Más contenido relacionado La actualidad más candente (20) Similar a SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states (20) Más de Mikko Hypponen (7) SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states1. ONLINE ATTACKS AND ESPIONAGE
BY NATION-STATES
Mikko Hypponen
CRO, F-Secure Corp
twitter.com/mikko
Protecting the irreplaceable | f-secure.com
40. Little financial incentive to target:
• Supporters of Tibet
• Members of Falun Dafa / Falun Kong
• Supporters of the Uighur minorities
• Supporters of Inner Mongolian minorities
51. Our desire for success is
like wolf's desire for blood.
We work together against the
enemy like a pack of wolves.
54. How do I know if I was hit?
• Your colleagues have no idea of the mail you got
from them
• Your machine connects to funky hosts on it's own
• Word / Excel / Acrobat flashes and restarts
• You get weird error messages from Office
• Non-SSL port 443 traffic in your network
55. Funky hosts?
• Some actual hosts we've seen in targeted attacks
• kira.8800.org • angelwp.3322.org
• xpgod.8866.org:8181 • ysc20008.3322.org
• a041181.3322.org
• mm2007.6600.org • sgiorgus.8800.org
• a85468546.9966.org • cvnxus.8800.org
• wcs.8800.org
• qingchun521.9966.org • miao1314.8800.org
• getmeg.go.8866.org • update-microsoft.kmip.net
• hobby.8800.org
• a2b2.3322.org • dns3.westcowboy.com
• swzcs.to.8866.org • hi222.3322.org
• www.scratchindian.com
• hackeroo.3322.org • wangba8888.3322.org
• hgz3.8800.org • cybersyndrome.3322.org
56. From obvious to non-obvious
• boxy.3322.org
• jj2190067.3322.org
• hzone.no-ip.biz
• tempsys.8866.org
• zts7.8800.org
• shenyuan.9966.org
• xinxin20080628.gicp.net
• www.adobeupdating.com
• ip2.kabsersky.com
• mapowr.symantecs.com.tw
• iran.msntv.org
• windows.redirect.hm
57. PATCH, PATCH, PATCH
GET RID OF ADOBE READER
ADD TRAPS TO YOUR FIREWALLS
HOPE THAT THEY DON’T TARGET YOU
58. ONLINE ATTACKS AND ESPIONAGE
BY NATION-STATES
Mikko Hypponen
CRO, F-Secure Corp
twitter.com/mikko
Protecting the irreplaceable | f-secure.com