Surviving Today's Targeted Attacks

3,189 views

Published on

Published in: Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,189
On SlideShare
0
From Embeds
0
Number of Embeds
166
Actions
Shares
0
Downloads
89
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Surviving Today's Targeted Attacks

  1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Surviving Today's Targeted » Fifth level Attacks How to Escape the Cyberhydra's Poisonous Breath Stefan Tanase Senior Security Researcher Global Research and Analysis Team June 10th , 2009 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 place) Event details (title,
  2. Click to we start Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks based on unpatched vulnerabilities like this one are happening right now! Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  3. Click to edit Targeted Attacks Overview - Master title style • • The (R)evolution of malware Click to edit Master text styles • Motivation: how cybercriminals make money – Second level • • Third attacks: threats to SMBs & enterprises Targetedlevel – Fourth level • So, how do they do it? » Fifth level – Targeted attacks in 4 steps • Live demo • Targeted attacks becoming mainstream • Surviving targeted attacks Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  5. Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • In 2009 alone: more than 14M new malicious programs – Second level • End of Q1,2010: a total of about 36,2M unique malicious • Third level files in the Kaspersky Lab collection – Fourth level » Fifth level New malware samples Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  7. Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’t have money? » Fifth level – Providing IT resources to other cybercriminals • Creating botnets, sending spam, DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. – Providing access to targeted SMB and enterprise networks for interested 3rd parties Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  8. What are they after? Click to edit Master title style • What do attackers want? • Click to edit Master text styles – sensitive source codes – Second level – future product information • Third level – 3rd partyFourth level – data hosted by the victim » Fifth level – credentials for production systems – executive emails – information about customers – to explore an intranet for other confidential info • Easily saleable data is not really targeted Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  9. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  10. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  11. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles More than 1 week! – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  12. Targeted to edit Master title style & enterprises Click attacks: threats to SMBs • Click to edit Master text styles – Second level • Third level – Fourth level It only takes a vulnerability » Fifth level that has a window of 1 hour Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  13. Vulnerabilities – There’s plenty Click to edit Master title style of them out there • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Source: Microsoft Security Intelligence Report Volume 8 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  14. Targeted attacks versus classic malware Click to edit Master title style Lethal injection versus a hail of bullets • Click to edit Master text not epidemics • Targeted attacks are styles – Second level • One email is enough, instead of tens of thousands • Third level • Stay under the radar – Fourth level • Targeted organizations are either not aware, » Fifth level or don’t publicly disclose information • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  16. Targeted attacks in 4 steps Click to edit Master title style 1. Profiling the employees • Click to edit Master text styles – Choosing the most – Second level vulnerable targets • Third level – Reconnaissance via – Fourth level social networks, mailing » Fifth level list posts, public presentations, etc – Attackers usually target users in their own country because of the language barrier • Attackers are more comfortable in their own language – Language can offer clues to the origins of the attack – They worry about getting the good stuff later Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  17. Targeted attacks in 4 steps Click to edit Master title style 2. Developing a new and • Click malware attack unique to edit Master text styles – Second level – Doesn’t have to bypass • Third level all AV solutions, just the – Fourth level one used byFifth level » the victim – Using social engineering to get the victim to click on a link • Gather OS, browser, plug-in versions – useful for vulnerabilities – Corporate monoculture leads to problems • Different employees using the same software Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  18. Targeted attacks in 4 steps Click to edit Master title style 3. Gaining control and • Click to edit Master text styles – Second level maintaining access • Third level – Initial exploit drops malware – Fourth level onto victim machine » Fifth level – Networks are usually protected from outside threats – C&C communication is done over TLS or TLS-like protocols • Encryption proves to be a double edged sword • Traffic can't be detected Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  19. Targeted attacks in 4 steps Click to edit Master title style 4. Getting the ‘good stuff’ out • Click to edit Master text styles – Find an overseas office server – Second level to be used as an internal drop • Third level • Speed is the key – Fourth level – Move data over the corporate » Fifth level WAN/intranet to the internal drop – Get all of the data out at once to the external drop server • Even if traffic is monitored, it might be too late to react Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  20. Click to editattack demo style A targeted Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  21. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  22. Personal information becoming public Click to edit Master title style • So much personal • Click to edit Master text styles information becomes – Second level public on social • Third level networks–right now Fourth level » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, field of work, browsing habits, relationships etc. Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  23. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Before we end June 10th , 2009 Event details (title, place)
  24. Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  25. Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level A highly sophisticated targeted » Fifth level attack will eventually succeed Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  26. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Surviving targeted attacks June 10th , 2009 Event details (title, place)
  27. Click to edit Master attacks Surviving targeted title style • •Proper security mindset styles Click to edit Master text • Lack of userlevel – Second education and awareness level • Third • Training–and policies Fourth level » Fifth level • Employee reporting process • Employees should report attempted attacks • Companies should have a follow-up process for such incidents • 24/7 security team with extremely fast reaction time Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  28. Click to edit Master attacks Surviving targeted title style • Minimize the attack surface •• Fewer 3rd partyMaster text styles Click to edit plug-ins: – Second level Flash, Acrobat, Java • Use alternative browsers • Third level • Frequent– Fourth level patches updates and » Fifth level • Proactive protection technologies provide the necessary edge for remaining secure • Sandbox - virtualized execution for applications (isolated environment) • HIPS - Host-based Intrusion Prevention System (behavioral analysis) • KSN - Kaspersky Security Network (in the cloud services) Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  29. Click to edit Master title style • Click to edit Master text styles – Second level Thank you! Questions? • Third level – Fourth level » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 th June 10 , 2009 Event details (title, place)
  30. Click tolet’s stand up! style Intro – edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)

×