ANY MORE ! http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
  6. 6. Life of an “APT” Exploits R&D AV Evasion Payloads […] 0day Research Profiling Ops Monitoring Phishing Analysis Targeted Attacks […] Admin & Misc
  7. 7. An “APT” without “A”
  8. 8. The Role of Electronic Media
  9. 9. The Front-Line Defenses
  10. 10. The Front-Line Defenses
  11. 11. The Case of APT “proliferation” • The MiniDuke Exploit CVE-2013-0640 – Adobe Reader 0day Found-in-the-Wild – Highly Sophisticated Exploit • ASLR & DEP bypass using – Information Leak – Dynamic Return-Oriented-Programming (ROP) – First ‘public’ example of ROP-only Shellcode • Reliable Sandbox Escape http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/the-number-of-the-beast.html http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/its-a-kind-of-magic-1.html http://www.varanoid.com/security-vendors/mcafee/analyzing-the-first-rop-only-sandbox-escaping-pdfexploit/
  12. 12. The Case of APT “proliferation” This exploit was developed in TAG TEAM effort with
  13. 13. A “sample” APT Tool …..
  14. 14. Thank You For listening (being awake) adatta@3slabs.com @abh1sek

×