This document summarizes Andrea Minigozzi's presentation on cyber threats landscape and defense. It discusses the evolution of threats from early computer viruses to modern advanced persistent threats. Various threat vectors are examined, including malware, social engineering, and zero-day exploits. Common attack methods like watering hole attacks and the Heartbleed bug are explained. Defensive strategies are proposed, such as previewing shortened URLs and avoiding malicious QR codes. The presentation aims to increase understanding of modern cybersecurity challenges and threats.
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
Crowdstrike And Guest Forrester Share Keys To Mastering The Endpoint
CrowdStrike VP, Product Management Rod Murchison and guest speaker Chris Sherman, Forrester Research analyst, will discuss how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements while reducing the likelihood of compromise.
In this CrowdCast, Forrester and CrowdStrike will present:
- Forrester’s Targeted-Attack Hierarchy of Needs
- The six core requirements to a successful endpoint security strategy
- Preparing for and responding to targeted intrusions and attacks
- How CrowdStrike lines up with Forrester’s Hierarchy of Needs framework
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
Crowdstrike And Guest Forrester Share Keys To Mastering The Endpoint
CrowdStrike VP, Product Management Rod Murchison and guest speaker Chris Sherman, Forrester Research analyst, will discuss how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements while reducing the likelihood of compromise.
In this CrowdCast, Forrester and CrowdStrike will present:
- Forrester’s Targeted-Attack Hierarchy of Needs
- The six core requirements to a successful endpoint security strategy
- Preparing for and responding to targeted intrusions and attacks
- How CrowdStrike lines up with Forrester’s Hierarchy of Needs framework
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
Cybersecurity for Small Business - Incident Response.pptxArt Ocain
Art Ocain discusses approaches to ransomware incident response for small businesses. From the NIST 800-61 or SANS incident response framework, Art walks small business owners through the stages of response and recovery.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cyber criminals.
It includes communication security, network security and information security.
The main problem increasing day by day is cyber crime. Crime committed using a computer and the internet to steal data or information is known as cyber crime. It is one of the disadvantages of internet. It is totally an illegal activity.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
Cybersecurity for Small Business - Incident Response.pptxArt Ocain
Art Ocain discusses approaches to ransomware incident response for small businesses. From the NIST 800-61 or SANS incident response framework, Art walks small business owners through the stages of response and recovery.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cyber criminals.
It includes communication security, network security and information security.
The main problem increasing day by day is cyber crime. Crime committed using a computer and the internet to steal data or information is known as cyber crime. It is one of the disadvantages of internet. It is totally an illegal activity.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
craker un compte
Un usurpateur pirate un compte pour des raisons spécifiques. Dans la majorité des cas, c’est pour se venger ou pour obtenir des informations précieuses. Vous souhaitez retrouver un compte ou celui de quelqu’un que vous connaissez ? Il faut mettre l’accent sur le fait, d’entrée de jeu, qu’il n’est pas envisageable de le faire en utilisant un outil. Ces gens qui prétendent pouvoir pirater un compte en quelques secondes vous racontent des histoires. En utilisant ces applications, vous pourriez révéler sans le savoir d’autres infos confidentielles. Pour ne pas s’exposer ŕ ętre victime d’un logiciel malveillant, n’enregistrez jamais ces applis qui font miroiter des choses impossibles. Soyez prudent !
une approche faite de suggestions afin de mieux outiller notre pays pour faire face aux enjeux de la Sécurité du cyber espace de la Nation, surtout en ces temps de « cyber-tumultes »
Defense System Recruiting in C5ISR, Weapons Systems, Cyber Security
Defense system retained search assignments we have successfully completed range from President and CEO, Executive Vice President, VP, Senior Director, Director and General Manager; Chief and Principal levels in systems engineers, hardware design, software development, sales, and business development to manufacturing, and R&D.
In defense system recruiting, our clients are based in the USA, Canada, and NATO within:
Aerospace Systems - manned and unmanned vehicles and aircraft, space systems
Defense – C4ISR, C5ISR, Battle Management, InfoSec, Cyber Security, MANET
Airborne Power Supplies, Avionics and Aircraft Lighting, Test and Simulators
Tactical Systems – targeting, navigation, weapons systems, FCS, missile defense
Defense System Performance Based Retained Search
Our proprietary Performance Based Search process results in recruiting candidates in defense system, aerospace, and airborne who meet or exceed client expectations. Before the hire starts, we develop a custom executive onboarding process that enhances the candidate meeting the Performance Objectives snd assimilation into the culture.
Cyber defense: Understanding and Combating the ThreatIBM Government
The broad subject of cyber defense makes it just as difficult to achieve. Learn about IBM solutions and SPADE conference insights on the subject of cyber defense which includes both cyber terrorism and the larger umbrella "cyber threat," and the best ways to combat them.
www.lucky-bet.site => Bet on Sports - 50% Deposit Bonus
www.lucky-bet.site/casino => Online Casino - 5000$ Welcome Bonus
www.lucky-bet.site/lotto247 => Lotto247 - Win Big, Live Free
Le Cyberwar sono state definite il quinto dominio della guerra. Ma se doveste spiegare in parole semplici a cosa corrisponde una Cyberwar come la definireste? In queste slide divulgative, redatte in occasione di un convegno al quale sono stato invitato, ho cercato di inserire la mia personalissima risposta, con gli esempi più famosi del 2011 e alcuni collegamenti
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
What is Cyber Extortion? How do cybercriminals use ransomware for attacks? What to do if you are a victim of cyber extortion?
Panda Security answers all these questions and gives you some recommendations and advises to prevent Cyberattacks in this Practical Security Guide to Prevent Cyber Extortion.
We, at Panda, have developed the first solution that guarantees continuous monitoring of all the active processes: Adaptive Defense 360
http://promo.pandasecurity.com/adaptive-defense/en/
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
Introduction to Cyber Security
Understanding the need for CYBERSECURITY
Major security problems
Virus.
Malware.
Trojan Horses
Password Cracking
Hacker.
Types of Hackers
Role of a White Hat Hacker
Feel free to edit or modify or use it
PPT Theme Source/Credit-Aliena · SlidesCarnival
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Topic Of This Slide
-------------------------------
WHAT IS HACKING
Hackers – Who are they?
Communities of Hackers
Hackers Language
Why Attacks?
Type of Hackers
HACKING VS CRACKING
Malicious Hacker Strategies
Ethical Hacker Strategies
How can protect the system?
What should do after hacked?
Today's security is that the main downside and every one the work is finished over the net mistreatment knowledge. whereas the information is out there, there square measure many varieties of users who act with knowledge and a few of them for his or her would like it all for his or her gaining data. There square measure numerous techniques used for cover of information however the hacker or cracker is a lot of intelligent to hack the security, there square measure 2 classes of hackers theyre completely different from one another on the idea of their arrange. The one who has smart plans square measure referred to as moral hackers as a result of the ethics to use their talent and techniques of hacking to supply security to the organization. this idea describes concerning the hacking, styles of hackers, rules of moral hacking and also the blessings of the moral hacking. Mukesh. M | Dr. S. Vengateshkumar "Ethical Hacking" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29351.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/29351/ethical-hacking/mukesh-m
Application Security not only consists in the use of software, hardware, and procedural methods to protect applications from external threats, it is more than technology, is a path not a destination, it is about risk management and implementing effective countermeasures to identify potential threats and understand that each threat presents a degree of risk.
Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats. Security measures built into applications and a sound application security routine minimize the likelihood that unauthorized code will be able to manipulate applications to access, steal, modify, or delete sensitive data.
Join up in a tour of various scenarios identifying the basic concepts about Application Security, learning about some of the most recent vulnerabilities and data breaches, as well as examples of how easy it can be to hack you.
What is SPYWARE?
Spyware is a type of malware that's hard to detect.
It collects information about your surfing habits, browsing history, or personal information (such as credit card numbers), and often uses the internet to pass this information along to third parties without you knowing.
o Key loggers are a type of spyware that monitors your key strokes.
Spyware is mostly classified into four types:
1.System monitors
2.Trojans
3.Adware
4.Tracking Cookies
spyware is mostly used for the purposes of tracking and storing internet users' movements on the web and serving up pop-up ads to internet users.
History and development of spyware.
The first recorded on October 16, 1995 in a UseNet post that poked fun at microsoft's business model.
Spyware at first denoted software meant for espionage purposes.
However, in early 2000 the founder of zone labs, gregor freund, used the term in a press release for the zone alarm personal firewall.
Use of exploits in JavaScript, internet explorer and windows to install.
Effect and behavior.
Unwanted behavior and degradation of system performance.
Unwanted CPU activity, disk usage, and network traffic.
Stability issues:-
Application's freezing.
Failure to boot.
System-wide crashes.
Difficulty connecting to the internet.
Disable software firewalls and anti-virus software.
Routes of infection.
Installed when you open an email attachment.
Spyware installs itself
Install by using deceptive tactics
Common tactics are using a Trojan horse.
USB Keylogger.
browser forces the download and installation of spyware.
Security Practices.
• Installing anti-spyware programs.
• Network firewalls and web proxies to block access to web sites known to install spyware
• Individual users can also install firewalls.
• Install a large hosts file.
• It Install shareware programs offered for download.
• Downloading programs only from reputable sources can provide some protection from this source of attack
Anti-spyware Programs
• Products dedicated to remove or block spyware.
• Programs such as pc tool’s spyware doctor, lava soft's ad-aware se and patrick kolla's spybot - search & destroy.
Legal Issues.
Criminal law
US FTC actions
Netherlands OPTA
Civil law
Libel suits by spyware developers
Webcam Gate
Thank You!
Stay Connected
Stay connected with me at Facebook :- https://www.facebook.com/mangesh.wadibhasme
Follow at Instagram: - @mangesh_hkr
Training on July 16, 2017.
This training is the compressed version of Malware Engineering & Crafting.
In this training, we will talk about malware as well as crafting the simple working malware. The goal of this session is to understanding malware internal so one can have tactics to combat it.
Similar to Cyber threats landscape and defense (20)
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
1. Cyber Threats:
Landscape and Defense
Ing. Andrea Garavaglia
Andrea Minigozzi, CISSP – OPST
ISIS “C. Facchinetti”
Castellanza – VA
14 – 04 - 2014
2. Cyber Threats Landscape and Defense
Andrea Minigozzi is a certified CISSP and OPST Security Expert
with fourteen years experience, encompassing SIEM, malware
analysis, investigating security incidents, computer and network
forensics, ISO 27001/NIST/COBIT audits and hardening of various
devices on civil and military programs.
Andrea is the owner of FantaGhost web site and develops
FG-Scanner project.
About US…. #whoami
Andrea Minigozzi – Andrea Garavaglia
Andrea Garavaglia supported for years Law Enforcement
with analysis tools used to discover patterns, trends, associations
and hidden networks in any number and type of data sources.
He worked also with voice and ip interceptions, traffic reconstruction,
forensics analisys.
Actually is a Network Security Monitor lover.
3. Cyber Threats Landscape and Defense
A Real problem for today’s industries
Andrea Minigozzi – Andrea Garavaglia
4. Cyber Threats Landscape and Defense
Who can become a Victim ?
Andrea Minigozzi – Andrea Garavaglia
Source: http://www.tietoturvapaiva.fi/uploads/Tietoturva%202012/stonesoft.pdf
5. Cyber Threats Landscape and Defense
From virus to Advanced Persistent Threats: the timeline
1971
Creeper
1987
Jerusalem
1982
Elk
Cloner
1992
Michelangelo
2005
MyTob
2000
I love you
2001
Code Red
2004
Sasser
1999
Melissa
2007
Storm
BotNet
2009
Conficker
1970 1980 1990 2000 - 2009
Source: http://blogs.csoonline.com/1421/40_years_after_the_first_computer_virus
1986
Brain
Andrea Minigozzi – Andrea Garavaglia
6. Cyber Threats Landscape and Defense
From virus to Advanced Persistent Threats: the timeline
2010 - Today
2010
Stuxnet
2010
VBMania
2010
Kenzero
2010
SpyEye
+ Zeus
2011
Zero
Access
2011
Duqu
2012
Flame
2012
Shamoon
2012
NGRBot
2013
CryptoLocker
2014
................
Source: http://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms
Andrea Minigozzi – Andrea Garavaglia
7. Cyber Threats Landscape and Defense
Terms and definitions: viruses and worms
Andrea Minigozzi – Andrea Garavaglia
VIRUS
A program that “infects” computer files, usually executable programs, by
inserting a copy of itself into the file. These copies are usually executed when
the infected files is loaded into memory, allowing the virus to infect other files. A
virus requires human involvement (usually unwitting) to propagate.
WORM
An independent computer program that reproduces by copying itself from
one system to another across a network. Unlike computer viruses, worms do
not require human involvement to propagate and exploit vulnerabilities to
bypass security systems.
8. Cyber Threats Landscape and Defense
Terms and definitions: trojan horses and 0-day exploits
TROJAN HORSE
A computer program that conceals harmful code.
A Trojan horse usually masquerades as a useful program that a user would
wish to execute.
0-DAY EXPLOIT
An exploit that takes advantage of a security vulnerability previously unknown
to the general public. In many cases, the exploit code is written by the same
person who discovered the vulnerability.
Andrea Minigozzi – Andrea Garavaglia
9. Cyber Threats Landscape and Defense
Terms and definitions: malware
MALWARE
A program that is inserted into a system, usually covertly, with
the intent of compromising the confidentiality, integrity, or availability of the
victim's data, applications, or operating system or of otherwise annoying
or disrupting the victim and often violates one or more of the following
fundamental principles:
Consent: Malware may be installed even though the user did
not knowingly ask for that to happen.
Privacy-Respectfulness: Malware may violate a user's privacy, perhaps
capturing user passwords or credit card information.
Non-Intrusiveness: Malware may annoy users by popping up
advertisements, changing web browser's home page, making systems slow or
unstable and prone to crash, or interfering with already installed
security software.
Harmlessness: Malware may be software that hurts users (such
as software that damages our system, sends spam emails, or disables security
software).
Respect for User Management: If the user attempts to remove
the software, it may reinstall itself or otherwise override user preferences.
Source: http://itlaw.wikia.com/wiki/Malware
Andrea Minigozzi – Andrea Garavaglia
10. Cyber Threats Landscape and Defense
Malicious code spreading vectors and attack surface
1980 1990 2000 - 2014
Andrea Minigozzi – Andrea Garavaglia
11. Cyber Threats Landscape and Defense
New malware in the last two years
Andrea Minigozzi – Cyber Threats Landscape and Defense
Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
12. Cyber Threats Landscape and Defense
New malwares for emerging operating systems
Andrea Minigozzi – Cyber Threats Landscape and Defense
Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
13. Cyber Threats Landscape and Defense
Global Email Volume, in Trillions of messages
Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
Andrea Minigozzi – Andrea Garavaglia
14. Cyber Threats Landscape and Defense
Hacking motivations
HACKERS : They need to understand how the systems works and how to
improve security and performances
HACKTIVISTS: They use computers and computer networks to promote
political ends, chiefly free speech, human rights, and information ethics.
STATE SPONSORED HACKERS: Governments around the globe realize
that it serves their military objectives to be well positioned online.
SPY HACKERS: Corporations hire hackers to infiltrate the competition and
steal trade secrets.
CYBER TERRORISTS: These hackers, generally motivated by religious or
political beliefs, attempt to create fear and chaos by disrupting critical
infrastructures.
Andrea Minigozzi – Andrea Garavaglia
15. Cyber Threats Landscape and Defense
Attack Diagram: the past
Andrea Minigozzi – Andrea Garavaglia
16. Cyber Threats Landscape and Defense
Andrea Minigozzi – Andrea Garavaglia
Attack Diagram: the present
17. Cyber Threats Landscape and Defense
Terms and definitions: advanced persistent threats
ADVANCED PERSISTENT THREATS
Advanced Persistent Threat (APT) is a set of stealthy and continuous hacking
processes often orchestrated by human targeting a specific entity.
APT usually targets organizations and or nations for business or political
motives. APT processes require high degree of covertness over a long period of
time.
Source: https://www.academia.edu/6309905/Advanced_Persistent_Threat_-_APT
The advanced process signifies sophisticated techniques using malware to
exploit vulnerabilities in systems and Advanced Evasion Technique to avoid
detection.
The persistent process suggests that an external command and control is
continuously monitoring and extracting data off a specific target.
The threat process indicates human involvement in orchestrating the attack
Andrea Minigozzi – Andrea Garavaglia
18. Cyber Threats Landscape and Defense
Andrea Minigozzi – Andrea Garavaglia
APT Teams and Connections
B-TeamA-Team
More senior? Malware writers?
Beaconing &
Latching
Command &
Control; Agent
transfer
Command &
Control; Agent
transfer
www.hackedsite1.com
Agent Download
& Install
www.hackedsite2.com
Data transfer
Data transfer
Stage 0
Infection
Stage 1
Generate
Intermediaries
Stage 2
Setup
Relay Agents
Stage 3
Data
Exfiltration
RDP & Other
Transfer HostIntermediary HostFoothold
Host
Data Host
19. Cyber Threats Landscape and Defense
Advanced Persistent Threats LifeCycle
Source: http://en.wikipedia.org/wiki/Advanced_persistent_threat#History_and_targets
Andrea Minigozzi – Andrea Garavaglia
20. Cyber Threats Landscape and Defense
A great video from TrendMicro explain how the attacks works
Source: http://www.youtube.com/watch?v=fpeMR1214t0
Andrea Minigozzi – Andrea Garavaglia
This video describe a real
successful attack happended
some time ago:
the attacked company lost
about 60 Million dollar$
22. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
http://goo.gl/pJ0sKw
Andrea Minigozzi – Andrea Garavaglia
23. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
STAY AWAY FROM MALICIOUS QR CODES!
Scanning QR codes in the form of stickers placed randomly on
the street's walls is most dangerous. It is a very common way
that scammers use to get people scan the code just because
of curiosity. Reports say, “46% just said they were curious
what this odd little jumbled cube could do.”
So, we should not scan any QR codes that are not from
trusted sources.
LOOK CLOSELY TO A QR CODE BEFORE DO ANYTHING ELSE!
Andrea Minigozzi – Andrea Garavaglia
The are few apps on the stores you can
use to analyze the Qrcode.....
24. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
http://goo.gl/pJ0sKw
http://goo.gl/ZFm5u6
Are you able to see if the two shortened URLs above lead us to
trusted websites?
http://goo.gl/pJ0sKw
http://goo.gl/ZFm5u6
Malicious URL
FantaGhost Web Page
Andrea Minigozzi – Andrea Garavaglia
25. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
Are there any solutions for this problem?
YES! WE SHOULD PREVIEW THE SHORTENED URLS BEFORE USING THEM.
Several website tools help us to get a full URL address from the shortened URL,
an example is http://unshort.me/
In addition, some URL shortening services, such as goo.gl, give us an option to
preview the shortened URL first by add a “+” at the end of the URL.
Andrea Minigozzi – Andrea Garavaglia
26. Cyber Threats Landscape and Defense
The most dangerous (and commons) vulnerabilities
1. Email Social Engineering/Spear Phishing
2. Infection Via a Drive-By Web Download: Watering Hole Attack
3. USB Key Malware
4. Scanning Networks for Vulnerabilities and Exploitment
5. Guessing or Social Engineering Passwords
6. Wifi Compromises
7. Stolen Credentials From Third-Party Sites
8. Compromising Web-Based Databases
9. Exploiting Password Reset Services to Hijack Accounts
10. Insiders
Andrea Minigozzi – Andrea Garavaglia
27. Cyber Threats Landscape and Defense
Understanding HeartBleed Bug
Andrea Minigozzi – Andrea Garavaglia
CVE-2014-0160
Source: http://www.xkcd.com/1354 - http://regmedia.co.uk/2014/04/09/openssl_haertbleed_diagram.png