Presentation is loading. Please wait.

Presentation is loading. Please wait.

WYSI WYG Peter Stancik Security Evangelist

Similar presentations

Presentation on theme: "WYSI WYG Peter Stancik Security Evangelist"— Presentation transcript:

1 WYSI WYG Peter Stancik Security Evangelist
Once again, good morning everyone! Let me start off by thanking the organizers for inviting me to speak here today and, of course, you as well for coming in such large numbers. As already said - and as you can on the screen - my name is Peter Stancik and I’m with ESET as a Security Evangelist. I know, that people tend to think of a bunch of very different things what that might mean. So, for me it basically means to be a part of team responsible for security awareness and security education related initiatives. In other words, we try to continuously ‘bother’ people, to make them understand the risks of being part of the cyberspace, to make them not to forget the threats they can face, to make the realize the consequences and the impact their actions in the cyberspace can have on their everyday real lives. In my today’s presentation I’d like to show you how users with different level of security awareness can become victims of todays cyber threats. To remind you that besides a good antimalware solution and proper education, the cooperation with law enforcement is necessary nowadays. Peter Stancik Security Evangelist

2 What you see is not what you get

3 What you see is not what you get
What’s new? For more than 3 decades. It’s its purpose – before, mainly to show off, now… ad 1/ cash ad 2/ personal data ad 3/ include you in the maschinery OUT: Purpose is not the only thing that has changed…

4 Drive-by download Social engineering Blackhat SEO SPAM Social networks
Infection vectors Drive-by download Social engineering Blackhat SEO …also the infection/spreading vectors… SPAM Social networks

5 Blackhat SEO

6 Social networks Delf.QCZ
OUT: when clicking something like this, instead of a flash player, you might end up, for example, with one of these….

7 Banking Trojans Scareware What do I get (instead)?
…with mobile components Something “special” from the grey zone… Scareware …Rogue AVs, Registry Cleaners …etc…

8 Banking Trojans

9 Banking Trojans Man-in-the-Browser Man-in-the-Mobile Scenario:
Steal credentials using MitB Infect victim’s mobile phone – MitMo Log in using stolen credentials; perform transaction Mobile malware forwards authentication SMS to attacker Fill in authentication code and complete transaction Zeus and now SpyEye: detected as SymbOS/Spitmo *pictures from Robert - Explain – Man-in-the-Mobile scenario to bypass banks’ mTAN security - Zeus/SpyEye –in-the-Mobile = Zitmo/Spitmo - Present on various mobile platforms – Symbian, BlackBerry, Android – continue to Android malware

10 Rogue AV

11 DNS Changer

12 CA Breaches

13 Thank you!

Download ppt "WYSI WYG Peter Stancik Security Evangelist"

Similar presentations

Ads by Google