SlideShare a Scribd company logo

Surviving Today's Targeted Attacks

Stefan Tanase
Stefan Tanase
BusinessTechnology
1 of 30
Download to read offline
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Surviving Today's Targeted » Fifth level Attacks How to Escape the Cyberhydra's Poisonous Breath Stefan Tanase Senior Security Researcher Global Research and Analysis Team June 10th , 2009 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 place) Event details (title,
Click to we start Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks based on unpatched vulnerabilities like this one are happening right now! Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Targeted Attacks Overview - Master title style • • The (R)evolution of malware Click to edit Master text styles • Motivation: how cybercriminals make money – Second level • • Third attacks: threats to SMBs & enterprises Targetedlevel – Fourth level • So, how do they do it? » Fifth level – Targeted attacks in 4 steps • Live demo • Targeted attacks becoming mainstream • Surviving targeted attacks Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • In 2009 alone: more than 14M new malicious programs – Second level • End of Q1,2010: a total of about 36,2M unique malicious • Third level files in the Kaspersky Lab collection – Fourth level » Fifth level New malware samples Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’t have money? » Fifth level – Providing IT resources to other cybercriminals • Creating botnets, sending spam, DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. – Providing access to targeted SMB and enterprise networks for interested 3rd parties Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
What are they after? Click to edit Master title style • What do attackers want? • Click to edit Master text styles – sensitive source codes – Second level – future product information • Third level – 3rd partyFourth level – data hosted by the victim » Fifth level – credentials for production systems – executive emails – information about customers – to explore an intranet for other confidential info • Easily saleable data is not really targeted Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles More than 1 week! – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted to edit Master title style & enterprises Click attacks: threats to SMBs • Click to edit Master text styles – Second level • Third level – Fourth level It only takes a vulnerability » Fifth level that has a window of 1 hour Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Vulnerabilities – There’s plenty Click to edit Master title style of them out there • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Source: Microsoft Security Intelligence Report Volume 8 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks versus classic malware Click to edit Master title style Lethal injection versus a hail of bullets • Click to edit Master text not epidemics • Targeted attacks are styles – Second level • One email is enough, instead of tens of thousands • Third level • Stay under the radar – Fourth level • Targeted organizations are either not aware, » Fifth level or don’t publicly disclose information • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 1. Profiling the employees • Click to edit Master text styles – Choosing the most – Second level vulnerable targets • Third level – Reconnaissance via – Fourth level social networks, mailing » Fifth level list posts, public presentations, etc – Attackers usually target users in their own country because of the language barrier • Attackers are more comfortable in their own language – Language can offer clues to the origins of the attack – They worry about getting the good stuff later Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 2. Developing a new and • Click malware attack unique to edit Master text styles – Second level – Doesn’t have to bypass • Third level all AV solutions, just the – Fourth level one used byFifth level » the victim – Using social engineering to get the victim to click on a link • Gather OS, browser, plug-in versions – useful for vulnerabilities – Corporate monoculture leads to problems • Different employees using the same software Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 3. Gaining control and • Click to edit Master text styles – Second level maintaining access • Third level – Initial exploit drops malware – Fourth level onto victim machine » Fifth level – Networks are usually protected from outside threats – C&C communication is done over TLS or TLS-like protocols • Encryption proves to be a double edged sword • Traffic can't be detected Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 4. Getting the ‘good stuff’ out • Click to edit Master text styles – Find an overseas office server – Second level to be used as an internal drop • Third level • Speed is the key – Fourth level – Move data over the corporate » Fifth level WAN/intranet to the internal drop – Get all of the data out at once to the external drop server • Even if traffic is monitored, it might be too late to react Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to editattack demo style A targeted Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
Personal information becoming public Click to edit Master title style • So much personal • Click to edit Master text styles information becomes – Second level public on social • Third level networks–right now Fourth level » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, field of work, browsing habits, relationships etc. Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Before we end June 10th , 2009 Event details (title, place)
Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level A highly sophisticated targeted » Fifth level attack will eventually succeed Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Surviving targeted attacks June 10th , 2009 Event details (title, place)
Click to edit Master attacks Surviving targeted title style • •Proper security mindset styles Click to edit Master text • Lack of userlevel – Second education and awareness level • Third • Training–and policies Fourth level » Fifth level • Employee reporting process • Employees should report attempted attacks • Companies should have a follow-up process for such incidents • 24/7 security team with extremely fast reaction time Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master attacks Surviving targeted title style • Minimize the attack surface •• Fewer 3rd partyMaster text styles Click to edit plug-ins: – Second level Flash, Acrobat, Java • Use alternative browsers • Third level • Frequent– Fourth level patches updates and » Fifth level • Proactive protection technologies provide the necessary edge for remaining secure • Sandbox - virtualized execution for applications (isolated environment) • HIPS - Host-based Intrusion Prevention System (behavioral analysis) • KSN - Kaspersky Security Network (in the cloud services) Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level Thank you! Questions? • Third level – Fourth level » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 th June 10 , 2009 Event details (title, place)
Click tolet’s stand up! style Intro – edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)

Recommended

Three Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted AttacksThree Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted AttacksArgyle Executive Forum
 
Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.martin_lee1969
 
Cyber attacks
Cyber attacksCyber attacks
Cyber attacksJP INTERNATIONAL SCHOOL,KANKER
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT ToolsetKurt Baumgartner
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacksRahul
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 

Recommended

Three Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted AttacksThree Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted AttacksArgyle Executive Forum
 
Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.martin_lee1969
 
Cyber attacks
Cyber attacksCyber attacks
Cyber attacksJP INTERNATIONAL SCHOOL,KANKER
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT ToolsetKurt Baumgartner
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacksRahul
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeStefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kasperskyAgora Group
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
Using Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobUsing Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobLucidworks (Archived)
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
Session 05 v.3
Session 05 v.3Session 05 v.3
Session 05 v.3Start Group
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurCostin Raiu
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryWhittensFineJewelry1
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxQuiz Club, Indian Institute of Technology, Patna
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 

More Related Content

Similar to Surviving Today's Targeted Attacks

Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeStefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kasperskyAgora Group
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
Using Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobUsing Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobLucidworks (Archived)
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurCostin Raiu
 

Similar to Surviving Today's Targeted Attacks (12)

Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of Cybercrime
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact global
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kaspersky
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct ro
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online banking
 
Using Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobUsing Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right Job
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptx
 
Session 05 v.3
Session 05 v.3Session 05 v.3
Session 05 v.3
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
 

Recently uploaded

PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryWhittensFineJewelry1
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreNZSG
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 

Recently uploaded (20)

PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource Centre
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 

Surviving Today's Targeted Attacks

  • 1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Surviving Today's Targeted » Fifth level Attacks How to Escape the Cyberhydra's Poisonous Breath Stefan Tanase Senior Security Researcher Global Research and Analysis Team June 10th , 2009 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 place) Event details (title,
  • 2. Click to we start Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks based on unpatched vulnerabilities like this one are happening right now! Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 3. Click to edit Targeted Attacks Overview - Master title style • • The (R)evolution of malware Click to edit Master text styles • Motivation: how cybercriminals make money – Second level • • Third attacks: threats to SMBs & enterprises Targetedlevel – Fourth level • So, how do they do it? » Fifth level – Targeted attacks in 4 steps • Live demo • Targeted attacks becoming mainstream • Surviving targeted attacks Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  • 5. Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • In 2009 alone: more than 14M new malicious programs – Second level • End of Q1,2010: a total of about 36,2M unique malicious • Third level files in the Kaspersky Lab collection – Fourth level » Fifth level New malware samples Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  • 7. Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’t have money? » Fifth level – Providing IT resources to other cybercriminals • Creating botnets, sending spam, DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. – Providing access to targeted SMB and enterprise networks for interested 3rd parties Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 8. What are they after? Click to edit Master title style • What do attackers want? • Click to edit Master text styles – sensitive source codes – Second level – future product information • Third level – 3rd partyFourth level – data hosted by the victim » Fifth level – credentials for production systems – executive emails – information about customers – to explore an intranet for other confidential info • Easily saleable data is not really targeted Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 9. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  • 10. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 11. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles More than 1 week! – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 12. Targeted to edit Master title style & enterprises Click attacks: threats to SMBs • Click to edit Master text styles – Second level • Third level – Fourth level It only takes a vulnerability » Fifth level that has a window of 1 hour Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 13. Vulnerabilities – There’s plenty Click to edit Master title style of them out there • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Source: Microsoft Security Intelligence Report Volume 8 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 14. Targeted attacks versus classic malware Click to edit Master title style Lethal injection versus a hail of bullets • Click to edit Master text not epidemics • Targeted attacks are styles – Second level • One email is enough, instead of tens of thousands • Third level • Stay under the radar – Fourth level • Targeted organizations are either not aware, » Fifth level or don’t publicly disclose information • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  • 16. Targeted attacks in 4 steps Click to edit Master title style 1. Profiling the employees • Click to edit Master text styles – Choosing the most – Second level vulnerable targets • Third level – Reconnaissance via – Fourth level social networks, mailing » Fifth level list posts, public presentations, etc – Attackers usually target users in their own country because of the language barrier • Attackers are more comfortable in their own language – Language can offer clues to the origins of the attack – They worry about getting the good stuff later Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 17. Targeted attacks in 4 steps Click to edit Master title style 2. Developing a new and • Click malware attack unique to edit Master text styles – Second level – Doesn’t have to bypass • Third level all AV solutions, just the – Fourth level one used byFifth level » the victim – Using social engineering to get the victim to click on a link • Gather OS, browser, plug-in versions – useful for vulnerabilities – Corporate monoculture leads to problems • Different employees using the same software Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 18. Targeted attacks in 4 steps Click to edit Master title style 3. Gaining control and • Click to edit Master text styles – Second level maintaining access • Third level – Initial exploit drops malware – Fourth level onto victim machine » Fifth level – Networks are usually protected from outside threats – C&C communication is done over TLS or TLS-like protocols • Encryption proves to be a double edged sword • Traffic can't be detected Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 19. Targeted attacks in 4 steps Click to edit Master title style 4. Getting the ‘good stuff’ out • Click to edit Master text styles – Find an overseas office server – Second level to be used as an internal drop • Third level • Speed is the key – Fourth level – Move data over the corporate » Fifth level WAN/intranet to the internal drop – Get all of the data out at once to the external drop server • Even if traffic is monitored, it might be too late to react Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 20. Click to editattack demo style A targeted Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 21. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  • 22. Personal information becoming public Click to edit Master title style • So much personal • Click to edit Master text styles information becomes – Second level public on social • Third level networks–right now Fourth level » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, field of work, browsing habits, relationships etc. Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 23. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Before we end June 10th , 2009 Event details (title, place)
  • 24. Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 25. Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level A highly sophisticated targeted » Fifth level attack will eventually succeed Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 26. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Surviving targeted attacks June 10th , 2009 Event details (title, place)
  • 27. Click to edit Master attacks Surviving targeted title style • •Proper security mindset styles Click to edit Master text • Lack of userlevel – Second education and awareness level • Third • Training–and policies Fourth level » Fifth level • Employee reporting process • Employees should report attempted attacks • Companies should have a follow-up process for such incidents • 24/7 security team with extremely fast reaction time Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 28. Click to edit Master attacks Surviving targeted title style • Minimize the attack surface •• Fewer 3rd partyMaster text styles Click to edit plug-ins: – Second level Flash, Acrobat, Java • Use alternative browsers • Third level • Frequent– Fourth level patches updates and » Fifth level • Proactive protection technologies provide the necessary edge for remaining secure • Sandbox - virtualized execution for applications (isolated environment) • HIPS - Host-based Intrusion Prevention System (behavioral analysis) • KSN - Kaspersky Security Network (in the cloud services) Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 29. Click to edit Master title style • Click to edit Master text styles – Second level Thank you! Questions? • Third level – Fourth level » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 th June 10 , 2009 Event details (title, place)
  • 30. Click tolet’s stand up! style Intro – edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)