Your SlideShare is downloading. ×
0
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber attacks, Cybercrime, Cyber warfare and Cyber threats exposed!

1,419

Published on

More info on http://techdays.be.

More info on http://techdays.be.

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,419
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
127
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. APTs, Cyber-attacks, Cybercrime, Cyberwarfare and Cyber threatsexposedMarcus Murray & Hasain AlshakartiTruesec Security Team, MVP-Enterprise Securityx2
  • 2. Marcus Murray Hasain Alshakarti
  • 3. The threat landscape is changing.. It used to be kids hacking for fun…..
  • 4. Not anymore....
  • 5. Most countries have “cyber capabilities” today..
  • 6. The ”Mandiant report”
  • 7. Unit 61398 is partially situated on Datong Road(大同路) in Gaoqiaozhen (高桥镇), which islocated in the Pudong New Area (浦东新区) ofShanghai (上海). The central building in thiscompound is a 130,663 square foot facility thatis 12 stories high and was built in early 2007. * Mandiant APT1 report 2013
  • 8. We estimate that Unit 61398 is staffed byhundreds, and perhaps thousands of peoplebased on the size of Unit 61398’s physicalinfrastructure.
  • 9. “Unit 61398 requires its personnel to betrained in computer security and computernetwork operations and also requires itspersonnel to be proficient in the Englishlanguage.” * Mandiant APT1 report 2013
  • 10. “They have systematically stolen hundreds ofterabytes of data from at least 141organizations, and has demonstrated thecapability and intent to steal from dozens oforganizations simultaneously”* * Mandiant APT1 report 2013
  • 11. “Among other large-scale thefts of intellectualproperty, we have observed them stealing 6.5terabytes of compressed data from a singleorganization over a ten-month time period.” * Mandiant APT1 report 2013
  • 12. Attack process Initial Establish Lateral Complete Initial recon Movement compromize foothold mission Maintain Internal presence Recon Escalate privileges
  • 13. Attack process
  • 14. Initial recon
  • 15. Initial recon
  • 16. Initial compromize Web Srv Mail Srv DC File Srv Mail Srv Client Client Admin User
  • 17. Establish foothold C & C SRV Web Srv Mail Srv DC File Srv Mail Srv Client Client Admin User
  • 18. What about antivirus? Av-test Trojan.exe Avhide Newtrojan.exe
  • 19. Lateral movement Web Srv Mail Srv DC File Srv Mail Srv Client Client Admin User
  • 20. Complete mission Web Srv Mail Srv DC File Srv Mail Srv Client Client Admin User
  • 21. What about network detection?
  • 22. Complete mission Harvest data • intellectual property • business contracts • negotiations, • policy papers • internal memoranda • etc. Compress and collect • Rar+pwd • etc.
  • 23. Channel over MSN
  • 24. Channel over Google calendar
  • 25. FQDN used..About half of APT1’s known zones were named according to three themes:• News• Technology• Business. aoldaily.com mediaxsds.net reutersnewsonline.com aunewsonline.com myyahoonews.com rssadvanced.org canadatvsite.com newsesport.com saltlakenews.org canoedaily.com newsonet.net sportreadok.net cnndaily.com newsonlinesite.com todayusa.org cnndaily.net newspappers.org usapappers.com cnnnewsdaily.com nytimesnews.net usnewssite.com defenceonline.net oplaymagzine.com yahoodaily.com freshreaders.net phoenixtvus.com giftnews.org purpledaily.com issnbgkit.net
  • 26. Origins of attacks..
  • 27. Marcus Murray Hasain Alshakarti
  • 28. Thank you for listening! 

×