• Save
Alexander Gostev. The Hunt for Red October.
Upcoming SlideShare
Loading in...5
×
 

Alexander Gostev. The Hunt for Red October.

on

  • 590 views

 

Statistics

Views

Total Views
590
Views on SlideShare
590
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Some say that money make the world go round.It’s a wellknown thing that cybercriminals are driven by money.Nation states however, are driven by something else.
  • The Aurora operation was the most notable event of 2009.Victims included Google, Adobe and ~30 other Fortune 500 companies.It was the first solid confirmation of the interest of nation state players into American economy.
  • Today it’s 30 of Jan and two weeks ago we’ve already announced a huge campaign.
  • Since 2009, we’ve got a number of ‘Black Swans’Black Swans refer to the extreme impact of certain kinds of rare and unpredictable events (outliers) and humans' tendency to find simplistic explanations for these events retrospectively. This theory has since become known as the black swan theory.Stuxnet is a black swan. Duqu is a black swan. Flame, Gauss,miniFlame, Shamoon are black swans.
  • Unlike traditional weapons, tools used in cyber-warfare are very easy to clone and reprogram by adversaries. Shamoon is a primary example.
  • According to reports, the strike on Saudi Aramco was done by a version of the Shamoon program. In the fall of 2011 U.S. Defense Secretary Leon Panetta addressed a group of business leaders here in New York City. Panetta said that “More than 30,000 computers that it infected were rendered useless, and had to be replaced,” -  “imagine the impact an attack like this would have on your company.”
  • A successful cyber-attack launched on a country’s critical infrastructure can significantly impact any business, even if the consequences of the strike were collateral damage. Corporations could experience damages impacting all areas of the business including operations, financial processes, supply chain management, CRM outages, internet connectivity, telecommunications, and data loss. Examples of collateral damage to businesses: Failure to access online financial transactions including pending sales transactions, invoices, employee payroll or CRM systems Internet outages resulting in failure to access hosted services or cloud-based solutions, such as Amazon EC2.  Delays in processing imports and/or exports of goods or services, supply chains, manufacturing shipments Data loss of confidential or proprietary information, or stored data being saved for compliance/regulations Telecom and ISP outages resulting in communication failures via the internet or phones that rely on VoIP or LAN-lines.
  • Chevron admitted they were hit with Stuxnet. By accident.The truth is that some other Fortune 500 companies were hit as well, including other world corporations.
  • Cybercriminals start using weaponized exploits developed by or for governments. Once an exploit is reported, it can be used by cybercriminals for nefarious purposes, especially businesses since program vulnerabilities are exceedingly high as the complexity of corporations’ IT infrastructure grows
  • Some keywords

Alexander Gostev. The Hunt for Red October. Alexander Gostev. The Hunt for Red October. Presentation Transcript

  • Александр ГостевChief Security Expert, Global Research & Analysis Team
  • Nation states are driven by something else.Espionage. Sabotage. Cyberwar.Cybercriminals Money
  • 2009 – The Aurora OperationAttacked: Google, Adobe, Juniper, Yahoo,Morgan Stanley, Dow Chemical, etc…
  • 2010 – StuxnetFirst known Cyberweapon
  • 2011 – DuquSophisticated. Stealthy. Elusive.Nation state sponsored cyber-espionage.
  • 2012 – Flame
  • 2012 – GaussPurpose (payload): Unknown.
  • 2012 – miniFlame“Elvis” and his friends
  • 2013 – Red October
  • See: „Nassim Nicholas Taleb:The Black Swan‟The trend:number of „Black Swans‟ is growing
  • The 3 dangers of CyberwarIdeas and techniques fromcyberweapons can be re-purposed andcopied.Companies become collateral victimsin the cyberwar betweensuperpowers.Cybercriminals start usingweaponized exploits developed by orfor governments.
  • 2012 – ShamoonThe Cutting Sword of Justice
  • 30,000 machines wipedSaudi Aramco
  • Collateral Damage
  • Stuxnet incidents: 150k (KLstats)Primary Example
  • Our critical infrastructure is fragileCyberweapons are tamperedand used against innocent victims
  • What is CVE-2011-3402?Answer: the „Duqu‟ exploit13 Dec14 DecCommercialization of Exploits
  • They all have something in common:exploitsIT Staff: Biggest Nightmares
  • Against military grade weapons, youwant the best available defensetechnologies.Patch.Defense?Whitelist. DefaultDeny.Exploitprevention.0-daydefense.Realtimeprotection.Cloudprotection.Perimeter.Greenzone.Raise awareness.Accesscontrol.Education.
  • Thank You!