際際滷

際際滷Share a Scribd company logo

Automated Targeted Attacks: The New Age of Cybercrime

Stefan Tanase
Stefan Tanase

The document discusses the rise of targeted attacks and how they are becoming the new form of sophisticated cybercrime. It describes how targeted attacks profile employees, develop unique malware, and use tailored social engineering to compromise specific organizations. In contrast to widespread malware, a single targeted attack email is often enough. The document also notes how personal data online enables highly customized targeted attacks and recommends security measures, but notes that a sophisticated attack will eventually succeed unless organizations improve user education.

1 of 25
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime 損 Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
Overview Click to edit Master title style About Kaspersky text styles Click to edit Master Lab The evolution of malware Second level Third level Motivation: how cybercriminals make money Fourth level Targeted損 attacks: threats to SMBs & enterprises Fifth level So, how do they do it? Social experiment Targeted attacks becoming mainstream Mitigation techniques June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
About Kaspersky Lab Click to edit Master title style Foundedto edit Master text styles Click in 1996 Largest privately owned Second level IT security company Third level 2000+ employees,level hiring Fourth still 26 local offices Fifth level 損 United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. Global Research and Analysis Team Researchers working around the clock and around the world Protecting more than 250 million users 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
Clickevolution of malware The to edit Master title style 1992 2007: about 2M unique malware programs Click to edit Master text styles But in 2008 alone: 15M Second level End of 2009 leveltotal of about 33,9 M unique malicious Third a files in the Kaspersky Lab collection Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
Click to edit how cybercriminals make money Motivation: Master title style By stealing, of course Click to edit Master text styles Stealing directly from the user Second level Online banking accounts, credit card Third level numbers, electronic money, blackmailing. Fourth level What if I dontlevel money? 損 Fifth have Providing IT resources to other cybercriminals Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks: threats to SMBs & enterprises Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets Click to edit Master text styles epidemics Targeted attacks are not Second One email is enough, instead of tens of thousands level Third level Targeted organizations are either not aware, Fourth level or dont publicly disclose information 損 Fifth level It is hard to get samples for analysis Classic signature-based AV is useless New defense technologies Much higher stakes Intellectual property theft, corporate espionage June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees Click to edit Master text styles Choosing most vulnerable targets Second level 2. Developing a new and Third level unique Fourth level program malicious 損 Fifth level Doesnt have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
A targeted attack demo Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Social experiment June 10th , 2009 Event details (title, place)
Click lets stand up! style Intro to edit Master title White, black, pink not wearing any Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
Click to edit Master title style public Personal information becoming So much personal Click to edit Master text styles information becomes Second level public Third level on social networksFourth level right now 損 Fifth level Advertisers are already doing it: targeted ads Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks becoming mainstream Click to edit Master title style Targeted ads? Targeted Click to edit Master text styles attacks arelevel Second already out there SocialThird level are enabling networks Fourth level cybercriminalslevel start delivering 損 Fifth to automated targeted attacks The personal data is there. Next step? Automation. Geographical IP location has been around for a while Automatic language translation services are becoming better Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click targeting example style Geo to edit Master title Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Language targeting example Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Masterexample Interests targeting title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Masterattacks Surviving targeted title style Click to edit Master text styles Security tips Patch Second level Third level Patch everything Fourth level Patch everything level 損 Fifth twice including the human mind A highly sophisticated targeted attack will eventually succeed Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) Proper security mindset User education and awareness June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Targeted attacks become mainstream Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Thank you! Questions? 損 Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)

More Related Content

Automated Targeted Attacks: The New Age of Cybercrime

  • 1. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth levelAutomated Targeted Attacks: The New Age of Cybercrime 損 Fifth level Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 Bucharest, Romania March 9 th, 2010 June 10th , 2009 Event details (title, place)
  • 2. Overview Click to edit Master title style About Kaspersky text styles Click to edit Master Lab The evolution of malware Second level Third level Motivation: how cybercriminals make money Fourth level Targeted損 attacks: threats to SMBs & enterprises Fifth level So, how do they do it? Social experiment Targeted attacks becoming mainstream Mitigation techniques June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 3. About Kaspersky Lab Click to edit Master title style Foundedto edit Master text styles Click in 1996 Largest privately owned Second level IT security company Third level 2000+ employees,level hiring Fourth still 26 local offices Fifth level 損 United States, Russia, United Kingdom, Germany, France, Romania, Dubai, South Africa, Japan, China etc. Global Research and Analysis Team Researchers working around the clock and around the world Protecting more than 250 million users 40,000 new malicious programs and 3,500 new signatures daily June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 4. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level The (R)evolution of malware June 10th , 2009 Event details (title, place)
  • 5. Clickevolution of malware The to edit Master title style 1992 2007: about 2M unique malware programs Click to edit Master text styles But in 2008 alone: 15M Second level End of 2009 leveltotal of about 33,9 M unique malicious Third a files in the Kaspersky Lab collection Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 6. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Motivation: how cybercriminals make money June 10th , 2009 Event details (title, place)
  • 7. Click to edit how cybercriminals make money Motivation: Master title style By stealing, of course Click to edit Master text styles Stealing directly from the user Second level Online banking accounts, credit card Third level numbers, electronic money, blackmailing. Fourth level What if I dontlevel money? 損 Fifth have Providing IT resources to other cybercriminals Creating botnets, sending spam, launching DDoS attacks, pay-per-click fraud, affiliate networks, renting computing power, collecting passwords etc. June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 8. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Targeted attacks: threats to SMBs & enterprises June 10th , 2009 Event details (title, place)
  • 9. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 10. Targeted attacks: threats to SMBs & enterprises Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 11. Click to edit Master title stylemalware Targeted attacks vs. classic Lethal injection vs. a round of bullets Click to edit Master text styles epidemics Targeted attacks are not Second One email is enough, instead of tens of thousands level Third level Targeted organizations are either not aware, Fourth level or dont publicly disclose information 損 Fifth level It is hard to get samples for analysis Classic signature-based AV is useless New defense technologies Much higher stakes Intellectual property theft, corporate espionage June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 12. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level So, how do they do it? June 10th , 2009 Event details (title, place)
  • 13. Click to edit Master 4 steps Targeted attacks in title style 1. Profiling the employees Click to edit Master text styles Choosing most vulnerable targets Second level 2. Developing a new and Third level unique Fourth level program malicious 損 Fifth level Doesnt have to bypass all AVs, just the one used by the victim 3. Mixing the malicious payload with a perfectly tailored social engineering strategy 4. Delivering the attack June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 14. A targeted attack demo Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 15. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Social experiment June 10th , 2009 Event details (title, place)
  • 16. Click lets stand up! style Intro to edit Master title White, black, pink not wearing any Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 17. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level Targeted attacks becoming mainstream June 10th , 2009 Event details (title, place)
  • 18. Click to edit Master title style public Personal information becoming So much personal Click to edit Master text styles information becomes Second level public Third level on social networksFourth level right now 損 Fifth level Advertisers are already doing it: targeted ads Age, gender, location, interests, work field, browsing habits, relationships etc. June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 19. Targeted attacks becoming mainstream Click to edit Master title style Targeted ads? Targeted Click to edit Master text styles attacks arelevel Second already out there SocialThird level are enabling networks Fourth level cybercriminalslevel start delivering 損 Fifth to automated targeted attacks The personal data is there. Next step? Automation. Geographical IP location has been around for a while Automatic language translation services are becoming better Personal interests & tastes are public (ie: trending topics) June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 20. Click targeting example style Geo to edit Master title Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 21. Language targeting example Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 22. Click to edit Masterexample Interests targeting title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 23. Click to edit Masterattacks Surviving targeted title style Click to edit Master text styles Security tips Patch Second level Third level Patch everything Fourth level Patch everything level 損 Fifth twice including the human mind A highly sophisticated targeted attack will eventually succeed Proactive measures (PDM, HIPS, Sandbox, heuristics, emulation) Proper security mindset User education and awareness June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 24. Targeted attacks become mainstream Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level 損 Fifth level June 10th , Roadshow 2010 Bucharest, Romania IDC IT Security2009 Event details (title, place)
  • 25. Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Thank you! Questions? 損 Fifth level stefant@kaspersky.ro twitter.com/stefant Stefan Tanase Senior Security Researcher Global Research and Analysis Team Kaspersky Lab IDC IT Security Roadshow 2010 Bucharest, Romania March 9th, 2010 June 10th , 2009 Event details (title, place)