Alexander Gostev. The Hunt for Red October.


Published on

Published in: Technology, Health & Medicine
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Some say that money make the world go round.It’s a wellknown thing that cybercriminals are driven by money.Nation states however, are driven by something else.
  • The Aurora operation was the most notable event of 2009.Victims included Google, Adobe and ~30 other Fortune 500 companies.It was the first solid confirmation of the interest of nation state players into American economy.
  • Today it’s 30 of Jan and two weeks ago we’ve already announced a huge campaign.
  • Since 2009, we’ve got a number of ‘Black Swans’Black Swans refer to the extreme impact of certain kinds of rare and unpredictable events (outliers) and humans' tendency to find simplistic explanations for these events retrospectively. This theory has since become known as the black swan theory.Stuxnet is a black swan. Duqu is a black swan. Flame, Gauss,miniFlame, Shamoon are black swans.
  • Unlike traditional weapons, tools used in cyber-warfare are very easy to clone and reprogram by adversaries. Shamoon is a primary example.
  • According to reports, the strike on Saudi Aramco was done by a version of the Shamoon program. In the fall of 2011 U.S. Defense Secretary Leon Panetta addressed a group of business leaders here in New York City. Panetta said that “More than 30,000 computers that it infected were rendered useless, and had to be replaced,” -  “imagine the impact an attack like this would have on your company.”
  • A successful cyber-attack launched on a country’s critical infrastructure can significantly impact any business, even if the consequences of the strike were collateral damage. Corporations could experience damages impacting all areas of the business including operations, financial processes, supply chain management, CRM outages, internet connectivity, telecommunications, and data loss. Examples of collateral damage to businesses: Failure to access online financial transactions including pending sales transactions, invoices, employee payroll or CRM systems Internet outages resulting in failure to access hosted services or cloud-based solutions, such as Amazon EC2.  Delays in processing imports and/or exports of goods or services, supply chains, manufacturing shipments Data loss of confidential or proprietary information, or stored data being saved for compliance/regulations Telecom and ISP outages resulting in communication failures via the internet or phones that rely on VoIP or LAN-lines.
  • Chevron admitted they were hit with Stuxnet. By accident.The truth is that some other Fortune 500 companies were hit as well, including other world corporations.
  • Cybercriminals start using weaponized exploits developed by or for governments. Once an exploit is reported, it can be used by cybercriminals for nefarious purposes, especially businesses since program vulnerabilities are exceedingly high as the complexity of corporations’ IT infrastructure grows
  • Some keywords
  • Alexander Gostev. The Hunt for Red October.

    1. 1. Александр ГостевChief Security Expert, Global Research & Analysis Team
    2. 2. Nation states are driven by something else.Espionage. Sabotage. Cyberwar.Cybercriminals Money
    3. 3. 2009 – The Aurora OperationAttacked: Google, Adobe, Juniper, Yahoo,Morgan Stanley, Dow Chemical, etc…
    4. 4. 2010 – StuxnetFirst known Cyberweapon
    5. 5. 2011 – DuquSophisticated. Stealthy. Elusive.Nation state sponsored cyber-espionage.
    6. 6. 2012 – Flame
    7. 7. 2012 – GaussPurpose (payload): Unknown.
    8. 8. 2012 – miniFlame“Elvis” and his friends
    9. 9. 2013 – Red October
    10. 10. See: „Nassim Nicholas Taleb:The Black Swan‟The trend:number of „Black Swans‟ is growing
    11. 11. The 3 dangers of CyberwarIdeas and techniques fromcyberweapons can be re-purposed andcopied.Companies become collateral victimsin the cyberwar betweensuperpowers.Cybercriminals start usingweaponized exploits developed by orfor governments.
    12. 12. 2012 – ShamoonThe Cutting Sword of Justice
    13. 13. 30,000 machines wipedSaudi Aramco
    14. 14. Collateral Damage
    15. 15. Stuxnet incidents: 150k (KLstats)Primary Example
    16. 16. Our critical infrastructure is fragileCyberweapons are tamperedand used against innocent victims
    17. 17. What is CVE-2011-3402?Answer: the „Duqu‟ exploit13 Dec14 DecCommercialization of Exploits
    18. 18. They all have something in common:exploitsIT Staff: Biggest Nightmares
    19. 19. Against military grade weapons, youwant the best available defensetechnologies.Patch.Defense?Whitelist. DefaultDeny.Exploitprevention.0-daydefense.Realtimeprotection.Cloudprotection.Perimeter.Greenzone.Raise awareness.Accesscontrol.Education.
    20. 20. Thank You!