SlideShare a Scribd company logo

The Evolution of Cyber Attacks

Venafi
Venafi

The cyber criminal community has evolved from pranksters, lone wolves, and organized gangs to nation-states and hacktivist groups whose primary results have been increased costs and lost productivity. As enterprises and governments connect literally everything to the Internet, the size of their attack surface has grown, opening more opportunities for cyber criminals. Many of their current exploits are going unnoticed.

Technology
1 of 21
Download to read offline
CYBER ATTACKS THE EVOLUTION OF
PRESENTS
As enterprises and governments connect literally everything to the Internet, the size of their attack surface has grown, opening more opportunities for cyber criminals. Many of their current exploits are going unnoticed. AwarenessVisibilityDetection + + – – Ability to Respond Keys & Certificates IAM IDS Firewall A/V VPN DLP IPS MDM
1997 2004 2007 2010 2013 Viruses & Worms For-Profit Malware APTs Key & Certificate-Based Attacks • Code Signing Certificates • SSH Key Theft • Server Key Theft • Weak Crypto Exploits The Evolving Cyberattack Landscape The cyber criminal community has evolved from pranksters, lone wolves, and organized gangs to nation-states and hacktivist groups whose primary results have been increased costs and lost productivity.
DAMAGE LEVEL: DISRUPTION VIRUSES, WORMS & DDoS CIH COMPUTER VIRUS The virus infected over 60 million computers worldwide, causing an estimated billion dollars in damage. Launched by a university student in Taiwan, Chen Ing-hau claimed to have created the virus to challenge the bold claims of the antivirus community. 1998 DAMAGELEVEL:DISRUPTIONDAMAGELEVEL:DISRUPTION
This worm drove a DDoS for multiple Internet hosts and dramatically slowed down Internet traffic. The worm, based on a proof-of-concept code demonstrated at Black Hat by David Litchfield, infected 75,000 victims in the first 10 minutes of its release by exploiting a vulnerability that allowed it to generate random IP addresses and send itself out to them. SLAMMER WORM VIRUSES, WORMS & DDoS DAMAGE LEVEL: DISRUPTION DISTRIBUTED DENIAL OF SERVICE The first distributed-denial-of-service (DDoS) attacks ever recorded targeted the Mexican government and the Pentagon. 1998 2003 DAMAGELEVEL:DISRUPTIONDAMAGELEVEL:DISRUPTIONDAMAGELEVEL:DISRUPTION
DAMAGELEVEL:CYBERCRIME DAMAGE LEVEL: CYBERCRIME FOR-PROFIT MALWARE MYDOOM Mydoom spread via spam. Mydoom stole email addresses to further proliferate, and then added a backdoor to victims’ machines to be used for further practices like a remote proxy for DDOS whereby victims’ machines would be part of a botnet. SPAM SPAM SPAM SPAM SPAM 2004
FAKEWARE/SCAMWARE A popup message warns users that their machines may be infected, and that they should download and install fake Antivirus or spyware. Instead, this is a hoax to fool the user into installing malicious code. UPDATE ANTIVIRUS! FOR-PROFIT MALWARE DAMAGE LEVEL: CYBERCRIME 2005 DAMAGELEVEL:CYBERCRIME
DAMAGELEVEL:CYBERESPIONAGE DAMAGE LEVEL: CYBER ESPIONAGE APTs ZEUS TROJAN This is one of the first examples of an attack that takes advantage of technologies used to ensure trusted digital communications. This Trojan steals banking information by using man-in-the-browser keystroke logging and form-grabbing methods to steal credentials. Zeus stole information from the U.S. Department of Transportation and is now believed to have infected over 74,000 websites including BankOfAmerica.com, NASA.gov, ABC.com and Amazon.com. T O N R A J BANK 2007
APTs DAMAGE LEVEL: CYBER ESPIONAGE DAMAGELEVEL:CYBERESPIONAGE Targeting the Microsoft Windows operating system, Conficker used flaws in Windows software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker infected millions of computers including government, business and home computers in over 200 countries. It was also the same year MD5 was discovered to be exploitable. Government Home & Business CONFICKER2008
DAMAGELEVEL:WORLDWITHOUTTRUST DAMAGE LEVEL: WORLD WITHOUT TRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits Discovered in June 2010, this malware – reported to have been created by the United States and Israel to attack Iran's nuclear facilities – was the first cyber attack recognized as being made possible by compromised digital certificates. Stuxnet leveraged unprecedented and advanced sophistication, zero-day exploits and a network of insiders to install itself in Windows systems used to manage industrial control systems. Stuxnet remained undetected on the network for months, using a compromised digital certificate to validate it. Its payload left behind a trail of physical destruction. ACCESS GRANTED STUXNET2010
Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST DAMAGELEVEL:WORLDWITHOUTTRUSTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUST This attack on a Certificate Authority (CA) marked a significant point in the history of cyber attacks. For the first time, a trust technology provider, the CA itself, forced customers, including a national government, to warn the world that they could not be trusted. The attack took complete control of all eight of the company’s certificate-issuing servers during the operation. Though it is unconfirmed, there is a possibility the attacker may also have issued some rogue certificates that have not yet been identified. What is known is that 300,000 Gmail accounts were attacked. The attack also proved that a cyber debacle could ruin a business, as the CA itself was forced out of business due to the incident. OUT OF BUSINESS = CA DIGINOTAR 2011
DAMAGELEVEL:WOAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST DAMAGELEVEL:WORLDWITHOUTTRUST FLAME Designed to spread from one infected computer to other machines on the same network using a rogue certificate, Flame allowed attackers to take control of what noted cyber-war expert Richard Stiennon once referred to as the "Holy Grail" of all potential cyber weapons – the Microsoft update server. When infected computers updated, Flame intercepted the request and instead of downloading the update delivered a malicious executable to the machine that was signed with a rogue, but technically valid, Microsoft certificate. While Microsoft closed the door on Flame in their systems by issuing a patch, Flame essentially gave the blueprint to cyber criminals to execute similar attacks. UPDATE! 2012 In 2012, the number of malware signed by stolen certificates grows 10x
DAMAGELEVEL:WORLDWITHOUTTRUSTOUTTRUSTDAMAGELEVEL:WORLELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST DAMAGELEVEL:WORLDWITHOUTTRUST AwarenessVisibilityDetection + + – – Ability to Respond Keys & Certificates IAM IDS Firewall A/V VPN DLP IPS MDM WEAK LINK
DAMAGELEDAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTHOUTTRUSTDAMAGELEVEL:WOAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST Few are looking at the real problem: 600% = Year over year growth in compromised digital certificates in 2013 TURKTRUST The CA issued two SSL intermediary certificates that could be used to issue certificates for any domain. One of the intermediary certificates was used to issue an SSL certificate put into use for google.com. Google discovered the unauthorized certificate in January 2013 and noted that it was from an intermediary CA that had obtained authority from a TURKTRUST certificate. No foul play was suspected at TURKTRUST, and the damage has yet to be fully assessed. 2013
DAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST In February, over 800 different trojans launched designed to steal keys and certificates BIT9 HACK Hackers compromised this security provider's network and digitally signed malware using Bit9's own encryption keys, which made it impossible for customers using its cyber defense technologies to know whether or not they were downloading legitimate files or malware. The extent of the damage may never be fully known, but the company claims to provide white-listing services for 30 Fortune 100 firms, almost one-third of the largest companies in the world. 2013
DAMAGELEVEL:WORLDWITHOUTTRUSTUSTDAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST APT1 In what has been the most shocking and bold cyber attack revelation to date, Mandiant revealed in its APT1 report that nation-backed, China-based hackers had used self-signed digital certificates to implant malware into hundreds of U.S. companies over a period of several years. As part of the ground-breaking revelation, Mandiant stated that 100 percent of the APTs used compromised digital certificates that included keys and certificates. 2013
DAMAGELEVELDAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST 2013 The Snowden compromise was not so much based on malicious code, but the blind trust organizations have on keys and certificates, while highlighting the lack of control and visibility into these cryptographic assets that provide insiders unfettered access to highly sensitive systems. Snowden used fabricated digital keys to elevate his privileges and gain access to sensitive information. USERNAME: PASSWORD: SNOWDEN
DAMAGELEVEL:WORLDWITHOUTTREL:WORLDWITHOUTTRUSTDAMDAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTITHOUTTRUST 100% of over 2,300 Global 2000 organizations surveyed acknowledged having attacks on keys and certificates in the last 2 years Keys & Certificates are under attack They are the perfect target and recipe for success
DADAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTWORLDWITHOUTTRUSTDAMAGELEVEL:DAMAGELEVEL:WORLDWITHOUTTRUST Today’s Cyber criminal Attack Vector of Choice Cryptographic Keys and Certificates Little Awareness or detection capability More than 17,000 in every organization Attackers are granted privileged status No tools for responding to attacks WIDE REACH LOW VIS IBILITY POORRE SPONSE TRUSTE D STATE
DAMAGELEVEL:WORLDDAMAGELEVEL:WORLDWITHOUTTRUSTSTDAMAGELEVEL:WORLDWITHOUTTRUS:WORLDWITHOUTTRUST Download the full report: A Historical Overview of the Evolving Cyber Attack Landscape venafi.com/EvolvingCyberattacks

Recommended

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack MethodologiesGeeks Anonymes
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 

Recommended

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack MethodologiesGeeks Anonymes
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013Dr. Amitabha Yadav
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security TrendsInternetwork Engineering (IE)
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismRaheela Patel
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutionsmaryrowling
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Cyber security
Cyber securityCyber security
Cyber securityvishakha bhagwat
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 

More Related Content

What's hot

CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic ViewCisco Canada
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutionsmaryrowling
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 

What's hot (20)

Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
Cyber Security: The Strategic View
Cyber Security: The Strategic ViewCyber Security: The Strategic View
Cyber Security: The Strategic View
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security Trends
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutions
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
 
Cyber security
Cyber securityCyber security
Cyber security
 

Viewers also liked

Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Hackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber AttacksHackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber AttacksPaolo Passeri
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 
Information communication technology in libya for educational purposes
Information communication technology in libya for educational purposesInformation communication technology in libya for educational purposes
Information communication technology in libya for educational purposesZakaria Zubi
 
Educ 2 d slideshare
Educ 2 d slideshareEduc 2 d slideshare
Educ 2 d slideshareMhel Cañete
 
Cyber Attacks from China
Cyber Attacks from ChinaCyber Attacks from China
Cyber Attacks from Chinayepu45
 
Vilde icon
Vilde icon Vilde icon
Vilde icon SofiaNim
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
understanding networked infrastructure
understanding networked infrastructureunderstanding networked infrastructure
understanding networked infrastructureMohammad Salman
 

Viewers also liked (20)

Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Hackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber AttacksHackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber Attacks
 
61850easy Test Tool 2013
61850easy Test Tool 201361850easy Test Tool 2013
61850easy Test Tool 2013
 
Smart grid projects and ciber security in brazil conference
Smart grid projects and ciber security in brazil conference Smart grid projects and ciber security in brazil conference
Smart grid projects and ciber security in brazil conference
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Information communication technology in libya for educational purposes
Information communication technology in libya for educational purposesInformation communication technology in libya for educational purposes
Information communication technology in libya for educational purposes
 
Educ 2 d slideshare
Educ 2 d slideshareEduc 2 d slideshare
Educ 2 d slideshare
 
Cyber Attacks from China
Cyber Attacks from ChinaCyber Attacks from China
Cyber Attacks from China
 
Vilde icon
Vilde icon Vilde icon
Vilde icon
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 
understanding networked infrastructure
understanding networked infrastructureunderstanding networked infrastructure
understanding networked infrastructure
 

Similar to The Evolution of Cyber Attacks

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersBlueliv
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfKALPITKALPIT1
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsProtected Harbor
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication securityDianoesis
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Ghosts In The Machine Today's Invisible Threats Oct 2009
Ghosts In The Machine Today's Invisible Threats Oct 2009Ghosts In The Machine Today's Invisible Threats Oct 2009
Ghosts In The Machine Today's Invisible Threats Oct 2009Trend Micro
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsMehrdad Jingoism
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdfPavelVtek3
 

Similar to The Evolution of Cyber Attacks (20)

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan Bankers
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochure
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
PP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptxPP Lec15n16 Sp2020.pptx
PP Lec15n16 Sp2020.pptx
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication security
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Ghosts In The Machine Today's Invisible Threats Oct 2009
Ghosts In The Machine Today's Invisible Threats Oct 2009Ghosts In The Machine Today's Invisible Threats Oct 2009
Ghosts In The Machine Today's Invisible Threats Oct 2009
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypots
 
News Bytes
News BytesNews Bytes
News Bytes
 
Cybersecurity - Poland.pdf
Cybersecurity - Poland.pdfCybersecurity - Poland.pdf
Cybersecurity - Poland.pdf
 

More from Venafi

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsVenafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA GraphicVenafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSAVenafi
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case studyVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 

More from Venafi (13)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking Point
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

The Evolution of Cyber Attacks

  • 3. As enterprises and governments connect literally everything to the Internet, the size of their attack surface has grown, opening more opportunities for cyber criminals. Many of their current exploits are going unnoticed. AwarenessVisibilityDetection + + – – Ability to Respond Keys & Certificates IAM IDS Firewall A/V VPN DLP IPS MDM
  • 4. 1997 2004 2007 2010 2013 Viruses & Worms For-Profit Malware APTs Key & Certificate-Based Attacks • Code Signing Certificates • SSH Key Theft • Server Key Theft • Weak Crypto Exploits The Evolving Cyberattack Landscape The cyber criminal community has evolved from pranksters, lone wolves, and organized gangs to nation-states and hacktivist groups whose primary results have been increased costs and lost productivity.
  • 5. DAMAGE LEVEL: DISRUPTION VIRUSES, WORMS & DDoS CIH COMPUTER VIRUS The virus infected over 60 million computers worldwide, causing an estimated billion dollars in damage. Launched by a university student in Taiwan, Chen Ing-hau claimed to have created the virus to challenge the bold claims of the antivirus community. 1998 DAMAGELEVEL:DISRUPTIONDAMAGELEVEL:DISRUPTION
  • 6. This worm drove a DDoS for multiple Internet hosts and dramatically slowed down Internet traffic. The worm, based on a proof-of-concept code demonstrated at Black Hat by David Litchfield, infected 75,000 victims in the first 10 minutes of its release by exploiting a vulnerability that allowed it to generate random IP addresses and send itself out to them. SLAMMER WORM VIRUSES, WORMS & DDoS DAMAGE LEVEL: DISRUPTION DISTRIBUTED DENIAL OF SERVICE The first distributed-denial-of-service (DDoS) attacks ever recorded targeted the Mexican government and the Pentagon. 1998 2003 DAMAGELEVEL:DISRUPTIONDAMAGELEVEL:DISRUPTIONDAMAGELEVEL:DISRUPTION
  • 7. DAMAGELEVEL:CYBERCRIME DAMAGE LEVEL: CYBERCRIME FOR-PROFIT MALWARE MYDOOM Mydoom spread via spam. Mydoom stole email addresses to further proliferate, and then added a backdoor to victims’ machines to be used for further practices like a remote proxy for DDOS whereby victims’ machines would be part of a botnet. SPAM SPAM SPAM SPAM SPAM 2004
  • 8. FAKEWARE/SCAMWARE A popup message warns users that their machines may be infected, and that they should download and install fake Antivirus or spyware. Instead, this is a hoax to fool the user into installing malicious code. UPDATE ANTIVIRUS! FOR-PROFIT MALWARE DAMAGE LEVEL: CYBERCRIME 2005 DAMAGELEVEL:CYBERCRIME
  • 9. DAMAGELEVEL:CYBERESPIONAGE DAMAGE LEVEL: CYBER ESPIONAGE APTs ZEUS TROJAN This is one of the first examples of an attack that takes advantage of technologies used to ensure trusted digital communications. This Trojan steals banking information by using man-in-the-browser keystroke logging and form-grabbing methods to steal credentials. Zeus stole information from the U.S. Department of Transportation and is now believed to have infected over 74,000 websites including BankOfAmerica.com, NASA.gov, ABC.com and Amazon.com. T O N R A J BANK 2007
  • 10. APTs DAMAGE LEVEL: CYBER ESPIONAGE DAMAGELEVEL:CYBERESPIONAGE Targeting the Microsoft Windows operating system, Conficker used flaws in Windows software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker infected millions of computers including government, business and home computers in over 200 countries. It was also the same year MD5 was discovered to be exploitable. Government Home & Business CONFICKER2008
  • 11. DAMAGELEVEL:WORLDWITHOUTTRUST DAMAGE LEVEL: WORLD WITHOUT TRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits Discovered in June 2010, this malware – reported to have been created by the United States and Israel to attack Iran's nuclear facilities – was the first cyber attack recognized as being made possible by compromised digital certificates. Stuxnet leveraged unprecedented and advanced sophistication, zero-day exploits and a network of insiders to install itself in Windows systems used to manage industrial control systems. Stuxnet remained undetected on the network for months, using a compromised digital certificate to validate it. Its payload left behind a trail of physical destruction. ACCESS GRANTED STUXNET2010
  • 12. Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST DAMAGELEVEL:WORLDWITHOUTTRUSTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUST This attack on a Certificate Authority (CA) marked a significant point in the history of cyber attacks. For the first time, a trust technology provider, the CA itself, forced customers, including a national government, to warn the world that they could not be trusted. The attack took complete control of all eight of the company’s certificate-issuing servers during the operation. Though it is unconfirmed, there is a possibility the attacker may also have issued some rogue certificates that have not yet been identified. What is known is that 300,000 Gmail accounts were attacked. The attack also proved that a cyber debacle could ruin a business, as the CA itself was forced out of business due to the incident. OUT OF BUSINESS = CA DIGINOTAR 2011
  • 13. DAMAGELEVEL:WOAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST DAMAGELEVEL:WORLDWITHOUTTRUST FLAME Designed to spread from one infected computer to other machines on the same network using a rogue certificate, Flame allowed attackers to take control of what noted cyber-war expert Richard Stiennon once referred to as the "Holy Grail" of all potential cyber weapons – the Microsoft update server. When infected computers updated, Flame intercepted the request and instead of downloading the update delivered a malicious executable to the machine that was signed with a rogue, but technically valid, Microsoft certificate. While Microsoft closed the door on Flame in their systems by issuing a patch, Flame essentially gave the blueprint to cyber criminals to execute similar attacks. UPDATE! 2012 In 2012, the number of malware signed by stolen certificates grows 10x
  • 14. DAMAGELEVEL:WORLDWITHOUTTRUSTOUTTRUSTDAMAGELEVEL:WORLELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST DAMAGELEVEL:WORLDWITHOUTTRUST AwarenessVisibilityDetection + + – – Ability to Respond Keys & Certificates IAM IDS Firewall A/V VPN DLP IPS MDM WEAK LINK
  • 15. DAMAGELEDAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTHOUTTRUSTDAMAGELEVEL:WOAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST Few are looking at the real problem: 600% = Year over year growth in compromised digital certificates in 2013 TURKTRUST The CA issued two SSL intermediary certificates that could be used to issue certificates for any domain. One of the intermediary certificates was used to issue an SSL certificate put into use for google.com. Google discovered the unauthorized certificate in January 2013 and noted that it was from an intermediary CA that had obtained authority from a TURKTRUST certificate. No foul play was suspected at TURKTRUST, and the damage has yet to be fully assessed. 2013
  • 16. DAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST In February, over 800 different trojans launched designed to steal keys and certificates BIT9 HACK Hackers compromised this security provider's network and digitally signed malware using Bit9's own encryption keys, which made it impossible for customers using its cyber defense technologies to know whether or not they were downloading legitimate files or malware. The extent of the damage may never be fully known, but the company claims to provide white-listing services for 30 Fortune 100 firms, almost one-third of the largest companies in the world. 2013
  • 17. DAMAGELEVEL:WORLDWITHOUTTRUSTUSTDAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST APT1 In what has been the most shocking and bold cyber attack revelation to date, Mandiant revealed in its APT1 report that nation-backed, China-based hackers had used self-signed digital certificates to implant malware into hundreds of U.S. companies over a period of several years. As part of the ground-breaking revelation, Mandiant stated that 100 percent of the APTs used compromised digital certificates that included keys and certificates. 2013
  • 18. DAMAGELEVELDAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUST Code Signing Certificates, SSH Key Theft, Server Key Theft & Weak Crypto Exploits DAMAGE LEVEL: WORLD WITHOUT TRUST 2013 The Snowden compromise was not so much based on malicious code, but the blind trust organizations have on keys and certificates, while highlighting the lack of control and visibility into these cryptographic assets that provide insiders unfettered access to highly sensitive systems. Snowden used fabricated digital keys to elevate his privileges and gain access to sensitive information. USERNAME: PASSWORD: SNOWDEN
  • 19. DAMAGELEVEL:WORLDWITHOUTTREL:WORLDWITHOUTTRUSTDAMDAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTITHOUTTRUST 100% of over 2,300 Global 2000 organizations surveyed acknowledged having attacks on keys and certificates in the last 2 years Keys & Certificates are under attack They are the perfect target and recipe for success
  • 20. DADAMAGELEVEL:WORLDWITHOUTTRUSTDAMAGELEVEL:WORLDWITHOUTTRUSTWORLDWITHOUTTRUSTDAMAGELEVEL:DAMAGELEVEL:WORLDWITHOUTTRUST Today’s Cyber criminal Attack Vector of Choice Cryptographic Keys and Certificates Little Awareness or detection capability More than 17,000 in every organization Attackers are granted privileged status No tools for responding to attacks WIDE REACH LOW VIS IBILITY POORRE SPONSE TRUSTE D STATE
  • 21. DAMAGELEVEL:WORLDDAMAGELEVEL:WORLDWITHOUTTRUSTSTDAMAGELEVEL:WORLDWITHOUTTRUS:WORLDWITHOUTTRUST Download the full report: A Historical Overview of the Evolving Cyber Attack Landscape venafi.com/EvolvingCyberattacks