SlideShare a Scribd company logo

Targeted Attacks: The New Age of Cybercrime

Stefan Tanase
Stefan Tanase
TechnologyBusiness
1 of 25
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime » Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
Overview Click to edit Master title style • • About Kaspersky text styles Click to edit Master Lab • The evolution of malware – Second level • • Third level Motivation: how cybercriminals make money – Fourth level • Targeted» attacks: threats to SMBs & enterprises Fifth level • So, how do they do it? • Social experiment • Targeted attacks becoming mainstream • Mitigation techniques June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
About Kaspersky Lab Click to edit Master title style • •Foundedto edit Master text styles Click in 1996 • Largest privately owned – Second level IT security company • Third level • 2000+ employees,level hiring  – Fourth still • 26 local offices Fifth level » • United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. • Global Research and Analysis Team • Researchers working around the clock and around the world • Protecting more than 250 million users • 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • But in 2008 alone: 15M – Second level • End of 2009 leveltotal of about 33,9 M unique malicious • Third –a files in the Kaspersky Lab collection – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’tlevel money? » Fifth have – Providing IT resources to other cybercriminals • Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets • Click to• edit Master text styles epidemics Targeted attacks are not – Second • One email is enough, instead of tens of thousands level • Third level • Targeted organizations are either not aware, – Fourth level or don’t publicly disclose information » Fifth level • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees • Click to edit Master text styles – Choosing most vulnerable targets – Second level 2. Developing a new and • Third level unique – Fourth level program malicious » Fifth level – Doesn’t have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
A targeted attack demo Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Social experiment June 10th , 2009 Event details (title, place)
Click – let’s stand up! style Intro to edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
Click to edit Master title style public Personal information becoming • So much personal • Click to edit Master text styles information becomes – Second level public Third level • on social networksFourth level – right now » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks becoming mainstream Click to edit Master title style • Targeted ads? Targeted • Click to edit Master text styles attacks arelevel – Second already out there • SocialThird level are enabling • networks – Fourth level cybercriminalslevel start delivering » Fifth to automated targeted attacks • The personal data is there. Next step? Automation. • Geographical IP location has been around for a while • Automatic language translation services are becoming better • Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click targeting example style Geo to edit Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Language targeting example Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Masterexample Interests targeting title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Masterattacks Surviving targeted title style • • Click to edit Master text styles Security tips • Patch – Second level • Third level • Patch everything – Fourth level • Patch everything level » Fifth twice • …including the human mind • A highly sophisticated targeted attack will eventually succeed • Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) • Proper security mindset • User education and awareness June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks become mainstream Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Thank you! Questions? » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)

Recommended

Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Tanmay Kotasthane
 
Cuadro comparativomercadeo
Cuadro comparativomercadeoCuadro comparativomercadeo
Cuadro comparativomercadeoenmanueldsc
 
Новые угрозы безопасности
Новые угрозы безопасностиНовые угрозы безопасности
Новые угрозы безопасностиDenis Batrankov, CISSP
 
12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.Вера Троянова
 
Mascotas
MascotasMascotas
MascotasAracelyHernandezYanez
 
What To Do In A Dental Emergency
What To Do In A Dental EmergencyWhat To Do In A Dental Emergency
What To Do In A Dental EmergencyBuzz Marketing Pros
 
Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Denis Batrankov, CISSP
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 

Recommended

Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Tanmay Kotasthane
 
Cuadro comparativomercadeo
Cuadro comparativomercadeoCuadro comparativomercadeo
Cuadro comparativomercadeoenmanueldsc
 
Новые угрозы безопасности
Новые угрозы безопасностиНовые угрозы безопасности
Новые угрозы безопасностиDenis Batrankov, CISSP
 
12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.Вера Троянова
 
Mascotas
MascotasMascotas
MascotasAracelyHernandezYanez
 
What To Do In A Dental Emergency
What To Do In A Dental EmergencyWhat To Do In A Dental Emergency
What To Do In A Dental EmergencyBuzz Marketing Pros
 
Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Denis Batrankov, CISSP
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Ddos dos
Ddos dosDdos dos
Ddos dosarichoana
 
OWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonSimon Bennetts
 
Web attacks
Web attacksWeb attacks
Web attackshusnara mohammad
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert
 
BlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkBlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkSimon Bennetts
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and FuzzingSimon Bennetts
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted AttacksStefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurCostin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kasperskyAgora Group
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 

More Related Content

Viewers also liked

Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
OWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonSimon Bennetts
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert
 
BlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkBlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkSimon Bennetts
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and FuzzingSimon Bennetts
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 

Viewers also liked (11)

Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Ddos dos
Ddos dosDdos dos
Ddos dos
 
OWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP Hackathon
 
Web attacks
Web attacksWeb attacks
Web attacks
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing tool
 
BlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkBlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo Talk
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 

Similar to Targeted Attacks: The New Age of Cybercrime

Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted AttacksStefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurCostin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kasperskyAgora Group
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 

Similar to Targeted Attacks: The New Age of Cybercrime (11)

Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted Attacks
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact global
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online banking
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct ro
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kaspersky
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptx
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Targeted Attacks: The New Age of Cybercrime

  • 1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime » Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
  • 2. Overview Click to edit Master title style • • About Kaspersky text styles Click to edit Master Lab • The evolution of malware – Second level • • Third level Motivation: how cybercriminals make money – Fourth level • Targeted» attacks: threats to SMBs & enterprises Fifth level • So, how do they do it? • Social experiment • Targeted attacks becoming mainstream • Mitigation techniques June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 3. About Kaspersky Lab Click to edit Master title style • •Foundedto edit Master text styles Click in 1996 • Largest privately owned – Second level IT security company • Third level • 2000+ employees,level hiring  – Fourth still • 26 local offices Fifth level » • United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. • Global Research and Analysis Team • Researchers working around the clock and around the world • Protecting more than 250 million users • 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  • 5. Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • But in 2008 alone: 15M – Second level • End of 2009 leveltotal of about 33,9 M unique malicious • Third –a files in the Kaspersky Lab collection – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  • 7. Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’tlevel money? » Fifth have – Providing IT resources to other cybercriminals • Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 8. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  • 9. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 10. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 11. Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets • Click to• edit Master text styles epidemics Targeted attacks are not – Second • One email is enough, instead of tens of thousands level • Third level • Targeted organizations are either not aware, – Fourth level or don’t publicly disclose information » Fifth level • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 12. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  • 13. Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees • Click to edit Master text styles – Choosing most vulnerable targets – Second level 2. Developing a new and • Third level unique – Fourth level program malicious » Fifth level – Doesn’t have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 14. A targeted attack demo Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Social experiment June 10th , 2009 Event details (title, place)
  • 16. Click – let’s stand up! style Intro to edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 17. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  • 18. Click to edit Master title style public Personal information becoming • So much personal • Click to edit Master text styles information becomes – Second level public Third level • on social networksFourth level – right now » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 19. Targeted attacks becoming mainstream Click to edit Master title style • Targeted ads? Targeted • Click to edit Master text styles attacks arelevel – Second already out there • SocialThird level are enabling • networks – Fourth level cybercriminalslevel start delivering » Fifth to automated targeted attacks • The personal data is there. Next step? Automation. • Geographical IP location has been around for a while • Automatic language translation services are becoming better • Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 20. Click targeting example style Geo to edit Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 21. Language targeting example Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 22. Click to edit Masterexample Interests targeting title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 23. Click to edit Masterattacks Surviving targeted title style • • Click to edit Master text styles Security tips • Patch – Second level • Third level • Patch everything – Fourth level • Patch everything level » Fifth twice • …including the human mind • A highly sophisticated targeted attack will eventually succeed • Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) • Proper security mindset • User education and awareness June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 24. Targeted attacks become mainstream Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 25. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Thank you! Questions? » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)