SNW EUROPE; DATACENTER TECHNOLOGIES; …files.vogel.de/vogelonline/vogelonline/companyfiles/5903.pdfSNW EUROPE; DATACENTER TECHNOLOGIES; VIRTUALIZATION WORLD #ptc #SNWEurope #vw #dct

POWERING THE CLOUD : 30th – 31st October 2012, Congress Frankfurt

SNW EUROPE; DATACENTER TECHNOLOGIES; VIRTUALIZATION WORLD

#ptc #SNWEurope #vw #dct

Physical or Virtual. On premise or in the cloud. An endpoint is an

endpoint is an endpoint: and needs proper protection.

Presented by Peter Beardmore, Senior Director of Product Marketing,

Kaspersky Lab

Session reference KN16 for your feedback forms

Physical or Virtual.

On premise or in the cloud.

An endpoint is an endpoint is an endpoint:

and needs proper protection.

Malware attacks at a glance

PAGE 3 |

• Over 125,000 new malicious samples found every day

• Currently over 8 Million signatures in our AV database

Four Main Actors

PAGE 4 |

• Cyber criminals (financially motivated)

• Hacktivists

• APT (targeted attacks against businesses)

• Nation-state cyber-espionage

Attacking consumers

PAGE 5 |

• Vast majority of attacks via the web

• Java has taken over as preferred target of exploitation

• Cyber-crime market has matured

• Fake AV, Ransomware and banker malware for the most part

• VM-aware

Targeting businesses in general

PAGE 6 |

• Better ROI

• Network worms

• Extremely persistent

• Use of stolen certificates

• Post-Stuxnet trend

• Privilege escalation exploits

VM(M) in sight

PAGE 7 |

• Just recently…

It doesn’t stop here

PAGE 8 |

It’s an ongoing trend…

PAGE 9 |

Let’s go back a bit more

PAGE 10 |

Increased focus started a while ago

PAGE 11 |

‘APT’ – Advanced Persistent Threats

PAGE 12 |

• Very organized, very targeted

• Sometimes sophisticated, sometimes rudimentary

• E-mail is preferred delivery mechanism – malicious PDF, Word .doc

• Flash files inside PDF and Office documents very popular

Levels of attackers

PAGE 13 |

Top tier

• All own code, introducing brand new zero-day

Second tier

• Re-used code, new zero-day

Third tier

• Re-used code, re-used zero-day

Fourth tier

• All old stuff (usage of patched vulnerabilities)

Remember the RSA attack?

Even the nation-state attacks (Duqu)

VM(M)-specific security scenarios

PAGE 16 |

• Privilege Escalation / Escape to host

• Network traffic sniffing

• Lost audit trails

• Everything still has to be patched

• Mostly future threats

• Innovation spurred on by security researchers and APT

Just a couple months ago…

| 31 October 2012 Kaspersky Lab PowerPoint Template PAGE 17 |

Conclusions

PAGE 18 |

• There’s no significant difference between the VM and real world

• For non-targeted attacks security through obscurity works

• Being second worst is no longer a valid tactic

• All the signs point toward more VM-specific attacks

Thank You

www.ThreatPost.com