2013-2014: Cyber-Espionage - Trends and Implications for Businesses

Post on 18-Dec-2014

1,297 views 3 download

Preview:

Click to see full reader
Report this document
SHARE

description

Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, presented analysis of the world of advanced persistent threats (APTs). He provided an overview of some of the recent cyberespionage campaigns – Red October, Icefog, Winnti, Careto/the Mask – and offered predictions for the future. While stating the trends of small cyber-mercenaries groups emerging and being available for hire to perform surgical hit and run operations, the decrease of cost of every new cyber-campaign, supply chain attacks, Kurt stressed the importance of understanding that no high profile entity or enterprise should feel totally safe nowadays. Find more into: www.kaspersky.com/business-security cybersecurity.kaspersky.com securelist.com Follow: @k_sec @KasperskyLabB2B #EnterpriseSec

transcript

2013-2014: CYBER-ESPIONAGA — TRENDS AND IMPLICATIONS FOR BUSINESS Kurt Baumgartner Principal Security Researcher, Global Research and Analysis Team (GReAT) @k_sec

WE ARE HERE TO SAVE THE WORLD

ELITE THREAT RESEARCH GROUP

35+ MEMBERS IN 16 COUNTRIES

FOCUS: APTS, CRITICAL INFRASTRUCTURE THREATS, BANKING THREATS, SOPHISTICATED ATTACKS

ABOUT KASPERSKY GREAT

STUXNET

DUQU

2011 2010 2012 2013 2014

FLAME

GAUSS

MINIFLAME

TEAMSPY MINIDUKE

REDOCTOBER

WINNTI NETRAVELER

ICEFOG KIMSUKI

THE MASK

HIGH PROFILE APT ATTACKS

EPIC TURLA

COSMICDUKE

CROUCHING YETI/ ENERGETIC BEAR

MULTIYEAR, BROAD OPERATIONS, HIGH INVESTMENT

CROSSOVER OF COMMERCIAL, AND GEOPOLITICAL INTERESTS I.E. FINANCIAL CENTERS

iPHONE, ANDROID, BLACKBERRY, WINMOBILE, NOKIA, WINTEL, OSX, CISCO

RED OCTOBER APT

RED OCTOBER APT

INTERESTS

GLOBAL FINANCIAL CENTERS ENERGY – OIL, GAS, NUCLEAR MANUFACTURING, AEROSPACE, MILITARY SUBCONTRACTORS

IMPLICATIONS

WHAT’S YOUR BYOD? NETWORK AWARENESS SPEARPHISHING TOLERANCE

INTERESTS AND IMPLICATIONS

MULTIYEAR, FOCUSED OPERATIONS, MEDIUM INVESTMENT

GLOBAL GAMING INDUSTRY POPPED – FUN AND $$$

WINDOWS, LINUX, CUSTOM PLUGX VARIANTS, BROAD 2ND STAGE AND INCREDIBLE LATERAL MOVEMENT

WINNTI APT

WINNTI APT

INTERESTS

MASSIVE GAMING ASSETS – CODE SIGNING DIGITAL CERTIFICATES MMORPG SOURCE CODE AND SERVER ACCESS MASSIVE SOFTWARE DEVELOPMENT AND OPERATIONS

IMPLICATIONS

ENDPOINT AND SERVER PROTECTION ASSET CLASSIFICATION, SEGMENTATION, TOLERANCE HEIGHTENED SCRUTINY FOR DEVELOPMENT ENVIRONMENTS

INTERESTS AND IMPLICATIONS

MULTIYEAR, HIGHLY FOCUSED AND SUCCESSFUL, MED-HIGH INVESTMENT

WINDOWS, LINUX, OSX

0-DAY, 0-DAY, 0-DAY

CUSTOM PLUGX VARIANTS, SCRIPTS, DEVELOPMENT AGILITY

PLAYFUL DRAGON/ WHITECOMMENTS APT

PLAYFUL DRAGON APT

INTERESTS

BIG SOFTWARE ASSETS – DIGITAL CERTIFICATES, BIG DATA CONTENT VARIOUS SOCIAL NETWORKS MASSIVE SOFTWARE DEVELOPMENT AND OPERATIONS

IMPLICATIONS

READINESS TO HANDLE ANY BREACH DATA ACCESS VISIBILITY AND STRICT PROTECTION

INTERESTS AND IMPLICATIONS

MULTIYEAR, BROAD OPERATIONS, HIGH INVESTMENT

WINDOWS FOCUSED

WORLDWIDE COMMERCIAL AND TECHNOLOGY INTERESTS

NETTRAVELER APT

NETTRAVELER APT

INTERESTS

HIGH TECH – NANOTECHNOLOGY, LASERS, EXTREME MANUFACTURING NUCLEAR POWER CELLS, AEROSPACE, RADIO WAVE WEAPONS SUSPECTED ACTIVISTS, MUCH MORE…

IMPLICATIONS

EXFILTRATION MONITORING SPEARPHISHING PROTECTION PATCH MANAGEMENT

INTERESTS AND IMPLICATIONS

PROJECT DRIVEN, AGILE, PRECISE, SMALL CYBER-MERCENARY, LOW INVESTMENT

WINDOWS, OSX, UNCOMMON EXPLOITS - HANGUL, SEA DISTRIBUTED OPERATIONS

GLOBAL SUPPLY CHAIN

ICEFOG APT

ICEFOG APT

INTERESTS

ENERGY – OIL, GAS HIGH TECH RESEARCH TELECOMS OPERATIONS AND CONTENT MEDIA

IMPLICATIONS

INCREASED REGULATIONS UNDERSTANDING YOUR VALUE AND RELEVANCE DEFENDING DIVERSE ENVIRONMENTS NEAR INTRACTABLE CONTRACTUAL AND LOGISTICAL ISSUES

INTERESTS AND IMPLICATIONS

ONE OF THE MOST ADVANCED THREATS TO DATE, TECHNOLOGY AND OPERATIONS

LINUX, OSX, WINDOWS, (IPHONE AND ANDROID)

GOVERNMENT, ENERGY, ACTIVISTS, FINANCIAL

NATION STATE BACKED

CARETO – “THE MASK” ART

CARETO - “THE MASK” APT

INTERESTS

PRIVATE EQUITY HIGH TECH RESEARCH ENERGY - OIL, GAS

IMPLICATIONS

COMMERCIAL GOVERNMENT TARGET EXTENSIVE CROSS-PLATFORM BOOTKIT AND ROOTKIT PROTECTION TAKING DOWN DEFENSES

INTERESTS AND IMPLICATIONS

THE NEED FOR INTELLIGENCE SHARING

INCIDENT ANALYSIS, GROUP CORRELATION

PRIVATE REPORTS

FOR INQUIRIES, PLEASE CONTACT INTELREPOR TS@KASPERSKY.COM

CUSTOM APT INVESTIGATIONS

AVAILABLE FOR TOP APTS PRIVATE REPORTS

COST OF ENTRY DECREASING, VOLUME AND PRECISION OF ATTACKS INCREASING

CRITICAL INFRASTRUCTURE, GLOBAL SUPPLY, MUCH COMMERCIAL CROSSOVER

LOW SENSITIVITY TO “COLLATERAL DAMAGE”

“WIPERS”, CYBER-SABOTAGE

APT TRENDS

THANK YOU

WWW.KASPERSKY.COM

WWW.SECURELIST.COM

TWITTER @K_SEC

Top related

Tracking ‘GhostNet’: Investigating a Cyber Espionage Network
Documents
Cyber-Conflict, Cyber-Crime, and Cyber-Espionage
Documents
Chinese Cyber Economic Espionage: Motivations and Responses · Chinese Cyber Economic Espionage: Motivations and Responses . A Monograph by . LtCol G. Todd Puntney USMC School of
Documents
Countering State-Sponsored Cyber Economic Espionage under ...
Documents
Us Aers Cyber Espionage 07292011
Documents
Redline Drawn: China Recalculates Its Use of Cyber Espionage
Documents
COMMUNIST CHINESE CYBER–ATTACKS, CYBER–ESPIONAGE … · COMMUNIST CHINESE CYBER–ATTACKS, CYBER–ESPIONAGE AND THEFT OF AMER-ICAN TECHNOLOGY FRIDAY, APRIL 15, 2011 HOUSE OF
Documents
CYBER ESPIONAGE - data exchange
Documents
(130119) #fitalk apt, cyber espionage threat
Technology
Tracking GhostNet: Investigating a Cyber Espionage Network
Documents
Masquerading for Cyber Espionage and Fraudulent Transactions · Cyber Espionage Case Study: Iran’s Newscaster Cyber criminals, for financial and espionage purposes, are us-ing SNSs
Documents
Russian Cyber Espionage Campaign - SandwormTeam...SandwormCampaign - Attribution Russian Cyber Espionage Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners,
Documents
Cyber espionage through Botnets - Springer · 2020. 3. 19. · Cyber espionage through Botnets 45 studycreatedbyPonemonInstitute,LLCandsupportedbyIBMSecurity(Ponemon InstituteLLC2017).Thiskindofdataissellableontheblackmarket
Documents
Cyber-Espionage: Understanding the Advanced Threat Landscape
Technology
COMMUNIST CHINESE CYBER–ATTACKS, CYBER–ESPIONAGE …
Documents
Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks ...
Documents
Cyber espionage nation state-apt_attacks_on_the_rise
Technology
Following the Trail of BlackTech’s Cyber Espionage Campaigns · PDF fileA TrendLabs Report Following the Trail of BlackTech’s Cyber Espionage Campaigns TrendLabs Security Intelligence
Documents
Chinese Cyber Economic Espionage: Motivations and Responses
Documents
Masquerading for Cyber Espionage and Fraudulent Transactions · Masquerading for Cyber Espionage and Fraudulent Transactions What Does Cyber Masquerading Look Like? Executives that
Documents

Copyright © 2018 DOCUMENTS