Automated Targeted Attacks: The New Age of Cybercrime

3,161 views

Published on

Published in: Technology, Business
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,161
On SlideShare
0
From Embeds
0
Number of Embeds
186
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

Automated Targeted Attacks: The New Age of Cybercrime

  1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime » Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
  2. Overview Click to edit Master title style • • About Kaspersky text styles Click to edit Master Lab • The evolution of malware – Second level • • Third level Motivation: how cybercriminals make money – Fourth level • Targeted» attacks: threats to SMBs & enterprises Fifth level • So, how do they do it? • Social experiment • Targeted attacks becoming mainstream • Mitigation techniques June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  3. About Kaspersky Lab Click to edit Master title style • •Foundedto edit Master text styles Click in 1996 • Largest privately owned – Second level IT security company • Third level • 2000+ employees,level hiring  – Fourth still • 26 local offices Fifth level » • United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. • Global Research and Analysis Team • Researchers working around the clock and around the world • Protecting more than 250 million users • 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  5. Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • But in 2008 alone: 15M – Second level • End of 2009 leveltotal of about 33,9 M unique malicious • Third –a files in the Kaspersky Lab collection – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  7. Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’tlevel money? » Fifth have – Providing IT resources to other cybercriminals • Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  8. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  9. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  10. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  11. Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets • Click to• edit Master text styles epidemics Targeted attacks are not – Second • One email is enough, instead of tens of thousands level • Third level • Targeted organizations are either not aware, – Fourth level or don’t publicly disclose information » Fifth level • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  12. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  13. Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees • Click to edit Master text styles – Choosing most vulnerable targets – Second level 2. Developing a new and • Third level unique – Fourth level program malicious » Fifth level – Doesn’t have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  14. A targeted attack demo Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Social experiment June 10th , 2009 Event details (title, place)
  16. Click – let’s stand up! style Intro to edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  17. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  18. Click to edit Master title style public Personal information becoming • So much personal • Click to edit Master text styles information becomes – Second level public Third level • on social networksFourth level – right now » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  19. Targeted attacks becoming mainstream Click to edit Master title style • Targeted ads? Targeted • Click to edit Master text styles attacks arelevel – Second already out there • SocialThird level are enabling • networks – Fourth level cybercriminalslevel start delivering » Fifth to automated targeted attacks • The personal data is there. Next step? Automation. • Geographical IP location has been around for a while • Automatic language translation services are becoming better • Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  20. Click targeting example style Geo to edit Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  21. Language targeting example Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  22. Click to edit Masterexample Interests targeting title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  23. Click to edit Masterattacks Surviving targeted title style • • Click to edit Master text styles Security tips • Patch – Second level • Third level • Patch everything – Fourth level • Patch everything level » Fifth twice • …including the human mind • A highly sophisticated targeted attack will eventually succeed • Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) • Proper security mindset • User education and awareness June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  24. Targeted attacks become mainstream Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  25. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Thank you! Questions? » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)

×