Más contenido relacionado La actualidad más candente (20) Similar a Cyber security webinar part 1 - Threat Landscape (20) Más de F-Secure Corporation (20) Cyber security webinar part 1 - Threat Landscape2. WHAT’S THISALL
ABOUT
Enemies, every company has them
Large or strategically important companies
have enemies who target them specifically
The rest will be targets of opportunity
A normal company has to worry about
Undirected malware attacks
For profit criminals
Activists, hackers, script kiddies
Spies who are after your customers and
using you as path for attack
© F-Secure2
3. STAGES OFATTACK
1. Recon Target and build exploit and malware for attack
2. Get in contact with target and attack
3. Get C&C access to target beach-head malware
4. Move within target network
5. Monetize
6. Persist as long as possible
© F-Secure3
4. RECON
Exploits are always specific to certain program, and sometimes even version
Thus in order to weaponize, attacker must know his target
Or use mass attacks and rely on luck
Network scanning, banner grabbing, etc basic techniques
OSINT, what software @company.com users have posted or asked about
Are any vendors using the company as reference?
DNS timing recon, query target DNS and time the answers
Anything that is in use in the company will answer fast
Humint, call people and ask, pretend to be student and send
questionnaires
© F-Secure4
5. ATTACK OVER
EMAIL
SPAM: the attacker builds a generic email…
…and hopes that message hits home to someone
Spear Phishing: Victim gets tailored email with a document
The document is from known sender
Topic of document is what could be expected
All in all it looks like regular business mail
Except that it contains an exploit and backdoor
© F-Secure5
6. ATTACK OVERHACKED
WEBSITES
Attacker searches web for vulnerable pages
Vulnerable pages are hacked to attack users
The page contains
either direct attack
Or redirection to attack server
Both criminals and spies use web attacks
Criminals go after any web page which has users
Spies selectively target pages favored by intended targets
This is called watering hole attack, lie & wait for the victims to come
© F-Secure
8. SEARCH ENGINE POISONING
Why chase victims when you can lure them?
Attacker picks searches that interest targets
Uses search engine optimization tricks
to get to top hits
And waits for user to click on the result
After user visits the page the flow continues
as in hacked site
© F-Secure
9. TRAFFICINJECTION
Attacker gets MITM (Man in the Middle)
access to traffic
Hacked router or “legal” interception interface
“Free” Wifi access point or evil twin
Chinas “great cannon”, traffic injection at border
With MITM attacker can inject traffic
Exploits into any web page
On the fly trojanizing of software updates
or other executables
Javascript injection, to make victim into DDOS slave
© F-Secure
10. SOCIALENGINEERING
ATTACKS
Sometimes attacker does not have exploit kit at his disposal, so he uses scams
Most typical cases are
Fake updates to Flash, codecs, etc
Fake movies, images, etc
Trojanized pirate copies
Sometimes attackers use additional tricks
Such as DNS poisoning to make it look like
that content is coming from trusted domain
© F-Secure
11. DISTRIBUTION THROUGH
AFFILIATES
Sometimes attacker
does not know how to
monetize victim
So he sells the
access to victim
Botnet operator buys victims in bulk
And monetizes them
This is called affiliate networks, basically it’s digital slave trade
ZeroAccess Botnet
Operator
Affiliates
Victims
Exploit kit
Pay-per-
install
Spam
Fake video
$500 per
1000 installs
12. USB: BRIDGING
AIRGAP
USB or other media stick loaded with malware
USB autoplay (doesn’t work against up to date OS)
Icon or media recognition exploit
Use traditional trick of masking executable as document
Craft special USB that actually acts as USB keyboard
and use “copy con foo.exe” and then “cmd /c foo.exe” to run
it
Emulate network card and have automated exploit kit on the
stick, or use DCHP to change users DNS settings
Or just plain document exploit
Introduce USB to victim
Hope that victim plugs in said USB device
http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe
© F-Secure12
13. MOBILEMALWARE
Mobile malware is almost exclusively
Android problem
However there are few that target unlocked iPhones
The Android malware is based on trojans
fooling the user to install
Fake Flashplayer or other updates shown by hacked websites
Trojanized or fake apps in third party app stores or Google Play
URL links in SMS, What’s App, Skype, Email or other spam
Once installed the malware tries to monetize
Sending premium SMS
Ransomware, lock the phone or files
Assisting PC based banker attacks
© F-Secure13
Fastest growing Android malware families
14. CONCLUSION
Attackers will try to get victims any way they can
And will do anything to get profit from victims
Which means that even if you are not interesting target
Your customers may be, and thus so are you
Or you get hit simply because you are an easy target
This means that as a defender you need comprehensive protection
© F-Secure