Beveiligingsdag SLBdiensten: 26 juni 2015
Presentatie Kaspersky: Malware en statistieken. Welke trends neemt Kaspersky waar mbt malware, wat zijn de motieven en wat kun je hier tegen doen? - Door Jornt van der Wiel, Security Researcher, Kaspersky Lab Benelux
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
Presentatie Kaspersky over Malware trends en statistieken, 26062015
1. NEW MOTIVES, NEW THREATS:
HOW TO PROTECT YOURSELF FROM TARGETED ATTACKS
Jornt v.d. Wiel
Global Research and Analysis Team
2. THE SCALE OF THE THREAT
1
NEW VIRUS
EVERY HOUR
1994
1
NEW VIRUS
EVERY MINUTE
2006
1
NEW VIRUS
EVERY SECOND
2011
325,000
NEW SAMPLES
EVERY DAY
2014
The evolving threat landscape2
3. 0.1%
9.9%
90%
THE NATURE OF THE THREAT
The evolving threat landscape3
Traditional
cybercrime
Targeted threats
to organisations
Cyber-weapons
5. Exploit
kits
Social
networks
WEB-BASED THREATS
The evolving threat landscape5
Exploit kits Social networks
Kaspersky Lab discovered almost
1.4 billion web attacks in 2014
38 attacks
per second
3.8 million
attacks per day
159.000
attacks per hour
2.663
attacks
per minute
ATTACKS IN 2014
7. ADVANCED PERSISTENT THREATS (APT)
Facts
Classification
Detection Time
Active Since
Gauss
Espionage
program
July
2012
Aug / Sep
2011
• Sophisticated
toolkit for cyber-
espionage
• Implemented by
creators of the
Flame platform
• Modules perform
a variety of
functions
Flame
Espionage
program
May
2012
2007
• Complex set
of operations
• Downloads
extra modules
to victim
computers
• 20 extension
modules
detected
• Sophisticated
toolkit
Duqu
Espionage
program
September
2011
2010
• Destroys all
traces of activity
• Core module
never detected
• No modifications
discovered since
Feb 2012
miniFlame
Espionage
program
October
2012
October
2012
• Miniature fully-
fledged spyware
module
• Used for highly
targeted attacks
against select
victims
• Stand-alone
malware or as a
plug-in for Flame
Wiper
Destroyer
Never
Detected
April
2012
• Destroyed
dozens of
database and
computer
systems
• Majority of
targets were
organisations in
Iran’s oil industry
• Malware still
unknown to
this day
The evolving threat landscape7
8. CYBER-WEAPONS: NUMBER OF VICTIMS
OVER
100K
OVER
300K
2,500
10K
700
5-6K
20
50-60
10-20
50-60
Stuxnet Gauss Flame Duqu miniFlame
Known number of incidents Additional number of incidents (approximate)
300K
100K
10K
1K
50
20
The evolving threat landscape8 Source: Kaspersky Lab
9. ENERGETIC BEAR – CROUCHING YETI
Recent APT
Targets: Educational (32); Research(14); IT(10);
Geography: 99 different countries
Interesting facts: No 0-days used, slightly modified
metasploit exploits used
How does it work?
Three different infection methods
Spear-phishing
Trojanized software installers
Watering hole attacks
Upon infection 4 different backdoors + additional tools are
installed
The evolving threat landscape9
June 2014 2010
Classification: Detection time: Active since:
Espionage program
11. WHY TARGET MOBILE DEVICES?
Mobile devices contain a lot of ‘interesting’ things:
incoming and
outgoing SMS
messages
work
emails
business
contacts
personal
photos
GPS
coordinates
online banking
credentials
various
installed apps
calendar
The evolving threat landscape11
12. MOBILE MALWARE: TARGETED PLATFORMS
Mostly Android!
98.05%
Android
1.55%
0.27%
0.13%
Others
Symbian
J2ME
The evolving threat landscape12
13. FUTURE IT THREATS
The evolving threat landscape13
CYBER
WEAPONS
will be tailor-made for specific
cases. Cyber criminals will
increasingly use simpler tools
to destroy data at a required time
MULTIPLE ATTACKS
ON GOVERNMENT
institutions and businesses will be
carried out all over the world.
‘Hacktivism’ may also be used to
conceal other types of attacks
MALWARE
will be uploaded to official
app stores. Mobile espionage
will become widespread including
stealing data from mobile phones
and tracking people using
their phones
ATTACKS ON ONLINE
BANKING SYSTEMS
will become one of the most
widespread methods of stealing
money from users
THE NUMBER OF
TARGETED ATTACKS
will continue to grow.
Cybercriminals will start using
new infection methods. The
range of targeted businesses
under threat will expand
CYBER
CRIMINALS
will write mobile malware
increasingly attacking
Google Android
14. MINIMISING YOUR RISK OF INFECTION
The evolving threat landscape14
A GReAT tip: Raise Awareness
Cybercriminals are increasingly using public data to launch
targeted attacks against businesses. Tell your colleagues about
the risks associated with sharing personal and business
information online.
15. MINIMISING YOUR RISK OF INFECTION
The evolving threat landscape15
A GReAT tip: Keep your software up to date
Prevention is better than the cure. Often malware does not use 0-
days but known vulnerabilities. Keeping your software up to date
mitigates the attack vector considerably.
This holds especially for:
• Operating System
• PDF reader
• MS Office
• Java
• Browser
• Flash
16. MINIMISING YOUR RISK OF INFECTION
The evolving threat landscape16
A GReAT tip: Apply whitelisting
Having a pre-defined list of benign applications prevents malware
from executing applications on your system.
17. MINIMISING YOUR RISK OF INFECTION
The evolving threat landscape17
A GReAT tip: Choose good and different passwords
Passwords up to 8 characters can be easily cracked. Therefore
passwords of more than 16 characters are recommended.
Also, choosing an unique password for each account is advised.
In case one account gets compromised, your other accounts are
still safe.
A password manager can help you with this.
18. AND IN THE CASE THAT IT GOES WRONG….
The evolving threat landscape18
A GReAT tip: Create backups
Backups are always good. If you get infected with, for example,
ransomware, then you haven’t lost all of your files. You can
backup to the version prior to your infection and you are safe
again. Backups are also great for data loss (e.g. due to failing
hardware).