THREAT LANDSCAPE By Sergey Novikov, Deputy director, GReAT, Kaspersky Lab 17/09/2015
THREAT LANDSCAPE By Sergey Novikov, Deputy director, GReAT, Kaspersky Lab
17/09/2015
2 |
GREAT: ELITE THREAT RESEARCH
Global Research and Analysis Team, since 2008
Threat intelligence, research and innovation leadership
Focus: APTs, critical infrastructure threats, banking threats, sophisticated
targeted attacks
3 |
SECURITY PERIMETER - BEFORE
4 |
SECURITY PERIMETER - NOW
What we are used to protect
What we have to protect nowadays
Stuxnet - First known Cyber-weapon
7 |
THE CYBER-THREATS PYRAMID — 2013
Nation-states with unlimited
budgets
Cyber-crime gangs,
financially motivated
Internet annoyances – spam, DDoS, Trojan downloaders, adware, spyware, etc., etc.
8 |
THE CYBER-THREATS PYRAMID — 2014
Nation-states
with unlimited budgets
Cyber-crime gangs,
financially motivated
Internet annoyances – spam, DDoS, Trojan downloaders, adware, spyware, etc., etc.
9 |
THE CYBER-THREATS PYRAMID — 2015
Nation-states
with unlimited budgets
&
Cyber-crime gangs,
financially motivated
Internet annoyances – spam, DDoS, Trojan downloaders, adware, spyware, etc., etc.
This line is disappearing
10 |
THE CYBER-THREATS PYRAMID — 2015
Nation-states
with unlimited budgets
&
Cyber-crime gangs,
financially motivated
Internet annoyances – spam, DDoS, Trojan downloaders, adware, spyware, etc., etc.
11 |
APT ANNOUNCEMENTS
KASPERSKY LAB
2010 2011 2012 2013
Stuxnet Duqu Flame
Gauss
MiniDuke
RedOctober
Icefog
NetTraveler
Winnti
Teamspy
Miniflame
Kimsuki
2014
Crouching Yeti
Epic Turla
SyrianEA
Careto/The
Mask
El Machete
Regin
Cloud Atlas
Dark Hotel
BlackEnergy2
CosmicDuke
Animal Farm
H1 2015
Carbanak
Equation
Desert
Falcons
Animal
Farm
Duqu2
Naikon
Hellsing
Wild Neutron
2012 – 3 announcements
2013 – 7 announcements
2014 – 11 announcements
H1 2015 - 8 announcements
12 |
IN 2015…
CARBANAK
EQUATION GROUP
13 |
CYBERATTACK ON GERMAN IRON PLANT CAUSES
‘WIDESPREAD DAMAGE’…
APT: A Mite in Your Network
• Hard to detect
• Almost impossible to get rid of
• And even if you do it comes
back again
Motivation: What are they looking for?
• Your innovations and blueprints
• Business plans and budgets
• Routes to your shareholders and partners
Motivation: What are they looking for?
• Digital certificates
• Your virtual credentials
• Physical access codes
Motivation: What are they looking for?
• Scientific research results
• Government links
• List of secret studies
Motivation: What are they looking for?
• Your business procedures
• Enterprise datasets
• Ways to control your company
19 |
Motivation: What’s the ultimate goal?
Money Power
Means: The Arsenal
0 – day 0lday 1 – day
Means: The Arsenal
Digital certificates
• Invalid, fake certificates
• Certificates stolen from vendors
• Certificates by fake businesses
• Forged certificates
Means: The Arsenal
Malware tools:
• First stage implant
• Modular backdoors
Some capabilities:
• Filesystem control
• Cached password stealing
• Sound recording
• Screen grabbing
• Video casting and keylogging
• Removable media monitoring
• Smartphone infection and data snooping
Means: The Arsenal
The most advanced capabilities:
• Factoring RSA-1024 keys
• Live modification of OS updates
• OS boot process orchestration
• Jailbreaking mobile OS
• HDD firmware infection
Copyright by Frontier Developments
Methods: Infiltration Techniques
How they get to your systems:
• Spear-phishing emails
• Social Networks and Instant Messaging
• Watering holes
• Hospitality networks
• USB drives
25 |
Future main vector
of attacks –
communication
channel
WHAT WILL HAPPEN TOMORROW?
More complex
state-sponsored
attacks
New targets:
- ICS
- Smart cities
- ATMs & PoS
- IoT
- Connected cars
Social engineering,
hacktivism, leaks,
exposures
26 |
27 |
Educate people
Establish processes
Implement technologies
HOW TO PROTECT YOURSELF?
Conclusions
It’s time to choose
your digital bodyguard!
29 |
For Your Precious Time and Attention
THANK YOU