Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Threat Landscape
CyberSecurityWebinarSeries
Webinar1,May4th,2015
Jarno Niemelä
Twitter: @jarnomn
WHAT’S THISALL
ABOUT
Enemies, every company has them
 Large or strategically important companies
have enemies who target ...
STAGES OFATTACK
1. Recon Target and build exploit and malware for attack
2. Get in contact with target and attack
3. Get C...
RECON
Exploits are always specific to certain program, and sometimes even version
 Thus in order to weaponize, attacker m...
ATTACK OVER
EMAIL
SPAM: the attacker builds a generic email…
 …and hopes that message hits home to someone
Spear Phishing...
ATTACK OVERHACKED
WEBSITES
Attacker searches web for vulnerable pages
 Vulnerable pages are hacked to attack users
 The ...
ANYTHINGGOESFOR
ATTACK
It’s not only the naughty pages
 Attackers will use any popular
site that they are able to take
ov...
SEARCH ENGINE POISONING
Why chase victims when you can lure them?
 Attacker picks searches that interest targets
 Uses s...
TRAFFICINJECTION
Attacker gets MITM (Man in the Middle)
access to traffic
 Hacked router or “legal” interception interfac...
SOCIALENGINEERING
ATTACKS
Sometimes attacker does not have exploit kit at his disposal, so he uses scams
 Most typical ca...
DISTRIBUTION THROUGH
AFFILIATES
Sometimes attacker
does not know how to
monetize victim
 So he sells the
access to victim...
USB: BRIDGING
AIRGAP
USB or other media stick loaded with malware
 USB autoplay (doesn’t work against up to date OS)
 Ic...
MOBILEMALWARE
Mobile malware is almost exclusively
Android problem
 However there are few that target unlocked iPhones
Th...
CONCLUSION
Attackers will try to get victims any way they can
 And will do anything to get profit from victims
 Which me...
Upcoming SlideShare
Loading in …5
×

Cyber security webinar part 1 - Threat Landscape

652 views

Published on

There is nothing mystical about cyber security. Any company can be a target – if not specifically selected, then a target of opportunity. Cyber attackers try to get their victims any way they can, and will do anything to profit. Watch the recording of cyber-security first webinar and download the presentation materiel to learn more how you can prevent from targeted cyber attacks.

Article URL : https://business.f-secure.com/cyber-security-what-is-it-all-about/

Published in: Technology
  • Be the first to comment

Cyber security webinar part 1 - Threat Landscape

  1. 1. Threat Landscape CyberSecurityWebinarSeries Webinar1,May4th,2015 Jarno Niemelä Twitter: @jarnomn
  2. 2. WHAT’S THISALL ABOUT Enemies, every company has them  Large or strategically important companies have enemies who target them specifically  The rest will be targets of opportunity A normal company has to worry about  Undirected malware attacks  For profit criminals  Activists, hackers, script kiddies  Spies who are after your customers and using you as path for attack © F-Secure2
  3. 3. STAGES OFATTACK 1. Recon Target and build exploit and malware for attack 2. Get in contact with target and attack 3. Get C&C access to target beach-head malware 4. Move within target network 5. Monetize 6. Persist as long as possible © F-Secure3
  4. 4. RECON Exploits are always specific to certain program, and sometimes even version  Thus in order to weaponize, attacker must know his target  Or use mass attacks and rely on luck  Network scanning, banner grabbing, etc basic techniques  OSINT, what software @company.com users have posted or asked about  Are any vendors using the company as reference?  DNS timing recon, query target DNS and time the answers  Anything that is in use in the company will answer fast  Humint, call people and ask, pretend to be student and send questionnaires © F-Secure4
  5. 5. ATTACK OVER EMAIL SPAM: the attacker builds a generic email…  …and hopes that message hits home to someone Spear Phishing: Victim gets tailored email with a document  The document is from known sender  Topic of document is what could be expected  All in all it looks like regular business mail  Except that it contains an exploit and backdoor © F-Secure5
  6. 6. ATTACK OVERHACKED WEBSITES Attacker searches web for vulnerable pages  Vulnerable pages are hacked to attack users  The page contains  either direct attack  Or redirection to attack server  Both criminals and spies use web attacks  Criminals go after any web page which has users  Spies selectively target pages favored by intended targets  This is called watering hole attack, lie & wait for the victims to come © F-Secure
  7. 7. ANYTHINGGOESFOR ATTACK It’s not only the naughty pages  Attackers will use any popular site that they are able to take over © F-Secure
  8. 8. SEARCH ENGINE POISONING Why chase victims when you can lure them?  Attacker picks searches that interest targets  Uses search engine optimization tricks to get to top hits  And waits for user to click on the result  After user visits the page the flow continues as in hacked site © F-Secure
  9. 9. TRAFFICINJECTION Attacker gets MITM (Man in the Middle) access to traffic  Hacked router or “legal” interception interface  “Free” Wifi access point or evil twin  Chinas “great cannon”, traffic injection at border With MITM attacker can inject traffic  Exploits into any web page  On the fly trojanizing of software updates or other executables  Javascript injection, to make victim into DDOS slave © F-Secure
  10. 10. SOCIALENGINEERING ATTACKS Sometimes attacker does not have exploit kit at his disposal, so he uses scams  Most typical cases are  Fake updates to Flash, codecs, etc  Fake movies, images, etc  Trojanized pirate copies  Sometimes attackers use additional tricks  Such as DNS poisoning to make it look like that content is coming from trusted domain © F-Secure
  11. 11. DISTRIBUTION THROUGH AFFILIATES Sometimes attacker does not know how to monetize victim  So he sells the access to victim  Botnet operator buys victims in bulk  And monetizes them  This is called affiliate networks, basically it’s digital slave trade ZeroAccess Botnet Operator Affiliates Victims Exploit kit Pay-per- install Spam Fake video $500 per 1000 installs
  12. 12. USB: BRIDGING AIRGAP USB or other media stick loaded with malware  USB autoplay (doesn’t work against up to date OS)  Icon or media recognition exploit  Use traditional trick of masking executable as document  Craft special USB that actually acts as USB keyboard and use “copy con foo.exe” and then “cmd /c foo.exe” to run it  Emulate network card and have automated exploit kit on the stick, or use DCHP to change users DNS settings  Or just plain document exploit Introduce USB to victim  Hope that victim plugs in said USB device  http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe © F-Secure12
  13. 13. MOBILEMALWARE Mobile malware is almost exclusively Android problem  However there are few that target unlocked iPhones The Android malware is based on trojans fooling the user to install  Fake Flashplayer or other updates shown by hacked websites  Trojanized or fake apps in third party app stores or Google Play  URL links in SMS, What’s App, Skype, Email or other spam Once installed the malware tries to monetize  Sending premium SMS  Ransomware, lock the phone or files  Assisting PC based banker attacks © F-Secure13 Fastest growing Android malware families
  14. 14. CONCLUSION Attackers will try to get victims any way they can  And will do anything to get profit from victims  Which means that even if you are not interesting target  Your customers may be, and thus so are you  Or you get hit simply because you are an easy target  This means that as a defender you need comprehensive protection © F-Secure

×