THREAT LANDSCAPE...THE CYBER-THREATS PYRAMID — 2015 Nation-states with unlimited budgets & Cyber-crime gangs, financially motivated Internet annoyances – spam, DDoS, Trojan downloaders,

THREAT LANDSCAPE By Sergey Novikov, Deputy director, GReAT, Kaspersky Lab

17/09/2015

2 |

GREAT: ELITE THREAT RESEARCH

Global Research and Analysis Team, since 2008

Threat intelligence, research and innovation leadership

Focus: APTs, critical infrastructure threats, banking threats, sophisticated

targeted attacks

3 |

SECURITY PERIMETER - BEFORE

4 |

SECURITY PERIMETER - NOW

What we are used to protect

What we have to protect nowadays

Stuxnet - First known Cyber-weapon

7 |

THE CYBER-THREATS PYRAMID — 2013

Nation-states with unlimited

budgets

Cyber-crime gangs,

financially motivated

Internet annoyances – spam, DDoS, Trojan downloaders, adware, spyware, etc., etc.

8 |


Nation-states

with unlimited budgets

Cyber-crime gangs,



9 |


Nation-states


&

Cyber-crime gangs,



This line is disappearing

10 |


Nation-states


&

Cyber-crime gangs,



11 |

APT ANNOUNCEMENTS

KASPERSKY LAB

2010 2011 2012 2013

Stuxnet Duqu Flame

Gauss

MiniDuke

RedOctober

Icefog

NetTraveler

Winnti

Teamspy

Miniflame

Kimsuki

2014

Crouching Yeti

Epic Turla

SyrianEA

Careto/The

Mask

El Machete

Regin

Cloud Atlas

Dark Hotel

BlackEnergy2

CosmicDuke

Animal Farm

H1 2015

Carbanak

Equation

Desert

Falcons

Animal

Farm

Duqu2

Naikon

Hellsing

Wild Neutron

2012 – 3 announcements



H1 2015 - 8 announcements

12 |

IN 2015…

CARBANAK

EQUATION GROUP

13 |

CYBERATTACK ON GERMAN IRON PLANT CAUSES

‘WIDESPREAD DAMAGE’…

APT: A Mite in Your Network

• Hard to detect

• Almost impossible to get rid of

• And even if you do it comes

back again

Motivation: What are they looking for?

• Your innovations and blueprints

• Business plans and budgets

• Routes to your shareholders and partners


• Digital certificates

• Your virtual credentials

• Physical access codes


• Scientific research results

• Government links

• List of secret studies


• Your business procedures

• Enterprise datasets

• Ways to control your company

19 |

Motivation: What’s the ultimate goal?

Money Power

Means: The Arsenal

0 – day 0lday 1 – day

Means: The Arsenal

Digital certificates

• Invalid, fake certificates

• Certificates stolen from vendors

• Certificates by fake businesses

• Forged certificates

Means: The Arsenal

Malware tools:

• First stage implant

• Modular backdoors

Some capabilities:

• Filesystem control

• Cached password stealing

• Sound recording

• Screen grabbing

• Video casting and keylogging

• Removable media monitoring

• Smartphone infection and data snooping

Means: The Arsenal

The most advanced capabilities:

• Factoring RSA-1024 keys

• Live modification of OS updates

• OS boot process orchestration

• Jailbreaking mobile OS

• HDD firmware infection

Copyright by Frontier Developments

Methods: Infiltration Techniques

How they get to your systems:

• Spear-phishing emails

• Social Networks and Instant Messaging

• Watering holes

• Hospitality networks

• USB drives

25 |

Future main vector

of attacks –

communication

channel

WHAT WILL HAPPEN TOMORROW?

More complex

state-sponsored

attacks

New targets:

- ICS

- Smart cities

- ATMs & PoS

- IoT

- Connected cars

Social engineering,

hacktivism, leaks,

exposures

26 |

27 |

Educate people

Establish processes

Implement technologies

HOW TO PROTECT YOURSELF?

Conclusions

It’s time to choose

your digital bodyguard!

29 |

For Your Precious Time and Attention

THANK YOU

THREAT LANDSCAPE...THE CYBER-THREATS PYRAMID — 2015 Nation-states with unlimited budgets & Cyber-crime gangs, financially motivated Internet annoyances – spam, DDoS, Trojan downloaders,

Documents