Internet Trend Seminar 2012 · Smartphones •Cyber attack trends reflected in Stuxnet modus operandi •Exploited a previously unknown vulnerability (0 day) in Microsoft Windows

Internet Trend Seminar 2012

What keeps me awake at night

Graham Ingram

General Manager AusCERT

April 2012

Copyright © 2012 AusCERT

• About AusCERT

• Threat and Motivation

• Cybercrime, Malware and botnets

• ID Theft and e-Health

• Infrastructure Attacks

• Targeted Covert Enterprise Intrusions

• Mobile Devices

Today


• An operational computer emergency response team (CERT) with nearly 20 years experience

• University-based, non-government

• Independent and impartial

• Self-funded and not-for-profit

AusCERT is


What we do • Monitor, detect and respond to online crime, eg

– Requesting attack site shut downs

– Repatriating stolen data from bot infected computers

– Notifying legitimate .au web sites when they are hosting malware

– Identifying and stopping botnet activity

• Provide advice about cyber security – bridge the knowledge gap about cyber threats and vulnerabilities

• Advocacy for strategies and initiatives that will help mitigate impact of cyber crime nationally and internationally


Cyber attack capabilities

• Threat of cyber attack is high

• Every day …

– Many tens of thousands of attacks which result in system compromises affecting confidentiality, integrity and availability

– numerous new serious software vulnerabilities discovered and being reported which provide remote system level access or remote denial of service impacts

– large proportion of attacks motivated by illicit financial gain

• their success is driving up level of attacks and the acquisition of skills to launch such attacks

– IP theft rising motivation for attacks



The threat and motivation

• Criminals are actively targeting e-commerce and e-government services

• Motivation is money – illicit financial gain

• Many types of cybercrime • identity theft features prominently

• Returns are high – risk is low

• Common attacks directed at:

• Client PCs (home and work)

• Web applications/servers/Web 2.0

• APT (Targeted Covert Enterprise Intrusions)

Online banking credentials


Malware and Phishing


Copyright © 2007

AusCERT

9

Covert compromise

Malware


E-government

• Security of e-government transactions depends on the security of the entire channel – Channel includes the remote client PCs that connect to those systems

– For all personal information accessed or submitted online

• In event of remote system compromise, technology exists to protect integrity of financial transactions (eg, online banking)

– Eg transaction signing off untrusted device

• For compromised remote client systems there is no way to protect the confidentiality of those transactions. – For e-government services confidentiality is paramount security goal

• Must assume remote client PC is compromised when developing your business case and risk management strategy

• Personally controlled electronic health records (PCEHR)


Comodo


DigiNotar


CA Attacks

• Comodo - 15 March 2011

• DigiNotar - 17 June 2011

• Startcom - 15 June 2011

• GlobalSign - 5 September 2011


RSA


Lockheed


APT

In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.


Smartphones • Cyber attack trends reflected in Stuxnet modus

operandi

• Exploited a previously unknown vulnerability (0 day) in Microsoft Windows (.LNK vul)

• Initial infection via USB – then network propogation

• Used two legitimate certificates to digitally sign Stuxnet malware component

• Uses a rootkit to hide

• Exploited previously disclosed hardcoded Siemens password (which Siemens advised not to change)

Future / now

• Social Networking – Facebook

• Cloud (data and applications)

• P2P

• Web 2.0 – HTML 5

• Mobile Devices and geolocation

• Proprietary Apps – POS, Cart and Business


Thank you Questions?

[email protected]

www.auscert.org.au


mailto:[email protected]

Internet Trend Seminar 2012 · Smartphones •Cyber attack trends reflected in Stuxnet modus operandi •Exploited a previously unknown vulnerability (0 day) in Microsoft Windows

Documents