SlideShare a Scribd company logo

Future of Destructive Malware

Download as PPTX, PDF
Greg Foss
Greg Foss

VMware Carbon Black Connect 2020 - Presentation on Destructive Malware and how the threat landscape is evolving as it relates to Nation State Adversaries and their capabilities.

Technology
1 of 30
Confidential │ ©2019 VMware, Inc. The Future of Destructive Malware Greg Foss Senior Threat Researcher May 13th, 2019
2Confidential │ ©2019 VMware, Inc. “ I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image. Stephen Hawking 01/08/1942 – 03/14/2018
Confidential │ ©2019 VMware, Inc. 3 Actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. • US DoD Joint Publication 3-13 • https://fas.org/irp/doddir/dod/jp3_13.pdf What classifies as a “Destructive Cyber Attack?”
Confidential │ ©2019 VMware, Inc. 4 2015: Black Energy Russian attack on three Ukrainian Energy Distribution Companies. Cutting power to 750,000 civilians. 2010: Stuxnet US and Israeli developed-malware leveraged to delay the Iranian Nuclear Program’s ability to enrich Uranium. The malware targeted Siemens ICS and physically destroyed Uranium centrifuges, leveraging 4 zero-days. Subset of High Profile, Public, and Documented Destructive Attacks History of Destructive Cyber Attacks 1980 1990 2000 2010 2008: Georgia Russian Joint campaign against Georgian targets. Website defacement, DDoS, and diverting citizens web traffic through Russia. 1982: Siberian Pipeline The CIA tricked the Soviet Union into acquiring ICS software with built-in flaws. Software was programmed to malfunction - resulting in one of the worlds largest non-nuclear explosions. 2017: NotPetya One of the most damaging Cyber Attacks in history. Russia targeted large Ukraine companies. Estimated to have cost over $10 Billion in damages, globally. 2013: Dark Seoul North Korean attacks on South Korean Television Stations and Banks. Physically Destructive Destructive 1998: Kosovo 35,000 Computers wiped and replaced with burning American flag by Iranians. 1998: CIH Chernobyl virus which overwrote critical system data – affecting 60-million computers. Developed by a Taiwanese Student. 2014: Sony Entertainment North Korean attack in response to movie – data theft and wiping resulting in $35 million in damages. 2015: TV5Monde Russian actors destroyed French TV station hardware, taking the network offline for 12-hours. 2014: German Steel Mill Attack on ICS controlling blast furnace, resulting in significant physical damage. 2016: Crash Override Russian attack on electric transmission station ICS systems in Kiev, Ukraine. 2008: Beijing Olympics Deceptive Russian Campaign to disrupt the Olympic Games.
5Confidential │ ©2019 VMware, Inc. Ukraine Russia’s Malware Testing Grounds
Confidential │ ©2019 VMware, Inc. 6 June, 2017 – Modified version of Petya Ransomware Unleashed on Ukraine Reads the MBR and encrypts it using a simple XOR key • Petya stopped after encrypting the Master Boot Record NotPetya spread on its own and encrypts everything – maximizing potential impact • Leveraged a backdoor in Ukraine Accounting Software M.E.Doc • Spread laterally via SMB using leaked NSA tools – EternalBlue and EternalRomance NotPetya is not actually ransomware. Designed only to destroy, regardless of payment • Unique system identifier is actually randomly generated NotPetya https://www.csoonline.com/article/3233210/petya-ransomware-and-notpetya-malware-what-you-need-to-know-now.html
7Confidential │ ©2019 VMware, Inc. Financial Impact of NotPetya https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ $ 7.5 Billion in damages to smaller companies
8Confidential │ ©2019 VMware, Inc. GRU - Unit 74455 “Sandworm”
Confidential │ ©2019 VMware, Inc. 9 Sophisticated Hacking, Espionage, Large-Scale PsyOps, and destructive attack capabilities Repurposed Petya ransomware and leverage spreading capabilities to inflict maximum damage Targeted disinformation social media campaigns with the goal of swaying the 2016 US election Willing to attack Russian-Owned Companies for plausible deniability Believed to have been involved in the Beijing Olympics hack in 2008
Confidential │ ©2019 VMware, Inc. 10 Sandworm Is Still Very Active Primarily Targeting The Ukraine
Confidential │ ©2019 VMware, Inc. 11 Google Threat Analysis Group (TAG)
Confidential │ ©2019 VMware, Inc. Distribution of Ransomware Across Industry Verticals 12
13Confidential │ ©2019 VMware, Inc. Lowering the Bar
Confidential │ ©2019 VMware, Inc. 14 Breaching a third party / adjacent target / company in order to achieve a primary objective Infrastructure / Service Providers, Law Firms, Business Partners, Managed Services, etc. Most well-known incident: Target. • The first “island” in the planned attack was Fazio Mechanical Services • The HVAC company was compromised shortly before Target’s breach Watering Hole attacks against local low-profile business websites are the most common Island Hopping / Leapfrogging / Watering Hole Attacks https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/utilizing-island-hopping-in-targeted-attacks
Confidential │ ©2019 VMware, Inc. 15 Access Mining - The Resale of Credentials and Direct Access
Confidential │ ©2019 VMware, Inc. 16
Confidential │ ©2019 VMware, Inc. 17
Confidential │ ©2019 VMware, Inc. 18
Confidential │ ©2019 VMware, Inc. 19
Confidential │ ©2019 VMware, Inc. 20
Confidential │ ©2019 VMware, Inc. 21 March, 2019 – Sophisticated Russian Hacking Group FXSMP Three Antivirus Companies Compromised Source code for all products stolen 30 Terabytes exfiltrated – Asking $300k Selling both stolen data and direct access High Profile Assets and Data for Sale https://www.advanced-intel.com/post/top-tier- russian-hacking-collective-claims-breaches- of-three-major-anti-virus-companies
Confidential │ ©2019 VMware, Inc. 22
Confidential │ ©2019 VMware, Inc. 23 Connected directly to the Internet Inherently insecure Invalid certs Not patched Firewall disabled Control infrastructure SCADA / ICS
24Confidential │ ©2019 VMware, Inc. Small and Local Service Providers
Confidential │ ©2019 VMware, Inc. 25
Confidential │ ©2019 VMware, Inc. 26 https://www.blackhat.com/docs/asia- 14/materials/Rios/Asia-14-Rios- Owning-A-Building-Exploiting-Access- Control-And-Facility-Management.pdf
Confidential │ ©2019 VMware, Inc. 27 More infrastructure connectivity and increasing reliance upon technology expands attack surface Nation State’s are consistently improving their capabilities and are actively inside US companies Repurposing of Ransomware makes for great wipers and increases the difficulty of attack attribution Access Mining, Island Hopping, and readily available ICS documentation lower the bar to entry Right now is only the beginning… Closing Thoughts
28Confidential │ ©2019 VMware, Inc. Recommended Reading
Confidential │ ©2019 VMware, Inc. 29 Deep Dive 2020 Cybersecurity Outlook Report Review of 2019 and analysis of trends that will continue into 2020 and beyond…
30Confidential │ ©2019 VMware, Inc. Thank you gfoss [at] vmware . com

Recommended

Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Avirot Mitamura
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Port security
Port securityPort security
Port securityborepatch
 
The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016William Slater III
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?lorzinian
 
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?Cyber Crime - Who do you call?
Cyber Crime - Who do you call?East Midlands Cyber Security Forum
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisLars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 

Recommended

Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Avirot Mitamura
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Port security
Port securityPort security
Port securityborepatch
 
The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016William Slater III
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?lorzinian
 
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?Cyber Crime - Who do you call?
Cyber Crime - Who do you call?East Midlands Cyber Security Forum
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisLars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyStefano Maccaglia
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Lumension
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Jay Beale
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
News Bytes
News BytesNews Bytes
News BytesMegha Sahu
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev
 
Bash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnBash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnMichael Holt
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyErdo Deshiant Garnaby
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd n|u - The Open Security Community
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 

More Related Content

What's hot

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyStefano Maccaglia
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Lumension
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Jay Beale
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev
 
Bash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnBash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnMichael Holt
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyErdo Deshiant Garnaby
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 

What's hot (20)

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed Monkey
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You.
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
 
News Bytes
News BytesNews Bytes
News Bytes
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaWatch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)Dna
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
 
Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"Igor Beliaiev "Incident Busters. Human Security Interaction"
Igor Beliaiev "Incident Busters. Human Security Interaction"
 
Bash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnBash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warn
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 

Similar to Future of Destructive Malware

105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepIvanti
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfLior Rotkovitch
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
GreyNoise - Mass Exploitation
GreyNoise - Mass ExploitationGreyNoise - Mass Exploitation
GreyNoise - Mass ExploitationAndrew Morris
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Evolución de la Ciber Seguridad
Evolución de la Ciber SeguridadEvolución de la Ciber Seguridad
Evolución de la Ciber SeguridadCristian Garcia G.
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
parabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdfparabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdfNirGoldstein5
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 

Similar to Future of Destructive Malware (20)

105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_brief
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
GreyNoise - Mass Exploitation
GreyNoise - Mass ExploitationGreyNoise - Mass Exploitation
GreyNoise - Mass Exploitation
 
CA_Module_1.pdf
CA_Module_1.pdfCA_Module_1.pdf
CA_Module_1.pdf
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Evolución de la Ciber Seguridad
Evolución de la Ciber SeguridadEvolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
parabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdfparabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdf
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 

More from Greg Foss

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 

More from Greg Foss (15)

Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven Defense
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 

Future of Destructive Malware

  • 1. Confidential │ ©2019 VMware, Inc. The Future of Destructive Malware Greg Foss Senior Threat Researcher May 13th, 2019
  • 2. 2Confidential │ ©2019 VMware, Inc. “ I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image. Stephen Hawking 01/08/1942 – 03/14/2018
  • 3. Confidential │ ©2019 VMware, Inc. 3 Actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. • US DoD Joint Publication 3-13 • https://fas.org/irp/doddir/dod/jp3_13.pdf What classifies as a “Destructive Cyber Attack?”
  • 4. Confidential │ ©2019 VMware, Inc. 4 2015: Black Energy Russian attack on three Ukrainian Energy Distribution Companies. Cutting power to 750,000 civilians. 2010: Stuxnet US and Israeli developed-malware leveraged to delay the Iranian Nuclear Program’s ability to enrich Uranium. The malware targeted Siemens ICS and physically destroyed Uranium centrifuges, leveraging 4 zero-days. Subset of High Profile, Public, and Documented Destructive Attacks History of Destructive Cyber Attacks 1980 1990 2000 2010 2008: Georgia Russian Joint campaign against Georgian targets. Website defacement, DDoS, and diverting citizens web traffic through Russia. 1982: Siberian Pipeline The CIA tricked the Soviet Union into acquiring ICS software with built-in flaws. Software was programmed to malfunction - resulting in one of the worlds largest non-nuclear explosions. 2017: NotPetya One of the most damaging Cyber Attacks in history. Russia targeted large Ukraine companies. Estimated to have cost over $10 Billion in damages, globally. 2013: Dark Seoul North Korean attacks on South Korean Television Stations and Banks. Physically Destructive Destructive 1998: Kosovo 35,000 Computers wiped and replaced with burning American flag by Iranians. 1998: CIH Chernobyl virus which overwrote critical system data – affecting 60-million computers. Developed by a Taiwanese Student. 2014: Sony Entertainment North Korean attack in response to movie – data theft and wiping resulting in $35 million in damages. 2015: TV5Monde Russian actors destroyed French TV station hardware, taking the network offline for 12-hours. 2014: German Steel Mill Attack on ICS controlling blast furnace, resulting in significant physical damage. 2016: Crash Override Russian attack on electric transmission station ICS systems in Kiev, Ukraine. 2008: Beijing Olympics Deceptive Russian Campaign to disrupt the Olympic Games.
  • 5. 5Confidential │ ©2019 VMware, Inc. Ukraine Russia’s Malware Testing Grounds
  • 6. Confidential │ ©2019 VMware, Inc. 6 June, 2017 – Modified version of Petya Ransomware Unleashed on Ukraine Reads the MBR and encrypts it using a simple XOR key • Petya stopped after encrypting the Master Boot Record NotPetya spread on its own and encrypts everything – maximizing potential impact • Leveraged a backdoor in Ukraine Accounting Software M.E.Doc • Spread laterally via SMB using leaked NSA tools – EternalBlue and EternalRomance NotPetya is not actually ransomware. Designed only to destroy, regardless of payment • Unique system identifier is actually randomly generated NotPetya https://www.csoonline.com/article/3233210/petya-ransomware-and-notpetya-malware-what-you-need-to-know-now.html
  • 7. 7Confidential │ ©2019 VMware, Inc. Financial Impact of NotPetya https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ $ 7.5 Billion in damages to smaller companies
  • 8. 8Confidential │ ©2019 VMware, Inc. GRU - Unit 74455 “Sandworm”
  • 9. Confidential │ ©2019 VMware, Inc. 9 Sophisticated Hacking, Espionage, Large-Scale PsyOps, and destructive attack capabilities Repurposed Petya ransomware and leverage spreading capabilities to inflict maximum damage Targeted disinformation social media campaigns with the goal of swaying the 2016 US election Willing to attack Russian-Owned Companies for plausible deniability Believed to have been involved in the Beijing Olympics hack in 2008
  • 10. Confidential │ ©2019 VMware, Inc. 10 Sandworm Is Still Very Active Primarily Targeting The Ukraine
  • 11. Confidential │ ©2019 VMware, Inc. 11 Google Threat Analysis Group (TAG)
  • 12. Confidential │ ©2019 VMware, Inc. Distribution of Ransomware Across Industry Verticals 12
  • 13. 13Confidential │ ©2019 VMware, Inc. Lowering the Bar
  • 14. Confidential │ ©2019 VMware, Inc. 14 Breaching a third party / adjacent target / company in order to achieve a primary objective Infrastructure / Service Providers, Law Firms, Business Partners, Managed Services, etc. Most well-known incident: Target. • The first “island” in the planned attack was Fazio Mechanical Services • The HVAC company was compromised shortly before Target’s breach Watering Hole attacks against local low-profile business websites are the most common Island Hopping / Leapfrogging / Watering Hole Attacks https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/utilizing-island-hopping-in-targeted-attacks
  • 15. Confidential │ ©2019 VMware, Inc. 15 Access Mining - The Resale of Credentials and Direct Access
  • 16. Confidential │ ©2019 VMware, Inc. 16
  • 17. Confidential │ ©2019 VMware, Inc. 17
  • 18. Confidential │ ©2019 VMware, Inc. 18
  • 19. Confidential │ ©2019 VMware, Inc. 19
  • 20. Confidential │ ©2019 VMware, Inc. 20
  • 21. Confidential │ ©2019 VMware, Inc. 21 March, 2019 – Sophisticated Russian Hacking Group FXSMP Three Antivirus Companies Compromised Source code for all products stolen 30 Terabytes exfiltrated – Asking $300k Selling both stolen data and direct access High Profile Assets and Data for Sale https://www.advanced-intel.com/post/top-tier- russian-hacking-collective-claims-breaches- of-three-major-anti-virus-companies
  • 22. Confidential │ ©2019 VMware, Inc. 22
  • 23. Confidential │ ©2019 VMware, Inc. 23 Connected directly to the Internet Inherently insecure Invalid certs Not patched Firewall disabled Control infrastructure SCADA / ICS
  • 24. 24Confidential │ ©2019 VMware, Inc. Small and Local Service Providers
  • 25. Confidential │ ©2019 VMware, Inc. 25
  • 26. Confidential │ ©2019 VMware, Inc. 26 https://www.blackhat.com/docs/asia- 14/materials/Rios/Asia-14-Rios- Owning-A-Building-Exploiting-Access- Control-And-Facility-Management.pdf
  • 27. Confidential │ ©2019 VMware, Inc. 27 More infrastructure connectivity and increasing reliance upon technology expands attack surface Nation State’s are consistently improving their capabilities and are actively inside US companies Repurposing of Ransomware makes for great wipers and increases the difficulty of attack attribution Access Mining, Island Hopping, and readily available ICS documentation lower the bar to entry Right now is only the beginning… Closing Thoughts
  • 28. 28Confidential │ ©2019 VMware, Inc. Recommended Reading
  • 29. Confidential │ ©2019 VMware, Inc. 29 Deep Dive 2020 Cybersecurity Outlook Report Review of 2019 and analysis of trends that will continue into 2020 and beyond…
  • 30. 30Confidential │ ©2019 VMware, Inc. Thank you gfoss [at] vmware . com