SlideShare a Scribd company logo
1 of 43
Download to read offline
From Creeper
       to Stuxnet




    Tell me and I’ll forget
                                 Shahar Geiger Maor,
Show me and I may remember       VP & Senior Analyst
Involve me and I’ll understand
A Story With A Beginning And No End




                                                                                                                            2
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Beginning –Basic Terminology

Phreaking, Cracking and Hacking…




                                                                                                                                   3
       Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
I’m A Creep(er)!

               The very first viruses: Creeper and Wabbit




                      1971


1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               4
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Captain Zap




       first person ever arrested for a computer crime
                                                1981


1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               5
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Machine Of The Year




                                                       1982



1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               6
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
War Games




                                                         1983



1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               7
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Introducing: MOD & LOD




                                                         1987



1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               8
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
When Ideology meets Ego




                                                                             1991


1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               9
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Professional conferences




                                                                              1993

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               10
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Celebrity




                                                                                 1995

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               11
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Rise of Malwares

                                                      The Concept Virus




                                                                                 1995

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               12
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Rise of Malwares




                                The Melissa and
                                Nimda Viruses




                                                                         http://scforum.info/index.php?topic=2528.msg4935;topicseen

                                                                                       1999

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               13
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Rise of Malwares



                                                                                                         The ILOVEYOU Worm




                                                                                           2000

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               14
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Rise of Malwares



                                                                                                         Conficker




                                                                                                              2008

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               15
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
The Increasingly Difficult Security Challenge


16000000

14000000                                                                                                                                   AV Signatures

12000000

10000000                       100s of millions of viruses.
                               signature based scanning won’t keep up…
8000000

6000000

4000000

2000000

       0
                             Mar-01
                                      Oct-01




                                                                                                                                         Mar-08
                                               May-02




                                                                                                                                                  Oct-08
                                                        Dec-02




                                                                                                                                                           May-09
                                                                                                                                                                    Dec-09
                    Aug-00




                                                                 Jul-03
                                                                          Feb-04
                                                                                   Sep-04
                                                                                            Apr-05
                                                                                                     Nov-05
                                                                                                              Jun-06


                                                                                                                                Aug-07
           Jan-00




                                                                                                                       Jan-07
                                                            Source: Symantec
           Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
No Existing Protection Addresses the “Long Tail”


    Today, both good and bad software obey a long-tail distribution.
Bad Files                     Unfortunately neither technique                                                Good Files
                             works well for the tens of millions of
                                  files with low prevalence.




                                                                                                                                   Prevalence
                                 (But this is precisely where the
                                majority of today’s malware falls)




Blacklisting works                             For this long tail a new                                       Whitelisting works
    well here.                                  technique is needed.                                              well here.


                                                   Source: Symantec
       Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Growing Amount of Malware –Lower Rate of Detection




                                                                                                                                      Submission-ID: 2009- Submission-ID: 2010-
                                                                                                                                      12-10_22-01_0002     01-15_22-14_0001

                                                                                                                                      src: AV-Test.org     src: AV-Test.org

                                                                                                                        AV Engine     Time To Detect       Time To Detect
                                                                                                                        Authentium         Zero-hour           No detection
                                                                                                                        Avast              24.28 hrs.            2.10 hrs.
                                                                                                                        AVG                10.18 hrs.            3.52 hrs.
                                                                                                                        CA-AV             No detection          Zero-hour
                                                                                                                        ClamAV             40.82 hrs.          No detection
                                                                                                                        Dr.Web              3.68 hrs.           13.17 hrs.
                                                                                                                        Eset Nod32          2.35 hrs.           Zero-hour
                                                                                                                        F-Secure           Zero-hour            20.03 hrs.
                                                                                                                        Ikarus              2.55 hrs.            1.90 hrs.
                                                                                                                        ISS VPS           No detection         No detection
                                                                                                                        Kaspersky           6.70 hrs.           14.52 hrs.
                                                                                                                        McAfee             28.83 hrs.          No detection
                                                                                                                        Microsoft          11.62 hrs.          No detection
                                                                                                                        Norman             Zero-hour           No detection
                                                                                                                        Panda              76.48 hrs.          No detection
                                                                                                                        Rising             71.27 hrs.          No detection
                                                                                                                        Spybot S&D        No detection         No detection
                                                                                                                        Sunbelt           No detection          Zero-hour
                                                                                                                        VirusBuster         4.05 hrs.           Zero-hour




     Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Secured Mediation Kiosks




                          Source: OPSWAT, STKI’s modifications
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Nor(malware) distribution



Choose any AV
  software…



                                                                                                       What about the long
                                                                                                              tail?




 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Nor(malware) distribution



Choose many AV
  software…



                                                                                                       The long tail problem
                                                                                                             remains




  Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Organized Cybercrime




                                                                                                                 2009

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               22
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
M&As in the Cyber Underground…




SpyEye made headlines this year when
investigators discovered it automatically searched
for and removed ZeuS from infected PCs before
installing itself
        http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/
           Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Common “Positions” in the cyber-crime business


                                                         Leaders
                                                          Hosted
 Programmers                                              systems                                              Cashiers
                                                         providers



   Distributors                                         Fraudsters                                       Money mules




  Tech experts                                             Crackers                                              Tellers


  http://www.fbi.gov/news/speeches/the-cyber-threat-whos-doing-what-to-whom
  Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Underground Economy

                            Products                                                                                  Price
Credit card details                                                            From $2-$90
Physical credit cards                                                          From $190 + cost of details
Card cloners                                                                   From $200-$1000
Fake ATMs                                                                      Up to $35,000
Bank credentials                                                               From $80 to 700$ (with guaranteed balance)
                                                                               From 10 to 40% of the total
                                                                               $10 for simple account without guaranteed
Bank transfers and cashing checks                                              balance
Online stores and pay platforms                                                From $80-$1500 with guaranteed balance
Design and publishing of fake online stores                                    According to the project (not specified)
Purchase and forwarding of products                                            From $30-$300 (depending on the project)
Spam rental                                                                    From $15
SMTP rental                                                                    From $20 to $40 for three months

                  http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf
               Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Cyber Wars




                                                                                        1990’s-2000’s-2010’s

1960                1970                     1980                     1990                     2000                     2010
                                                                                                                               26
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Growing Number of Incidents -US



                                 Incidents of Malicious Cyber
                           Activity Against Department of Defense
                              Information Systems, 2000–2009




   http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Sources of Attacks on gov.il




                                          Source: CERT.gov.il
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Cyber-Warfare is Becoming A Giants’ Playground




           http://www.bbc.co.uk/news/technology-11773146
  Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Operation Aurora




http://www.damballa.com/downloads/r_pubs/Aurora_Botnet_Command_Structu
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
                                                    re.pdf
Advanced Persistent Threat (APT) –RSA Case Study



“Recently, our security
systems identified an
extremely sophisticated
cyber attack in progress
being mounted against
RSA”.
Art Coviello
Executive Chairman, RSA
http://www.rsa.com/node.aspx?id=3872




                      http://www.nytimes.com/2011/03/18/technology/18secure.html
                  Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Stuxnet:                                                                                             (THE NEW YORK TIMES, 15/1/11)




          http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=2&hp
      Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Stuxnet Timeline



 Eraly 2008: Siemens
cooperated with Idaho
 National Laboratory ,
    to identify the                                                               July 2009:
   vulnerabilities of                                                        Stuxnet began
 computer controllers                                                    circulating around the
that the company sells                                                            world




                                         2008-2009:                                                                July 2010: Stuxnet is
                                  Suspected exploits                                                                first discovered by
                                 have been created for                                                                 VirusBlokAda
                                    Siemens SCADA
                                       systems




              Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Rootkit.Win32.Stuxnet Geography




Source: http://ebiquity.umbc.edu/blogger/wp-content/uploads/2010/09/stuxnet.gif
   Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Stuxnet in Action: “A Game Changer”


 10-30 developers (!!!)
 Stuxnet has some 4,000 functions (software that runs an average
  email server has about 2,000 functions)
 Exploits a total of four unpatched Microsoft vulnerabilities
 compromise two digital certificates

• Self-replicates through removable drives
• Spreads in a LAN through a vulnerability in the Windows Print
  Spooler
• Copies and executes itself on remote computers through network
  shares
• Updates itself through a peer-to-peer mechanism within a LAN
• Contacts a remote command and control server
• modifies code on the Siemens PLCs
• Hides modified code on PLCs

         Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Vulnerability Timeline




                                                Source: Burton Group
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
…Lets talk about Patch Management (PM)



• Mostly Microsoft, security-related patches
• “Its not the deployment, but the whole process evolving” AKA
  Pizza Night.
• 20%-50% FTE is dedicated for PM
• Common SLAs: 3…6…or sometimes 12 Months!!
• VIP patches: up-to a week
• Hardwarenon-security patches’ SLA: Where upgradesvendor
  support is needed




        Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Your Text here                                                                                    Your Text here




 Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic
      Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion                38
Generic Cyber Attacks


                                                                                       1. IndividualsGroups
                                                                                       2. CriminalNationalistic
                                                                                          background
                                                                                       3. Lots of intervals
                                                                                       4. Lots of targets
                                                                                       5. Common tools




                                                                                                                            39
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Distributed Denial Of Service (DDOS)




                                                                                       1. Targets websites,
                                                                                          internet lines etc.
                                                                                       2. Legitimate traffic
                                                                                       3. Many different
                                                                                          sources
                                                                                       4. From all over the
                                                                                          world
                                                                                       5. Perfect timing




                                                                                                                            40
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Advanced Persistent Threat (APT)


                                                                                                                 1.         Group/ Org./
                                                                                                                            State
                                                                                                                 2.         Ideological/
                                                                                                                            Nationalistic
                                                                                                                            background
                                                                                                                 3.         Multi-layered
                                                                                                                            attack
                                                                                                                 4.         Targeted
                                                                                                                 5.         Variety of
                                                                                                                            tools
                                                                                                                 6.         Impossible to
                                                                                                                            detect in real
                                                                                                                            time(???)



                                                                                                                                    41
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Security “Threatscape”




Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
Thank You!




                          Scan Me To Your Contacts:




                                                                                                                            43
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic

More Related Content

Viewers also liked

China input method
China input methodChina input method
China input methodPhodal Huang
 
In Depth Introdution on Online Advertising by Greg Stuart
In Depth Introdution on Online Advertising by Greg StuartIn Depth Introdution on Online Advertising by Greg Stuart
In Depth Introdution on Online Advertising by Greg Stuartronewmedia_academy
 
The history of video games goes as far back as the early 1940s
The history of video games goes as far back as the early 1940sThe history of video games goes as far back as the early 1940s
The history of video games goes as far back as the early 1940sJian Li
 
ChinaUnix社区介绍
ChinaUnix社区介绍ChinaUnix社区介绍
ChinaUnix社区介绍send_linux
 
Presentasi wwoooooooooooooookeeeeeeeee
Presentasi wwoooooooooooooookeeeeeeeeePresentasi wwoooooooooooooookeeeeeeeee
Presentasi wwoooooooooooooookeeeeeeeeeOlga Tiara
 
Beat stress, focus and kill procrastination with just a timer!
Beat stress, focus and kill procrastination with just a timer!Beat stress, focus and kill procrastination with just a timer!
Beat stress, focus and kill procrastination with just a timer!Nishant Jacob
 
ePortfolio@LaGuardia Community College:What, Why and How
ePortfolio@LaGuardia Community College:What, Why and HowePortfolio@LaGuardia Community College:What, Why and How
ePortfolio@LaGuardia Community College:What, Why and Howpstadlerctl
 
2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...
2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...
2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...Norhafilda Ismail
 
Jill lintner's portfolio
Jill lintner's portfolioJill lintner's portfolio
Jill lintner's portfolioocwebservices
 
Boulder/Denver BigData: Cluster Computing with Apache Mesos and Cascading
Boulder/Denver BigData: Cluster Computing with Apache Mesos and CascadingBoulder/Denver BigData: Cluster Computing with Apache Mesos and Cascading
Boulder/Denver BigData: Cluster Computing with Apache Mesos and CascadingPaco Nathan
 
TIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIES
TIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIESTIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIES
TIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIESRanjan Mohanta
 
I care for you, because i love you
I care for you, because i love youI care for you, because i love you
I care for you, because i love youRenny
 
Baiguullaga organition 2012
Baiguullaga organition 2012Baiguullaga organition 2012
Baiguullaga organition 2012oyundariubuns
 
蘭花草歌
蘭花草歌蘭花草歌
蘭花草歌Ryan Wong
 

Viewers also liked (18)

99 app
99 app99 app
99 app
 
Good prescribing
Good prescribingGood prescribing
Good prescribing
 
China input method
China input methodChina input method
China input method
 
In Depth Introdution on Online Advertising by Greg Stuart
In Depth Introdution on Online Advertising by Greg StuartIn Depth Introdution on Online Advertising by Greg Stuart
In Depth Introdution on Online Advertising by Greg Stuart
 
The history of video games goes as far back as the early 1940s
The history of video games goes as far back as the early 1940sThe history of video games goes as far back as the early 1940s
The history of video games goes as far back as the early 1940s
 
ChinaUnix社区介绍
ChinaUnix社区介绍ChinaUnix社区介绍
ChinaUnix社区介绍
 
Presentasi wwoooooooooooooookeeeeeeeee
Presentasi wwoooooooooooooookeeeeeeeeePresentasi wwoooooooooooooookeeeeeeeee
Presentasi wwoooooooooooooookeeeeeeeee
 
Beat stress, focus and kill procrastination with just a timer!
Beat stress, focus and kill procrastination with just a timer!Beat stress, focus and kill procrastination with just a timer!
Beat stress, focus and kill procrastination with just a timer!
 
ePortfolio@LaGuardia Community College:What, Why and How
ePortfolio@LaGuardia Community College:What, Why and HowePortfolio@LaGuardia Community College:What, Why and How
ePortfolio@LaGuardia Community College:What, Why and How
 
2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...
2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...
2.a OPTIMIZATION CHARACTERIZATION OF JEC ABSORBED COMPOUNDS IN LACTATING RATS...
 
Building Comfort with MATLAB
Building Comfort with MATLABBuilding Comfort with MATLAB
Building Comfort with MATLAB
 
Jill lintner's portfolio
Jill lintner's portfolioJill lintner's portfolio
Jill lintner's portfolio
 
Teens24
Teens24Teens24
Teens24
 
Boulder/Denver BigData: Cluster Computing with Apache Mesos and Cascading
Boulder/Denver BigData: Cluster Computing with Apache Mesos and CascadingBoulder/Denver BigData: Cluster Computing with Apache Mesos and Cascading
Boulder/Denver BigData: Cluster Computing with Apache Mesos and Cascading
 
TIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIES
TIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIESTIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIES
TIPS ON SCIENTIFIC WRITING & EDITING METHODOLOGIES
 
I care for you, because i love you
I care for you, because i love youI care for you, because i love you
I care for you, because i love you
 
Baiguullaga organition 2012
Baiguullaga organition 2012Baiguullaga organition 2012
Baiguullaga organition 2012
 
蘭花草歌
蘭花草歌蘭花草歌
蘭花草歌
 

More from Shahar Geiger Maor

Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeShahar Geiger Maor
 
Networking stki summit 2012 -shahar geiger maor
Networking  stki summit 2012 -shahar geiger maorNetworking  stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maorShahar Geiger Maor
 
Information security stki summit 2012-shahar geiger maor
Information security  stki summit 2012-shahar geiger maorInformation security  stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maorShahar Geiger Maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints  stki summit 2012-shahar geiger maorEndpoints  stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maorShahar Geiger Maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protectionShahar Geiger Maor
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelShahar Geiger Maor
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Shahar Geiger Maor
 
Summit 2011 trends in information security
Summit 2011  trends in information securitySummit 2011  trends in information security
Summit 2011 trends in information securityShahar Geiger Maor
 
Summit 2011 trends in infrastructure services
Summit 2011  trends in infrastructure servicesSummit 2011  trends in infrastructure services
Summit 2011 trends in infrastructure servicesShahar Geiger Maor
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע  מוטו תקשורת V2כנס אבטחת מידע  מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2Shahar Geiger Maor
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010  Infra Services  V8Stki Summit 2010  Infra Services  V8
Stki Summit 2010 Infra Services V8Shahar Geiger Maor
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Shahar Geiger Maor
 
Info Sec C T O Forum Nov 2009 V1
Info Sec   C T O Forum   Nov 2009   V1Info Sec   C T O Forum   Nov 2009   V1
Info Sec C T O Forum Nov 2009 V1Shahar Geiger Maor
 

More from Shahar Geiger Maor (20)

Cyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of CybercrimeCyber economics v2 -Measuring the true cost of Cybercrime
Cyber economics v2 -Measuring the true cost of Cybercrime
 
Mobile payment v3
Mobile payment v3Mobile payment v3
Mobile payment v3
 
Networking stki summit 2012 -shahar geiger maor
Networking  stki summit 2012 -shahar geiger maorNetworking  stki summit 2012 -shahar geiger maor
Networking stki summit 2012 -shahar geiger maor
 
Information security stki summit 2012-shahar geiger maor
Information security  stki summit 2012-shahar geiger maorInformation security  stki summit 2012-shahar geiger maor
Information security stki summit 2012-shahar geiger maor
 
Endpoints stki summit 2012-shahar geiger maor
Endpoints  stki summit 2012-shahar geiger maorEndpoints  stki summit 2012-shahar geiger maor
Endpoints stki summit 2012-shahar geiger maor
 
Risk, regulation and data protection
Risk, regulation and data protectionRisk, regulation and data protection
Risk, regulation and data protection
 
STKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM PanelSTKI Mobile brainstorming -MDM Panel
STKI Mobile brainstorming -MDM Panel
 
Social Sec infosec -pptx
Social Sec  infosec -pptxSocial Sec  infosec -pptx
Social Sec infosec -pptx
 
Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2Cloud Security CISO club -April 2011 v2
Cloud Security CISO club -April 2011 v2
 
Summit 2011 trends in information security
Summit 2011  trends in information securitySummit 2011  trends in information security
Summit 2011 trends in information security
 
Summit 2011 trends in infrastructure services
Summit 2011  trends in infrastructure servicesSummit 2011  trends in infrastructure services
Summit 2011 trends in infrastructure services
 
DLP Trends -Dec 2010
DLP Trends -Dec 2010DLP Trends -Dec 2010
DLP Trends -Dec 2010
 
כנס אבטחת מידע מוטו תקשורת V2
כנס אבטחת מידע  מוטו תקשורת V2כנס אבטחת מידע  מוטו תקשורת V2
כנס אבטחת מידע מוטו תקשורת V2
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
 
PCI Challenges
PCI ChallengesPCI Challenges
PCI Challenges
 
Stki Summit 2010 Infra Services V8
Stki Summit 2010  Infra Services  V8Stki Summit 2010  Infra Services  V8
Stki Summit 2010 Infra Services V8
 
Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010Infrastructure Trends -Jan 2010
Infrastructure Trends -Jan 2010
 
Info Sec C T O Forum Nov 2009 V1
Info Sec   C T O Forum   Nov 2009   V1Info Sec   C T O Forum   Nov 2009   V1
Info Sec C T O Forum Nov 2009 V1
 
Security Summit July 2009
Security Summit  July 2009Security Summit  July 2009
Security Summit July 2009
 
Green Security
Green SecurityGreen Security
Green Security
 

Recently uploaded

Mike Tyson Sign The Contract Big Boy Shirt
Mike Tyson Sign The Contract Big Boy ShirtMike Tyson Sign The Contract Big Boy Shirt
Mike Tyson Sign The Contract Big Boy ShirtTeeFusion
 
Materi dasar prototype dan figma .pdf
Materi dasar prototype dan figma    .pdfMateri dasar prototype dan figma    .pdf
Materi dasar prototype dan figma .pdfardanaadam1
 
Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024
Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024
Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024Ted Drake
 
Production of Erythromycin microbiology.pptx
Production of Erythromycin microbiology.pptxProduction of Erythromycin microbiology.pptx
Production of Erythromycin microbiology.pptxb2kshani34
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsBlock Party
 
Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...
Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...
Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...Yantram Animation Studio Corporation
 
The future of UX design support tools - talk Paris March 2024
The future of UX design support tools - talk Paris March 2024The future of UX design support tools - talk Paris March 2024
The future of UX design support tools - talk Paris March 2024Alan Dix
 
TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...
TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...
TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...Pranav Subramanian
 
Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...
Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...
Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...Amil baba
 
Central-Visayas-1.pdf reporting purposes
Central-Visayas-1.pdf reporting purposesCentral-Visayas-1.pdf reporting purposes
Central-Visayas-1.pdf reporting purposesmilalabial
 
Math Group 3 Presentation OLOLOLOLILOOLLOLOL
Math Group 3 Presentation OLOLOLOLILOOLLOLOLMath Group 3 Presentation OLOLOLOLILOOLLOLOL
Math Group 3 Presentation OLOLOLOLILOOLLOLOLkenzukiri
 
Building+your+Data+Project+on+AWS+-+Luke+Anderson.pdf
Building+your+Data+Project+on+AWS+-+Luke+Anderson.pdfBuilding+your+Data+Project+on+AWS+-+Luke+Anderson.pdf
Building+your+Data+Project+on+AWS+-+Luke+Anderson.pdfsaidbilgen
 
Cold War Tensions Increase - 1945-1952.pptx
Cold War Tensions Increase - 1945-1952.pptxCold War Tensions Increase - 1945-1952.pptx
Cold War Tensions Increase - 1945-1952.pptxSamKuruvilla5
 
Embroidery design from embroidery magazine
Embroidery design from embroidery magazineEmbroidery design from embroidery magazine
Embroidery design from embroidery magazineRivanEleraki
 
Design mental models for managing large-scale dbt projects. March 21, 2024 in...
Design mental models for managing large-scale dbt projects. March 21, 2024 in...Design mental models for managing large-scale dbt projects. March 21, 2024 in...
Design mental models for managing large-scale dbt projects. March 21, 2024 in...Ed Orozco
 
WCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptx
WCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptxWCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptx
WCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptxHasan S
 
INTRODUCTION TO UI/UX DESIGN BEGINNERS.pdf
INTRODUCTION TO UI/UX DESIGN BEGINNERS.pdfINTRODUCTION TO UI/UX DESIGN BEGINNERS.pdf
INTRODUCTION TO UI/UX DESIGN BEGINNERS.pdfphriedaoyigada
 
High-Quality Faux Embroidery Services | Cre8iveSkill
High-Quality Faux Embroidery Services | Cre8iveSkillHigh-Quality Faux Embroidery Services | Cre8iveSkill
High-Quality Faux Embroidery Services | Cre8iveSkillCre8iveskill
 
LRFD Bridge Design Specifications-AASHTO (2014).pdf
LRFD Bridge Design Specifications-AASHTO (2014).pdfLRFD Bridge Design Specifications-AASHTO (2014).pdf
LRFD Bridge Design Specifications-AASHTO (2014).pdfHctorFranciscoSnchez1
 
UX Conference on UX Research Trends in 2024
UX Conference on UX Research Trends in 2024UX Conference on UX Research Trends in 2024
UX Conference on UX Research Trends in 2024mikailaoh
 

Recently uploaded (20)

Mike Tyson Sign The Contract Big Boy Shirt
Mike Tyson Sign The Contract Big Boy ShirtMike Tyson Sign The Contract Big Boy Shirt
Mike Tyson Sign The Contract Big Boy Shirt
 
Materi dasar prototype dan figma .pdf
Materi dasar prototype dan figma    .pdfMateri dasar prototype dan figma    .pdf
Materi dasar prototype dan figma .pdf
 
Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024
Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024
Introduce Trauma-Informed Design to Your Organization - CSUN ATC 2024
 
Production of Erythromycin microbiology.pptx
Production of Erythromycin microbiology.pptxProduction of Erythromycin microbiology.pptx
Production of Erythromycin microbiology.pptx
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teams
 
Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...
Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...
Exploring Futuristic Factory Designs: A 3D Interior Rendering Studio's Perspe...
 
The future of UX design support tools - talk Paris March 2024
The future of UX design support tools - talk Paris March 2024The future of UX design support tools - talk Paris March 2024
The future of UX design support tools - talk Paris March 2024
 
TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...
TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...
TIMBRE: HOW MIGHT WE REMEDY MUSIC DESERTS AND FACILITATE GROWTH OF A MUSICAL ...
 
Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...
Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...
Best-NO1 Pakistani Amil Baba Real Amil baba In Pakistan Najoomi Baba in Pakis...
 
Central-Visayas-1.pdf reporting purposes
Central-Visayas-1.pdf reporting purposesCentral-Visayas-1.pdf reporting purposes
Central-Visayas-1.pdf reporting purposes
 
Math Group 3 Presentation OLOLOLOLILOOLLOLOL
Math Group 3 Presentation OLOLOLOLILOOLLOLOLMath Group 3 Presentation OLOLOLOLILOOLLOLOL
Math Group 3 Presentation OLOLOLOLILOOLLOLOL
 
Building+your+Data+Project+on+AWS+-+Luke+Anderson.pdf
Building+your+Data+Project+on+AWS+-+Luke+Anderson.pdfBuilding+your+Data+Project+on+AWS+-+Luke+Anderson.pdf
Building+your+Data+Project+on+AWS+-+Luke+Anderson.pdf
 
Cold War Tensions Increase - 1945-1952.pptx
Cold War Tensions Increase - 1945-1952.pptxCold War Tensions Increase - 1945-1952.pptx
Cold War Tensions Increase - 1945-1952.pptx
 
Embroidery design from embroidery magazine
Embroidery design from embroidery magazineEmbroidery design from embroidery magazine
Embroidery design from embroidery magazine
 
Design mental models for managing large-scale dbt projects. March 21, 2024 in...
Design mental models for managing large-scale dbt projects. March 21, 2024 in...Design mental models for managing large-scale dbt projects. March 21, 2024 in...
Design mental models for managing large-scale dbt projects. March 21, 2024 in...
 
WCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptx
WCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptxWCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptx
WCM Branding Agency | 210519 - Portfolio Review (F&B) -s.pptx
 
INTRODUCTION TO UI/UX DESIGN BEGINNERS.pdf
INTRODUCTION TO UI/UX DESIGN BEGINNERS.pdfINTRODUCTION TO UI/UX DESIGN BEGINNERS.pdf
INTRODUCTION TO UI/UX DESIGN BEGINNERS.pdf
 
High-Quality Faux Embroidery Services | Cre8iveSkill
High-Quality Faux Embroidery Services | Cre8iveSkillHigh-Quality Faux Embroidery Services | Cre8iveSkill
High-Quality Faux Embroidery Services | Cre8iveSkill
 
LRFD Bridge Design Specifications-AASHTO (2014).pdf
LRFD Bridge Design Specifications-AASHTO (2014).pdfLRFD Bridge Design Specifications-AASHTO (2014).pdf
LRFD Bridge Design Specifications-AASHTO (2014).pdf
 
UX Conference on UX Research Trends in 2024
UX Conference on UX Research Trends in 2024UX Conference on UX Research Trends in 2024
UX Conference on UX Research Trends in 2024
 

From creeper to stuxnet

  • 1. From Creeper to Stuxnet Tell me and I’ll forget Shahar Geiger Maor, Show me and I may remember VP & Senior Analyst Involve me and I’ll understand
  • 2. A Story With A Beginning And No End 2 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 3. The Beginning –Basic Terminology Phreaking, Cracking and Hacking… 3 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 4. I’m A Creep(er)! The very first viruses: Creeper and Wabbit 1971 1960 1970 1980 1990 2000 2010 4 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 5. Captain Zap first person ever arrested for a computer crime 1981 1960 1970 1980 1990 2000 2010 5 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 6. Machine Of The Year 1982 1960 1970 1980 1990 2000 2010 6 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 7. War Games 1983 1960 1970 1980 1990 2000 2010 7 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 8. Introducing: MOD & LOD 1987 1960 1970 1980 1990 2000 2010 8 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 9. When Ideology meets Ego 1991 1960 1970 1980 1990 2000 2010 9 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 10. Professional conferences 1993 1960 1970 1980 1990 2000 2010 10 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 11. Celebrity 1995 1960 1970 1980 1990 2000 2010 11 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 12. The Rise of Malwares The Concept Virus 1995 1960 1970 1980 1990 2000 2010 12 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 13. The Rise of Malwares The Melissa and Nimda Viruses http://scforum.info/index.php?topic=2528.msg4935;topicseen 1999 1960 1970 1980 1990 2000 2010 13 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 14. The Rise of Malwares The ILOVEYOU Worm 2000 1960 1970 1980 1990 2000 2010 14 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 15. The Rise of Malwares Conficker 2008 1960 1970 1980 1990 2000 2010 15 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 16. The Increasingly Difficult Security Challenge 16000000 14000000 AV Signatures 12000000 10000000 100s of millions of viruses. signature based scanning won’t keep up… 8000000 6000000 4000000 2000000 0 Mar-01 Oct-01 Mar-08 May-02 Oct-08 Dec-02 May-09 Dec-09 Aug-00 Jul-03 Feb-04 Sep-04 Apr-05 Nov-05 Jun-06 Aug-07 Jan-00 Jan-07 Source: Symantec Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 17. No Existing Protection Addresses the “Long Tail” Today, both good and bad software obey a long-tail distribution. Bad Files Unfortunately neither technique Good Files works well for the tens of millions of files with low prevalence. Prevalence (But this is precisely where the majority of today’s malware falls) Blacklisting works For this long tail a new Whitelisting works well here. technique is needed. well here. Source: Symantec Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 18. Growing Amount of Malware –Lower Rate of Detection Submission-ID: 2009- Submission-ID: 2010- 12-10_22-01_0002 01-15_22-14_0001 src: AV-Test.org src: AV-Test.org AV Engine Time To Detect Time To Detect Authentium Zero-hour No detection Avast 24.28 hrs. 2.10 hrs. AVG 10.18 hrs. 3.52 hrs. CA-AV No detection Zero-hour ClamAV 40.82 hrs. No detection Dr.Web 3.68 hrs. 13.17 hrs. Eset Nod32 2.35 hrs. Zero-hour F-Secure Zero-hour 20.03 hrs. Ikarus 2.55 hrs. 1.90 hrs. ISS VPS No detection No detection Kaspersky 6.70 hrs. 14.52 hrs. McAfee 28.83 hrs. No detection Microsoft 11.62 hrs. No detection Norman Zero-hour No detection Panda 76.48 hrs. No detection Rising 71.27 hrs. No detection Spybot S&D No detection No detection Sunbelt No detection Zero-hour VirusBuster 4.05 hrs. Zero-hour Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 19. Secured Mediation Kiosks Source: OPSWAT, STKI’s modifications Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 20. Nor(malware) distribution Choose any AV software… What about the long tail? Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 21. Nor(malware) distribution Choose many AV software… The long tail problem remains Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 22. Organized Cybercrime 2009 1960 1970 1980 1990 2000 2010 22 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 23. M&As in the Cyber Underground… SpyEye made headlines this year when investigators discovered it automatically searched for and removed ZeuS from infected PCs before installing itself http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/ Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 24. Common “Positions” in the cyber-crime business Leaders Hosted Programmers systems Cashiers providers Distributors Fraudsters Money mules Tech experts Crackers Tellers http://www.fbi.gov/news/speeches/the-cyber-threat-whos-doing-what-to-whom Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 25. Underground Economy Products Price Credit card details From $2-$90 Physical credit cards From $190 + cost of details Card cloners From $200-$1000 Fake ATMs Up to $35,000 Bank credentials From $80 to 700$ (with guaranteed balance) From 10 to 40% of the total $10 for simple account without guaranteed Bank transfers and cashing checks balance Online stores and pay platforms From $80-$1500 with guaranteed balance Design and publishing of fake online stores According to the project (not specified) Purchase and forwarding of products From $30-$300 (depending on the project) Spam rental From $15 SMTP rental From $20 to $40 for three months http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 26. Cyber Wars 1990’s-2000’s-2010’s 1960 1970 1980 1990 2000 2010 26 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 27. Growing Number of Incidents -US Incidents of Malicious Cyber Activity Against Department of Defense Information Systems, 2000–2009 http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 28. Sources of Attacks on gov.il Source: CERT.gov.il Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 29. Cyber-Warfare is Becoming A Giants’ Playground http://www.bbc.co.uk/news/technology-11773146 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 30. Operation Aurora http://www.damballa.com/downloads/r_pubs/Aurora_Botnet_Command_Structu Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic re.pdf
  • 31. Advanced Persistent Threat (APT) –RSA Case Study “Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA”. Art Coviello Executive Chairman, RSA http://www.rsa.com/node.aspx?id=3872 http://www.nytimes.com/2011/03/18/technology/18secure.html Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 32. Stuxnet: (THE NEW YORK TIMES, 15/1/11) http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=2&hp Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 33. Stuxnet Timeline Eraly 2008: Siemens cooperated with Idaho National Laboratory , to identify the July 2009: vulnerabilities of Stuxnet began computer controllers circulating around the that the company sells world 2008-2009: July 2010: Stuxnet is Suspected exploits first discovered by have been created for VirusBlokAda Siemens SCADA systems Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 34. Rootkit.Win32.Stuxnet Geography Source: http://ebiquity.umbc.edu/blogger/wp-content/uploads/2010/09/stuxnet.gif Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 35. Stuxnet in Action: “A Game Changer”  10-30 developers (!!!)  Stuxnet has some 4,000 functions (software that runs an average email server has about 2,000 functions)  Exploits a total of four unpatched Microsoft vulnerabilities  compromise two digital certificates • Self-replicates through removable drives • Spreads in a LAN through a vulnerability in the Windows Print Spooler • Copies and executes itself on remote computers through network shares • Updates itself through a peer-to-peer mechanism within a LAN • Contacts a remote command and control server • modifies code on the Siemens PLCs • Hides modified code on PLCs Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 36. Vulnerability Timeline Source: Burton Group Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 37. …Lets talk about Patch Management (PM) • Mostly Microsoft, security-related patches • “Its not the deployment, but the whole process evolving” AKA Pizza Night. • 20%-50% FTE is dedicated for PM • Common SLAs: 3…6…or sometimes 12 Months!! • VIP patches: up-to a week • Hardwarenon-security patches’ SLA: Where upgradesvendor support is needed Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 38. Your Text here Your Text here Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion 38
  • 39. Generic Cyber Attacks 1. IndividualsGroups 2. CriminalNationalistic background 3. Lots of intervals 4. Lots of targets 5. Common tools 39 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 40. Distributed Denial Of Service (DDOS) 1. Targets websites, internet lines etc. 2. Legitimate traffic 3. Many different sources 4. From all over the world 5. Perfect timing 40 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 41. Advanced Persistent Threat (APT) 1. Group/ Org./ State 2. Ideological/ Nationalistic background 3. Multi-layered attack 4. Targeted 5. Variety of tools 6. Impossible to detect in real time(???) 41 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 42. Security “Threatscape” Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
  • 43. Thank You! Scan Me To Your Contacts: 43 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic