SlideShare a Scribd company logo

Surviving Today's Targeted Attacks

Stefan Tanase
Stefan Tanase
BusinessTechnology
1 of 30
Download to read offline
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Surviving Today's Targeted » Fifth level Attacks How to Escape the Cyberhydra's Poisonous Breath Stefan Tanase Senior Security Researcher Global Research and Analysis Team June 10th , 2009 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 place) Event details (title,
Click to we start Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks based on unpatched vulnerabilities like this one are happening right now! Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Targeted Attacks Overview - Master title style • • The (R)evolution of malware Click to edit Master text styles • Motivation: how cybercriminals make money – Second level • • Third attacks: threats to SMBs & enterprises Targetedlevel – Fourth level • So, how do they do it? » Fifth level – Targeted attacks in 4 steps • Live demo • Targeted attacks becoming mainstream • Surviving targeted attacks Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • In 2009 alone: more than 14M new malicious programs – Second level • End of Q1,2010: a total of about 36,2M unique malicious • Third level files in the Kaspersky Lab collection – Fourth level » Fifth level New malware samples Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’t have money? » Fifth level – Providing IT resources to other cybercriminals • Creating botnets, sending spam, DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. – Providing access to targeted SMB and enterprise networks for interested 3rd parties Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
What are they after? Click to edit Master title style • What do attackers want? • Click to edit Master text styles – sensitive source codes – Second level – future product information • Third level – 3rd partyFourth level – data hosted by the victim » Fifth level – credentials for production systems – executive emails – information about customers – to explore an intranet for other confidential info • Easily saleable data is not really targeted Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles More than 1 week! – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted to edit Master title style & enterprises Click attacks: threats to SMBs • Click to edit Master text styles – Second level • Third level – Fourth level It only takes a vulnerability » Fifth level that has a window of 1 hour Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Vulnerabilities – There’s plenty Click to edit Master title style of them out there • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Source: Microsoft Security Intelligence Report Volume 8 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks versus classic malware Click to edit Master title style Lethal injection versus a hail of bullets • Click to edit Master text not epidemics • Targeted attacks are styles – Second level • One email is enough, instead of tens of thousands • Third level • Stay under the radar – Fourth level • Targeted organizations are either not aware, » Fifth level or don’t publicly disclose information • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 1. Profiling the employees • Click to edit Master text styles – Choosing the most – Second level vulnerable targets • Third level – Reconnaissance via – Fourth level social networks, mailing » Fifth level list posts, public presentations, etc – Attackers usually target users in their own country because of the language barrier • Attackers are more comfortable in their own language – Language can offer clues to the origins of the attack – They worry about getting the good stuff later Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 2. Developing a new and • Click malware attack unique to edit Master text styles – Second level – Doesn’t have to bypass • Third level all AV solutions, just the – Fourth level one used byFifth level » the victim – Using social engineering to get the victim to click on a link • Gather OS, browser, plug-in versions – useful for vulnerabilities – Corporate monoculture leads to problems • Different employees using the same software Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 3. Gaining control and • Click to edit Master text styles – Second level maintaining access • Third level – Initial exploit drops malware – Fourth level onto victim machine » Fifth level – Networks are usually protected from outside threats – C&C communication is done over TLS or TLS-like protocols • Encryption proves to be a double edged sword • Traffic can't be detected Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Targeted attacks in 4 steps Click to edit Master title style 4. Getting the ‘good stuff’ out • Click to edit Master text styles – Find an overseas office server – Second level to be used as an internal drop • Third level • Speed is the key – Fourth level – Move data over the corporate » Fifth level WAN/intranet to the internal drop – Get all of the data out at once to the external drop server • Even if traffic is monitored, it might be too late to react Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to editattack demo style A targeted Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
Personal information becoming public Click to edit Master title style • So much personal • Click to edit Master text styles information becomes – Second level public on social • Third level networks–right now Fourth level » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, field of work, browsing habits, relationships etc. Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Before we end June 10th , 2009 Event details (title, place)
Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level A highly sophisticated targeted » Fifth level attack will eventually succeed Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Surviving targeted attacks June 10th , 2009 Event details (title, place)
Click to edit Master attacks Surviving targeted title style • •Proper security mindset styles Click to edit Master text • Lack of userlevel – Second education and awareness level • Third • Training–and policies Fourth level » Fifth level • Employee reporting process • Employees should report attempted attacks • Companies should have a follow-up process for such incidents • 24/7 security team with extremely fast reaction time Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master attacks Surviving targeted title style • Minimize the attack surface •• Fewer 3rd partyMaster text styles Click to edit plug-ins: – Second level Flash, Acrobat, Java • Use alternative browsers • Third level • Frequent– Fourth level patches updates and » Fifth level • Proactive protection technologies provide the necessary edge for remaining secure • Sandbox - virtualized execution for applications (isolated environment) • HIPS - Host-based Intrusion Prevention System (behavioral analysis) • KSN - Kaspersky Security Network (in the cloud services) Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level Thank you! Questions? • Third level – Fourth level » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 th June 10 , 2009 Event details (title, place)
Click tolet’s stand up! style Intro – edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)

Recommended

Three Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted AttacksThree Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted Attacks
Argyle Executive Forum
 
Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.
martin_lee1969
 
Cyber attacks
Cyber attacksCyber attacks
Cyber attacks
JP INTERNATIONAL SCHOOL,KANKER
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attack
Vladyslav Radetsky
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
Kurt Baumgartner
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacks
Rahul
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
Venafi
 

Recommended

Three Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted AttacksThree Simple Steps to Prevent Targeted Attacks
Three Simple Steps to Prevent Targeted Attacks
Argyle Executive Forum
 
Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.Who\'s Next? Patterns and Trends in Targeted Attacks.
Who\'s Next? Patterns and Trends in Targeted Attacks.
martin_lee1969
 
Cyber attacks
Cyber attacksCyber attacks
Cyber attacks
JP INTERNATIONAL SCHOOL,KANKER
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attack
Vladyslav Radetsky
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
Kurt Baumgartner
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacks
Rahul
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
Venafi
 
Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of Cybercrime
Stefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010
Costin Raiu
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact global
Costin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
Stefan Tanase
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kaspersky
Agora Group
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
E Hacking
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct ro
Costin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online banking
Jakub Kałużny
 
Using Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobUsing Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right Job
Lucidworks (Archived)
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptx
Davide Benvegnù
 
Session 05 v.3
Session 05 v.3Session 05 v.3
Session 05 v.3
Start Group
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
Costin Raiu
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
AmzadHosen3
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
Andy Lambert
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
Roland Driesen
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
P&CO
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
Neil Kimberley
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Admir Softic
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
Paul Menig
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
rwgiffor
 

More Related Content

Similar to Surviving Today's Targeted Attacks

Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of Cybercrime
Stefan Tanase
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online banking
Jakub Kałużny
 
Using Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobUsing Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right Job
Lucidworks (Archived)
 

Similar to Surviving Today's Targeted Attacks (12)

Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of Cybercrime
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact global
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kaspersky
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct ro
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online banking
 
Using Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right JobUsing Solr to find the Right Person for the Right Job
Using Solr to find the Right Person for the Right Job
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptx
 
Session 05 v.3
Session 05 v.3Session 05 v.3
Session 05 v.3
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
 

Recently uploaded

Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
anilsa9823
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

Recently uploaded (20)

John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 

Surviving Today's Targeted Attacks

  • 1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Surviving Today's Targeted » Fifth level Attacks How to Escape the Cyberhydra's Poisonous Breath Stefan Tanase Senior Security Researcher Global Research and Analysis Team June 10th , 2009 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 place) Event details (title,
  • 2. Click to we start Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks based on unpatched vulnerabilities like this one are happening right now! Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 3. Click to edit Targeted Attacks Overview - Master title style • • The (R)evolution of malware Click to edit Master text styles • Motivation: how cybercriminals make money – Second level • • Third attacks: threats to SMBs & enterprises Targetedlevel – Fourth level • So, how do they do it? » Fifth level – Targeted attacks in 4 steps • Live demo • Targeted attacks becoming mainstream • Surviving targeted attacks Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  • 5. Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • In 2009 alone: more than 14M new malicious programs – Second level • End of Q1,2010: a total of about 36,2M unique malicious • Third level files in the Kaspersky Lab collection – Fourth level » Fifth level New malware samples Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  • 7. Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’t have money? » Fifth level – Providing IT resources to other cybercriminals • Creating botnets, sending spam, DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. – Providing access to targeted SMB and enterprise networks for interested 3rd parties Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 8. What are they after? Click to edit Master title style • What do attackers want? • Click to edit Master text styles – sensitive source codes – Second level – future product information • Third level – 3rd partyFourth level – data hosted by the victim » Fifth level – credentials for production systems – executive emails – information about customers – to explore an intranet for other confidential info • Easily saleable data is not really targeted Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 9. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  • 10. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 11. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles More than 1 week! – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 12. Targeted to edit Master title style & enterprises Click attacks: threats to SMBs • Click to edit Master text styles – Second level • Third level – Fourth level It only takes a vulnerability » Fifth level that has a window of 1 hour Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 13. Vulnerabilities – There’s plenty Click to edit Master title style of them out there • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Source: Microsoft Security Intelligence Report Volume 8 Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 14. Targeted attacks versus classic malware Click to edit Master title style Lethal injection versus a hail of bullets • Click to edit Master text not epidemics • Targeted attacks are styles – Second level • One email is enough, instead of tens of thousands • Third level • Stay under the radar – Fourth level • Targeted organizations are either not aware, » Fifth level or don’t publicly disclose information • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  • 16. Targeted attacks in 4 steps Click to edit Master title style 1. Profiling the employees • Click to edit Master text styles – Choosing the most – Second level vulnerable targets • Third level – Reconnaissance via – Fourth level social networks, mailing » Fifth level list posts, public presentations, etc – Attackers usually target users in their own country because of the language barrier • Attackers are more comfortable in their own language – Language can offer clues to the origins of the attack – They worry about getting the good stuff later Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 17. Targeted attacks in 4 steps Click to edit Master title style 2. Developing a new and • Click malware attack unique to edit Master text styles – Second level – Doesn’t have to bypass • Third level all AV solutions, just the – Fourth level one used byFifth level » the victim – Using social engineering to get the victim to click on a link • Gather OS, browser, plug-in versions – useful for vulnerabilities – Corporate monoculture leads to problems • Different employees using the same software Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 18. Targeted attacks in 4 steps Click to edit Master title style 3. Gaining control and • Click to edit Master text styles – Second level maintaining access • Third level – Initial exploit drops malware – Fourth level onto victim machine » Fifth level – Networks are usually protected from outside threats – C&C communication is done over TLS or TLS-like protocols • Encryption proves to be a double edged sword • Traffic can't be detected Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 19. Targeted attacks in 4 steps Click to edit Master title style 4. Getting the ‘good stuff’ out • Click to edit Master text styles – Find an overseas office server – Second level to be used as an internal drop • Third level • Speed is the key – Fourth level – Move data over the corporate » Fifth level WAN/intranet to the internal drop – Get all of the data out at once to the external drop server • Even if traffic is monitored, it might be too late to react Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 20. Click to editattack demo style A targeted Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 21. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  • 22. Personal information becoming public Click to edit Master title style • So much personal • Click to edit Master text styles information becomes – Second level public on social • Third level networks–right now Fourth level » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, field of work, browsing habits, relationships etc. Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 23. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Before we end June 10th , 2009 Event details (title, place)
  • 24. Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 25. Click to we end Before edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level A highly sophisticated targeted » Fifth level attack will eventually succeed Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 26. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Surviving targeted attacks June 10th , 2009 Event details (title, place)
  • 27. Click to edit Master attacks Surviving targeted title style • •Proper security mindset styles Click to edit Master text • Lack of userlevel – Second education and awareness level • Third • Training–and policies Fourth level » Fifth level • Employee reporting process • Employees should report attempted attacks • Companies should have a follow-up process for such incidents • 24/7 security team with extremely fast reaction time Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 28. Click to edit Master attacks Surviving targeted title style • Minimize the attack surface •• Fewer 3rd partyMaster text styles Click to edit plug-ins: – Second level Flash, Acrobat, Java • Use alternative browsers • Third level • Frequent– Fourth level patches updates and » Fifth level • Proactive protection technologies provide the necessary edge for remaining secure • Sandbox - virtualized execution for applications (isolated environment) • HIPS - Host-based Intrusion Prevention System (behavioral analysis) • KSN - Kaspersky Security Network (in the cloud services) Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)
  • 29. Click to edit Master title style • Click to edit Master text styles – Second level Thank you! Questions? • Third level – Fourth level » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 th June 10 , 2009 Event details (title, place)
  • 30. Click tolet’s stand up! style Intro – edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Kaspersky Lab International Press Tour, Cyprus, June 3-6, 2010 June 10th , 2009 Event details (title, place)