Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Andrius Šaveiko, projektų vadovas UAB Atviros.

Similar presentations


Presentation on theme: "Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Andrius Šaveiko, projektų vadovas UAB Atviros."— Presentation transcript:

1 Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Šiandieniniai skaitmeniniai pavojai ir apsisaugojimo būdai Klaipėda, 2010

2 Turinys Grėsmių klasifikacija ir skaičiai Grėsmės ne Windows šeimos sistemoms Grėsmių pobūdis Drive by Downloads Botnets Targeted Attacks Aktyvios grėsmės Tinklo įeigos taškų apsauga

3 Grėsmių klasifikacija ir skaičiai

4 Grėsmių klasifikacija Kenkėjiška programinė įranga Virusai Plinta iš failo į failą Kirminai Plinta iš kompiuterio į kompiuterį Trojos arkliai Neturi safarankiškos replikacijos Kenkėjiški įrankiai Naudojami kenkėjiškų programų kūrėjų Pvz.: Pakuotojai, konstruktoriai, eksploitai Trojos arkliai Virusai iir kirminai Kenkėjiški įrankiai

5 Grėsmių statistika: Q | 07 May 2015 Source: Kaspersky Lab October2010

6 Grėsmių statistika Lietuvoje: Q | 07 May 2015 Source: Kaspersky Lab October2010

7 Skaičiai 4,194,055 as of 17 Sept 2010 Source: Kaspersky Lab

8 Grėsmių ir spam‘o apdorojimas – 2007: maždaug 2 mln. kenkėjiškų programų Vien per 2009 metus: daugiau nei 14 mln. Naujų kenkėjiškų programų Q1,2010 pabaiga: bendroj sumoj daugiau nei 36,2 mln. unikalių kenksmingų bylų Kaspersky Lab kolekcijoje Kaspersky Lab šiuo metu apdoroja 1,5 – 3 mln. spam’o pavyzdžių per dieną!

9 Grėsmės ne Windows šeimos sistemoms

10 Unix-based malware Slow rise in number of malicious programs Total number of signatures for malware targeting Unix-based systems: 2722 Source: Kaspersky Lab August 2010

11 Mobile malware: some statistics Number of mobile malware families to date: 142 Number of mobile malware modifications to date: 926 Mobile malware found in August: 44 new modifications Most common mobile threat: SMS-Trojans Source: Kaspersky Lab August 2010 Mobile malware written for specific platforms:

12 First SMS trojan for Android Example: Trojan-SMS.AndroidOS.FakePlayer.a Pretends to be a media player Sends SMS costing about $5 to Russian premium SMS numbers Although anyone's device can be infected, it only causes losses for Russian users Screenshot showing the malware

13 Grėsmių pobūdis

14 Drive-by downloads Recipe 1.Find a vulnerable server 2.Obfuscate your code to prevent easy analysis 3.Insert your script onto the website 4.Redirect users of the infected website to your malicious website 5.Download malware to victims machine

15 Web page components 1 URL in the browser 222 links 45 images 32 scripts from 3 domains 5 cookies from 2 domains 4 flash objects from 2 domains

16 Vulnerabilities

17 Botnets Botnet – robot (zombie) network A number of comprised machines controlled remotely

18 Botnet operation workflow Computer User Infection Command and Control CommandsStolen data Dropzone Cybercriminal Malware

19 C&C – bot geo distribution The cybercriminals can easily see where their victims are located or even target specific geo areas! The cybercriminals can easily see where their victims are located or even target specific geo areas!

20 Dropzone A Trojan dropzone is a server configured to receive stolen data Stolen data can amount to several GB daily Generally, cybercriminals tend to care and secure their valuables Each cybercriminal group runs one or more Dropzones

21 Typical dropzone JPG screen captures Cybercriminals have an interest in farming! Cybercriminals have an interest in farming!

22 Profitability evolution – Cybercriminal Group “X” 400% growth in 9 months -1000$ Even criminals have bad days -1000$ Even criminals have bad days Total: 1.7 mil USD Total: 1.7 mil USD

23 Mobile Botnets? Mobile botnets will have almost the same functionality: send spam (e.g. SMS or MMS) steal passwords DDoS (telephone)? Yet one more commercial offer on the cybercrime market Net-Worm.IphoneOS.Ike.b - first ‘commercialised’ iPhone malware

24 Targeted attacks versus classic malware Lethal injection versus a hail of bullets Targeted attacks are not epidemics One is enough, instead of tens of thousands Stay under the radar Targeted organizations are either not aware or don’t publicly disclose information It is hard to get samples for analysis Classic signature-based AV is useless New defence technologies Much higher stakes Intellectual property theft, corporate espionage

25 Targeted attacks in 4 steps 1.Profiling the employees Choosing the most vulnerable targets Reconnaissance via social networks, mailing list posts, public presentations, etc 2.Developing a new and unique malware attack Doesn’t have to bypass all AV solutions, just the one used by the victim Using social engineering to get the victim to click on a link Gather OS, browser, plug-in versions – useful for vulnerabilities 3.Gaining control and maintaining access Initial exploit drops malware onto victim machine Networks are usually protected from outside threats 4.Getting the ‘good stuff’ out quickly! Find an overseas office server to be used as an internal drop Move data over the corporate WAN/intranet to the internal drop Get all of the data out at once to the external drop server. Even if traffic is monitored, it might be too late to react

26 Targeted attacks: Aurora CVE vulnerability exploitation allowing remote code execution in Internet explorer. Targeted major organisations including Google, Adobe and Juniper. Over 20 companies in total designed to gain access to personal data and corporate intellectual property Spread via with malicious links

27 Scareware

28 Social Networks: Koobface Uses Social Engineering. You are more likely to click on a link from a “friend” Targets Facebook and other social networks like Twitter Infected machines get herded into a botnet

29 Social network malware: distribution 2009 VKontakte87 million Odnoklassniki45 million Facebook500 million Orkut100 million Hi550 million Twitter100 million Source: Kaspersky Lab January 2010

30 Active Threats PAGE 30 |

31 Active Threats: Conficker MS vulnerability exploitation Stops Web Access to IT Security Websites Connects to randomly generated Website for updates Looks for weak passwords on networks Spreads via removable drives P2P communication for updates Use of strong new encryption Spam and Rogue AV Distribution

32 Active Threats: ZeuS aka Zbot, Wsnpoem, Kneber The most popular banking Trojan in the wild! Scotland Yard cuffs teens for role in cybercrime forum source: The Register: 24 June teenagers arrested for involvement largest English-language cybercrime forum Forum had 8,000 members trading in malware, cybercrime tutorials and stolen banking information Cybercrime tools for sale included the ZeuS Trojan and data stolen from machines it has already infected. Detectives have so far recovered 65,000 credit card numbers Malware gang steal over $1m from one British bank Source: The Register: 10th August 2010 A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July. Victims were infected by a Zeus banking Trojan variant while browsing the net. The Trojan swiped the customer's online banking ID and hijacked their online banking sessions, reportedly only targeting victims who had substantial balances Most such attacks include the use of phishing middlemen to obtain funds from compromised accounts and transfer them by untraceable wire transfer to the Eastern European masterminds behind the scam

33 Active Threats: Gumblar New Generation of Self Building Botnets! Visitor to legitimate website redirected to malicious site Visitor redirected to an infected legitmate website. Infection Route Trojan-Downloader.JS.Gumblar.x Number of attempted downloads: 453,985 FEB 2010 : Kaspersky Security Network

34 Protecting Network Entry Points

35 Protecting Entry Points An entry point is any access route for data to get into the corporate network

36 Protecting Entry Points cont…. Network : Via File servers Access can be via:  LAN: Local Area Network  Wi-Fi: Wireless access usually for guests on the local network  WAN: Wide Area Network i.e. works across 2 or more connected sites If there is a security breach and malware has entered the network it will seek to spread. Viruses need user interaction i.e. someone has to click on the infected file. Network Worms, as their name suggests, will look for open ports to worm their way around the network. They can spread incredibly fast Blended Threats: a general description for malicious programs or bundles of malicious programs that combine the functionality of different types of malware and attack methods. So, for example functionality could include:  Virus infector  Network worm  Keylogger: To steal passwords and other sensitive data  P2P: Turn machines in the network into a Botnet controlled by the cybercriminal

37 Concluding thoughts … Cybercrime is very profitable They use sophisticated yet easy to use systems Botnets using P2P and strong Encryption More targeted attacks Cybercriminals are like online pickpockets following the crowd to social networks and smartphones Prevention is a process: Modern hardware + software Internet Security Solution Patches and updates Right security mindset Education

38 Thank You Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Šiandieniniai skaitmeniniai pavojai ir apsisaugojimo būdai


Download ppt "Andrius Šaveiko, projektų vadovas UAB Atviros informacinės sistemos Kaspersky Lab. distributorius Lietuvoje Andrius Šaveiko, projektų vadovas UAB Atviros."

Similar presentations


Ads by Google