The Ultimate Guide to Choosing WordPress Pros and Cons
Targeted Attacks: The New Age of Cybercrime
1. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth levelAutomated Targeted Attacks:
The New Age of Cybercrime
» Fifth level
Stefan Tanase
Senior Security Researcher
Global Research and Analysis Team
Kaspersky Lab
IDC IT Security Roadshow 2010 – Bucharest, Romania
March 9 th, 2010
June 10th , 2009 Event details (title, place)
2. Overview
Click to edit Master title style
•
•
About Kaspersky text styles
Click to edit Master
Lab
• The evolution of malware
– Second level
• • Third level
Motivation: how cybercriminals make money
– Fourth level
• Targeted» attacks: threats to SMBs & enterprises
Fifth level
• So, how do they do it?
• Social experiment
• Targeted attacks becoming mainstream
• Mitigation techniques
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
3. About Kaspersky Lab
Click to edit Master title style
• •Foundedto edit Master text styles
Click in 1996
• Largest privately owned
– Second level
IT security company
• Third level
• 2000+ employees,level hiring
– Fourth still
• 26 local offices Fifth level
»
• United States, Russia, United Kingdom, Germany,
France, Romania, Dubai, South Africa, Japan, China etc.
• Global Research and Analysis Team
• Researchers working around the clock and around the world
• Protecting more than 250 million users
• 40,000 new malicious programs and 3,500 new signatures daily
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
4. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
The (R)evolution of malware
June 10th , 2009 Event details (title, place)
5. Clickevolution of malware
The to edit Master title style
• 1992 – 2007: about 2M unique malware programs
• Click to edit Master text styles
• But in 2008 alone: 15M
– Second level
• End of 2009 leveltotal of about 33,9 M unique malicious
• Third
–a
files in the Kaspersky Lab collection
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
6. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Motivation: how cybercriminals make money
June 10th , 2009 Event details (title, place)
7. Click to edit how cybercriminals make money
Motivation: Master title style
• By stealing, of course
• Click to edit Master text styles
– Stealing directly from the user
– Second level
• Online banking accounts, credit card
• Third level
numbers, electronic money, blackmailing.
– Fourth level
– What if I don’tlevel money?
» Fifth
have
– Providing IT resources to other
cybercriminals
• Creating botnets, sending spam, launching
DDoS attacks, pay-per-click fraud, affiliate
networks, renting computing power,
collecting passwords etc.
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
8. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Targeted attacks: threats to SMBs & enterprises
June 10th , 2009 Event details (title, place)
9. Targeted attacks: threats to SMBs & enterprises
Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
10. Targeted attacks: threats to SMBs & enterprises
Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
11. Click to edit Master title stylemalware
Targeted attacks vs. classic
Lethal injection vs. a round of bullets
• Click to• edit Master text styles epidemics
Targeted attacks are not
– Second • One email is enough, instead of tens of thousands
level
• Third level
• Targeted organizations are either not aware,
– Fourth level
or don’t publicly disclose information
» Fifth level
• It is hard to get samples for analysis
• Classic signature-based AV is useless
• New defense technologies
• Much higher stakes
• Intellectual property theft,
corporate espionage
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
12. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
So, how do they do it?
June 10th , 2009 Event details (title, place)
13. Click to edit Master 4 steps
Targeted attacks in title style
1. Profiling the employees
• Click to edit Master text styles
– Choosing most vulnerable targets
– Second level
2. Developing a new and
• Third level
unique – Fourth level program
malicious
» Fifth level
– Doesn’t have to bypass all AVs,
just the one used by the victim
3. Mixing the malicious payload with a perfectly
tailored social engineering strategy
4. Delivering the attack
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
14. A targeted attack demo
Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
15. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Social experiment
June 10th , 2009 Event details (title, place)
16. Click – let’s stand up! style
Intro to edit Master title
• “White”, “black”, “pink”… “not wearing any”
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
17. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Targeted attacks becoming mainstream
June 10th , 2009 Event details (title, place)
18. Click to edit Master title style public
Personal information becoming
• So much personal
• Click to edit Master text styles
information becomes
– Second level
public Third level
• on social
networksFourth level
– right now
» Fifth level
• Advertisers are
already doing it:
targeted ads
– Age, gender, location,
interests, work field,
browsing habits,
relationships etc.
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
19. Targeted attacks becoming mainstream
Click to edit Master title style
• Targeted ads? Targeted
• Click to edit Master text styles
attacks arelevel
– Second
already out there
• SocialThird level are enabling
• networks
– Fourth level
cybercriminalslevel start delivering
» Fifth
to
automated targeted attacks
• The personal data is there. Next step? Automation.
• Geographical IP location has been around for a while
• Automatic language translation services are becoming better
• Personal interests & tastes are public (ie: trending topics)
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
20. Click targeting example style
Geo to edit Master title
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
21. Language targeting example
Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
22. Click to edit Masterexample
Interests targeting title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
23. Click to edit Masterattacks
Surviving targeted title style
• • Click to edit Master text styles
Security tips
• Patch
– Second level
• Third level
• Patch everything
– Fourth level
• Patch everything level
» Fifth twice
• …including the human mind
• A highly sophisticated targeted attack will eventually succeed
• Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation)
• Proper security mindset
• User education and awareness
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
24. Targeted attacks become mainstream
Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
June 10th , Roadshow 2010 – Bucharest, Romania
IDC IT Security2009 Event details (title, place)
25. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
Thank you! Questions?
» Fifth level
stefant@kaspersky.ro
twitter.com/stefant
Stefan Tanase
Senior Security Researcher
Global Research and Analysis Team
Kaspersky Lab
IDC IT Security Roadshow 2010 – Bucharest, Romania
March 9th, 2010
June 10th , 2009 Event details (title, place)