SlideShare ist ein Scribd-Unternehmen logo

Targeted Attacks: The New Age of Cybercrime

Stefan Tanase
Stefan Tanase
TechnologieBusiness
1 von 25
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime » Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
Overview Click to edit Master title style • • About Kaspersky text styles Click to edit Master Lab • The evolution of malware – Second level • • Third level Motivation: how cybercriminals make money – Fourth level • Targeted» attacks: threats to SMBs & enterprises Fifth level • So, how do they do it? • Social experiment • Targeted attacks becoming mainstream • Mitigation techniques June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
About Kaspersky Lab Click to edit Master title style • •Foundedto edit Master text styles Click in 1996 • Largest privately owned – Second level IT security company • Third level • 2000+ employees,level hiring  – Fourth still • 26 local offices Fifth level » • United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. • Global Research and Analysis Team • Researchers working around the clock and around the world • Protecting more than 250 million users • 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • But in 2008 alone: 15M – Second level • End of 2009 leveltotal of about 33,9 M unique malicious • Third –a files in the Kaspersky Lab collection – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’tlevel money? » Fifth have – Providing IT resources to other cybercriminals • Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets • Click to• edit Master text styles epidemics Targeted attacks are not – Second • One email is enough, instead of tens of thousands level • Third level • Targeted organizations are either not aware, – Fourth level or don’t publicly disclose information » Fifth level • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees • Click to edit Master text styles – Choosing most vulnerable targets – Second level 2. Developing a new and • Third level unique – Fourth level program malicious » Fifth level – Doesn’t have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
A targeted attack demo Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Social experiment June 10th , 2009 Event details (title, place)
Click – let’s stand up! style Intro to edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
Click to edit Master title style public Personal information becoming • So much personal • Click to edit Master text styles information becomes – Second level public Third level • on social networksFourth level – right now » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks becoming mainstream Click to edit Master title style • Targeted ads? Targeted • Click to edit Master text styles attacks arelevel – Second already out there • SocialThird level are enabling • networks – Fourth level cybercriminalslevel start delivering » Fifth to automated targeted attacks • The personal data is there. Next step? Automation. • Geographical IP location has been around for a while • Automatic language translation services are becoming better • Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click targeting example style Geo to edit Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Language targeting example Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Masterexample Interests targeting title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Masterattacks Surviving targeted title style • • Click to edit Master text styles Security tips • Patch – Second level • Third level • Patch everything – Fourth level • Patch everything level » Fifth twice • …including the human mind • A highly sophisticated targeted attack will eventually succeed • Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) • Proper security mindset • User education and awareness June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks become mainstream Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Thank you! Questions? » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)

Empfohlen

Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Tanmay Kotasthane
 
Cuadro comparativomercadeo
Cuadro comparativomercadeoCuadro comparativomercadeo
Cuadro comparativomercadeoenmanueldsc
 
Новые угрозы безопасности
Новые угрозы безопасностиНовые угрозы безопасности
Новые угрозы безопасностиDenis Batrankov, CISSP
 
12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.Вера Троянова
 
Mascotas
MascotasMascotas
MascotasAracelyHernandezYanez
 
What To Do In A Dental Emergency
What To Do In A Dental EmergencyWhat To Do In A Dental Emergency
What To Do In A Dental EmergencyBuzz Marketing Pros
 
Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Denis Batrankov, CISSP
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 

Empfohlen

Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Evaluation of bmr genotypes (1)
Evaluation of bmr genotypes (1)Tanmay Kotasthane
 
Cuadro comparativomercadeo
Cuadro comparativomercadeoCuadro comparativomercadeo
Cuadro comparativomercadeoenmanueldsc
 
Новые угрозы безопасности
Новые угрозы безопасностиНовые угрозы безопасности
Новые угрозы безопасностиDenis Batrankov, CISSP
 
12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.12.10.15 влияние алкоголя на орган.чел.
12.10.15 влияние алкоголя на орган.чел.Вера Троянова
 
Mascotas
MascotasMascotas
MascotasAracelyHernandezYanez
 
What To Do In A Dental Emergency
What To Do In A Dental EmergencyWhat To Do In A Dental Emergency
What To Do In A Dental EmergencyBuzz Marketing Pros
 
Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Защита корпорации на платформе Palo Alto Networks
Защита корпорации на платформе Palo Alto Networks Denis Batrankov, CISSP
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Ddos dos
Ddos dosDdos dos
Ddos dosarichoana
 
OWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonSimon Bennetts
 
Web attacks
Web attacksWeb attacks
Web attackshusnara mohammad
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert
 
BlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkBlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkSimon Bennetts
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and FuzzingSimon Bennetts
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted AttacksStefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurCostin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kasperskyAgora Group
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 

Weitere ähnliche Inhalte

Andere mochten auch

Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
OWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonSimon Bennetts
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolDavid Sweigert
 
BlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkBlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkSimon Bennetts
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and FuzzingSimon Bennetts
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 

Andere mochten auch (11)

Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Ddos dos
Ddos dosDdos dos
Ddos dos
 
OWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP Hackathon
 
Web attacks
Web attacksWeb attacks
Web attacks
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
 
Using the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing tool
 
BlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo TalkBlackHat 2014 OWASP ZAP Turbo Talk
BlackHat 2014 OWASP ZAP Turbo Talk
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks
 
2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 

Ähnlich wie Targeted Attacks: The New Age of Cybercrime

Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted AttacksStefan Tanase
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurCostin Raiu
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kasperskyAgora Group
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?Atman Patel
 

Ähnlich wie Targeted Attacks: The New Age of Cybercrime (11)

Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted Attacks
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact global
 
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigurDe la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
De la I.A. la calcul paralel, pentru un univers cibernetic mai sigur
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online banking
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct ro
 
Cat valorezi kaspersky
Cat valorezi kasperskyCat valorezi kaspersky
Cat valorezi kaspersky
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptx
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?
 
Virtual worlds, So what?
Virtual worlds, So what?Virtual worlds, So what?
Virtual worlds, So what?
 

Kürzlich hochgeladen

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Kürzlich hochgeladen (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Targeted Attacks: The New Age of Cybercrime

  • 1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime » Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
  • 2. Overview Click to edit Master title style • • About Kaspersky text styles Click to edit Master Lab • The evolution of malware – Second level • • Third level Motivation: how cybercriminals make money – Fourth level • Targeted» attacks: threats to SMBs & enterprises Fifth level • So, how do they do it? • Social experiment • Targeted attacks becoming mainstream • Mitigation techniques June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 3. About Kaspersky Lab Click to edit Master title style • •Foundedto edit Master text styles Click in 1996 • Largest privately owned – Second level IT security company • Third level • 2000+ employees,level hiring  – Fourth still • 26 local offices Fifth level » • United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. • Global Research and Analysis Team • Researchers working around the clock and around the world • Protecting more than 250 million users • 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  • 5. Clickevolution of malware The to edit Master title style • 1992 – 2007: about 2M unique malware programs • Click to edit Master text styles • But in 2008 alone: 15M – Second level • End of 2009 leveltotal of about 33,9 M unique malicious • Third –a files in the Kaspersky Lab collection – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  • 7. Click to edit how cybercriminals make money Motivation: Master title style • By stealing, of course • Click to edit Master text styles – Stealing directly from the user – Second level • Online banking accounts, credit card • Third level numbers, electronic money, blackmailing. – Fourth level – What if I don’tlevel money? » Fifth have – Providing IT resources to other cybercriminals • Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 8. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  • 9. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 10. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 11. Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets • Click to• edit Master text styles epidemics Targeted attacks are not – Second • One email is enough, instead of tens of thousands level • Third level • Targeted organizations are either not aware, – Fourth level or don’t publicly disclose information » Fifth level • It is hard to get samples for analysis • Classic signature-based AV is useless • New defense technologies • Much higher stakes • Intellectual property theft, corporate espionage June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 12. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  • 13. Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees • Click to edit Master text styles – Choosing most vulnerable targets – Second level 2. Developing a new and • Third level unique – Fourth level program malicious » Fifth level – Doesn’t have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 14. A targeted attack demo Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Social experiment June 10th , 2009 Event details (title, place)
  • 16. Click – let’s stand up! style Intro to edit Master title • “White”, “black”, “pink”… “not wearing any”  • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 17. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  • 18. Click to edit Master title style public Personal information becoming • So much personal • Click to edit Master text styles information becomes – Second level public Third level • on social networksFourth level – right now » Fifth level • Advertisers are already doing it: targeted ads – Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 19. Targeted attacks becoming mainstream Click to edit Master title style • Targeted ads? Targeted • Click to edit Master text styles attacks arelevel – Second already out there • SocialThird level are enabling • networks – Fourth level cybercriminalslevel start delivering » Fifth to automated targeted attacks • The personal data is there. Next step? Automation. • Geographical IP location has been around for a while • Automatic language translation services are becoming better • Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 20. Click targeting example style Geo to edit Master title • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 21. Language targeting example Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 22. Click to edit Masterexample Interests targeting title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 23. Click to edit Masterattacks Surviving targeted title style • • Click to edit Master text styles Security tips • Patch – Second level • Third level • Patch everything – Fourth level • Patch everything level » Fifth twice • …including the human mind • A highly sophisticated targeted attack will eventually succeed • Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) • Proper security mindset • User education and awareness June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 24. Targeted attacks become mainstream Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th , Roadshow 2010 – Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 25. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Thank you! Questions? » Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 – Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)