2011 – DuquSophisticated. Stealthy. Elusive.Nation state sponsored cyber-espionage.
2012 – Flame
2012 – GaussPurpose (payload): Unknown.
2012 – miniFlame“Elvis” and his friends
2013 – Red October
See: „Nassim Nicholas Taleb:The Black Swan‟The trend:number of „Black Swans‟ is growing
The 3 dangers of CyberwarIdeas and techniques fromcyberweapons can be re-purposed andcopied.Companies become collateral victimsin the cyberwar betweensuperpowers.Cybercriminals start usingweaponized exploits developed by orfor governments.
2012 – ShamoonThe Cutting Sword of Justice
30,000 machines wipedSaudi Aramco
Stuxnet incidents: 150k (KLstats)Primary Example
Our critical infrastructure is fragileCyberweapons are tamperedand used against innocent victims
What is CVE-2011-3402?Answer: the „Duqu‟ exploit13 Dec14 DecCommercialization of Exploits
They all have something in common:exploitsIT Staff: Biggest Nightmares
Against military grade weapons, youwant the best available defensetechnologies.Patch.Defense?Whitelist. DefaultDeny.Exploitprevention.0-daydefense.Realtimeprotection.Cloudprotection.Perimeter.Greenzone.Raise awareness.Accesscontrol.Education.