Presentation on theme: "WYSI WYG Peter Stancik Security Evangelist"— Presentation transcript:
1 WYSI WYG Peter Stancik Security Evangelist Once again, good morning everyone! Let me start off by thanking the organizers for inviting me to speak here today and, of course, you as well for coming in such large numbers. As already said - and as you can on the screen - my name is Peter Stancik and I’m with ESET as a Security Evangelist. I know, that people tend to think of a bunch of very different things what that might mean. So, for me it basically means to be a part of team responsible for security awareness and security education related initiatives. In other words, we try to continuously ‘bother’ people, to make them understand the risks of being part of the cyberspace, to make them not to forget the threats they can face, to make the realize the consequences and the impact their actions in the cyberspace can have on their everyday real lives.In my today’s presentation I’d like to show you how users with different level of security awareness can become victims of todays cyber threats. To remind you that besides a good antimalware solution and proper education, the cooperation with law enforcement is necessary nowadays.Peter StancikSecurity Evangelist
3 What you see is not what you get What’s new?For more than 3 decades.It’s its purpose – before, mainly to show off, now…ad 1/ cashad 2/ personal dataad 3/ include you in the maschineryOUT: Purpose is not the only thing that has changed…
4 Drive-by download Social engineering Blackhat SEO SPAM Social networks Infection vectorsDrive-by downloadSocial engineeringBlackhat SEO…also the infection/spreading vectors…SPAMSocial networks
9 Banking Trojans Man-in-the-Browser Man-in-the-Mobile Scenario: Steal credentials using MitBInfect victim’s mobile phone – MitMoLog in using stolen credentials; perform transactionMobile malware forwards authentication SMS to attackerFill in authentication code and complete transactionZeus and now SpyEye: detected as SymbOS/Spitmo*pictures fromRobert- Explain – Man-in-the-Mobile scenario to bypass banks’ mTAN security- Zeus/SpyEye –in-the-Mobile = Zitmo/Spitmo- Present on various mobile platforms – Symbian, BlackBerry, Android – continue to Android malware
Your consent to our cookies if you continue to use this website.