Internet Trend Seminar 2012 What keeps me awake at night Graham Ingram General Manager AusCERT April 2012 Copyright © 2012 AusCERT
Internet Trend Seminar 2012
What keeps me awake at night
Graham Ingram
General Manager AusCERT
April 2012
Copyright © 2012 AusCERT
• About AusCERT
• Threat and Motivation
• Cybercrime, Malware and botnets
• ID Theft and e-Health
• Infrastructure Attacks
• Targeted Covert Enterprise Intrusions
• Mobile Devices
Today
Copyright © 2012 AusCERT
• An operational computer emergency response team (CERT) with nearly 20 years experience
• University-based, non-government
• Independent and impartial
• Self-funded and not-for-profit
AusCERT is
Copyright © 2012 AusCERT
What we do • Monitor, detect and respond to online crime, eg
– Requesting attack site shut downs
– Repatriating stolen data from bot infected computers
– Notifying legitimate .au web sites when they are hosting malware
– Identifying and stopping botnet activity
• Provide advice about cyber security – bridge the knowledge gap about cyber threats and vulnerabilities
• Advocacy for strategies and initiatives that will help mitigate impact of cyber crime nationally and internationally
Copyright © 2012 AusCERT
Cyber attack capabilities
• Threat of cyber attack is high
• Every day …
– Many tens of thousands of attacks which result in system compromises affecting confidentiality, integrity and availability
– numerous new serious software vulnerabilities discovered and being reported which provide remote system level access or remote denial of service impacts
– large proportion of attacks motivated by illicit financial gain
• their success is driving up level of attacks and the acquisition of skills to launch such attacks
– IP theft rising motivation for attacks
Copyright © 2012 AusCERT
Copyright © 2012 AusCERT
The threat and motivation
• Criminals are actively targeting e-commerce and e-government services
• Motivation is money – illicit financial gain
• Many types of cybercrime • identity theft features prominently
• Returns are high – risk is low
• Common attacks directed at:
• Client PCs (home and work)
• Web applications/servers/Web 2.0
• APT (Targeted Covert Enterprise Intrusions)
Online banking credentials
Copyright © 2012 AusCERT
Malware and Phishing
Copyright © 2011 AusCERT
Copyright © 2007
AusCERT
9
Covert compromise
Malware
Copyright © 2012 AusCERT
E-government
• Security of e-government transactions depends on the security of the entire channel – Channel includes the remote client PCs that connect to those systems
– For all personal information accessed or submitted online
• In event of remote system compromise, technology exists to protect integrity of financial transactions (eg, online banking)
– Eg transaction signing off untrusted device
• For compromised remote client systems there is no way to protect the confidentiality of those transactions. – For e-government services confidentiality is paramount security goal
• Must assume remote client PC is compromised when developing your business case and risk management strategy
• Personally controlled electronic health records (PCEHR)
Copyright © 2012 AusCERT
Comodo
Copyright © 2012 AusCERT
DigiNotar
Copyright © 2010 AusCERT
CA Attacks
• Comodo - 15 March 2011
• DigiNotar - 17 June 2011
• Startcom - 15 June 2011
• GlobalSign - 5 September 2011
Copyright © 2012 AusCERT
RSA
Copyright © 2012 AusCERT
Lockheed
Copyright © 2012 AusCERT
APT
In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.
Copyright © 2012 AusCERT
Smartphones • Cyber attack trends reflected in Stuxnet modus
operandi
• Exploited a previously unknown vulnerability (0 day) in Microsoft Windows (.LNK vul)
• Initial infection via USB – then network propogation
• Used two legitimate certificates to digitally sign Stuxnet malware component
• Uses a rootkit to hide
• Exploited previously disclosed hardcoded Siemens password (which Siemens advised not to change)
Future / now
• Social Networking – Facebook
• Cloud (data and applications)
• P2P
• Web 2.0 – HTML 5
• Mobile Devices and geolocation
• Proprietary Apps – POS, Cart and Business
Copyright © 2012 AusCERT
Thank you Questions?
www.auscert.org.au
Copyright © 2012 AusCERT